You suspect employee fraud. Now what?

When any type of fraud, including employee fraud, is discovered, it’s usually by surprise. That’s because most of us aren’t used to looking for criminal behaviour inside our own organisation. We trust our employees and co-workers, and we keep our focus on succeeding as a team and accomplishing our goals for the business. Nobody wants to think that someone might be subverting the rules for their own personal gain.

Unfortunately, though, fraud does happen. The statistics tell us that on average, organisations lose about 5 percent of their total revenues to fraud. If that’s not bad enough, the average fraud lasts 18 months before being discovered – if it is discovered at all (ACFE, 2020).

One of the problems is that, since we aren’t looking for fraud, we sometimes don’t want to believe it when we do encounter its red flags. Though they may be unmistakable to some, when it involves our trusted co-workers (and even our superiors) sometimes we try to rationalize or ignore those signs altogether. Accounting discrepancies are one thing, but what about the more subtle things – like behavioural red flags? The following are a few examples:

• The subject appears to be living beyond their means
• They are having financial difficulties
• They have an unusually close association with a vendor or customer
• The subject shows excessive control issues or unwillingness to share duties
• They demonstrate unusual irritability, suspiciousness, or defensiveness
• The subject has what can be described as a “wheeler-dealer” attitude involving shrewd or unscrupulous behaviour
• They have recent divorce or family problems.

Now, these are just warning signs. None of them mean that fraud is definitely taking place. But it’s worth noting that, according to the ACFE, “at least one of these seven red flags had been identified before the perpetrator was caught in 76% of all cases.”

When such behaviours are put in the context of real discrepancies, such as accounting problems, missing cash or inventory, or other issues, a picture of fraud can begin to take shape. While most fraud is discovered by accident, having employees who are trained to recognise red flags is no accident and makes your organisation better protected in the long run.

So, now you’ve discovered fraud in your organisation. What happens next?

1. Report it

Depending on your company’s anti-fraud policy, you should follow the proper reporting channels. Many organisations have an anonymous reporting system, such as a hotline or online module, through which they can report suspected fraud without fear of retaliation. Such a system is highly recommended, as it directly results in more fraud tips and helps you uncover bad behaviour sooner, before it’s done the most damage.

2. Begin an investigation

Organisations that don’t have their own anti-fraud professionals on staff should engage an outside firm that specialises in financial investigations whenever fraud is suspected. These experts will review your fraud tip and lead your organisation through the next steps.

3. Gather evidence

Only seasoned experts should engage in an investigation because improper evidence collection can harm the potential to bring a case to court, should it rise to that level. Also, professional fraud investigators have an understanding of privacy laws and know what is and isn’t admissible in terms of gathering evidence in the workplace.

4. Interview witnesses

Part of the evidence-gathering phase, witnesses should be interviewed to draw a clear picture of what has taken place. They should be interviewed individually by anti-fraud professionals, who know how to elicit the information they need to uncover the truth.

5. Contact law enforcement

As the investigation proceeds, if fraud appears to be a proven concern, the employee should be terminated from employment and law enforcement should be informed. Without prosecution, the fraudster will just move on to their next victim.

6. Review and update your anti-fraud controls

How did this fraud happen? Were anti-fraud measures too weak, or were they not properly followed? Now is the time to evaluate risk management and control systems to learn from this case, and prevent the next fraud. Due diligence experts should be engaged to provide an objective, thorough examination of your control systems and make recommendations that will improve your level of protection.

CRI Group has experts who have conducted fraud investigations all around the world, for organisations of all sizes and industries. Our investigators work on-site at your company bringing a boots-on-the-ground approach to uncovering all the facts of the case. When you’ve uncovered fraud, that’s the time to let the experts take over. You owe it to yourself and the future of your business to make sure every investigation is done professionally and effectively. Contact CRI Group to learn more about our fraud investigations today. Get a FREE QUOTE

CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligence,  third-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

Filed under:

Managing Third-Party Risks: A Checklist

THIRD-PARTY RISK MANAGEMENT CHECKLIST

Third-party risk management checklist. Fraud doesn’t take a break in times of crisis – in fact, that’s often when it thrives. And the same is true for supplier fraud. Unethical business practices by third-party partners can directly impact your organization in all sorts of ways. This type of fraud can cause financial, logistical, and reputational harm.

Locked in the grips of the COVID-19 pandemic, New York City found itself desperately in need of medical supplies. In particular, the city hit hard by the pandemic required millions of 3M-brand N95 respirators, the type that keeps health care workers, police, paramedics and others safe. A supplier emerged to fill this need potentially.

Unfortunately, he had a scheme to defraud the city of $45 million through price-gouging and fraudulently posing as a 3M- dealer. The formerly used car dealer in New Jersey, the fraudster now faces wire fraud and wire fraud conspiracy charges in a three-count criminal complaint unsealed in the U.S. District Court in Manhattan (New York Times, 2020). Managing Third-Party Risks

The case is an unfortunate reminder of what type of fraud and corruption lurks in supply chains. While a crisis presents new vulnerabilities – often, safeguards are bypassed for urgency – companies must be always on guard for third-party fraud. Due diligence isn’t just a corporate buzzword, nor is it a concept to keep compliance officers happy. It must be an integral part of every organization’s core business model. Every organization can do the following key third-party due diligence measures to stay better protected from supplier or contractor fraud.

THIRD-PARTY RISK MANAGEMENT CHECKLIST EVERY ORGANISATION COULD USE:

1. Identify vulnerabilities

Before evaluating its third-party partners, an organization should look inward and measure its own risk management tools. These include the following:

• Audit and supervision functions
• Business continuity plans, supply chain alternatives (very critical would considering third-party contracts)
• Jurisdictional considerations
• Data and IP protection
• Whistleblower policies

2. Conduct due diligence

The organization should engage a risk management process on all current and potential suppliers and contractors. For each third party, the organisation should evaluate the following:

• Business and operations
• Financial condition and reputation
• Experience, culture, vision and business style
• References and government records (including any legal action, bankruptcies, structure changes)
• Background checks (including ownership and key personnel)
• Insurance and certifications

3. Maintain management oversight

Due diligence is only worthwhile if appropriate action is taken in response to its findings. Once third-party partnerships have been evaluated and approved, the organization should continue to manage, monitor and maintain these relationships. Risk management is not a one-time process. It should be scheduled regularly (yearly at minimum) to ensure the proper standards are maintained for the organization. Not every company or government organization is ordering emergency supplies due to COVID-19 or other crises. With proper third-party due diligence, third-party due diligence can protect organizations year-round from the risk of any of the following serious pitfalls:

• Merging with an international business embroiled in behind-the-scenes legal battles.
• Getting caught up in making procurement decisions involving the inappropriate influence of government officials who were slated to receive kickbacks.
• Partnering with organizations that are potential credit risks, have claimed bankruptcy, have dissolved stated companies or are faced with debtor filing.
• Awarding work to an overseas contractor with absolutely no prior experience
• Affiliating with a contracting company owned by a politician with significant influence on future awards

It is recommended and necessary for many organizations to have a team of professionals guide you through implementing a comprehensive program for third-party risk management. That’s where CRI® Group comes in. We have one of the largest, most experienced and best-trained integrity due to diligence teams globally. With multi-lingual teams that have conducted assignments on thousands of subjects in over 80 countries, CRI® Group’s due diligence experts are committed to maintaining and constantly evolving our global network.

Managing risk effectively is essential to ensure businesses succeed and thrive in an environment of constant uncertainty. This playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:

• What is ISO 31000? Why is this Standard a good idea?
• ISO 31000 framework, why was it revised? And What are the main differences?
• Key Clauses of 31000:2018 and Who is the standard for?
• The process and the link between 31000:20180 and other standards

Getting Started with ISO 31000 Risk Management?

DOWNLOAD ISO 31000 PLAYBOOK NOW

3PRM-Certified™ a third-party compliance verification and certification program

As the risk for data breaches and supply chain disruption continues to rise with COVID-19, so does the need for effective third-party risk management (TPRM) programs. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organization considering how to better equip your team with the best knowledge and skills, the 3PRM-Certified™ program is an all-in solution. Our 3PRM™ service is flexible, and we tailor our scope to address an organization’s specific concerns and risk areas. CRI® Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organization from liability, brand damage and harm to the business. The 3PRM-Certified™ program includes a focus on the following:

• Providing third-party risk assessments
• Meeting contracting requirements
• Conducting due diligence
• Identifying potential fraud risks
• Providing management oversight

Utilizing a network of trained professionals positioned across five continents, CRI® Group’s 3PRM services utilize one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy AML and anti-corruption compliance program.

This TPRM Strategy program will help organizations establish the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Third-party relationships are critical in business today and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organization, an organization cannot overestimate the consequences of inadequate due diligence.

VIEW 3PRM^TM BROCHURE

Let’s Talk!

Get ahead of any potential problems down the road with suppliers, contractors, and other third-party partners. Our extensive solutions include due diligence, employee pre- and post-background screening, business intelligence and compliance, facilitating any decision-making across your business no matter what area or department. Contact CRI® today and learn more about our third-party due diligence and risk management solutions. If you have any further questions or interest in implementing compliance solutions, please contact us.

GET A FREE QUOTE NOW

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under:

Can ISO 37001:2016 prevent bribery?

Since its launch in 2016, ISO 37001 Anti-Bribery Management Systems standard has had its supporters and critics. Some regulatory bodies and compliance communities initially expressed concern regarding the lack of a body of evidence supporting the effectiveness of ISO 37001:2016 from certain standpoints. Critics asserted that the new standard failed to address broad compliance concerns, and questioned whether ISO 37001:2016 certification alone can prevent prosecution. These observations should certainly be weighed and considered, as any new compliance standard must be properly evaluated on its merits. In the case of ISO 37001, however, the critics have made some misjudgments in regards to the key factors they feel are in question with the standard. Can ISO 37001:2016 prevent bribery?

One of the most important things to remember is that a standard like 37001 and all of its measures require a commitment and implementation by the organisation adopting them. ISO 37001 is a standard, administered by a certified body but ultimately implemented by employees of the organisation itself. The purpose of ISO 37001 standard is to provide a framework against which an organisation’s anti-bribery management can be assessed and certified, rather than a foolproof blueprint to prevent bribery.

The story behind ISO 37001:2016

First, some background: The International Organization for Standardization, or ISO, is the international standard-setting body composed of representatives from various national standards organisations. Founded on 23 Feb. 1947, ISO promotes worldwide proprietary, industrial, and commercial standards. Responding to an international need, ISO issued the 37001:2016 Anti-Bribery Management System standard to help businesses, nonprofits and governmental agencies reduce their risk of bribery and corruption by establishing, implementing, maintaining and improving an anti-bribery management system.

The ISO 37001 standard requirement, which references to ISO 19600 – Compliance Management System, specifies mandatory requirements for organisations when establishing/updating their anti-bribery management programs in a manner that is proportionate to the potential bribery risk. The reference to these requirements is referred to as “appropriate” and “reasonable”, hence directing organisations to undertake a subjective, diligent and rigorous review of current compliance framework, which will make ISO 37001 effective for them. According to Deloitte & Touche LLP, “[in ISO 37001:2016] it’s the substance, not the form, of a compliance program that determines its effectiveness”.

Anti-corruption versus broad compliance issues

Some of the concerns regarding the effectiveness of ISO 37001 are focused on whether it addresses broad compliance issues, like inequality, harassment, various types of fraud (outside of bribery and corruption), or similar offences. Seeing that it generally does not, as its focus is on anti-bribery and anti-corruption compliance, some take the view that ISO 37001 has adopted a simplistic approach. The scope of ISO 37001 addresses “establishing, implementing, maintaining, reviewing, and improving an anti-bribery management system,” whether as a stand-alone initiative or part of a broader anti-corruption. Therefore, implementing ISO 37001 standard requirements should be viewed as a way of enhancing, rather than replacing, an organisation’s existing anti-corruption compliance programs.

ISO 37001 is effective step-by-step guidance for those organisations which lack an anti-corruption framework and enables them to implement a compliance program without investing significant time in identifying the regulatory and non-regulatory requirements. In fact, ISO 37001 has incorporated Federal Sentencing Guidelines, U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) Resource Guide to the U.S. Foreign Corrupt Practices Act, the U.K. Ministry of Justice Bribery Act 2010 Guidance, and OECD’s Good Practice Guidance on Internal Controls, Ethics and Compliance. Former U.S. Deputy Attorney General Rod Rosenstein highlighted three hallmarks of a policy-effective compliance program, which are concurrent with ISO 37001 requirements and include: fostering a culture of compliance; dedicating sufficient resources to compliance activities; and ensuring that experienced compliance personnel has appropriate access to the board.

Prosecution of offences

Lastly, there is a widely held belief that obtaining ISO 37001 certification is an effective tool to avoid prosecution for bribery. These misconceptions have not been viewed favourably insofar as to Ms. Hui Chen, U.S. DOJ’s former compliance counsel, stating “Dan Kahn, the Chief of the FCPA Unit in the Fraud Section of DOJ’s Criminal Division, has been very consistent: prosecutors will not outsource their responsibilities”. Rightly so. ISO 37001 certification does not act as insurance to corporate liability for bribery, neither does it refute the need to perform due diligence, and it should be considered and implemented as per company’s risk profile. In practicality, implementing ISO 37001 can demonstrate to enforcement agencies and regulators that the organisation has taken reasonable steps to establish a compliance program to mitigate bribery risks, however, ISO 37001 certification will mitigate the consequences, if not a shield, an organisation from investigation or prosecution.

ISO 37001:2016 embraced by organisations and governments

It is important to note that organisations and governments alike are embracing ISO 37001 as the standard for prevention and detection. One example of this is in Malaysia, where the ISO 37001 standard was adopted across the government under Prime Minister Tun Dr Mahathir Mohamad. The new system has been received positively in both the public and private sectors, and Malaysia’s former anti-graft chief said “the people’s perception on the government’s seriousness to fight corruption had increased to 70.8 per cent last year from 59.8 per cent in 2016. He said that Malaysia has also shown improvement in its performance indicators in several important international studies and indexes” (New Straits Times, 2019). True to form, various heads of government in the country are following the directive. Defence Minister Mohamed Sabu recently “cautioned his officers to adhere to the Anti-Bribery Management System, which had attained the International Standards Organisation’s ISO 37001: 2016 certification” (New Straits Times, 2019).

Malaysia is not alone. In Peru, Singapore, and China (Shenzhen Institute of Standards and Technology [SIST]), the national standard bodies have adopted and localised the ISO 37001 standard. In Italy, the ISO 37001 accreditation scheme has been developed by Accredia; whereas in the UK, United Kingdom Accreditation Service (UKAS) has undertaken an ISO 37001 pilot program to develop an accreditation scheme. In the United Arab Emirates, Emirates International Accreditation Centre (EIAC) is undertaking the ISO 37001 accreditation scheme development with CRI® Group’s ABAC® Center of Excellence. ABAC® is an initiative launched by CRI® Group and offers ISO 37001 certification services. Hence, amid these positive developments, the outlook for ISO 37001 looks promising. ISO 37001 is not a “silver bullet” to foolproof an organisation from bribery or corruption, or avoid prosecution should those offences occur. It was never designed to be. Instead, it is a framework to implement the necessary controls and systems at the organisation level – across all levels – so as to be better equipped to prevent bribery and corruption moving forward.

CRI® Group has experts who have conducted fraud investigations all around the world, for organisations of all sizes and industries. Our investigators work on-site at your company bringing a boots-on-the-ground approach to uncovering all the facts of the case. When you’ve uncovered fraud, that’s the time to let the experts take over. You owe it to yourself and the future of your business to make sure every investigation is done professionally and effectively. Contact CRI® to learn more about our fraud investigations today. Get a FREE QUOTE

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution,

1 in 3 Furloughed UK Employees Pressured to Work

The COVID-19 pandemic has been a major crisis for businesses and employees around the world. To make matters worse, some unscrupulous employers in the UK have abused the Coronavirus Job Retention Scheme by engaging in furlough fraud. They do this by accepting taxpayer money designed to help them pay salaries for furloughed workers, who are essentially “deactivated” to due to loss of business and quarantine – yet they pressure them to work (or they accept furlough benefits without the employees’ knowledge).

The system is designed to keep companies from laying off employees during such a time of crisis. Unfortunately, a crisis can also present the opportunity to commit fraud. In this case, pressuring employees to work despite being furloughed is an abuse of the system and a violation of the law. Employers who do this are gaming the system and taking advantage of employee labour, with taxpayers footing up to 80 percent of the bill (their salary).

How big is the problem? According to a recent study, more than one in three employees on furlough in the UK are currently under pressure to continue working while on furlough (Express UK, 2020). This shocking statistic has demonstrated that the issue of abuse in the furlough system is not an isolated affair, but appears to be widespread. So much so that HM Revenues and Customs is actually offering a 30-day amnesty period for employers to “admit to deliberate non-compliance of furloughing rules” (Yahoo UK, 2020). More than 1,900 calls have been logged to the furlough fraud hotline, and companies face penalties with new legislation on the way to punish violations.

What does furlough fraud look like? Here are some of the ways that employers are abusing the system.

1. Furloughed employees are pressured to work

A survey showed that 27 percent of furloughed employees were asked to send and respond to emails, and 17 percent were asked to make phone calls. Furlough workers by law are not expected to be actively engaging in any work for the employer while furloughed.

2. They are asked to come to the workplace

Rather than being asked to work from home (which is still against the rules), 12 percent of furloughed employees report being pressured to physically attend their workplace.

3. Employees are encouraged to “volunteer”

A reported 11 percent of furloughed employees are being pressured to continuing working for their employer as a “volunteer,” which is against the law.

4. Some employee don’t even know they are furloughed

In certain cases, employers have claimed furlough on their employees’ behalf, without their knowledge, while they continue working.

In their efforts to eradicate corruption, Parliament is pushing through new draft legislation that is expected to become law in July as part of the Finance Bill 2020. Dawn Register, partner in tax dispute resolution at BDO, told Personnel Today: “It is clear that HMRC is now gearing up to tackle incorrect and fraudulent claims for Covid-19 support payments. Latest government statistics show the eye-watering numbers paid out and why HMRC resources will focus on this potential new area of fraud” (Personnel Today, 2020).

The problem of furlough fraud illustrates the danger at companies that don’t adhere to a strict ethical code of conduct. By contrast, a proper tone at the top that helps discourage fraud and corruption would make it just as difficult and unacceptable to flout furlough laws as it would be to, say, engage in bribery, or cook its books. Unfortunately, many entities in the UK will likely learn the hard way when investigations and penalties bring them into compliance at a high cost. Legislators have signalled that both criminal and civil penalties will be on the table for those companies found to be abusing the system.

At CRI® Group, our experts are focused on anti-corruption methods and help implement proper anti-fraud processes that prevent problems like furlough fraud. Our due diligence processes can also detect when such fraudulent acts are being undertaken without the knowledge of ownership or directors. Let us show you ways to detect and prevent fraud at every level, and build a corporate culture that’s based on compliance and ethics.

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: Automotive, Aviation, COVID-19 Insights,

Your company’s security begins at the hiring process

Your company’s security begins at the hiring process

It’s an exciting time for a company when business is growing and there is a need add more employees and start a hiring process. One organisation that was in such a position sought to make sure they were being diligent while hiring new staff. To that end, they engaged CRI® Group’s EmploySmart^TM services, providing thorough and extensive pre-employment background screening in verifying prospective candidates’ experience and credentials. What happened next is eye-opening for any business leader.

CRI® Group’s agents uncovered disturbing details regarding one of the applicants. When CRI® Group contacted this individual’s former employers, one of them reported that the applicant had been hired without any prior experience, was trained for a couple of months, and then terminated due to committing cash embezzlement as well as participating in harassment and workplace violence. In other words, he was an employer’s nightmare!

Further checks revealed more problems at other organisations – CRI® Group discovered that the individual had been terminated from a second position after causing a financial loss at the company. By using EmploySmart^TM, the client dodged a major bullet and avoided hiring someone who could have done serious damage, both financially and to the company culture.

What you don’t know can hurt you

A dishonest employee could be unqualified for the position, possibly endangering others on the job. Or they might be a fraud risk, willing to bend the truth in other ways in order to enrich or advance themselves on your dime.

At CRI® Group, our EmploySmart^TM pre-employment background screening process analyses a job candidate’s claims and credentials, and digs beyond the surface to make sure the facts match up. Our experts conduct extensive checks that examine all of the following details of a potential employee:

• Verification of address
• Verify name and date-of-birth
• National ID number
• Credit checks
• Previous employment verification
• Credentials verification
• Bankruptcy checks
• Civil litigation checks
• Criminal history
• Record checks
• Professional qualifications and memberships
• Criminal background checks
• … and more.

Resume fraud: More common than you think

In another case study, CRI® Group’s investigators conducted background screenings of employees who were working for a multinational organisation operating in Pakistan. While verifying education credentials is just one of the aspects of the EmploySmart^TM process, the investigators immediately noticed red flags and initiated detailed checks of the education degrees claimed by the subjects.

In this case, CRI® Group screened 18 degrees claimed from a single university. By contacting the university and conducting an examination of documents and records, CRI® Group found an astounding 5 of them (27.7 percent) to be fake and/or forged. As it turns out, the following are some of the most common areas of resume fraud:

• Stretching dates of employment
• Inflating past accomplishments & skills
• Enhancing job titles & responsibilities
• Education exaggeration & fabricating degrees
• Unexplained gaps & periods of “self employment”
• Omitting past employment
• Faking credentials
• Fabricating reasons for leaving previous job
• Providing fraudulent references
• Misrepresenting military record

Resume fraud is a widespread problem for employers in every industry, and at any size company. It’s persistent and sometimes even careful examination of a resume won’t immediately reveal red flags or problems. The only way to properly vet job candidates is to screen them with a thorough pre-employment background screening process.

 Hiring process is Trusting, but verifying

No organisation can afford to have employees on staff who aren’t what they claim to be. Even a seemingly innocent embellishment can indicate more background problems under the surface, and the potential for future problems down the road.

Every business leader should embrace the need to EmploySmart^TM. Your greatest resource is your employees. Make sure they are who they say they are, and that you only hire the best.

Take a proactive stance with the highest level of Employee Background Screening as a part of your essential business strategy.  Contact us today to learn more about our full range of services to help your organisation stay protected. Get a FREE QUOTE

CRI® Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligence,  third-party risk management, forensic accounting, compliance and other professional investigative research services.

Filed under: Background Investigation,

Wal-Mart: a professional TPRM implementation would have avoided this situation.

Lack of TPRM strategy can be an expensive reminder of how important is it to balance the risks and benefits of using third parties to deliver business services.

On June 20, 2019, Walmart Inc global retail corporation, settled a long-running corruption investigation by the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) to resolve a long-running U.S. bribery investigation into allegations of bribery by its employees. 

According to the agreed-upon statement of facts in the DOJ settlement documents, as well as allegations in the SEC administrative order, from 2000 until 2011, despite the fact that certain Walmart personnel responsible for implementing and maintaining the Company’s internal accounting controls related to anti-corruption were aware of certain controls failures, including failures related to potentially improper payments to government officials by certain Walmart foreign subsidiaries, Walmart failed to implement appropriate internal controls to prevent such improper payments.

The DOJ alleged that Walmart failed to do the following:

1. Conduct sufficient anti-corruption due diligence on third-party intermediaries (“TPIs”) who interacted with foreign officials;
2. Implement appropriate controls related to payments to TPIs; 
3. Require proof of services before paying TPIs; 
4. Require that TPIs had written contracts with anti-corruption compliance provisions; 
5. Ensure that donations ostensibly made to foreign government agencies were not converted to personal use by foreign officials; and
6. Implement appropriate policies covering gifts, travel and entertainment for foreign officials.

With a total of $282 million in penalties and disgorgement and its Brazilian subsidiary pleading guilty to criminal charges, the deal could have easily been avoided with a professional due diligence implementation.

The Arkansas-based global retail corporation settled a long-running corruption investigation by the U.S. Department of Justice (the “DOJ”) and the Securities and Exchange Commission (the “SEC”) (collectively the “Government”), with the Company paying a total of $282 million in penalties and disgorgement and its Brazilian subsidiary pleading guilty to criminal charges.

Expensive Reminder About the Importance of Due diligence

What is due diligence?

Due diligence is understood as the reasonable steps taken to satisfy legal requirements in the conduct of business relations. An Integrity Due Diligence allows you to reduce risks arising from the FCPA (Foreign Corrupt Practices Act) and the UKBA (U.K. Bribery Act), make informed decisions, and pursue takeovers or mergers confidently. In the business world, due diligence refers to the organisation’s investigation and steps to satisfy all legal requirements before buying or selling products and services or entering into a contract or a financial arrangement with another party.

Unlike other kinds of control (audits, market analysis, etc.), it must be independent and rely as little as possible upon information provided by the researched subject. The other significant difference lies in the methodology: commercial or financial due diligence analyses available information, Investigative Due Diligence provides reliable and pertinent, but raw, information.

When conducting investigative due diligence, you can identify key risks; it can enhance your knowledge and understanding of the customer, supplier, employee and third-party risk, helping you avoid any compliance. 

Protect your reputation and the risk of financial damage and regulator action using our detailed reports. 

Types of transactions

Professionals can be hired to conduct investigations or audits of business deals involving a variety of transactions, such as:

• merger & acquisition;
• potential investment in securities;
• real estate transaction;
• business purchase or sale; and
• investment in a new product or technology, and so on.

Types of investigations

The standard types of investigations that are conducted include:

• Conflict of interest investigation;
• Review of financial records;
• Confirmation of financials with a bank or other financial institution;
• Credit checks from credit reporting companies (such as Equifax);
• Property title checks obtained from a trusted source (e.g. land titles office or your lawyer); and
• Confirmation of corporate status, directors, officers, and shareholders (if applicable).

How can a professional fraud investigator help?

• review client documentation and information to identify red flags of fraud;
• conduct standard public record searches on the people or issues identified;
• conduct covert and overt interviews and gather intelligence utilising other covert and overt methods; and
• after an initial investigation is completed, request that their clients meet with the proposed parties to the transaction to gauge their credibility against the information that the investigator has found about them.

How CRI® can help

We enable businesses to make better decisions about the third parties they choose to work with. We help you make better decisions faster. We examine risk from every angle so you can make better-informed decisions. And we provide you with the insights you need to identify the partners who will create better long-term value for your business.

Third-party risk management services brochure

Filed under: All Industries, All Regions,

COVID-19: Top risk management concerns

A global crisis calls for a fresh due diligence and risk management review of your company’s third-party partnerships

The worldwide coronavirus pandemic has disrupted life in just about every word, from personal health concerns and social distancing to shelter-in-place mandates and business closures. But in the corporate world, life plods on. Critical concerns about ongoing sales and revenue, keeping personnel employed, safety issues inside the workplace, and uncertainty about the future make business leaders lose a lot of sleep these days.

An added element that global organisations should genuinely be concerned about is the ongoing viability of the supply chain. The pandemic is affecting different parts of the world at varying levels, so it’s vitally important to be continually vigilant in how the crisis affects your third-party suppliers and how those supply chain partners behave and maintain legitimacy in these uncertain times.

The healthcare industry is on the front line of the global supply chain battle, as it feverishly addresses an unprecedented demand for personal protective equipment. The shortage of PPE (Personal Protective Equipment) has forced many organisations – out of sheer desperation – to seek and purchase supplies from just about any outside source that can produce what’s needed. This panic buying has led to unscrupulous manufacturers producing and flooding the market with sub-standard products that, aside from being grossly overpriced, are putting an untold number of lives in peril. Further, the global demand for PPE has fostered rising occurrences of bad actors who see lucrative opportunities for bribery, tax evasion and money laundering amid crisis and confusion.

The pandemic has thrown many other industries into complete disarray, which will naturally open the doors for opportunists to do what’s necessary to take advantage of the situation. And suppose your organisation happens to be affiliated with these bad actors. In that case, the long-term effects can be potentially devastating, affecting the organisation’s reputation, and resulting in untrusting customers, lost business, loss of market value, decreased share price, litigation, and any number of regulatory penalties.

Crisis Situations Require Enhanced Due Diligence

A 

• Essential Workers – Is the company observing the latest guidance related to safety practices for that personnel still working on the production lines? Is the company providing PPE protection and following social distancing on the factory floor?
• Remote Workers – Is the supplier’s staff working from home now? How do you know those staff members, working on your behalf, are behaving correctly and completing their work? Who is overseeing the production of at-home workers?
• Customer Data – If staff is working remotely, how are they accessing vital company data? Is the at-home network protected? Can it be accessed and infiltrated by unaffiliated outside parties?
• Information Sharing – Has the supplier addressed intellectual property protection concerning at-home workers? Are the various corporate (and at-home) communication channels safeguarded, including email accounts, online chats, direct messaging, video conferencing and phone calls?
• Product Quality – Can the supplier still provide proof of product viability, including compliance with safety, quality, labelling and other standards?
• Production, Component and Logistical Costs – Has the supplier altered its various costs in response to the crisis? Has it provided acceptable reasons for the changes? Are these additional costs verified and justified?
• Relationships with Agents – Are the agents that assist in your global supply chain maintaining business integrity during the crisis? Are there unreasonable changes to pricing, terms and delivery dates?
• Regulatory Compliance – Is the supplier complying with local, regional and national mandates recently enacted as a result of the pandemic?

Remember, your organisation is only as safe as the least protected component of your Third-Party supplier network. It’s vital to ensure adequate protection against the rising number of risks associated with the recent worldwide crisis.

The Need for Leadership in These Challenging Times

Desperate times call for desperate measures, and these are most undoubtedly desperate times. An organisation where leadership, management and workforce do not take the third-party risk seriously will eventually suffer the consequences brought on by lack of action. And to those organisations that practice effective risk management, passive engagement in times of crisis is not enough.

The key to effective risk management during these times is proactivity. Asking difficult questions now can save you from answering accusatory questions later. Questions company management might immediately consider include:

1. Are our suppliers equipped to protect our sensitive information against today’s risks?
2. How sophisticated are our cloud and social media security?
3. Are our suppliers capable of adapting to regulatory compliance changes?
4. Are proper redundancies in place to ensure our information is protected against disaster?
5. Will we be prepared if one of our suppliers unexpectedly shut down a line or closed its doors?
6. Do we have the adequate tools to vet new or replacement suppliers properly?
7. Who owns the risk management process internally? What additional resources do they need to succeed in the current situation?
8. Do we have a set methodology for addressing incidents involving our suppliers?
9. Do we maintain an accurate and complete interactive inventory of our suppliers?
10. Can we identify warning signs with suppliers?
11. Do we have a well-communicated reporting process?

The coronavirus pandemic has created crisis and uncertainty that we’ve never experienced. And crises are breeding grounds for bad actors who see opportunity in the midst of uncertainty. Ongoing due diligence of third-party partners in times of crisis is vital to safeguard the organisation’s long-term interests and protect it from an increasing number of outside risks.

Let’s Talk!

If you have any further questions or are interested in implementing compliance solutions, please contact us.

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body that provides education and certification services for individuals and organisations on a wide range of disciplines and ISO standards, including ISO 31000:2018 Risk Management- Guidelines, ISO 37000:2021 Governance of Organisations, ISO 37002:2021 Whistleblowing Management System, ISO 37301:2021 (formerly ISO 19600) Compliance Management system, Anti-Money Laundering (AML) and ISO 37001:2016 Anti-Bribery Management Systems.

ABOUT THE AUTHOR

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group, a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.

t: +44 207 8681415 | m: +44 7588 454959 |e: zanjum@crigroup.com

Filed under: COVID-19 Insights,

COVID-19: Fraudsters are preying on fear and confusion

In a time of crisis, we often see the best in people. Even before COVID-19 was officially classified by the World Health Organization (WHO) as a global pandemic, citizens and government leaders were praising the selfless sacrifice of doctors, nurses, first responders and others putting themselves in harm’s way to help treat and limit the spread of the disease. Unfortunately, a crisis can also bring out the worst in some people. Fraudsters who prey on people’s fear and confusion tend to waste no time when a global disaster strikes. COVID-19 is relatively new and still spreading, yet fraud schemes are multiplying like the virus itself as criminals look for vulnerabilities among a fearful population.

Interpol issued a warning on March 13 that fraudsters are “exploiting the fear and uncertainty” around COVID-19 through several different schemes utilizing different approaches. These include telephone fraud, through which “victims receive calls from criminals pretending to be medical officials, claiming a relative has fallen sick with the virus and then requesting payment for their treatment;” and phishing, in which “victims receive emails from criminals pretending to be from health authorities, or legitimate companies, using similar looking websites or email addresses” (Euronews, 2020).

While the public might be surprised to see an uptick in shameless fraud schemes during such a time, investigators are not. Disaster fraud is a common scourge of law enforcement and regulatory bodies everywhere. For example, in 2012, Hurricane Sandy devastated the Caribbean and eventually wreaked havoc upon the U.S. eastern seaboard. More than a hundred individuals in New Jersey alone were prosecuted for filing fraudulent applications for relief funding. Investigators in the southern U.S. launched similar actions after Hurricane Harvey in 2017.

Fraud that preys on the fearful or vulnerable is even more insidious. That’s what investigators are seeing right now as COVID-19 continues to spread. The Food and Drug Administration (FDA) and the Federal Trade Commission (FTC) recently issued warning letters to seven companies for selling fraudulent COVID-19 products. “These products are unapproved drugs that pose significant risks to patient health and violate federal law. The warning letters are the first to be issued by the FDA for unapproved products intended to prevent or treat “Novel Coronavirus Disease 2019″ (COVID-19)” (FDA, 2020). The FDA and FTC are taking this action as part of their response to protecting Americans during the global COVID-19 outbreak.

The FDA and FTC issued warning letters to Vital Silver, Quinessence Aromatherapy Ltd., Xephyr, LLC (doing business as N-Ergetics), GuruNanda, LLC Vivify Holistic Clinic, Herbal Amy LLC, and The Jim Bakker Show. In some cases, colloidal silver was being fraudulently peddled as a successful treatment for preventing and/or curing COVID-19.

An article in New York Magazine provides an insightful look at various herbal and homeopathic “cures” that become a hot commodity at times of widespread illness. As the article points out, useless treatments aren’t simply harmless. They can have a seriously detrimental effect when they replace actual science: “Even without the looming threat of a pandemic, pseudoscientific cures can pose a real threat to the public. No scientific evidence supports the claim that homeopathy has curative properties, for example, and relying on unproven treatments without the assistance of conventional medicine can put a person’s health at risk. Some popular treatments, like colloidal silver, can actually be dangerous if consumed in enough quantities. Nevertheless, alternative medicine is a big market in the U.S. Americans spent $30 billion on alternative medicine in 2012; by the time COVID-19 appeared, people were already primed to trust dubious cures” (New York Magazine, 2020).

So how can the general public avoid frauds and phishing schemes during a crisis? Here are some things to keep in mind:

• Be suspicious of emails that are peddling cures or medical devices. Don’t click links or open attachments.
• When searching for information online, be aware of fake websites impersonating legitimate organisations. Check the web address carefully and don’t provide any personal information.
• Follow the same rule for unsolicited phone calls – under no circumstances should you reveal any personal or financial information.
• If you believe you have fallen for a scheme, contact your bank or credit card provider immediately.

Remember, fraudsters take advantage of a sense of panic among their victims that they have to take action immediately. Anyone (other than a legitimate government or medical official) who tries to pressure you to make a decision, especially a financial one, may try to scam you. Keep a cool head, do your research, and don’t panic. Businesses are not immune to such frauds, either. If you think your business has fallen prey to a scam, contact CRI® Group immediately. Our investigators are standing by to help prevent and detect such schemes.

Let us know if you would like to learn more

If you have any further questions or are interested in implementing compliance solutions, please contact us.

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: Background Investigation, COVID-19 Insights,

Due Diligence: 4 Red Flags of Collusion

One of the many schemes that can cause serious legal and financial consequences is collusion in business. While some business leaders might wonder what separates collusion from other types of fraud and how to identify it, there is a key factor: secrecy. 

Collusion involves at least two parties (sometimes more) who collaborate to deceive others, usually for financial or market gain. Due to its secretive nature, collusion can be difficult to detect and weed out. This poses a serious problem because the consequences of noncompliance for an organisation are often severe.

According to the Wall Street Journal, the U.S. Department of Justice (DOJ) is “preparing to tackle competition issues in several important markets, including alleged price-fixing in the generic-drug industry, rules for music licensing and purported employer collusion that limits options for sought-after workers” (Wall Street Journal, 2020). Indeed, these are the types of schemes that are most often associated with collusion. Price fixing is a global problem found in many different industries, for example. However it’s important to note that collusion is just as common at the local level – for example, where contractors bid to provide goods or services regularly. Sometimes competitors will engage in collusion by making secret arrangements to rotate bids or share bid details to artificially deflate prices.

In one recent case, the branch manager for a U.S.-based insulation contractor pleaded guilty in a scheme to rig bids and commit other forms of fraud on insulation contracts. The DOJ had launched an investigation into the branch manager’s actions from 2011 to 2018, finding that he “conspired with other insulation installation contractors to rig bids and engage in fraud on insulation installation contracts in Connecticut, New York, and Massachusetts. Insulation installation contractors install insulation around pipes and ducts on renovation and new construction projects at universities, hospitals, and other public and private entities. In addition to his guilty plea, DeVoe has agreed to pay restitution” (DOJ, 2020). “Free and open markets are the foundation of a vibrant economy. For years, the defendant illegally coordinated bids on construction projects to enhance his profits, eliminate competition, and ultimately steal from public and private customers,” said Brian C. Turner, Special Agent in Charge of FBI’s New Haven Field Office.

The DOJ noted in its press release that this crime hurt the hospitals, universities and businesses that solicit and pay for the contractor’s services under the expectation that the bidding process is fair and above board, not rigged to benefit a contractor at their expense. The money lost in such schemes (through paying inflated contracts) often represents taxpayer dollars. The fact that collusion, in this case, lasted for at least seven years indicates that tens of thousands of dollars (or more) were likely lost through fraud.

So, what can organisations do to be better protected from collusion schemes – whether from inside their own company or perpetrated against them by outside partners/contractors? While collusion is secretive by its very nature and can be difficult to detect, red flags can indicate that something might be amiss. CRI® Group’s integrity due diligence experts are specially trained to uncover collusion in all its forms, and they describe the following as some of the signs to watch for when dealing with competitive bid contracts:

A high percentage of awards go to the same company

If a single bidder is winning most of the contracts for a particular set of goods or services, there might be something wrong despite several other contractors involved in the bidding. This is especially true if there are any issues or complaints around the bidder, such as poor quality products or services, they are late in delivering on their contracts, etc.

Lowest bidders are not winning awards

Suppose the contracts are consistently going to bidders other than the lowest bidder. In that case, this might warrant further investigation – as most contracts are considered “low bid” and would reasonably go to the lowest bidder. Also, if there is a higher-than-average range or spread between bidders, that could signal that something is off.

There is a high number of late bidders

Late bids can be a sign of collusion if bidders, or an agent at the organisation soliciting bids, are sharing bid information – such as the highest bid (so far) in an award process. This is especially true when the winning bidder is consistently the last one to submit bids. If late bidders are being approved regularly, you need to know why.

Bidders share (or have similar) names, addresses, or other information

This is an obvious red flag. In some cases, bids from two different contractors have been submitted from the same fax machine! This indicates that parties might be colluding in their bid submissions, and you need to look further.

Other countries’ DOJ and enforcement bodies have demonstrated their willingness to detect, investigate, and punish collusion. For the sake of your organisation, it is best to be proactive when it comes to your bidding and contract processes. CRI® Group’s integrity due diligence services can help you identify the above red flags. Our experts also conduct risk assessments to help find weaknesses in your business process and controls that might make your organisation vulnerable to collusion. This holds whether you need the goods or services or are a supplier or contractor submitting bids. The secret crime of collusion causes financial harm through inflated costs, representing a legal and financial liability to your organisation and/or clients. By being attuned to spot red flags, you’ll be more likely to notice the smoke …. before it turns into a fire.

Download our Brochure

Take a proactive stance with the highest integrity due diligence as a part of your essential business strategy. Contact us today to learn more about our full range of services to help your organisation stay protected. Get a FREE QUOTE

About Us

CRI® Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligence,  third-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

Filed under: Compliance Solution,

6 challenges for compliance officers in 2020

The job of a compliance officer can be a difficult one. Organisations from large corporations down to small government agencies rely on their compliance officers to keep them within ethical and legal boundaries. They also rely on them to maintain monitoring and reporting requirements, and stay abreast of any changes in the compliance landscape. For professionals in this field, the bad news is that challenges will continue to increase in the near future (as we’ll explain in this article). The good news is that there are trained experts available to work hand-in-hand with organisations’ compliance officers to minimise risk and help them remain in compliance.

The stakes are high, as organisations in both the public and private sectors face new laws and regulations in jurisdictions around the world, along with increasingly strict enforcement and punishments. Investigations of violations can, and often do, lead to heavy fines. In some cases, criminal charges may result – and these can be levied against the organisation, or individuals, or both. Here are some of the biggest challenges facing compliance officers today:

 1. Anti-money laundering (AML) regulations

The Panama Papers and other major scandals, including the illicit funding of certain terrorist actions, brought money laundering issues firmly into the spotlight. Many governments have been stirred to action to create stronger measures meant to prevent the illegal funding of criminal or terrorist enterprises. In the European Union, this resulted in the 5^th Money Laundering Directive (5MLD), which takes effect in January 2020. 5MLD impacts organisations most directly in how they handle their know-your-customer (KYC) processes.

In the run-up to the 5MLD, there was increased attention on high-risk countries. Clients or transactions engaged in high-risk countries are now subject to enhanced due diligence when performing onboarding checks. Compliance teams need to ensure KYC is not a simple “tick box” exercise during the onboarding phase, and ongoing monitoring processes need to be implemented to manage changes throughout the customer lifecycle.

5MLD requires enhanced due diligence when dealing with high-risk countries. In addition to obtaining evidence of the source of funds and source of wealth, information on beneficial ownership and background to the intended transaction must also be recorded. The EU may also designate a ‘blacklist’ of high-risk countries for money laundering.

2. Conflicts of interest

Risks related to conflicts of interest are significant at every level of the company. Starting with the board of directors, an effective board must be transparent about potential conflict issues and address them on an ongoing basis. Board decisions that either suffer from actual conflicts can risk the board’s adherence to its duties and create real legal risks. Even the appearance of a conflict can raise real issues and transparency becomes even more important in these contexts.

This same level of risk can undermine the integrity of senior management. When senior executives fail to address real and significant conflicts, the integrity and overall leadership trust factor can deteriorate. A compliance executive must be willing to take on these issues, even when it is difficult to confront senior executives.

Within the private equity (PE) industry, conflicts and their adequate disclosure remain problematic. In recent years regulators have made examinations of PE firms and their complex structures top priorities. Most major organisations – and their compliance officers – see outside business activities as a risk.

3. Innovation driving new demands

New innovations are providing increased efficiency in compliance processes, which is a major plus for organisations. Always a double-edged sword, however, technology also creates more issues in data security, not to mention the training and expertise required to master it.

For many ‘non-tech’ professionals such as compliance officers, rapidly changing technology can be a concern, as the importance and integration of technology into the compliance suite continue to evolve. Compliance officers may not need to become technology experts, but they do need to ensure that tech-related risks are addressed within their firm’s framework. Compliance must be aware of rules and regulations from every jurisdiction with authority over the firm’s activities. This is another area where partnering with an outside firm that provides training and technology resources can be a major advantage.

4. Regulatory and political change

Recent years have seen a flurry of new regulations from various governmental bodies and jurisdictions, from the General Data Protection Regulation (GDPR) act to 5MLD. The GDPR, for example, has extraterritorial reach. It also serves as a model for future possible regulations in the critical area of data privacy and cybersecurity.

In Europe, Brexit creates real uncertainty for the UK’s regulators, and the industries that they regulate. But Brexit also impacts EU member states and any organisations doing business within or through the UK. The impact is far-reaching, and regulators face major challenges in responding to profound changes in policy, the legislative framework and the wider economic context.

Politics in the United States and other nations have also seen similar dramatic shifts in governmental control and resultant effects in policy, which can impact regulatory laws and how they are implemented and enforced worldwide. One thing is certain – investigations and legal actions based on violations of the Foreign Corrupt Practices Act (FCPA) continue to increase, and organisations must remain diligent in conducting risk assessments and implementing control measures to remain in compliance.

5. Personal liability

One area of concern sure to grab the attention of any compliance officer is the issue of personal liability. Recent news stories have reported criminal convictions, some leading to prison sentences, of executives, “middle men” and other individuals involved in various scandals. Compliance officers should take heed, as their responsibilities to their company can also extend to their own professional conduct being placed under a microscope. Many compliance professionals are aware of this, as a recent Thomson-Reuters survey found that 60% of them expect personal liability to increase.

New initiatives underline this reality, such as the Senior Managers and Certification Regime (SCMR) in Europe. It places a focus on firms’ senior managers and individual responsibility, and extends to all Financial Conduct Authority (FCA) solo-regulated financial services firms. The FCA itself has been increasing enforcement notices against individuals. We can expect an increase in these types of measures and they will apply to industries beyond those in the financial sector.

6. Ethics and integrity

Today’s business landscape brings an increased emphasis on the culture of an organisation, with an eye toward ethical practices and principles. With growing scrutiny from both regulators and stakeholders, the pressure is on for compliance professionals and their superiors to take broader responsibility for policies, procedures and controls to create a truly ethical business.

The Cambridge Analytica scandal is a notable example of how data misuse has serious brand and societal implications, on top of legal and compliance penalties. The public outrage was so intense that governments were forced to act, calling on Facebook and other involved parties to testify and explain themselves. The market’s reaction was also punishing, with more than $100 billion knocked off Facebook’s share price in days, while Cambridge Analytica went out of business.

In conclusion, AML regulations, conflicts of interest, innovation driving new demands, regulatory and political change, personal liability, and ethics and integrity issues are among the biggest challenges facing today’s compliance professional. This is the time to address solutions. There is expert help and a wealth of resources available, with no better time to leverage them than the present.

Let us know if you would like to learn more! Contact us today and get your FREE QUOTE now!

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening,

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Anti-Bribery Anti-Corruption Solution, Automotive, Aviation,