Risks of Cybercrime and Social Media: NEW PLAYBOOK

The risks of cybercrime claims many victims over many sectors. The PwC Global Economic Crime Survey 2020 found that a company falls victim to six frauds on average. The most common types are customer fraud, asset misappropriation as well as cybercrime. It also proved a roughly even split between frauds committed by internal and external perpetrators, at almost 40% each – with the rest being mostly collusion between the two. Few can deny the enormous technological advancements that are constantly taking place in the modern world. The internet, the computer, and other technological advancements have dramatically changed what it means to socialise, ‘chat’, and even read a book. Both the disadvantages and advantages of such developments are clear, and as technology gains pace, so have the unlawful activities of those who seek to take advantages of such developments.

According to a 2020 cybercrime report from Europol, COVID-19 sparked upward trend in cybercrime. In fact, since the beginning of the pandemic, the FBI has seen a fourfold increase in cybersecurity complaints, whereas the global losses from cybercrime exceeded $1 trillion in 2020. 

In other words, as technology evolves, the risks of cybercrime have become complex. The sense that one is safe from crime in the privacy of one’s own home has been lost. In fact, according to World Economic Forum’s “Global Risks Report 2020” the chances of catching and prosecuting a cybercriminal are almost nil (0.05%).

Take the First Steps Towards Developing Measures Against the Risks of Cybercrime! 

This playbook critically examines the growth of cybercrime, evaluating the risks it poses in terms of the different forms of cybercrime that exist and the regulations that seek to detect, prevent and punish them.

The extension of an old legislation to include cybercrime is not entirely effective – especially not for crimes committed within the realm of social media and social networking. Therefore the need to develop an ‘anti-cybercrime culture emerges. It has to be implemented on an international scale that safeguards these crimes – the promotion of careful use would therefore be facilitated to hinder such crimes before they can materialise. Our playbook includes:

• What is cybercrime and why is it important?
• Top corporate cybersecurity risks and 10 types of high-tech crimes
• How cybercrime impacts business and your company’s growth
• Cybercrime and regulations in place
• And how your response as a business matters – how to can you protect your business from cybercrime including advice and tips on how to telework safely

Download the full playbook today and learn step-by-step things your company can do to be better protected from cybercrime. Robust cyber-security, data protection, anti-fraud and risk management all come together to mitigate the dangers posed by hackers, phishers and other cybercriminals.

تحميل كتاب اللعب

With the playbook in your hands, you’ll learn about the most common cyber attacks. This includes viruses, phishing attacks and website hacks. You’ll also gain a better understanding of the consequences of different types of cybercrime.

To sum it up, the playbook provides best-practices and ways that companies are lessening their risk without spending prohibitive resources to do so. Above all, the right expert advice means that any company can be on the right track to protecting their customers, their assets, and their employees from the risks of cybercrime.

Who is CRI Group™ ?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC™ operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC™ for more on ISO Certification and training.

Filed under: All Industries, All Regions, All Solutions, Background Investigation by admin
Comments Off on Risks of Cybercrime and Social Media: NEW PLAYBOOK

New European Parliament Corporate Due Diligence and Corporate Accountability

Corporate due diligence and corporate accountability, ending an era of voluntary policing. A new EU mandate places liability on companies unable to assess and mitigate unethical third-party behaviour. New legislation requires companies operating in the EU to ‘identify, address and remedy their impact on human rights and the environment throughout their global value chains.’

Situation Analysis:

• In 2017, nearly 25 million people categorised as victims of forced labour. International Labour Organization, 2017 report
• From 2000-2012, nearly 25% of all tropical deforestation was due to illegal agro-conversion for export markets. 2019 study

Global economies have significantly benefited from an increase in cross-border and international business partnerships, which has led to a substantial expansion of the global value chain. Subsequently, more and more companies are being exposed to potential liability by unscrupulous third-party providers in their supply chain pipeline with little respect for business ethics, human rights or the environment.

There is a growing concern worldwide of the many supply chain businesses linked to severe abuses, including exploitative working conditions, modern slavery and child labour, toxic pollution, rampant destruction of rainforests and a general disregard for corporate governance.

For decades, companies have voluntarily monitored supply chain partners for bad behaviour, but this self-policing has limited. But now, the European Union Parliament has presented mandates for EU businesses – under penalties of law – to carry out due diligence to identify, prevent, mitigate and account for actual or potential human rights violations and negative environmental impacts in their operations and supply chain. 

“We live in a world where businesses with the wherewithal can still shift their adverse social and environmental impact to the most vulnerable people and places on the planet.” Lara Ianthe Wolters, Member, European Parliament

The Challenge: You are Liable for the Conduct of Your Partners; Lack of Due Diligence will Get you into Trouble

The legislation requires companies operating in the EU to identify, address and remedy their impact on human rights (including social, trade union and labour rights), the environment (contributing to climate change or deforestation) and good governance (such as corruption and bribery) throughout their value chain.

This is akin to saying that if a company fails to conduct due diligence on a third-party partner that engages in slave labour, pollutes the environment, manipulates the price or violates jurisdictional regulations, that company is essentially complicit in the partnering company’s illegal behaviour. It may be held liable in a court of law.

Aside from legal and monetary penalties, the company further risks a tarnished reputation in the market and a devaluation of its brand.

It’s crucial for businesses utilising global supply chain partners to conduct due diligence and assess the potential risks that a third party may pose to your organisation, particularly when addressing risks associated with environmental damage and human rights violations.

The Solution: Identify Unethical Behaviour and Protect Your Organisation with 3PRM, Corporate Due Diligence and Risk Management

CRI Group™ developed a highly specialised assessment solution for Corporate

From enhanced due diligence to identify non-compliance of the regulatory framework and damaging environmental allegations to investigating company (or stakeholder) human rights violations related to labour laws, child labour or human trafficking, CRI Group experts help determine the legal compliance, financial viability, and integrity levels of outside partners and suppliers affiliated with your company’s value chain.

Outcomes

Recent studies have demonstrated a positive correlation between the extent to which companies implement environmental, social and good governance policies, and their overall economic performance, all while contributing to a more stable global marketplace. Such responsible business conduct:

• Enhances protection for workers
• Improves access to justice for victims
• Safeguards the environment
• Ensures fair products for consumers

Further, apart from general compliance with EU mandates, such organisations enjoy a wealth of intangible benefits, including:

• Reduced overall liability risks
• Improved stakeholder protection
• Lower costs resulting from conflicts
• Improved company transparency
• More profound knowledge of the value chain
• Enhanced reputation in the market 
• Improved social standards for workers

“The global pandemic has demonstrated that resilient global supply chains that protect both the people and planet will be crucial to companies and economic recovery in the future.” Transparency International EU

CRI Group’s corporate due diligence and accountability solutions can help your organisation comply with a growing list of global regulations and mandates related to human rights and the environment while acting as an integral part of your business decision-making and risk management systems. 

Are you prepared to conduct a due diligence assessment on your global partners? Contact CRI Group to learn more about our Corporate Due Diligence and Accountability solutions and stay one step ahead of the pending EU mandates. We look forward to assisting you.

Zafar I. Anjum | MSc, MS, LLM CFE, CIS, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC), MBCI, CII Int. Dip. (AML)

Group Chief Executive Officer, Corporate Research and Investigations Limited

Our enhanced Integrity Due Diligence services will ensure that working with an, i.e. potential trade partner will ultimately achieve your organisation’s strategic and financial goals. To find out more about each level of due diligence, contact CRI Group HERE!

Filed under: All Industries, All Regions,

John Wood Group to Pay $177 Million to Settle Bribery Charges Inherited Through its Merger

John Wood Group Bribery Probe Trace Back to its Merger with Amec Foster Wheeler Plc.

The Importance of Due Diligence in Merger and Acquisition to Avoid a Similar Incident Happened like in John Wood Group.

Due diligence is understood as the reasonable steps taken to satisfy legal requirements in the conduct of business relations. That allows you to reduce risks – including risks arising from the FCPA (Foreign Corrupt Practices Act) and the UKBA (UK Bribery Act), to make informed decisions and to pursue takeovers or mergers with more confidence.

Unlike other kinds of control (audits, market analysis, etc.), it must be completely independent and rely as little on information provided by the researched subject. The other important difference lies in the methodology: commercial or financial due diligence analyses available information, investigative type provides reliable and pertinent, but raw, information.

Due diligence on potential business partners when adding a new vendor or hiring a new employee is vital to confirm the legitimacy and reduce the risks associated with such professional relationships. Global integrity due diligence investigations provides your business with the critical information it needs to make sound decisions regarding mergers and acquisitions, strategic partnerships, and the selection of vendors, suppliers, and employees.

It will ensure that working with an, i.e. potential trade partner will ultimately achieve your organisation’s strategic and financial goals. CRI Group investigators employ a proven, multi-faceted research approach that involves a global array of databases, courts and public record searches, local contacts, industry and media resources, and in-depth web-based research. Our resources include:

Filed under:

Tackling Corporate Fraud in the Middle East

Tackling corporate fraud in the middle east has become even more challenging during the pandemic. ICAEW Insights sat down with our founder and chief executive, Zafar Anjum, to discuss the rising levels of corporate fraud in the middle east during the pandemic.

Find out how CR™ is using AI to investigate wrongdoing; from fake degrees and doctored CVs to false insurance claims and bogus bills, our corporate fraud investigators in the Middle East have seen it all. Zafar told ICAEW his firm was busier than ever as the pandemic triggered a rise in white-collar crime cases across the region.

From its base in London, CRI has been helping firms in middle east regions like Qatar, Dubai, Abu Dhabi and Saudi Arabia. Regions where anti-fraud frameworks are still being built out inside the embryonic corporate regulatory regimes that govern the Middle East.

“We’ve seen a lot of insurance fraud claim investigations, fake bills, fake debts and fraudulent certificates designed to cheat insurance companies,” Zafar said. “Covid allowed internal controls to be relaxed; people are working from home, so the usual check and balances are missing.”

Filed under: All Industries, All Solutions, Leadership Insights, Middle East by admin
Comments Off on Tackling Corporate Fraud in the Middle East

The Story of Our CEO and Company

The Story of CRI Group™

By

THE BEGINNING: EVENT THAT CHANGED ME

Shortly after leaving the Pakistani Rangers in 1994 (five years after my graduation), I took over my father’s private investigation organisation – called, at the time, the Metropolitan Detective Agency. During this period, I was involved in investigating a case of suspected insurance fraud. The case involved a grandfather attempting to lay claim to his daughter’s life insurance settlement following her death under the pretext that he was responsible for the guardianship of her four orphaned children. After investigation, it was revealed that this was not the case and that the grandfather was attempting to defraud his late daughter’s insurance company.

Much like my feeling towards the case, the situation’s outcome could be characterised in two ways – one positive and one negative. I remember the overwhelming pride I felt in our success on the positive side. However, this was somewhat overshadowed by a sense of what is perhaps best articulated as injustice – I saw first-hand how fraud is damaging. And although fraud was having (and continues to have) a detrimental effect on the people, the lack of an effective solution to the problem meant that, frustratingly, such crimes were able to continue.

UNCOVERED MY FIRST FRAUD; WHAT’S NEXT?

Whilst I had managed to deal with one case of fraud and thus prevented the successful committing of a crime, this was just a single instance of fraud – I had done nothing to move towards an overall reduction of the problem. In other words, I concluded that I had managed to treat a mere symptom rather than the underlying illness.

DEDICATION TO INVESTIGATING FRAUD

Although the case itself was not particularly unusual, at least as far as fraud cases go, one particular aspect of the affair struck me – that, in contrast, most crimes are dealt with by the justice system, and fraud is peculiar. It often mandates investigation by an external agency or organisation that specialises in fraud detection. I noticed that such organisations were sorely lacking in Pakistan at the time – and that there was a distinct lack of counter fraud education in the general population, which aided those committing fraud greatly. Furthermore, even where individuals were aware that they were being defrauded, they lacked knowledge of effectively resolving disputes between themselves and the defrauder.

With this analysis in mind, I concluded that there needed to be significant growth in the counter-fraud industry within Pakistan. This is where the privatised nature of fraud investigation could make a significant positive impact. 

Although the police might not have had the resources to deal with fraud in its entirety, there was certainly an incentive for private companies to increase their spending in this area. In other words, there was a clear market opportunity for the expansion of the anti-fraud industry, and one that I knew how to fill with my experience and knowledge. Although I am market-minded as a matter of business necessity, it has become apparent to me over recent years that I am at my most motivated not when I am seeking organisational growth but when I am seeking professional development.

Corporate Research and Investigations Ltd (CRI Group’s First Logo)

FUTURE PLANS: CRI GROUP™ EXPANSION

With this conclusion in mind, I continued with the operation and expansion of Corporate Research and Investigations Limited “CRI® Group”. As well as expanding the CRI® Group, I began to take more and more of an interest in the professional aspects of fraud investigation. For this reason, in 1995, I became the first member of the Association of Certified Fraud Examiners from Pakistan, and in 1998 I was appointed the Area Governor for Pakistan and the Middle East by the World Association of Detectives.

The Area Governor appointment letter, issued to Zafar Anjum by
World Association of Detectives, 1998

If I were to summarise the one lesson that I learned due to my early experiences in Pakistan, it would be important to expand counter-fraud and counter-corruption to where it is needed. The ramifications of this lesson did not end when I left Pakistan either. My awareness of areas into which fraud prevention might be further expanded has continued. For this reason, I have taken a particular interest in the emerging area of corporate corruption and fraud.

CRITICAL REFLECTIONS ON MY PERSONAL DEVELOPMENT

Being a business owner, it is only natural that my personal development has been attached to the development of my organisation. As noted above, I have sought to have my organisation grow in line with my field – where there has been a need to combat corporate corruption and fraud, I have sought to conquer the resulting market. Similarly to how I have sought to expand my business, I have also found it necessary to seek out personal development opportunities whenever they become available. To this end, I have consistently been seeking out academic development since 2009. I have since completed an ICA International Diploma in Financial Crime Prevention, ICA International Diploma Governance, Risk and Compliance, ICA International Diploma in Anti-Money laundering, and MSc in Counter Fraud and Counter Corruption Studies. I completed another Master in Fraud and Financial Crime with Distinction and a Master of Laws (Legal Practice Intellectual Property). It is only natural that I am currently seeking to learn academically and contribute something to academia in the form of my PhD thesis.

In terms of personal development, I can therefore consider myself lucky to bring my career experience to doctorate-level study. Still, I will be able to take what I have learned at the doctorate level and apply it in a professional setting. Although I am market-minded as a matter of business necessity, it has become apparent to me over recent years that I am at my most motivated not when I am seeking organisational growth but when I am seeking professional development.

Hard work and dedication are two values ingrained into our core and are found in all facets of our operation. We believe that true value comes from fostering trust with our colleagues and clients at an equal level. We take great care in keeping integrity at the forefront of our Anti-Corruption, Compliance and Risk Management services. We wish to build long-term relationships in which we can be counted on to provide efficient and cost-effective services.

CRI Group’s very first international directory advertising in the UK during 1998

Looking Forward…

I believe it is important to constantly look for ways of improvement, especially in this rapidly changing industry. Each new technological development is an opportunity for us to advance our capabilities and competencies. Making use of the finest equipment and the most advanced technologies is one of the many ways that we set ourselves apart from the competition. I take great pleasure in implementing the most innovative ways to provide for our colleagues and team.

Our goal is to provide principled and reliable Anti-Corruption, Compliance and Risk Management Services for our clients. With the shifting marketplace, we pride ourselves on maintaining our core values as a constant. The message to our client is that your satisfaction is the main driving force behind our business. When you choose our services, you can expect a professional, high-quality experience every time.

Thank you all for your dedication, and congratulations on our 32nd anniversary!

With gratitude and wishing for more years to come for the CRI Group™ family,

Filed under: All Regions, CRI News, Leadership Insights by admin
Comments Off on The Story of Our CEO and Company

What’s Law vs Allowed with Pre-employment Screening Around the World:

Filed under: All Industries, All Regions, Background Investigation, Employee Background Check, Resources by admin
No Comments »

Q&A on How Corporate Fraud and Corruption Affect Businesses in the UAE 2021

CRI Group™ and its ABAC™ Center of Excellence were featured in Financier Worldwide’s InDepth Feature: Corporate fraud and corruption 2021. In this edition, CRI Group’s CEO Zafar Anjum and ABAC Group’s Scheme Manager Huma Khalid talk about how corporate fraud and corruption affect businesses not only in the UK and UAE, but across the globe, and provide solutions and insights for businesses to become better protected from corporate fraud, bribery and corruption.

Q. To What Extent have you seen a Notable Rise in the Level of Corporate Fraud, Bribery and Corruption Uncovered in the UAE?

A. The United Arab Emirates (UAE) remains the least corrupt country in the Middle East and North Africa region. It was perhaps fitting that the United Nations (UN) held its anti-corruption conference in the UAE just over a year ago. At the conference, delegates drafted anti-corruption resolutions and discussed asset recovery, international cooperation, and other topics in preparation for an upcoming special session of the UN General Assembly against corruption. Of course, there is still much work to be done. Fraud, bribery and money laundering are still problems in the UAE that require a united focus to overcome. Of special concern is the real estate sector, which some have called a haven for stashing and laundering cash. In some cases, these funds are linked to terrorist financing, raising the alarm beyond just the balance sheet for typical financial or corporate fraud.

Q. Have there been any Legal and Regulatory Changes Implemented in the UAE Designed to Combat Fraud and Corruption? What Penalties do Companies Face for Failure to Comply?

A. The recent Anti-Commercial Fraud Law in the UAE strengthened rules around counterfeiting and intellectual property (IP) theft, among other areas. In addition, lawmakers and regulators are applying an anti-fraud focus to other laws. A perfect example is the UAE’s Insolvency Law 2020. The Ministry of Finance announced that penalties will be imposed on those who fraudulently abuse the law. This could include making a fake claim or a sham debt against a debtor or illegally increasing a debt amount. Such offences are punishable by jail time and fines. An awareness campaign by the UAE Banks Federation (UBF), the Central Bank of the UAE (CBUAE), Abu Dhabi Police, and Dubai Police was the first such collaboration in the UAE and it comes as both corporate and consumer fraud have increased. Companies are expected to protect their stakeholders’ investments, and failure to do so can lead to regulatory and legal punishments.

Q. In your Opinion, do Regulators in the UAE have Sufficient Resources to Enforce the law in this area? Are they Making Inroads?

A. There are at least two daunting tasks facing regulators in the UAE at present: detecting and preventing money laundering and stemming the growing threat of cyber crime. While these problems are not unique to the UAE, they do require significant investment and increased investigation and enforcement efforts. Recent reports allege that illicit funds flow through ‘free trade zones’ and into real estate deals, such as luxurious properties in Dubai and other locations. The laws are in place to punish such crimes, but more inroads will need to be made to bring this under control in a country that largely succeeds at fighting fraud in other areas. Cyber crime is also a constant challenge that has been exacerbated by the COVID-19 pandemic. Many fraudsters have sought to take advantage of companies having to transition to different employment models, such as remote working. Fraud fighters are working hard to stay ahead of the curve in this regard.

Q. If a Company Finds itself Subject to a Government Investigation or Dawn Raid, How Should it Respond?

A. If a company finds itself under investigation, one of the first things it must do is mandate down the chain of command that employees cooperate fully with investigators. Any efforts to the contrary may be considered obstruction, and lead to more punishments or a higher likelihood of penalties at the end. In contrast, engaging in a good-faith effort to assist an investigation may weigh in the company’s favour.

Questions will arise, such as: Was this a surprise? What are the facts of the case? How did this occur? Legal counsel must be engaged immediately, but it is also important to speak with compliance officers, risk management, executives and the board in a transparent way to help the company move forward. Communicate a zero-tolerance policy toward fraud, and if employees are proven to have engaged in such behaviour, they should be terminated and prosecuted.

Q. What Role are Whistleblowers Playing in the Fight Against Corporate Fraud and Corruption? How Important is it to Train Staff to Identify and Report Potentially Fraudulent Activity?

A. Some business leaders falsely believe that audits, account reconciliation and other procedures offer the best protection against fraud. They are important functions, but they are not the most effective detection method. Fraud is often uncovered by tips, according to the ACFE’s Report to the Nations on Occupational Fraud and Abuse. Employees are truly the front line of defence for companies, and the first to throw up warning flags about unethical behaviour. The question is whether companies listen to their employees. And is there an easy, anonymous way for employees to submit tips, without fear of retaliation? Companies should educate employees about the red flags of fraud, and then make sure they know they can and should report it.

Q. What Advice can you Offer to Companies on Conducting an Internal Investigation to Follow up on Suspicions of Fraud or Corruption?

A. If the company does not have an experienced team of anti-fraud professionals on staff, it is crucial to enlist the help of an outside firm with experts who specialise in this area. There are mistakes companies make at the beginning of an investigation that can haunt them later. For example, most countries, including the UAE, have laws that govern the proper collecting and handling of evidence. With most evidence in a digital format, following the right protocols is more important than ever. There are also important guidelines for interviewing witnesses and those suspected of fraud which, when disregarded, could lead to a failed investigation. The bottom line is: do not go it alone – get expert professional help. And if criminal conduct is discovered, contact the authorities.

Q. What General Steps can Companies take to Proactively Prevent Corruption and Fraud within their Organisation?

A. Preventing and detecting fraud starts with a company’s employees, so training and communication are key. First, employees must be trained on what constitutes fraud, bribery and corruption, how to recognise it, and how to report it. Second, the company must communicate that fraud will not be tolerated on any level, and those who commit fraud will be terminated and prosecuted if they are found to have broken the law. Companies should also have anti-corruption and anti-fraud controls in place, including an employee code of conduct, regular and surprise audits, and a fraud reporting system available to employees, contractors and even customers. Achieving certification in internationally recognised standards, such as ISO 37001 ABMS, is a good practice too. When it comes to fraud and corruption, an ounce of prevention is worth a pound of cure. Being proactive is truly the only practical option for protecting the business and its assets.

Meet HUMA KHALID,  Scheme Manager

Huma Khalid, as scheme manager, is responsible for leading ABAC. Ms Khalid’s responsibilities include planning and overseeing all aspects of the ABAC programme, which include certification and training. Additionally, she oversees the compliance department for the implementation, management and internal audit of CRI Group’s and ABAC compliance programmes

ABAC™ Center of Excellence Limited | t: +44 (0)777 652 4355 | e: huma.k@abacgroup.com

About CRI Group™

CRI GROUP™ works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international risk management, employee background screening, business intelligence, due diligence, compliance solutions and other professional investigative research solutions provider. CRI Group™ has the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Its global presence ensures that no matter how international your operations are, the company has the network needed to provide you with all you need, wherever you happen to be. For more on our Risk Management solutions just check out our brochure:

View Risk Management Solutions Brochure

Filed under: All Industries, All Solutions, Industry Insights, Middle East, Resources by admin
No Comments »

Corporate Fraud and Corruption: Affect on UK Businesses in the 2021

CRI Group™ and its ABAC Center of Excellence were featured in Financier Worldwide’s InDepth Feature: Corporate fraud and corruption 2021. In this edition, CRI Group’s CEO Zafar Anjum and ABAC’s Scheme Manager Huma Khalid talk about how corporate fraud and corruption affect businesses not only in the UK and UAE, but across the globe, and provide solutions and insights for businesses to become better protected from corporate fraud, bribery and corruption.

Q. To what extent have you seen a notable rise in the level of corporate fraud, bribery and corruption uncovered in the UK?

A. The COVID-19 pandemic has created increased opportunities for fraud worldwide. The UK is not immune, unfortunately, and such a disruptive event as the pandemic increases the likelihood that normal safeguards and risk management controls can be bypassed and subverted. There has been an increase in reported fraud and corruption cases over the past year. A survey of fraud experts by the Association of Certified Fraud Examiners (ACFE) in August 2020 showed that 77 percent were seeing an increase in fraud. Perhaps not surprisingly, cyber fraud is the fastest-growing problem area, but there has also been an uptick in unemployment fraud. This is bad news in the UK, where fraud is our most common crime, costing the country £190bn annually, according to the Royal United Services Institute (RUSI).

Q. Have there been any legal and regulatory changes implemented in the UK designed to combat fraud and corruption? What penalties do companies face for failure to comply?

A. There is proposed legislation, supported by the secretary of state of the UK’s Department of Business, Energy and Industrial Strategy, that would increase accountability for corporations that produce falsified financial statements. This includes a provision that would require company directors to personally sign off on their corporation’s financial statements, under penalty of fines and possible prison time. Under the Sarbanes-Oxley Act in the US, the penalty for falsely certifying such statements is steep: up to 20 years in prison and up to $5m in fines, and the UK is looking at similar measures to step up its fight against fraud and corruption. The UK also recently approved the formation of an audit, reporting and governance authority (ARGA) that should come into force within the next two or three years. Accordingly, the UK is taking a stronger stance against fraud going forward.

Q. In your opinion, do regulators in the UK have sufficient resources to enforce the law in this area? Are they making inroads?

A. Combatting fraud is never straightforward. When looking at progress in detecting and preventing fraud, it sometimes feels like a question of whether the glass is half full or half empty. For example, the Serious Fraud Office (SFO) brought 13 fraud defendants to trial in 2019 and 2020, with a 95 percent fouryear success rate by case. Many of these represent large frauds, and they are meaningful wins, but how many more fraudsters are out there undiscovered? Other bodies, including Her Majesty’s Revenue and Customs (HMRC), among others, also have key roles to play in investigating fraud, but a considerable amount of fraud is still investigated and prosecuted at the local level. It is important for leaders in the UK to know what resources law enforcement have and where they need training and support in the fight against fraud.

Q. If a company finds itself subject to a government investigation or dawn raid, how should it respond?

A. Any investigation, and especially a raid, can be an incredibly stressful time for a company and its employees. The important thing is to not panic – the investigators have a job to do, and the sooner they get to the truth of the situation, the better for everyone. Companies should direct their management and their employees to cooperate fully, while also engaging legal counsel to properly protect the corporation from future litigation. If fraud is detected, it is a criminal matter and the company should make a good faith effort to work with prosecutors and regulators, while making sure to document all control measures and prior steps taken to manage fraud risk. Having a track record of meeting compliance requirements and having proper internal controls in place at the time fraud occurs could have a mitigating effect in terms of potential prosecution and penalties down the road.

Q. What role are whistleblowers playing in the fight against corporate fraud and corruption? How important is it to train staff to identify and report potentially fraudulent activity?

A. Employees are a company’s first line of defence against fraud and corruption. But training them to recognise the red flags of fraud is only half of the process. The company must also implement a reporting system that is anonymous and easy to use, so that employees are encouraged to report any suspicions. Then, the company must follow through and fully investigate any reports that do come in. If it does not, whistleblowers will believe that combatting fraud and corruption is not a corporate priority, and the tips will stop coming in. How important are those tips? According to the ACFE, they are by far the highest detection method for fraud, well above audits and other means. The company should communicate that a whistleblower hotline or online reporting system is available, and that there is a zero-tolerance policy for any type of retaliation against whistleblowers. Over time, the tips will come in.

Q. What advice can you offer to companies on conducting an internal investigation to follow up on suspicions of fraud or corruption?

A. Investigations can be challenging, and they require expertise. For example, there are rules for collecting and handling evidence, including physical evidence and witness statements, that must be followed for such evidence to be admissible in court. There are also laws in the UK dealing with privacy and the rights of the accused. The bottom line is that a company already dealing with a potentially costly and damaging fraud scenario should not risk adding more legal trouble through a faulty investigation. Hire experts who deal with corporate crime and specialise in fraud and corruption cases. Like any other area of expertise, they will have the knowledge and resources to help proceed with an investigation and lead it to the most favourable outcome for your company. If you already have anti-fraud professionals on staff, let them take the lead, but provide outside resources as needed.

Q. What general steps can companies take to proactively prevent corruption and fraud within their organisation?

A. A fraud prevention strategy has many different elements, and the sooner companies implement them, the sooner they can begin to work together in a proactive way to prevent fraud. Mandating employee training, such as ISO 37001 ABMS, having an ethical code of conduct signed by every member of staff, providing regular and surprise audits, and implementing a fraud reporting system are all effective ways to help prevent and detect fraud and corruption. None of these methods is strong enough on its own to properly protect organisations. But together, they can be very effective. It is also important to set a ‘tone at the top’, from ownership, directors and management on down, that fraud will not be tolerated. Anti-fraud controls only work if the company sees them through and thoroughly investigates every report. When fraud is confirmed, any perpetrators should be terminated and potentially prosecuted, sending a message of zerotolerance.

Meet HUMA KHALID,  Scheme Manager

Huma Khalid, as scheme manager, is responsible for leading ABAC. Ms Khalid’s responsibilities include planning and overseeing all aspects of the ABAC programme, which include certification and training. Additionally, she oversees the compliance department for the implementation, management and internal audit of CRI Group’s and ABAC compliance programmes

Center of Excellence Limited | t: +44 (0)777 652 4355 | e: huma.k@abacgroup.com

About CRI Group™

Based in London, CRI Group™ works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening,

In 2016, CRI Group™ launched Anti-Bribery Anti-Corruption (ABAC™) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC™ operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC™ for more on ISO Certification and training.

Filed under: All Industries, All Solutions, Industry Insights, Resources, United Kingdom, London by admin
No Comments »

Cyber Security: How to Maintain GDPR Compliance?

The European Union’s (EU) General Data Protection Regulation (GDPR) came into force in 2018. The GDPR was a response to massive worldwide data breaches that were undermining the trust and security of private citizens whose personal information was at stake. As this data was exposed by both hackers and, in some cases, simply through poor security measures, governments of the EU felt it was time to create a strong piece of governance to bolster protection. While the initial rollout of GDPR held some uncertainty and unknowns for organisations subject to its guidelines, there is now a much clearer picture of how its standards apply. The punishments for being caught out of compliance can be severe: Violators of the GDPR may be fined up to €20 million or up to 4 percent of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater.

Cybersecurity is a Priority for the Management

Even with extremely high fines and stringent requirements, GDPR violations and data breaches have been skyrocketing across the world. In 2020, the overall increase of fraudulent activities has been detected, based on ACFE’s “Fraud in the Wake of COVID-19: Benchmarking Report”: 77% of survey participants have seen an increase in the overall level of fraud as of August, compared to 68% who had observed an increase in May. Earlier we wrote how the COVID-19 crisis triggered fraudulent activities and what can businesses do to support anti-fraud movements in their organisations and to strengthen their immunity to fraud. However, cyber-attacks are on the rise – the survey by the gov.uk continues to show that cybersecurity breaches are a serious threat to all types of businesses and charities. 39% of businesses and 26% of charities reported having cybersecurity breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (65%), large businesses (64%) and high-income charities (51%).

The study suggests that the risk level is potentially higher than ever under COVID-19 and that businesses are finding it harder to administer cybersecurity measures during the pandemic: 35% of businesses compared to 40% last year are now deploying security monitoring tools. This reduction suggests that these organisations might simply be less aware than before of the breaches and attacks their staff are facing.

However, among those that have identified breaches or attacks, around 27% of businesses experience them at least once a week. The most common by far are phishing attacks (83%, and 79% in charities), followed by impersonation (for 27% and 23%). Based on a survey by the gov.uk, despite COVID-19 stretching many organisation’s cybersecurity teams to their limits, cybersecurity remains a priority for management boards. But it has not necessarily become a higher priority under the pandemic. Three-quarters (77%) of businesses say cybersecurity is a high priority for their directors or senior managers, while seven in ten charities (68%) say this of their trustees.

The Most Notable Data Breaches

In the climate where organisations are putting more emphasis on strengthening their online security systems, there is no shortage of data breaches or GDPR violations. Our experts have noticed and shortlisted a few most notable cases in any order for you to be aware:

1. Booking.com

The very recent case, when travel booking website Booking.com has been hit with a  €475,000 ($560,000) fine after failing to report a data breach within the time period mandated by the GDPR. It happened back in 2018 when telephone scammers targeted 40 employees at various hotels in the United Arab Emirates (UAE). The hackers were able to get login creations for the booking system and to access the personal details of more than 4000 customers who booked hotel rooms via booking.com. The scammers exposed the credit card details of 283 customers, and in 97 cases the CVV code was also compromised. Based on GDPR, the data breach must be reported within 72 hours. Booking.com was late for 22 days (!) to report the breach to the Dutch Data Protection Authority and was issued a fine in April 2021, as reported by Forbes.

2. Twitter

Another company that was late to report the security flaw is Twitter – it was discovered in December 2018 but the social media giant did not report it to Ireland’s Data Protection Commission (DPC) until the following month. As a result, Twitter has been told to pay a €450,000 GDPR fine by Ireland’s data regulator for failing to report a 2018 data breach in the legally required timeframe. The DPC also determined that Twitter failed to adequately document the breach, another requirement under GDPR.

3. Vodafone

The firm that has been warned or fined smaller amounts on at least 50 occasions between January 2018 and February 2020, is in the news again: the Spanish data protection authority has fined Vodafone €8.15 million (approximately £7 million) for aggressive telemarketing tactics and repeated data protection failures. The fine was issued as a result of an investigation that was prompted by hundreds of complaints, with the regulator discovering a system that held up to 4.5 million contact lists purchased from third parties without user consent.

4. Facebook

And another social media giant – Facebook. Ireland’s data protection watchdog is demanding answers from Facebook over the release of records on 533 million people that appeared to stem from the social media site. As reported in April 2021, a spokesman for the Data Protection Commission (DPC) – which regulates Facebook in the European Union – said “a dataset, appearing to be sourced from Facebook, has appeared on a hacking website this weekend for free and contains records of 533 million individuals.”

5. H&M

The Data Protection Authority of Hamburg, Germany, fined clothing retailer H&M €35,258,707.95 — the second-largest GDPR fine ever imposed. H&M’s GDPR violations involved the internal monitoring of employees. After employees took vacation or sick leave, they were required to attend a return-to-work meeting. Some of these meetings were recorded and accessible to over 50 H&M managers. It has violated the GDPR’s principle of data minimisation — don’t process personal information, particularly sensitive data about people’s health and beliefs, unless you need to for a specific purpose.

6. Google

The biggest penalty (€50 million) was issued to Google for its alleged failure to provide notice in an easily accessible form, using clear and plain language, when users configure their Android mobile devices and create Google accounts, and obtain users’ valid consent to process their personal data for ad personalisation purposes. 

COMPLIANCE & ETHICS HOTLINES, REPORT NOW

How to Maintain GDPR Compliance

What can we learn from these case studies? Maintaining GDPR compliance is a complex process, and requires a lot of diligent work. At CRI Group, we recommend looking at it as a part of your risk management strategies, together with your compliance policies and procedures.

To help you with maintaining compliance with GDPR, our integrity due diligence experts created the following top 10 GDPR best practices for any business or entity that deals with collecting, storing or using personal information:

1. Employ a Data Protection Officer (DPO)

It is a GDPR requirement that entities who carry out regular and systematic monitoring of individuals on a large scale, or large-scale processing of certain special categories of data, have an assigned DPO. It is also recommended, however, for all other entities to help ensure data security. While the GDPR does not specifically list the necessary training or qualifications of a DPO, the regulation does require the DPO to have “expert knowledge of data protection law and practices” (Digital Guardian, 2019). Implement thorough background screening processes and make sure they are trained and qualified to be your DPO.

2. Train Your Employees

Ensure that all personnel are aware of the GDPR and your organisation’s commitment to compliance. Make sure that all leaders, and especially key personnel charged with collecting, handling or storing data, understand their responsibilities under GDPR. Make date protection training a regular part of your employee curriculum.

3. Confirm the Legality of Your Data Collection

GDPR requires that you have a legal basis to collect personal data. For most businesses, the following are the most likely to be applicable:

• The information is necessary to perform a contract between the organisation and the individual;
• You have a legal obligation to process the data (such as a court order);
• The organisation has a legitimate interest in collecting and processing the data – in other words, there needs to be a relationship and business reason to collect the date (it cannot be random);
• The individual has provided direct consent to the processing of the data.

4. Maintain thorough Records

For larger organisations (more than 250 employees), GDPR requires that records of data collection and processing be maintained. Again, this is also a best practice for smaller organisations, as well. It can help establish that the organisation is dutifully complying with the data protection principles in GDPR. Take inventory and make a record of the data you have collected and are storing to date. Create a detailed matrix to understand what types of data you are holding, where/how it is collected, how and where it is held, and whether it is still needed. Based on this information, you can also develop a data-retention policy to govern how long personal data is kept and stored. Keeping data on file longer than needed is a liability, and serves no business purpose.

5. Establish Consent Policies for Data

For some of your records, consent is your lawful basis for holding it. Under GDPR, it is no longer acceptable to assume consent in your collected data, or treat silence as consent. Create clear and unambiguous consent forms for your data collection that demonstrate adherence to GDPR principles. And remember, under GDPR, you must make it a simple process for an individual to withdraw their consent at any time.

6. Perform Due Diligence on Third-Parties

Under GDPR, your organisation is responsible if third-party partners collect, store or manage data for your organisation. You must ensure their compliance with GDPR as if it is your own since they are responsible for your data. This is the time to update your contracts with them to include compliance measures, as needed. It is also important that you review their control systems and their data handling processes. They must be comprehensive and meet all of the GDPR requirements to keep data secure. CRI Group’s third-party risk management experts can help you conduct effective reviews of your partners and their processes.

7. Be Responsive

Under GDPR, your organisation must respond to requests from individuals whose data you have collected and/or are storing. These requests are spelt out as individuals rights in regards to their personal data and they include the following:

• Right to be informed about what data is collected and why;
• Right of access to data that has been collected;
• Right to rectification/correction of inaccurate data;
• Right to erasure of data (“right to be forgotten”);
• Right to restrict processing of personal data;
• Right to data portability;
• Right to object to use of data; and
• Right not to be subject to automated decision making, including profiling.

Have a process in place to timely respond to requests and provide data when requested in order to stay in compliance.

8. Have Written Policies in Place

Develop your internal policies in regards to GDPR and how you protect personal data, and communicate them across your organisation. Take special note to spell out policies on data retention, cross-border processing of data, and how you collect and handle data for persons under the age of 16, as GDPR has special requirements in regards to children’s data.

9. Conduct Risk Assessments

GDPR requires Data Protection Impact Assessments in certain cases. These assessments measure your organisation’s ability to protect personal data and risks associated with that protection. If your data processing is considered high-risk, uses new technology, or deals in large-scale processing of data in certain categories, the assessments are required – but for any organisation, they are recommended. Data protection experts at an outside firm like CRI Group™ can help you prepare robust risk assessments and follow-up plans to address their results.

10. Be Prepared for a Breach

A worst-case scenario in data security is a breach that exposes personal information. Under the steps above, your organisation should be well-positioned to prevent or limit any breach to your data security. However, you should always have a contingency plan in place to immediately respond to a breach should it occur. Understand that GDPR requires that the applicable EU data protection supervisory authority be notified within 72 hours of a breach. Gone are the days where a company can announce it weeks or even months after the fact. Be ready to notify the affected individuals that their data has been compromised, so that they can take the appropriate steps to respond.

Organisations don’t like to think about the impact of a data breach – but major cases have pushed governments to act in the public’s interest. Perhaps nowhere is this more true than in the EU, where the GDPR is now the governing policy for organisations that deal with individuals’ personal data. By being proactive with the steps above, your organisation can be better prepared and maintain compliance with the GDPR. Most importantly, you will have the confidence and trust of your consumers through effective best practices in handling and protecting their data. CRI Group’s experts are here to help. Contact us today so that we can walk you through the steps of GDPR compliance. If you have any further questions or interest in implementing compliance solutions, please contact us.

Stay Updated on the Go

Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence related news, solutions, events and publications.

Filed under: All Industries, Compliance Solution, Industry Insights, Resources, United Kingdom, London by admin
No Comments »

ESG: CRI Group™ Environmental Policy

Corporate Research and Investigations Limited “CRI Group™” is a certified member of GBB (Green Business Bureau), seeks excellence in every aspect of our business and is committed to minimising the environmental impacts of our business operations. After extensive new compliance requirements across the ESG (Environmental, social and governance) and working with Green Business Bureau, we are committed to strictly implementing the same commitments we agreed with GBB certification. 

The CRI Group™ and all directly employed sub-contractors, and agents, agree to comply with the below rules and will continue to ensure compliance. Here is our global Environmental Policy.

Our commitment is to:

• Continuously improve our environmental performance and integrate recognised environmental management best practices into CRI® Group operations.
• Reduce our consumption of resources and improve the efficient use of those resources.
• Measure and take action to reduce the carbon footprint of CRI Group™ activities to meet our published objectives and targets.
• Purchase qualified electronic equipment globally recognised as the most energy-efficient equipment available.
• Manage waste generated from our business operations incorporating reduction, re-use and recycling in accordance with the principles of the waste hierarchy
• Manage CRI® Group business operations to prevent pollution.
• Give due consideration to environmental issues and energy performance in the acquisition, design, refurbishment, location, and buildings use.
• Ensure environmental, including climate change, criteria are considered in the procurement of goods and services.
• Comply as a minimum with all relevant environmental legislation and other environmental requirements to which the firm subscribes.
• Maintain our certification to ISO 14001 program in 2022 implementation and rigorous.
• Monitoring and review.

To meet our commitments, we will:

• Provide CRI® Group’s Executive Board oversight and review of environmental policies and performance and allocate resources for effective direction and implementation.
• Monitor key objectives and targets for managing our environmental performance at least annually.
• Use a green web hosting service for our business websites with completely carbon neutral.
• Communicate internally and externally our environmental policy and performance regularly and encourage feedback.
• Communicate the importance of environmental issues to our people.
• Work together with our people, service partners, suppliers, landlords, and agents to promote improved environmental performance.
• Promote appropriate consideration of sustainability and environmental issues in the services we provide to our clients.
• Review our environmental policy regularly.

This environmental policy represents our general position on environmental issues and the policies and practices we will apply in conducting our business.

What is ESG?

ESG (Environmental, social and governance) criteria increase interest to companies, their investors and other stakeholders. With growing concern about the ethical status of quoted companies, these standards are the central factors that measure the ethical impact and sustainability of investment in a company. 

In less than 20 years, the ESG movement has grown from a corporate social responsibility initiative launched by the United Nations into a global phenomenon representing more than US$30 trillion in assets under management. According to Juliet Chung and Dave Michaels, “ESG Funds Draw SEC Scrutiny”, Wall Street Journal in the year 2019 alone, a surge of capital totaling US$17.67 billion flowed into ESG-linked products, an almost 525 per cent increase from 2015.

ESG factors cover a wide spectrum of issues that have traditionally been excluded from financial analysis:

Environmental:

• Climate change
• Resource depletion
• Waste and pollution
• Deforestation

Social:

• Working conditions, including the use of child labor
• Local communities
• Conflict
• Health and safety
• Employee relations and diversity

Governance:

• Executive pay
• Corruption
• Political affiliations and donations
• Board composition, diversity and structure
• Tax strategy

These factors have increasing financial relevance as global interest in ethical investment grows. 

Meeting the ESG Imperative

Increase your shareholder Engagement with Corporate Governance Solutions with our DueDiligence360™ service and our sister brand ABAC™ ISO certification.

Have confidence in your decisions when selecting your business partners, customers and workforce. Our due diligence reports provide research and insights from financial to legal and reputational standing.

Request a free report sample today!

or

Download our brochure now!

About CRI Group™

Corporate Research and Investigations Limited (CRI Group™) has been safeguarding businesses from fraud, bribery and corruption since 1990. Globally, we are a leading Compliance and Risk Management company licensed and incorporated entity of the Dubai International Financial Center (DIFC) and Qatar Financial Center (QFC). CRI™ protects businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Based in London, United Kingdom, CRI™ is a global company with experts and resources located in key regional marketplaces across the Asia Pacific, South Asia, the Middle East, North Africa, Europe, North and South America. Our global team can support your organisation anywhere in the world.

In 2016, the company launched the Anti-Bribery Anti-Corruption (ABAC™) Center of Excellence – an independent certification body that helps organisations mitigate internal and external risks by providing a complete suite of Anti-Bribery, Compliance and Risk Management programs.

Filed under: All Industries, All Regions, CRI News by admin
Comments Off on ESG: CRI Group™ Environmental Policy