Middle East corruption: how can ISO 37001 help?

Political and governmental unrest can affect a region’s economy and the integrity of business transactions. The current state of the Middle East exemplifies this phenomenon. While governments in the region are making efforts to curb corruption, political instability and regime changes often undermine these measures. Bad actors understand how to take advantage of such vulnerabilities, leading to increased bribery and corruption across international borders. Recent cases and statistics show that the problem persists in most countries in the region. Against this backdrop, most government officials and private sector business leaders view it as a high priority to reduce bribery and corruption. One of the problems, however, is that some dishonest politicians use supposed anti-corruption efforts as a tool against political enemies. This makes clear that the best approach is for government agencies and businesses themselves to lead from the front. By adopting an internationally recognised set of anti-bribery anti-corruption standards, increased business integrity will result. Organisations that are committed this effort are adopting the ISO 37001 – Anti-Bribery Management Systems standard as a comprehensive approach to mitigating bribery and corruption risk. ISO 37001 and its elements can be tailored to any type of organisation, of any size. The key elements include adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates. ISO 37001 also calls for implementing financial and commercial controls, and instituting reporting and investigation procedures.

Corruption a Major Challenge in the Middle East

The Middle East lags behind several other regions when it comes to bribery and corruption. Even as these elements are on a slight decrease globally, the Transparency International Corruption Perceptions Index shows the troubled state of the Middle East and North Africa. “The Corruption Perceptions Index 2018 presents a grim reality in the Middle East and Northern Africa where, despite some incremental progress by a select few, most countries are failing in the fight against corruption”. Syria, Yemen and Libya are at the bottom (worst) end of the list. There are some bright spots, though. United Arab Emirates (UAE) and Qatar, both countries that have taken strong stances on fraud and corruption, score the highest for the Middle East. Morocco and Egypt showed some improvement. Overall, however, the political instability in the region has created a tumultuous business environment. According to the article: “In many Arab governments, powerful individuals have actively influenced government policies and diverted public funds and state assets for their own self-interest and enrichment at the expense of citizens. This reduces anti-corruption efforts to merely ink on paper, where laws pass, but are rarely enforced or implemented.”

This is underscored by limits and obstacles that corruption throws up in the way of those looking to enact real change. “Across much of the developing world, the corruption of courts and other government institutions threatens the free flow of goods and capital that promotes economic growth. Left unaddressed, such threats can lead to heightened tensions among nations and even outright trade wars. Diplomats operate under constraints that limit how much they can call out international bad actors who violate the rule of law. That’s why the role of outside watchdogs is so important in promoting the Rule of Law and holding nations to the standards of fairness and impartiality they claim to meet,” writes National Review.

Iran: Power Structures Hamper Progress

One country that exemplifies the Middle East difficulties with corruption is Iran. The problem is described by one analyst as “deeply rooted,” and even recognised by the country’s conservative rulers. In such a political structure as Iran’s, a campaign to combat “systemic corruption” is often seen as the lens of political reprisals against rivals. “In autocratic systems, every now and then, a campaign emerges under the banner of fighting corruption. The main reason is to buy legitimacy for the system. During the last years of the rule of the former Shah of Iran, in an attempt to tame the revolution, such a campaign led to the arrest of several prominent political figures, including Amir-Abbas Hoveyda, who served for 13 years as prime minister”.

“While the same impetus could be behind the current move by Raisi, there is strong speculation in Iran that the move also, and more importantly, aims to shape a consensus within the country to accept Raisi’s giant leap towards assuming the leadership of the country after Khamenei’s death”.

While there has been some concern that the corruption crackdown is a cover for prosecuting reformers, some disagree – positing that it depends more on which party is leading the effort. “Corruption in Iran is linked to political power. Therefore, whichever of Iran’s two main political factions—fundamentalist or moderate-reformist—takes over the executive branch, corruption among the members of that faction increases. At the end of former President Mahmoud Ahmadinejad’s term in office, for instance, his first vice president, Mohammad-Reza Rahimi, and his Vice President for Executive Affairs, Hamid Baghaei, were imprisoned for economic corruption and embezzlement. Such corruption reached an all-time high during his tenure in office”. In any case, it’s clear that most observers aren’t convinced that the country’s anti-corruption campaign is to be taken at face-value – yet.

Bribery Cases Exposed in UAE

Two bribery cases demonstrate some common characteristics among such schemes. While both of these instances were uncovered (and prosecuted) in the UAE, they are likely typical for the Middle East region and beyond.

In 2018, an Emirates Post revenue officer was sentenced to prison after being convicted of attempted bribery. The officer solicited a Dh100,000 bribe from a corporate customer. He was in a unique position to attempt the crime, as his duties included collecting and auditing profits for the Emirates Post office in Dubai. The Jordanian revenue officer, 28, collected and audited profits, among other duties, on behalf of Emirates Post office in Dubai. The offender perpetrated the scheme by leveraging fines on a shipping company based in India for supposed postal fee violations. The alleged fine, according to the revenue officer, totaled Dh2.4 million, and he attempted to negotiate a scheme with the client to have the fine reduced to Dh400,000 – in exchange for the Dh100,000 bribe. Instead of paying, the client wisely contacted the police. In a sting operation, the client was fitted with a listening device, and met and paid the bribe – under coordination of the police. As a result, the revenue officer was arrested, and subsequently convicted.

In another case, two Asian residents of UAE were sentenced to three years and one year in jail for giving and accepting a bribe. They were also fined Dh5,000. One of the perpetrators was a government officer. The first defendant, a trader, offered a bribe of Dh900 to the government officer, who works as a customs clearance staff member with the Saqr Port in Ras Al Khaimah. The goal was to ship two containers full of scrap iron out of the UAE without paying taxes or undergoing an inspection. When they were caught, the trader who gave the bribe claimed that it was just a loan, and that he had already paid “over DH50,000 in taxes and charges”. The other defendant (the customs officer) agreed, but the court did not accept their explanation. Both defendants will be deported to their home countries after serving their prison sentences. These types of cases are typical among positions of access, and can happen in any jurisdiction. They exemplify the problem that government agencies and companies alike are trying to reduce and prevent.

‘Relationship Building’ v. Bribery

To some degree, the same problems that plague the Middle East are endemic around the world. Among them, the dilemma of misunderstanding in terms of what constitutes bribery. In nearly all cultures, relationship building is considered an essential part of doing business. Often, business associates consist of numerous friends or even family members. When that is the case, there can be a slippery scale in terms of what is merely a favor or a gift, versus what constitutes bribery or corruption. The Foreign Corrupt Practices Act (FCPA) can provide some guidelines here. A case involving Bank of New York Mellon is instructive. “On 18 August 2015, Bank of New York Mellon (“BNYM”) consented to a Securities and Exchange Commission (“SEC”) Order requiring BNYM to pay $14.8 million to settle charges that it violated the FCPA by providing student internships to family members of foreign government officials affiliated with a Middle Eastern Sovereign Wealth Fund (“SWF”). All parties involved, except BNYM, have been anonymised in the Order so that the nationality of the foreign public officials and the SWF is publicly unknown beyond being described as ‘Middle Eastern’.

“The BNYM internships were given to three people: the son and nephew of one key figure of the SWF and the son of another. The internships were given despite the facts that the interns did not meet the rigorous selection criteria usually applied by BNYM and did not go through the standard (or any) recruitment process before being awarded the internships. In addition, these internships were found by the SEC to be more valuable than those offered to the regular applicants, who had endured the competitive admissions process against strict entry requirements. For example, rotation between business units was arranged, which is not an opportunity afforded to regular interns.”

“Emails between BNYM employees clearly demonstrate that the motivation behind the favour to the foreign officials was to influence the latter’s decision-making in the interests of BNYM. There can be no doubt that this was bribery in action – the BNYM employees expected to retain and gain business from the foreign officials in return for offering their relatives valuable internships to which they would not otherwise have had access”.

The case clearly describes what could be considered a “gray area” compared to some of the more extreme realities of bribery and corruption. One study of the Middle East and North Africa in 2016 suggested that people felt the need to bribe officials for basic services. “About 30 percent of those polled said that they had to access basic public services by bribing officials. If that figure holds across the entire MENA region, that would mean that about 50 million people, the majority of whom are poor, feel they must pay bribes in order to have access to basic public services. In five countries, the rich reported being far less likely to have to pay a bribe: 63 percent of poor Sudanese citizens versus 38 percent of wealthy ones, for example, and 23 percent versus 12 percent, respectively, in Algeria”.

ISO 37001:2016 to Combat Bribery & Corruption

Corruption certainly isn’t exclusively a Middle Eastern problem. Organisations around the world are taking action to reduce risk. They’ve found the structure and process they need in ISO 37001. ISO 37001 was issued by the International Organization for Standardization (ISO) in 2016 to help organisations worldwide increase and measure their efforts against bribery and corruption. Through ISO 37001 ABMS, organisations can implement standards at every level. These measures include adopting an anti-bribery policy and appointing a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates. It’s also critical that the organisation implement financial and commercial controls, along with reporting procedures and investigation processes.

CRI Group founded ABAC® (Anti-Bribery and Anti-Corruption) Center of Excellence to help organisations of all types and industries implement ISO 37001 certification and/or training. ABAC® has a team of experts around the world that include certified ethics and compliance professionals, financial and corporate investigators, forensic analysts, certified fraud examiners, qualified auditors, and accountants. They are trained and experienced in the implementation of ISO 37001’s key elements, helping clients more effectively prevent bribery and corruption. ABAC Certification is an accredited provider of ISO 37001 ABMS, and it provides certification and training for organisations of various types and industries.

There are requirements and guidance that the ISO 37001 standard prescribes for a comprehensive anti-bribery management system. The following bribery elements are addressed by ISO 37001 in relation to the organisation’s business processes and activities:

• Bribery in the public, private and not-for-profit sectors
• Bribery by the organisation
• Bribery by the organisation’s personnel acting on the organisation’s behalf or for its benefit
• Bribery by the organisation’s business associates acting on the organisation’s behalf or for its benefit
• Bribery of the organisation
• Bribery of the organisation’s personnel in relation to the organisation’s activities
• Bribery of the organisation’s business associates in relation to the organisation’s activities
• Direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party)

Government organisations and companies can reduce the risk of bribery through ISO 37001’s best practices for anti-bribery and anti-corruption. The following are just a few of the ways ISO 37001 helps accomplish this goal:

• Provide needed tools to prevent bribery and mitigate related risks
• Help an organisation create new and better business partnerships with entities that recognise ISO 37001 certified status, including supply chain manufacturing, joint ventures, pending acquisitions and co-marketing alliances
• Potentially reduce corporate insurance premiums
• Provide customers, stakeholders, employees and partners with confidence in the entity’s business operations and ethics
• Provide a competitive edge over non-certified organisations the organisation’s industry or niche
• Provide acceptable evidence to prosecutors or courts that the organisation has taken reasonable steps to prevent bribery and corruption

It is important to note that “Conformity with (ISO 37001) cannot provide assurance that no bribery has occurred or will occur in relation to the organisation, as it is not possible to completely eliminate the risk of bribery”, according to ISO.  The certification is potentially an important piece of evidence, however, that shows regulators, prosecutors, and the courts that the organisation has taken meaningful action to prevent bribery and corruption.

Conclusion

All is not lost. Some Middle Eastern countries, like the United Arab Emirates, have made a commitment and continue to demonstrate positive strides toward combating corruption. UAE has expanded its laws, broadened the definitions of what is considered bribery and corruption, and increased punishments. But the country is largely an outlier in a region that is struggling under the weight of instability and corruption.

In this type of environment, both government organisations and the businesses they serve (and regulate) need ISO 37001. The sooner organisations implement the comprehensive measures prescribed by ISO 37001, the calmer the seas will be for international trade, business agreements and mergers, acquisitions and other positive elements of economic growth.

An established standard like ISO 37001 ABMS can help organisations address bribery and corruption through implementing best practices in a program of training and certification. While following the curriculum, the training process can easily be tailored to the organisation based on its size, type, industry or risk level. Bribery and corruption are pervasive problems that won’t be solved overnight. It will take a concerted effort by all major players in the region to make positive strides and reduce risk factors. ISO 37001 provides a blueprint for making those changes. Twenty or thirty years ago, organisations were mostly on their own went it came to developing an anti-corruption strategy. Today, there is a tried-and-true path forward. Committing to it is the first step toward making real progress in the Middle East.

Sources

1. “Middle East & North Africa: Corruption Continues As Institutions And Political Rights Weaken,” Transparency International, 29 Jan. 2019,

< https://www.transparency.org/news/feature/regional-analysis-MENA> (accessed 25 Oct. 2019)

2. John Fund, “Cleaning Up Corruption Is a Key to Middle East Stability,” National Review, 23 October 2019,

<https://www.nationalreview.com/corner/cleaning-up-corruption-is-a-key-to-middle-east-stability/> (accessed 25 Oct. 2019)  OECD, The rationale for fighting corruption. 2014

3. Shahir Shahidsaless, “Iran’s conservatives are saying it: Corruption is ‘systemic’”, Middle East Eye, 7 Oct. 2019,

<https://www.middleeasteye.net/opinion/whats-behind-irans-crackdown-corruption> (accessed 25 Oct. 2019)

4. Jalil Bayat, “Iran’s Goals In The Fight Against Economic Corruption,” Lobe Log, 18 Oct. 2019,

<https://lobelog.com/irans-goals-in-the-fight-against-economic-corruption/> (accessed 25 Oct. 2019)

5. Salam Al Amir, “Emirates Post worker jailed for seeking Dh100k bribe from customer”, The National, 31 Oct. 2018,

< https://www.thenational.ae/uae/emirates-post-worker-jailed-for-seeking-dh100k-bribe-from-customer-1.786526> (accessed 10 Nov. 2019)

6. Ahmed Sheeban, “Government officer jailed for accepting Dh900 bribe in UAE”, Khaleej Times, 13 April 2019,

< https://www.khaleejtimes.com/nation/ras-al-khaimah/government-officer-jailed-for-accepting-dh900-bribe-in-uae> (accessed 10 Nov. 2019)

7. Andrew Hudson, “Middle East meets West: Where is the line between relationship-building and bribery?,” Al Tamimi 7 Co., September 2015,

< https://www.tamimi.com/law-update-articles/middle-east-meets-west-where-is-the-line-between-relationship-building-and-bribery/> (accessed 25 Oct. 2019)

8. Ben Thompson, “Bribery worsening in the Middle East and North Africa, citizens say,” CSM, 3 May 2016,

< https://www.csmonitor.com/World/Global-News/2016/0503/Bribery-worsening-in-the-Middle-East-and-North-Africa-citizens-say> (accessed 25 Oct. 2019)

9. “ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMS — REQUIREMENTS WITH GUIDANCE FOR USE”, www.ISO.org,

< https://www.iso.org/standard/65034.html > (accessed 5 Aug. 2019)

10. Adam Vause, Zara Merali, “The UAE’s fight against bribery and corruption,” DLA Piper, 16 July 2019,

< https://www.dlapiper.com/en/dubai/insights/publications/2019/07/the-uaes-fight-against-bribery-and-corruption/> (accessed 25 Oct. 2019)

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, ISO 37001, Middle East, Resources, Third-Party Risk Management by admin
No Comments »

How Risk Management and Due Diligence Interlock?

RISK MANAGEMENT AND DUE DILIGENCE: HOW DO BOTH INTERLOCK?

Risk management and due diligence: How both interlock? These are challenging and complex times. COVID-19 is forcing organisations to adapt quickly and change their business model in the process. In an era of compliance, with many regulations and regional “interpretations”, leaders and organisations need to be careful about how they conduct business, who conducts business in their name and with whom. This demands extraordinary attention to the means and mechanisms used by the organisation.

Due diligence, in legal terms, entails taking reasonable steps to satisfy any legal or regulatory requirement, regardless of the size or type of business conducted. Businesses also need to take several mandated steps to ensure that the organisation remains safe from any unwanted or unauthorised action taken on their behalf. For example, when making an investment such as a merger or an acquisition, the organisation needs to take the appropriate action on the proper due diligence necessary to make the most informed decision possible.

Being casual about the due diligence process is a failure to execute the proper level of investigation regarding the assets being purchased or financed or the management team being backed and vetted.

Where does Risk Management Come into Play?

Risk management is the identification, evaluation, and prioritisation of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimise, monitor, and control the probability or impact of unfortunate events or to maximise the realisation of opportunities.

A formal business discipline that relies on the forecasting and evaluation of any risks, along with identification and (where feasible or warranted) implementation of procedures to avoid or minimise their impact. Using ISO 31000 can help organisations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.

DOWNLOAD ISO 31000 PLAYBOOK

Risks can come from various sources including your employees. From a risk management perspective, the penalties on conducting business that can result from unwanted or unauthorised third-party relationships or any employee unethical business action are exceedingly high making it imperative to perform due diligence when trying to protect your business and brand.

Inadequate due diligence can easily take down an organisation; from damaged reputation to brand devaluation, from regulatory violations to fines and jail terms for directors, the risks are exceedingly high.

The risks from losses of such potential magnitude should not be ignored. At such cost, implementing the most stringent and effective controls and protections in place even at a cost still makes absolute financial sense. And the only way to fully protect a corporation’s assets, therefore, is through a strong and viable 360 due diligence program.

Learn more about due diligence from this article. When is due diligence most critical?

Managing risk and due diligence should begin with a policy and a plan. Here we will focus on the human element of risk management, specifically background investigations. Organisations need to perform due diligence to make sure that their business is conducted by their employees and through their partners and vendors. Such insurance invariably includes regular security audits, ISO certification, pre-employment background checks, TPRM, etc.

There are several incentives to practice due diligence and perform risk management to ensure you conduct business appropriately and comply with all applicable laws and regulations. Anything less is just asking for trouble and losses!

What Can and Should Organisations and Risk Professionals Do?

The very first step to mitigating risks and exposures starts with a risk assessment. There are plenty of risk assessment checklists and tools available. If you want to dive deeper into how to start a risk assessment, just read our Risk assessment breakdown: Identification, Analysis, Evaluation to learn more. Once risk professionals get a handle on their due diligence processes and other compliance regimes, it’s time to start the entry process into the regulatory life cycle:

1. Prioritisation and planning
2. Implementation of a response
3. Integration of related tools, technologies, audits, processes and procedures to integrate compliance into normal operations

The first steps toward achieving compliances are usually big ones and may require substantial time and effort. But after that, it’s just a matter of sticking to a routine to maintain compliance, meet reporting requirements and keep up with changes to governing regulations and day-to-day tools and operations.

About CRI Group™

Based in London, CRI Group™ works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group™ also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group™ launched the Anti-Bribery Anti-Corruption (ABAC™) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000 Risk Management, providing training and certification. ABAC™ operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group™’s global team of certified fraud examiners work as a discreet, white-labelled supplier to some of the world’s largest organisations. Contact ABAC™ for more on ISO Certification and training.

Prove that your business is ethical with our free Gap Analysis

Evaluation of Corporate Compliance Programs – Highest Ethical Business Assessment: Evaluating Adequate Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Framework

Prove that your business is ethical. Complete our free Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Find out if your organisation’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Let ABAC™ experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under the UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.

The HEBA survey is designed to evaluate your compliance with adequate procedures to prevent bribery and corruption across the organisation. This survey is monitored and evaluated by qualified ABAC™ professionals with Business Ethics, Legal and Compliance backgrounds. The questions are open-ended to encourage a qualitative analysis of your Compliance Program and to facilitate the gap analysis process.

The survey takes around 10 minutes to complete.

TAKE THE SURVEY NOW!

Filed under: All Industries, All Regions, Due Diligence, Resources, Third-Party Risk Management by admin
No Comments »

Top 10 ways to protect your organisation from bribery and corruption

According to the International Monetary Fund (IMF) public sector corruption siphons $1.5 trillion to $2 trillion annually from the global economy in bribes and costs far more in stunted economic growth, lost tax revenues and sustained poverty. The fact is, bribery and corruption can affect any organization, of any size, in any industry and location. So how to protect your organization from bribery and corruption.

There are 10 things that an organization can do, to be better protected against the threat of bribery and corruption:

1. Be proactive: Adopt a code of ethics for management and employees. Evaluate your internal controls for effectiveness and identify areas of the business that are vulnerable to bribery and corruption.
2. Be strict: Communicate regularly to staff about anti-bribery and corruption policies, ways to report suspicions of misconduct, and the potential consequences (including termination and prosecution) of unethical behavior.
3. Train your employees: Your workforce is your first line of defense against corruption – enroll your organization in training programs like ISO 37001:2016 Anti-Bribery Management System Introductory, Internal Auditor or Lead Auditor training to ensure they can properly identify, prevent and detect bribery.
4. Be aware of red flags: Payment for vague services like “facilitating”, paying higher-than-normal fees to a vendor as “commission”, off-the-books deals, requirements of cash-only payments or unusual payment arrangements are all signs that things may be amiss and require further review.
5. Validate compliance regularly: Putting standards in place is only effective if you test and follow them year-round. Implement a process to ensure compliance with legislation like the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act 2010.
6. Conduct due diligence: An unethical partner or supplier engaging in bribery and corruption can have serious effects on your own company’s reputation. Conduct thorough due diligence, with background checks and full risk assessments, on all third-parties with which you are engaged.
7. Encourage whistleblowing. Corruption is still most likely to be detected by a tip. Providing an anonymous reporting system for your employees, contractors and clients will help uncover more cases of bribery and other misconduct.
8. Be transparent: A way to be proactive in your engagement with others is to ask for feedback. Then be prepared to address it, good or bad – creating open lines of communication and honest dialogue regarding what is and what isn’t unethical behavior.
9. Establish Hiring Procedures: When hiring staff, conduct thorough background investigations. Check educational, credit and employment history (as permitted by law), as well as references.
10. Get Certified: The ISO 37001:2016 Anti-Bribery Management System standard is designed to help an organization implement an anti-bribery management system. Any organization can and should become ISO 37001 certified to signify the measures it has taken to prevent and detect bribery and corruption

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, ISO 37001, Resources, Third-Party Risk Management by admin
No Comments »

ISO 37001 Certification: a Proclamation of Business Integrity

It’s a well-known World Bank statistic, but one that bears continual repeating: More than US$1.5 trillion – or 2% of world gross domestic product – is paid in bribes each and every year, contributing to the demise of governments, inadequate social services, inferior infrastructure, low-quality goods and services, and a general strain on public and private sector integrity and reputation.

But the past several years have seen marked progress in the global fight against bribery and corruption, particularly with the adoption of ISO 37001 “Anti-Bribery Management Systems,” which provides generally accepted standards for establishing, implementing, maintaining, reviewing and improving an organisation’s anti-bribery management system.

The global adoption of the standard means that organisations worldwide can now publicly demonstrate their intent to battle bribery via review, examination and certification of their systems to the ISO standard. And in doing so, those certified organisations are realising many key benefits that come with certification, and the extended impact certification has on their supply chain and third-party partners.

ISO 37001 Certification: A Conscientious Decision

ISO 37001 certification is not currently mandated by governments around the world, with the exception of Malaysia and a few other countries which are considering certification as a requirement for private sector organisations bidding for government contracts. That said, multi-national organisations are increasingly seeking certification as a conscientious decision to improve their operations for the good of the overall organisation.

In doing so, those organisations are making a strong statement to their stakeholders, customers, authorities, third-parties and the international marketplace that they are taking all necessary measures to review, amend and improve their systems and processes to control and prevent bribery.

Even more important, to verify compliance and achieve such certification, those organisations are willing to expose their operations to outside independent auditors who are specifically trained in identifying risks and weaknesses within the organisation, while making recommendations for improvement.

From an integrity perspective, the result of certification to the ISO 37001 standard can help reduce internal and external corruption risks, manage compliance risks and boost the public perception and reputation of the organisation as a whole.

This can provide the organisation with certain advantages in the tender process and give the organisation a competitive edge in business development.

Take for example the case of Mubadala Investment Company PJSC (Mubadala), a state-owned holding company that can be characterised as a sovereign wealth fund in the United Arab Emirates, a country widely known for its relatively high rankings on the annual Transparency International Corruption Perception Index.

In 2019 Mubadala called on CRI Group’s ABAC Center of Excellence to attain ISO 37001 certification. Upon completion of the extremely thorough and careful certification process, Mubadala Head of Ethics & Compliance noted that achieving such certification has helped his organisation provide full confidence to its partners and shareholders, and has opened avenues of investment for international and national companies because Mubadala enjoys a great rapport with the business community as a competent and truthful entity.

“We are very proud to attain this certification. It demonstrates our strong commitment to the highest standards of ethics and integrity in our activities. This achievement specifically affirms the presence of anti-bribery management systems across Mubadala that support a culture of transparency and compliance in line with the highest global standards.” Mubadala Head of Ethics & Compliance said.

The Ripple Effect of ISO 37001 Certification

While one of the most beneficial advantage of certification is that it formally announces to the global marketplace that the organisation has gone to great lengths to demonstrate a high level of integrity in its compliance program and can be looked upon as a trusted partner when it comes to business affiliations and future business dealings, there is an notable down-stream effect as well.

That’s where the standard requires intense third-party due diligence to verify that the organisation’s supply-chain partners maintain a strong commitment to anti-bribery compliance. This subsequently motivates the organisation’s business partners, suppliers and third-party providers to examine and improve their own practices, knowing that the organisation will not conduct business with outside providers that don’t measure up to its internationally accepted compliance standards.

And managing third-party risks will result in the ongoing supply of high-quality products and services, on-time delivery, reduced legal liability, increased stakeholder protection, higher customer satisfaction and improved reputation, to name just a few of the associated benefits.

ISO 37001 Certification Improves the Organisation

Finally, ISO 37001 certification is structured in a way that not only identifies risks and weaknesses within an organisation’s anti-bribery framework, it also outlines measures designed to improve that framework and, in turn, contribute to strengthening the overall operation. Here are some examples:

Financially, certification can help identify redundancies in the processes used to combat anti-bribery and corruption, potentially reducing the costs associated with duplication. Additionally, through certification, one can assume that demonstrating an adequate procedures defense may in many cases reduce legal costs in bribery cases and investigations, while also reducing or eliminating potential fines levied in such cases.

Operationally, certification can help to streamline internal processes and controls, and – through effective top-down management advocacy – ensure that all staff levels of the organisation stand united in the fight against bribery and corruption.

Ethically, certification shows that the organisation is making a conscientious choice to protect its customers by taking strong stances against the effects of bribery, which include overpriced products or services, defective parts, and under-qualified labor – all of which can produce economic hardship, physical harm or even death.

From a brand perspective, certification demonstrates that the organisation is committed to operating in an ethical environment, taking strong measures to prevent bad actors from succeeding and exposing the organisation to negative media publicity, adverse public reaction and damaged reputation.

And from business development standpoint, certification can effectively enhance the organisation’s ability to secure new business contracts, as public sectors around the world are increasingly requiring such certification as a qualification in the bidding process for large-scale contracts.

It’s no secret why multi-national organisations are increasingly realising the many benefits of ISO 37001 certification, as they enjoy improved internal systems and procedures, greater operational efficiency and top-down confidence throughout the organisation, to reduced corporate risks, stakeholder liability, and a resulting competitive edge in the international marketplace.

ISO 37001:2016 Anti-Bribery Management System certification is offered under CRI Group’s ABAC® Centre of Excellence, an independent certification body established for Anti-Bribery Management System training and certification, ISO 37301 Compliance Management Systems and Risk Management System certification. The program will be tailored to your organisation’s needs and requirements. For assistance in developing and implementing a fraud prevention strategy, contact ABAC today or get a FREE QUOTE now!

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, ISO 37001, Resources, Third-Party Risk Management by admin
No Comments »

Corruption won’t stop: is your organisation protected?

In one case, an enforcement agent for a Malaysian government department pleaded guilty for receiving a bribe from a business owner. In another, a U.S. district attorney from Philadelphia was accused of taking cash in return for helping people with their legal cases. He was accused of 28 counts of bribery, and in the end was given a deal to plead guilty on one count. Both cases show how easy it is for organisations to fall victim to bribery and corruption.Businesses, non-profits, government organisations both face a risk to their financial well-being and reputation.

In Malaysia, the case centred around an employee of the Domestic Trade, Cooperatives and Consumerism Ministry. According to the article “Domestic Trade enforcement staff fined RM1,200 for bribery” published in the New Straits Times, Muhammad Mat Sa’ad, 36, was charged with taking bribes from a fuel storage owner in 2014. His case was prosecuted by the Malaysian Anti-Corruption Commission (MACC).

In the U.S., Philadelphia’s top law enforcement officer, District Attorney R. Seth Williams, pleaded guilty to bribery in a more sweeping case with some very troubling details. According to the New York Times article “Philadelphia District Attorney Pleads Guilty to Bribery and Resigns,” Williams allegedly accepted bribes from business people in return for offers of legal help with their cases or those of their friends. But he may have also defrauded his own mother.

The article states:

“Mr. Williams accepted gifts including a trip to the Dominican Republic and checks for thousands of dollars from people who wanted favours, prosecutors said. According to an indictment by the United States attorney’s office for New Jersey, he promised one of the business people that he would “look into” a case that had been brought against a friend of that person.

He also faced charges including wire fraud and extortion for his alleged personal use of political action committee funds and government vehicles. Among the most damaging charges against Mr. Williams was that he defrauded a nursing home and family friends of money that was designated for the care of his mother.”

He faces a up to five years in prison and a fine of up to $250,000.

These types of troubling cases can likely be prevented with the right training, internal controls, and certification. The International Organization for Standardization (ISO) issued the ISO 37001:2016 Anti-Bribery Management System standard to help companies worldwide increase and measure their efforts against bribery and corruption.

CRI® Group is registered as a foremost ISO 37001:2016 Certification Body with the Dubai Accreditation Center (DAC) Government of Dubai, UAE, and has formally launched its ISO 37001:2016 Anti-Bribery Management Systems certification program. ISO 37001:2016 certifies that your organisation has implemented reasonable and proportionate measures to prevent bribery. These measures involve top-level leadership, training, bribery risk assessment, due diligence adequacy, financial and commercial controls, reporting, audit and investigation.

Through CRI® Group’s 3PRM-Certified™, the ISO 37001:2016 Anti-Bribery Management System Certification will help your company, organisation or department to reduce risk of bribery and corruption by establishing, implementing, maintaining and improving your management system. The certification empowers you with the ability to safeguard and maintain the integrity of your company by:

• Guaranteeing that all workers and agents are devoted to the latest anti-bribery practice.
• Regularly validating compliance to appropriate legislation like the FCPA and UK Bribery Act 2010.
• Jointly cooperating with stakeholders to observe and reduce the risks throughout your supply chain.
• Externally scrutinising your company, testing the effectiveness of your anti-bribery policies and processes.
• Creating “Compliance in Action.”

ISO 37001:2016 Anti-Bribery Management System certification is offered under CRI® Group’s ABAC® Centre of Excellence, an independent certification body established for Anti-Bribery Management System training and certification, ISO 37301 Compliance Management Systems and Risk Management System certification. The program will be tailored to your organisation’s needs and requirements. For assistance in developing and implementing a fraud prevention strategy, contact ABAC® today or get a FREE QUOTE now!

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, Due Diligence, ISO 37001, Leadership Insights, Resources, Third-Party Risk Management by admin
No Comments »

Do you have a third-party risk management (TPRM) strategy in place?

It’s highly probable that, at some point, organisations that affiliate with outside providers will eventually have to deal with an operational interruption resulting from a third-party related issue. However, the risks involved in partnering with outsiders are many and complex. International orders have been ripped down. Technology has improved the way businesses communicate. Easy access to data and information enables the media to report on the business news before a business can properly respond. And the markets are quick to form opinions based on a 24/7 on-demand news cycle. The potential liabilities have been ratcheted up several notches. More than ever, managing the third party risk is key to businesses’ survival.

Managing the third party risk

The result of this increased liability is problematic. Business litigation has skyrocketed. Corporate reputations are constantly being assaulted. Business strategies are forever shifting. Board members are becoming increasingly subjected to intense scrutiny from outside critics. And a highly educated market responds immediately with their pocketbooks.

VIEW 3PRM BROCHURE

Third-party risk is a “board-level” issue

Recent data breaches at Fortune 500 companies such as JPMorgan Chase, Apple iCloud, Home Depot, and Target raise serious concerns about the private sector’s information security and third-party risk management practices. Regulations regarding third-party risk have been updated constantly in recent years because of it. Industry regulators’ heavy media attention and penalties have spotlighted third-party risk management. And it is now regarded as a top priority for all levels of management within large organisations.

Various regulators and industry bodies have all issued their third-party risk management guidelines creating an overlap of requirements depending on the services that the organisation may have outsourced.

CRI® Group has a network of local subject specialist operatives across the Middle East and Asian regions, can extend a helping hand and offer integrity due diligence being preemptive measures against:

• Experiencing financial loss when a third-party provider failed;
• Losing customers because of poor-quality service from a third-party;
• Exposing breaches to data systems because of poor security practices by a third-party;
• Experiencing supply chain issues due to poor disaster recovery procedures by the third-party;
• And being exposed to litigation because of relationships with an outside provider significantly violated contractual terms, potentially resulting in regulatory exposure.

When Working with Third-Party Providers, CRI® Group designed the solution: “3PRM” Third-Party Risk Management Strategy! A proactive approach to mitigate the risks involved with Third-Party affiliations to protect the organisation from liability, business interruption and brand damage.

Are you establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business?

Staying one step ahead of any critical risk to your organisation is part of being an effective business leader. Contact us today to implement a robust program that will serve you well for years to come.

GET A FREE QUOTE NOW

Filed under: Resources, Third-Party Risk Management by admin
No Comments »

Internal Control: Identify Vulnerabilities through TPRM Assessment

CRI® Group’s Third-Party Risk Assessments are front-line tools used to ascertain whether an organisation has the appropriate policies and procedures in place to address all potential risks at the management, operations and financial levels and simulates the likelihood of those risks occurring.

A 3PRM^TM assessment includes a review of internal auditing procedures, compliance guidelines, performance criteria, internal controls, reporting processes, and contractual requirements vital to fostering a long-term positive outcome with the third-party provider when looking at the relationship from a cost-benefit standpoint. A 3PRM^TM assessment verifies whether the proposed third-party relationship is consistent with the organisation’s strategic plan and overall business strategy. Specific areas addressed in a 3PRM^TM assessment include:

• Audit and supervision functions that assign clearly defined responsibilities within the organisation
• Business continuity plans that take into account natural disasters and third-party business closures
• Supply-chain alternatives that react and respond to every possible scenario, from regional events to currency fluctuations
• Jurisdictional considerations and affiliations with potential partners located in regions that may be prohibited by law
• Data and intellectual property protection, which includes customer privacy and information security considerations
• Anti-corruption and whistle-blower policies begin with staff education and extend to safe internal and external reporting mechanisms which are easily accessible to management and staff.

Our 3PRM^TM assessments ensure tight controls to mitigate key risks and designate specific staff responsible for maintaining those controls. Any gaps detected in those controls are addressed during the assessment phase.

VIEW 3PRM^TM BROCHURE

CRI® Group invites you to schedule a quick appointment with us to discuss how conducting our 3PRM^TM assessment can help you and your organisation. 

GET A FREE QUOTE

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, TPRM, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

Filed under: All Industries, All Regions, Industry Insights, Resources, Third-Party Risk Management by admin
No Comments »