Third-party risk: how to survive in a brave new world?
Third party risk management, how to survive in a brave new world?
Third party risk management. The Current Business Climate Requires a Review and Reassessment of Your Organisation’s Third-Party Relationships. We won’t soon forget the year 2020 and the myriad ways worldwide business was derailed over a microscopic virus that caused a global pandemic. From layoffs and shutdowns to shortages and closures, the long-term effects of the pandemic have yet to be determined. But one thing is certain: The disruption to the global supply chain has wreaked havoc in virtually every business sector. third party risk management
Automobile manufacturing in Korea has been suspended due to a lack of parts from China. The fashion industry in the United States is struggling over sourcing as garment producers in Asia reduce output. U.K. aerospace manufacturer Rolls-Royce has announced it is cutting 9,000 jobs as a result of the coronavirus. And sharp declines in consumer demand have adversely affected global manufacturers who, in turn, are idling production to curb losses.
Find out how anti-bribery and anti-corruption management plays an important part in your third-party risk management strategy. This free ebook analyses the performance of Rolls-Royce in terms of ABAC policies within the scope of the ISO 37001 provisions.
Global sourcing has been greatly impacted as suppliers have ceased operations, and multinational organisations have had to scramble to locate replacement supply sources. This gloomy picture has been made all the more daunting as opportunists, bad actors and other sanctioned, restricted, or unreputable parties have set up operations to take advantage of unsuspecting and desperate businesses by producing inferior goods, missing contractual deadlines, or operating in ways that could raise flags in the areas of ethical conduct, business integrity or jurisdictional compliance. As such, multinational companies need to be on high alert for such nefarious outside operations, lest they put their reputations, stakeholders, directors and bottom lines at risk.
Now is the time to identify alternative supply scenarios and re-evaluate contractual terms and performance metrics with those parties in the sourcing network. And to accomplish this, a risk-based approach to diligence, screening and vetting present and potential third-party suppliers is more important now than ever before.
Get your guide for risk prevention, detection and compliance. Download our Risk Management and Anti-Bribery Anti-Corruption Playbook
What is third party risk management?
Threats are increasing on several levels for organisations that rely on outside third parties, such as agents, brokers, vendors and suppliers. While depleted inventories, idle production, inferior products and delayed delivery have greatly impacted the marketplace worldwide, multinational businesses are feeling the brunt of these pandemic-induced supply chain disruptions on a greater scale:
- Organisations are suffering financial loss as the supply chain falters;
- Companies are losing customers because of poor-quality products and services from third parties;
- Organisations are opening the doors to litigation by working with third parties that may be engaging in bad labour practices or forcing workers to produce in unsafe work conditions;
- Company data systems are being exposed and breached because of poor security practices by third parties;
- Companies are experiencing a greater level of supply chain issues due to poor disaster recovery procedures enacted by third parties;
- Organisations and boards are increasingly being exposed to litigation because of relationships with outside providers that may have violated contractual terms, potentially resulting in regulatory exposure;
- Such organisations are being targeted by story-hungry media sources determined to expose the company to a global audience.
The result of these increased risks can be highly problematic:
- Business litigation has skyrocketed;
- Corporate reputations are negatively impacted on a larger scale;
- Organisations have had to continually review, reassess and adapt risk management frameworks to adjust and acclimate to an ever-changing global business environment;
- Board members are becoming increasingly subjected to intense scrutiny from outside watchdogs and critics;
- Unfortunately, a highly educated market responds to the above scenarios accordingly with their pocketbooks.
From supply and production disruptions to regional compliance issues and bad media exposure, multinational corporations face increased scrutiny working with unscrupulous third-party partners. Thus, the an intense need to remain vigilant in conducting due diligence and vetting those outside affiliations.
VIEW 3PRMTM BROCHURE
Don’t let the dominoes fall, ever, with our 3PRM certification
CRI® Group’s third-party compliance verification and certification program – 3PRM-Certified™ – can help organisations establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Third-party relationships are critical in business today and include partnerships with suppliers, distributors, consultants, agents and other contractors.
While such affiliations are essential to the success of your organisation, a business cannot overestimate the consequences of inadequate due diligence. As the risk for data breaches and supply chain disruption continues to rise with COVID-19, so does the need for effective third-party risk management (TPRM) programs.
Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organisation considering how to better equip your team with the best knowledge and skills, 3PRM-Certified™ program is an all-in solution.
When is it time to conduct third-party screening?
CRI® Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organisation from liability, brand damage and harm to the business. The 3PRM-Certified™ program includes a focus on the following:
- Providing third-party risk assessments
- Meeting contracting requirements
- Conducting due diligence
- Identifying potential fraud risks
- Providing management oversight
Utilising a network of trained professionals positioned across five continents, CRI® Group’s 3PRM services utilise one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy AML and anti-corruption compliance program.
Who is CRI® Group?
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening,
We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.
ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
Meet our CEO and Author
Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading businesses organisations.
Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business.
CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom. Contact us to learn more about the third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.
Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime)
CRI® Group Chief Executive Officer
t: +44 207 8681415 | m: +44 7588 454959
e: zanjum@crigroup.com
Q&A session with our CEO: United Arab Emirates fighting Fraud and corruption
Middle east corruption is a threat to the world. The United Arab Emirates (UAE) is a land of complex extremes where fabulous wealth and supercars live right next to staggering poverty. This is generally a recipe for fraud and corruption. However UAE has been talking the right steps towards a fraud free future. This Financier Worldwide Q&A session with our CEO discusses United Arab Emirates role in fighting fraud and corruption. Read the answers to the following questions:
- To what extent have you seen a notable rise in the level f corporate fraud, bribery and corruption uncovered in United Arab Emirates in recent years?
- Have there been any legal and regulatory changes implemented in United Arab emirates designed to combat fraud and corruption? What penalties do companies face for failure comply?
- Do regulators in United Arab Emirates have sufficient resources to enforce the law in this area? Are they making inroads in this area?
- If a company finds itself subject to a government investigation or dawn raid, how should it respond?
- and much more…
Q. To what extent have you seen a notable rise in the level of corporate fraud, bribery and corruption uncovered in United Arab Emirates (UAE) in recent years?
ANJUM: Some recent, high profile cases have affected companies and countries in the Middle East. Embraer’s bribery scandal, involving sales of its aircraft, included officials in Saudi Arabia, among others. Further, there have been suspicions of corruption surrounding the awarding of the 2022 FIFA World Cup to Qatar, suspicious which have been worsened by allegations of human rights abuses involving migrant workers. In general, however, it is still issues like data theft, e-commerce fraud, information security and other high tech threats that pose serious risks to organisations in the Middle East. We live in an increasingly connected world, so while anti-fraud laws and controls in one country may be robust, a company might find itself doing business abroad in a location where laws and enforcement are more lax, and risk is heightened.
Q. Have there been any legal and regulatory changes implemented in UAE designed to combat fraud and corruption? What penalties do companies face for failure to comply?
ANJUM: the UAE has a strong reputation for being tough on corruption, and a new law enhances this stance. The recently approved, and highly anticipated, Anti-Commercial Fraud Law will strengthen protections of intellectual property rights (IPR) and will impose stricter penalties anon counterfeiters. For example, a fraud offence related to counterfeiting could now result in up to 2 years in prison, as well as a fine of up to Dh1m. Overall, corruption is still a low risk for companies operating in the UAE. Laws against corruption are enforced, and they cover bribery, facilitation payments, embezzlement and other types of fraud and abuse. However, when concerning the Middle East as a whole, there are indications that fraud and corruption are the rise, which means we must be ever vigilant in protecting investments throughout the region.
Q. In your opinion, do regulators in UAE have sufficient resources to enforce the law in this area and fight corruption? Are they making inroads in this area?
ANJUM: When considering the Middle East region, there can be no ignoring war-ravaged areas like Syria, Iraq, Libya and Yemen. It is an understatement to say that countries embroiled in conflicts and crisis usually do not have the resources or manpower to properly prevent and detect fraud. But according to Transparency international’s most recent Corruption Perceptions Index, a few of the other more stable and affluent countries in the region are experiencing some difficulty preventing fraud, as well. Different factors can contribute to these struggles, be they politics, autocratic leadership, weak laws or judiciary bodies. However, the UAE still ranks as the least corrupt country in the Middle East, and other countries might take heed of the country’s Anti-Commercial Fraud Law and other existing laws, not to mention the UAE’s enforcement measures, as a possible model for future efforts.
Q. If a company finds itself subject to a government fraud and corruption investigation or dawn raid, how should it respond?
ANJUM: A company that finds itself in such as crisis should immediately cooperate with authorities and work quickly to gather the facts. What are the allegations? What is the scope of the investigation? Was the raid expected, or has the company been taken completely by surprise? In the early stages, it is crucial that the company engages in a good-faith effort to be transparent and cooperative. Of course, retaining legal counsel, is a must at this an every stage of an investigation, If an employee or employees have engaged in fraud, the company should support the fact-finding process and let justice run its course. Company leaders should also evaluate their internal controls and ensure that additional fraud or corruption is not occurring under the radar.
Q. What role are whistle-blowers playing in the fight against corporate fraud and corruption? How important is it to train staff to identify and report potentially fraudulent activity?
ANJUM: The statistics on fraud, such as in the Association of Certified Fraud Examiners Report to the Nation on Occupational Fraud & Abuse show that fraud is most often uncovered by tips, more so than audits, surveillance, account reconciliation, document examination and other methods. Accordingly, a company’s own employees are their first line of defence against fraud. But to encourage whistle blowing, two critical measures need to be in place. First, employee should be trained to identify the red flags of fraud, and to know what does, and what does not, constitute fraudulent behaviour. Second, a reporting mechanism should be in place; an anonymous system by which whistle-blowers can submit their tips without fear of retaliation or negative consequences.
Q. What advice can you offer to companies on conducting an internal investigation to follow up on suspicions of fraud or corruption?
ANJUM: In any situation where fraud is suspected, it is crucial that experts be brought in as quickly as possible to help unravel the facts of the case, if the company does not have anti-fraud professional among its staff, It is critical to remember that there are various laws, depending on your country or region, which govern the rules of gathering evidence and interviewing witnesses. Any evidence that is mishandled or collected improperly can negatively impact an investigation and hurt the chances of a resolution. If an investigation is bungled from the start, it is nearly impossible to then ‘wind it back’ and correct mistakes later. Also, if criminal behaviour is suspected, legal authorities should be quickly notified and provided with the company’s findings and reasons for the allegation.
Q. What general steps can companies take to proactively prevent corruption and fraud within their organisation?
ANJUM: Every organisation, large or small, should have a plan in place for preventing and detecting fraud. The first step is to communicate the organisation’s zero-tolerance stance against fraud. An ethical code of conduct, signed by every employee, can be effective in this regard. A fraud risk assessment should be conducted to find vulnerabilities. The company’s hiring policy should include pre- and post-employment background screening. Job responsibilities should include segregation of duties, so that no single employee has too much control over finances or assets. The company should conduct audits and encourage whistle-blowing with an anonymous reporting system. With a comprehensive fraud prevention system in place, business owners can sleep a little easier, knowing that their organisation has reduced risk and increased their ability to prevent and detect fraud.
Speak up – report any illegal, unethical, or improper behaviour
If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use CRI® Group’s Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI® Group’s Non-Retaliation Policy.
About CRI®
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening,
In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
Meet our CEO
Zafar I. Anjum, is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Turkey, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.
Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.
CONTACT INFORMATION
Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com
This Q&A article is based on a 2017 Financier Worldwide interview.
Since 2001, Financier Worldwide has provided valuable information on corporate finance and board-level business issues through its monthly magazine and exclusive website content. As a leading publisher of news and analysis on this dynamic global market, the organisation is recognised as a valued source of intelligence to the corporate, investment and advisory community. More from Financier Worldwide:
- Corporate resilience: managing third party risks, April 2013 | SPECIAL REPORT: MANAGING RISK
- Contract fraud: is your organisation at risk?, February 2013 | SPECIAL REPORT: CORPORATE FRAUD & CORRUPTION
- Fraud & Regulatory Enforcement 2013, April 2013 | FRAUD & CORRUPTION
Download 2018 annual reviews by Mr. Zafar Anjum, CEO, and Ms. Fatima Farrukh, Compliance professional at CRI® Group.
FAQ: Employment Screening
Want to know what red flags are most often found on résumés and employment applications? CRI® Group’s EmploySmart™ experts provided some statistics on their latest pre-and post-employment screening engagements, giving insights into where companies are most vulnerable in the hiring process. The operations team found that providing incorrect employment details is the most common red flag, as it was uncovered in about 4.5 per cent of background screenings. This is followed by providing incorrect education degree details and having adverse media (unfavourable news or online mentions), both at 2.33 per cent.
Most employers would probably say that when it comes to educational background, the only thing worse than providing incorrect degree information would be outright claiming a fake degree – which occurred in nearly 2 per cent of cases. Other red flags included:
- Having a criminal record (1.5 per cent).
- A civil litigation record (1.27 per cent).
- Providing a fake address (also 1.27 per cent).
To round out the findings, the operations team found bankruptcy records, fake certificates and negative references among 0.85 per cent of those screened.
Get answers to frequently asked questions about background checks/screening cost, guidelines, check references etc. This eBook is a compilation of all of the background screening related questions you ever needed answers to:
- Does a candidate have to consent to process a background check/screening?
- How long does it take to conduct a background check?
- When should I conduct pre-employment checks?
- How often should I screen employees?
- How to collect references, and what to ask?
- How much does it cost to conduct background checks?
- What is the difference between employment history verification and employment reference?
- How do I check on entitlement to work?
- How to conduct identity checks?
- What will a financial regulatory check show?
- Is it possible to identify conflict of interest during checks?
- What is a bankruptcy check?
- What about directorships and shareholding search?
- Can I have access to a criminal watch list?
- Anti-money laundering check?
- Can we conduct FACIS (fraud and abuse control information system) searches?
- … and MORE!
Taken as a whole, it is the perfect primer for any HR professional, business leader and company looking to avoid employee background screening risks. It provides the tools and knowledge needed to make the right decisions.
Download your “Employee Background Screening FAQ” FREE ebook now!
Banking industry squad prevents £20m of fraud
Banking industry squad disrupted 23 Organized Criminal Groups (OCGs) preventing £20 million of fraud. The specialist police unit (DCPCU) is funded by the finance and banking industry in a dedicated effort to stop fraud.
Commonly known as the banking industry squad, the DCPCU (Dedicated Card and Payment Crime Unit) is a joint effort between the Metropolitan Police Service, the City of London Police as well as banking industry fraud investigators. Supported by UK Finance, DCPCU is on the frontline in the fight against fraud. And over the past year, the unit has worked in partnership with several social media platforms to take down over 1,600 accounts which featured posts relating to payment:
- 500 “money mules” accounts used to recruit young people
- 250 accounts involved in the trading stolen card details
- +400 “brokers” accounts
- with the rest of the accounts used for “flipping”
In 2019 DCPCU seized £1.65 million of assets – over double the amount confiscated in the same period in 2018 – with a total of 75 fraudsters convicted to a total of 100 years in prison. DCPCU operational successes include:
- “Money mule” gang worth over £1.2 million and sentenced to nearly seven years in prison.
- Smising scam of worth £27 million disrupted and prevented with the combined prison sentence of over 14 years for two Londoner criminals who committed almost half a million pounds of fraud
- One individual from London found to have committed £50,000 of fraud and consequently sentenced to two years and nine months in prison
- A criminal committed over £31,000 of fraud in a Stolen card scheme
The DCPCU is very effective in disrupting criminals and a powerful example of how important is it that all sectors – i.e. banking industry – work with law enforcement to protect the public from fraud.
Read more on what the Head of the DCPCU, Detective Chief Inspector Gary Robinson, UK Finance Managing Director of Economic Crime and National fraud coordinator, Commander Karen Baxter have to say. Read NOW!
About us…
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening,
In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.
MEET THE CEO
Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.
Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.
CONTACT INFORMATION
Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com
Background Screening Red flags: Numbers Don’t Lie
Want to know what types of red flags are most often found on résumés and employment applications? CRI® Group’s EmploySmart™ experts provided some statistics on their latest pre- and post-employment screening engagements, and they give insights into where companies are most vulnerable in the hiring process. background screening red flags
The operations team found that providing incorrect employment details is the most common red flag, as it was uncovered in about 4.5 per cent of background screenings. This is followed by providing incorrect education degree details as well as having adverse media (unfavorable news or online mentions), both at 2.33 per cent.
Most employers would probably say that when it comes to educational background, the only thing worse than providing incorrect degree information would be outright claiming a fake degree – which occurred in nearly 2 per cent of cases. Other red flags included having a criminal record (1.5 per cent), a civil litigation record (1.27 per cent), and providing a fake address (also 1.27 per cent). To round out the findings, the operations team found bankruptcy records, fake certificates and negative references among 0.85 per cent of those screened.
Deception Among Job Seekers is Real
Anytime someone intentionally provides false information in their résumé, they are committing résumé fraud – usually in the hopes of gaining a competitive edge in the hiring process. “There are even business services out there that will knowingly assist candidates with changing their résumé in this way, such as offering advice on how to hide employment gaps or how to add false information that looks realistic. Some will even provide fake transcripts and fake letters of recommendation” (HR Daily Advisor, 2018).
The same goes for fabrications on an application. It can occur anywhere in the process, and the candidate will likely continue to misrepresent themselves in the interview process to maintain their fraud. As mentioned above, helping candidates embellish or even fabricate credentials has become a business unto itself. “On the surface, these appear to be candidates taking desperate measures. But the candidates themselves may not be the only ones at fault. As recruitment has migrated online and become automated … opportunities for scammers have arisen. Professional recruiters, who get placement fees when they land candidates in jobs, have a clear incentive to game the system, Zhao says. They are ‘middlemen who can make significant profit by misrepresenting clients’” (Inc.com, 2019).
There is only one clear remedy and protection method to combat this type of fraud: thorough and comprehensive background checks. Most organisations, however, don’t have the time, resources, or the expertise to conduct the needed level of background screening on their own. This is where CRI® Group’s EmploySmart™ comes in. The robust pre-employment background screening service helps organizations worldwide avoid making uninformed and potentially harmful hiring decisions. As a leading provider of specialised local and international employment background screening, CRI® Group’s uses EmploySmart™ to provide risk mitigation and give business leaders confidence in their hiring process. EmploySmart™ includes a thorough menu of screening that fulfills your organization’s risk management needs. These checks include the following:
- Address verification – one of the red flags discussed above.
- Identity verification – what are they hiding? Falsifying one’s identity is a major red flag.
- Previous employment verification – candidates might claim false employment to beef up their résumés.
- Education & credential verification – screeners check degrees and education history.
- Local language media check – what is uncovered about the candidate in news reports?
- Credit verification & financial history – candidates who conceal financial problems can be a fraud risk (local privacy laws apply).
- Civil litigation record check – lawsuits can indicate red flags, background screening will uncover the details.
- Bankruptcy record check – when hiring someone for a financial or leadership position, it’s important to know if they have bankruptcy filings.
- International criminal record check – checking criminal records is essential for the safety of your employees and your business.
These are just a few of the essential checks that are part of the EmploySmart™ process. CRI® Group’s network spans the Americas, Europe, Africa, and Asia-Pacific for providing international risk management, background screening and due diligence solutions provider. Don’t tempt fate and invite red flags into your business by making risky hires. The proper pre-and post-employment screening will uncover those hidden things that a candidate might not want you to know. Contact CRI® today and learn more about how EmploySmart™ will help provide your organisation with that extra layer of protection you need. Get a FREE QUOTE now!
TPRM: When is it time to conduct third-party screening?
When to conduct third-party screening?
Why do organisations screen their employees but not the companies they work with? Failing to screen third-party screening to the same level as permanent staff will increase your risks on many levels – from brand reputation to loss of money.
The nature of business today is largely shaped by our connected world. Many organisations conduct business across international borders and/or overseas and as part of various strategic and beneficial partnerships. In fact, the technology revolution and other factors that have removed barriers from business make it more essential than ever to have suppliers, vendors and other supporting companies helping to establish supply chains in various locations. And while they can be a great benefit to an organisation, these partnerships also represent an inherent security risk.
Third-party screening in compliance perspective
Vendors, suppliers and other third-party partners are entities largely outside of your control. While your organisation might have a high level of internal controls and stringent standards for ethical conduct, the entities that you partner with might not share those controls or values. Therefore, if something goes wrong, their failings can affect your organisation in terms of financial loss, liability, and damage to reputation.
Europe’s horse-meat scandal in 2013 or Quest Diagnostics data breach in 2019 is strong examples. Major organisations like Tesco were caught up in financial and PR disaster when they found that some of their suppliers were using horse meat in products sold as 100 per cent beef. Consumers were outraged, and many of the larger companies caught up in the scandal admitted that they had not performed proper due diligence or closely monitored their suppliers and their standards. And in the case of Diagnostics, the exposed records of 11.9 million patients.
When is the right time to conduct due diligence?
While third-party risk management should be an ongoing process, there are certain times when it is absolutely crucial for any organisation. At CRI® Group, we counsel our clients always to use third-party screening when doing any of the following:
- Performing pre-merger and acquisition research
- Conducting pre-IPO due diligence
- Engaging new clients
- Employing, contracting or retaining foreign business partners
- Implementing a consistent and audit-worthy AML and anti-corruption compliance program
Dodging trouble
Conducting 3PRM due diligence investigations at the right time has helped our clients avoid some major pitfalls, including the following:
- Merging with an international business embroiled in several behind-the-scenes legal battles
- Getting caught up in making procurement decisions involving the inappropriate influence of government officials who were slated to receive kickbacks
- Partnering with organisations that were potential credit risks, have claimed bankruptcy, have dissolved stated companies or were faced with debtor filings.
- Awarding work to an overseas contractor with absolutely no prior experience
- Affiliating with a contracting company owned by a politician with significant influence on future awards
With a network of trained professionals positioned across five continents, CRI® Group’s third-party risk management (3PRM™) services will provide your business with a comprehensive approach toward managing all third-party management risks. Contact us today and learn more about how we can help you address all of your third-party screening and due diligence needs – get a FREE QUOTE now!
VIEW OUR RISK MANAGEMENT SOLUTIONS BROCHURE
About CRI® Group
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening,
We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications is an HRO certified provider and partner with Oracle.
In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.
ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
Fraud Advisory Panel UK counter fraud 2019 report is out!
Fraud poses a major threat to the UK and the world. The slow progress in fighting fraud in 2019 was evident to all of us with the never-ending stream of news stories documenting bribery and corruption cases around the world in 2019. We documented each with our article on Top 10 Bribery and Corruption Cases of 2019 where we count down the stories:
- Juniper Networks
- Alstom
- Microsoft
- KPMG
- Samsung Heavy Industries
- Fresenius Medical
- Walmart
- TechnipFMC
- Ericsson
- Unaoil
But these cases helped some of the welcome signs that government and law enforcement were beginning to ratchet-up their interest in fraud with new regulatory updates. 2020 was looking promising to all fraud fighters around the world. Unfortunately COVID-19 pandemic has turned the tide in the fraudsters’ favour – creating the current environment of fear, confusion and economic uncertainty in which fraudsters thrive.
The latest Fraud Advisory Panel’s report, The calm before the storm UK counter fraud in 2019 highlights all of these and more. According to the report the SFO continued to conclude
successful deferred prosecution agreements (though still without converting any of them into individual prosecutions):
- 53% conviction rate (17 defendants out of 32)
- 11 criminal investigations opened
- 8 defendants charged (investigations closed without charge – 14)
- 16 defendants awaiting trial
- £3.9m funds recovered
- 11 new confiscation orders (combined value £4.1m)
- £1.5m for the first Account Forfeiture Order
- 70 total caseload
And all of the stories help illustrate the need for organisations to have proper controls in place to prevent bribery and corruption. A certification such as ISO 37001 – Anti-Bribery Management Systems standard can provide a comprehensive approach to mitigating bribery and corruption risk. Organisations of all sizes and industries should take steps now to ensure that they don’t end up on a future list of top bribery and corruption scandals. Only a well resourced, cross-sector, intelligence-led response can tackle fraud.
Staying one step ahead of any critical risk to your organisation is part of being an effective business leader. For assistance in developing and implementing a fraud prevention strategy, contact us today or get a FREE QUOTE now!
Who is CRI Group?
Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening,
In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
Fraud Advisory Panel have set up a COVID-19 fraud watch group
The Fraud Advisory Panel have set up a COVID-19 fraud watch group. A cross-sector and cross-industry coalition of trusted partners (including the Cabinet Office and City of London Police) who meet weekly to share information on emerging fraud threats and trends affecting business. The panel aims to act as a conduit to warn the public, private and third sectors about COVID-19 fraud risks. In addition to supply preventative actions that can be taken.
Measures announced over recent months to deal with COVID-19 have seen our day-to-day life drastically changed forcing us to spend more time at home and online. Unfortunately, criminals are using every opportunity they can to scam innocent people and businesses. GOV.UK has also released advice and guidance on how to protect yourself and your business from fraud and cyber crime. This guidance explains simple steps you can take to protect yourself and your business against fraud and cyber crime and where to get help. The National Cyber Security Centre has also published advice on how to spot COVID-19 scams and keep remote working safe.
If you think you’ve been scammed or you’ve found something which looks like fraud or a scam, contact Action Fraud.
Staying one step ahead of any critical risk to your organisation is part of being an effective business leader. For assistance in developing and implementing a fraud prevention strategy, contact us today or get a FREE QUOTE now!
Have you read?
- Brexit poses new bribery challenges, ISO 37001 provides solutions
- Bribery and corruption plague Middle East, how can ISO 37001 help?
- As South Asia Grapples with anti-bribery compliance, ISO 37001 provides solutions
- Whitepaper: Organised catastrophe of international Pakistan airlines
- Rolls-Royce Case study: Ethics & Compliance
- ISO 37001 FAQ
- Are you ready for ISO 37001?
- Don’t have an ethical code of conduct? Your organisation needs one
Who is CRI Group?
Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening,
In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
COVID-19’s impact on Cyber security: is your team safe?
When you download an app and it asks to access your contacts, location, and other information, it seems harmless enough, right? Surely the app will only use your data for its stated purpose, and only when needed? We all know that is not the whole truth. However, with COVID-19 forcing your workforce to embrace new practices of remote working you need to ensure your team’s business data is safe and your cyber security is too. Cybercriminals around the world are capitalising on this crisis, and your employees may not be aware. WHO reports fivefold increase in cyber attacks, urges vigilance, according to the article some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel COVID-19 response.
According to a ScienceDaily article, “7 in 10 smartphone apps share your data with third-party services.” As the article warns: “More than 70 percent of smartphone apps are reporting personal data to third-party tracking companies like Google Analytics, the Facebook Graph API or Crashlytics. When people install a new Android or iOS app, it asks the user’s permission before accessing personal information. Generally speaking, this is positive. And some of the information these apps are collecting are necessary for them to work properly: A map app wouldn’t be nearly as useful if it couldn’t use GPS data to get a location. But once an app has permission to collect that information, it can share your data with anyone the app’s developer wants to – letting third-party companies track where you are, how fast you’re moving and what you’re doing.”
The article also finds that the problem is not just limited to cell phones and tablets:
“Tracking users on their mobile devices is just part of a larger problem. More than half of the app-trackers we identified also track users through websites. Thanks to this technique, called “cross-device” tracking, these services can build a much more complete profile of your online persona.”
Another article, “Your Apps May Be Selling You Out” by Mondaq, sounds the alarm as well. The authors write that many of us likely aren’t aware of the degree to which our information is shared with advertisers and other third parties when we sign up for various apps. The principle is simple enough:
“If you have ever downloaded a ‘free’ app, you may have pondered how the app’s creator can maintain a financially viable company by giving away its product. The answer soon becomes evident when an advertisement pops up, interrupting your interaction with the app. The less obvious answer may come to you when you uncomfortably wonder how the ad that just popped up somehow relates to the items you browsed on Amazon a few days ago. Coincidence? Probably not. This happens because, in addition to selling advertisements, app creators may also access and sell information collected from your phone to allow advertisers to customize the ads they send to your device.”
How can people reasonably expect to solve this dilemma, and protect their privacy? How can organisations help their teams protect themselves? Short of changing laws, the answer is to be more vigilant in monitoring downloaded apps and our security settings. Follow this advice:
- Don’t give apps permission to access your personable information. Most app stores require apps to gain permission before using your location, camera or using other information. If you deny the apps these permissions, your personal information should be safe from their grasps.
- Check the permissions you have granted your existing apps. You may be letting them access personal information without even realizing it (even for apps you don’t use!).
- Don’t sign up for apps on websites, especially ones you don’t know or trust. You have more protection when they are downloaded through a popular app store.
- Delete apps that you don’t remember downloading or no longer need/use.
- Consider adding security and privacy apps that scan your phone to help you find security risks. In other words, apps that police your other apps!
Unfortunately for those of us who frequently use mobile devices and are now working-from-home because of COVID-19 the odds are stacked against us when it comes to controlling and protecting our personal information. The best we can do is be aware of the risk and try to minimize it as best as possible. And to support new laws and regulations that aim to protect consumers and their privacy in all aspects of our “online lives.”
It is important to remember that the same principles that apply to protecting yourself on mobile devices and elsewhere also apply to protecting your business. Just as you must vet your apps, websites and other content to make sure they come from trusted sources, it is also critical to thoroughly check third party partners and perform background checks on potential and existing employees to ensure that your organization doesn’t face unseen risks from fraud and corruption.
CRI Group offers an entire suite of expert services focused on protecting your organization through proper pre-employment screening and background checks. These protections include:
- Employee Integrity Due Diligence
- Personnel Vetting & Pre-Employment Background Screening
- Vendor & 3rd Party Screening
Staying one step ahead of any critical risk to your organisation is part of being an effective business leader. Contact us today to get started on implementing a robust program that will serve you well for years to come. Get your FREE QUOTE now!
CRI Group, based in London, works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Background Screeningand
5 Tips for Preventing & Detecting Expense Fraud
It’s one of the most common forms of occupational fraud: employees fudging on their expense accounts. In June, 2020, Lookers (London-listed company) warned investors they might be unable to buy and sell its shares from the beginning of July because of potential fraud on its books – confirming £19m charge to correct books after fraud inquiry. Whether through fictitious charges, fake receipts or invoices, or other improper use of expense funds, an expense account is sometimes seen as a low-risk, high-reward area for committing fraud. It shouldn’t be. If your company takes the proper steps to review expense activity and protect itself from fraud, expense accounts will no longer be a vulnerable area of your finances.
The experts at CRI® Group offer the following tips for bolstering your protection against expense account fraud:
1. Provide strict guidelines for credit card use
Often, expense account fraud is committed with the use of a credit card, with the employee seeking illegitimate reimbursement for various expenses. Detail how personal cards are allowed to be used, and require and review all receipts for claimed expenses. Also require supporting documentation (such as an airline boarding pass, for example) to ensure the purchase was used as intended.
2. Check company credit card statements carefully
In some cases, employees will use a company credit card to make a purchase, but then claim similar or duplicate expenses for reimbursement on their expense report. This is easy to catch if you carefully review company card statements and check them against reimbursements.
3. Ask questions
If a purchase seems odd or unrelated to business use, catching it early is the best way to resolve the issue. After too much time has passed, an employee might claim to have a difficult time remembering exactly what the questionable expense was for. If in doubt about a claim, ask for supporting documentation and a clear explanation of how the expense was used for a business purpose.
4. Implement a Code of Ethics for all employees
By including anti-fraud language in your Code of Ethics, which should communicate a strong anti-fraud stance and be signed by all employees, it will be clear that expense account fraud is not tolerated. Reinforce this with regular communications to employees reminding them that the company does not tolerate fraud in any form and offenders will be prosecuted.
5. Set a Tone at the Top
If the company has rules in place but senior staff aren’t following them, lower-level employees will follow by example and flout the rules, as well. All staff should follow the rules to the letter. Especially while on business trips with lower level employees, senior staff should set a positive example and make a point to follow the rules for business expenses.
Expense account fraud is a persistent problem in business, but it doesn’t have to be a crisis at your company. By using a common sense approach and some key prevention strategies, you can help ensure that your employees know the rules and are less likely to try to take advantage of company expense funds. For assistance in developing and implementing a fraud prevention strategy, contact us today or get a FREE QUOTE now!
Let’s Talk!
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening,
In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.
MEET THE CEO
Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.
Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.
CONTACT INFORMATION
Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com
اتصل بنا
المقر الرئيسي: +44 7588 454959
المحلي: +971 800 274552
:البريد الإلكتروني info@crigroup.com
المقر الرئيسي: 454959 7588 44
المحلي: 274552 800 971
:البريد الإلكتروني info@crigroup.com
الاشتراك في النشرة الإخبارية