Anti-Bribery Compliance Programs in EMEA Countries
Preventing bribery and corruption is a global effort that crosses international borders…
Preventing bribery and corruption is a global effort that crosses international borders. In just the past few years, many governments have enacted more laws and regulations to reflect that reality. European, Middle Eastern and African (EMEA) countries are no exception – in many ways, they are at the forefront of this new anti-bribery and anti-corruption landscape and compliance program development. This critical shift from bygone years of sweeping unethical business behaviour under the rug to creating strict enforcement measures is well overdue. The sometimes overlapping nature of these laws and varying rules based upon their jurisdictions can pose challenges to compliance officers, however. Not to mention that the “letter of the law” sometimes lends to different interpretations depending on the local politics of the day.
When organisations do uncover wrongdoing, their leadership must be careful to understand that the wrong approach to investigation might get them into trouble: employee privacy protections are higher in some European nations, for example, potentially affecting a company’s ability to monitor employee behaviour and investigate wrongdoing.
The article will discuss some of the new laws and regulations that have been enacted (or are still emerging) in various EMEA countries, and provide a perspective on managing compliance standards across varying jurisdictions. The new wave of anti-bribery and anti-corruption controls is a good thing for the economy and for protecting investments worldwide. Business leaders must just be sure not to get caught by the tide.
Europe: Leading the Charge
In most European countries today, it can be very costly to be caught breaking bribery laws. Most laws call for stiff fines. The UK largely ushered in this landscape with the introduction of the UK Bribery Act 2010. Under this groundbreaking law, individuals or businesses may face up to 10 years in prison or unlimited fines. “The UK Bribery Act imposes more severe penalties and is broader in scope than the FCPA, covering bribes to private parties as well to foreign officials. The UK Bribery Act also prohibits being bribed, not just giving bribes. Because of the close ties between the United States and the United Kingdom, US businesses should pay special attention to all forms of potential bribery abroad, regardless of jurisdictional technicalities.” (Everfi, 2020).
Click here to read the full article.
Other Anti-Bribery and Compliance resources from our independent certification body ABAC®:
- Prove that your business is ethical. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Find out if your organization’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks.
- Bribery and corruption plague Middle East, how can ISO 37001 help? Read more here or download the free e-book now to know more about ABAC solutions in the Middle East.
- Are you ready for ISO 37001? Download our free e-book: The latest global anti-bribery standards redefine a framework for corporate compliance, and find out more!
Let’s Talk!
If you have any further questions or interest in implementing compliance solutions, please contact us.
Don’t leave hiring to chance. Take a proactive stance with the highest level of background screening as a part of your essential corporate strategy. Contact us today to learn more about our full range of services to help your organization stay protected.
About us…
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.
In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.
MEET THE CEO
Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.
Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.
CONTACT INFORMATION
Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com
CRI Group™ celebrates 30 Years
This month, May 2020, CRI Group™ celebrates 30 years. We are worldwide provider of background screening, investigative due diligence, third-party risk management, compliance and other professional investigative research services. From the very beginning, CRI Group™ has been dedicated to safeguarding organisations, helping businesses fight bribery and corruption, while promoting transparent business relations. “Investigative results are for the people, to get informed decisions” embodies CRI Group™’s values and aspirations.
Based in London, United Kingdom, CRI Group™ is a global company with experts and resources located in key regional marketplaces across the Asia Pacific, South Asia, the Middle East, North Africa, Europe, North and South America. CRI Group™ also established the ABAC™ Center of Excellence to educate, equip and support the world’s leading business organisations with the latest best-in-practice risk assessments, performance assessments, systems improvement and standards certification.
CRI Group™ and ABAC™ always stand ready to assist clients on every level, and together achieved many significant accomplishments within just the past year alone. From engaging new partnerships and adding new certifications, to launching an e-training portal and even opening another office, CRI Group™ and its ABAC™ have been busy expanding their reach to help more organisations prevent fraud, bribery, corruption and other business risks; while increasing certification and training offerings at a time when they are critically needed.
CRI Group™ Honoured to be Named Certified Provider by HRO Today Association
A major announcement was made just last month when the HRO Today Association approved CRI Group™ as a Certified Provider of background screening to the human resources services industry. CRI Group™ completed a rigorous audit process for its pre- and post-employment screening services, and “demonstrated a high level of accountability of standards and ethics,” according to an HRO Today Association statement.
HRO Today Association certified members demonstrate that they have undergone evaluation and testing to verify themselves as credible and trusted providers. This form of certification ensures customers have access to qualified service providers in the HR services and technology industry.
CRI Group™’s ABAC™ Center of Excellence: Serving Clients with Innovation
Founded by CRI Group™ in 2016, ABAC™ is celebrating an anniversary of its own: Three years of educating, equipping and supporting the world’s leading business organisations with the latest best-in-practice risk assessments, performance assessments, systems improvement and standards certification. ABAC CoE launched a new website this year, along with several new initiatives described below.
State-of-the-Art E-Training Portal Launched
ABAC™, powered by CRI Group™, unveiled a new e-training portal to bring its acclaimed certification and training straight to the businesses and organisations that need it. Through the portal, ABAC™ CoE offers three levels of training for ISO 37001 Anti-Bribery Anti-Corruption Management Systems standard. These include ISO 37001 Awareness (Introductory), ISO 37001 Internal Auditor, and ISO 37001 Lead Auditor online training courses. Taught by ABAC™ trusted experts with years of hands-on and business experience, these online courses provide a proactive way for employees to learn to recognise any form of corruption, and report it. Course instructors bring the subject matter to life with relevant and contemporary examples.
New Webinar, Expertise at Anti-Corruption Forums Help Spread Knowledge About Bribery and Corruption Risks
With more businesses turning to online learning opportunities, ABAC™ Center of Excellence hosted two free webinars: “ISO 37001 ABMS Overview” informs on the standard that was released in 2016 with a variety of anti-bribery best practices that all organisations should adopt. The webinar is still available for viewing and describes how ISO 37001 ABMS works, what measures it entails and what value it brings to businesses – along with how to get certified. “How Effective is Your Anti-Bribery Management System?” examines the fact that even among companies that identify and prioritise bribery and corruption risks, we often find gaps. These issues limit compliance officers from fully maximising the benefits and business value of their anti-bribery management programmes. This webinar is also available for viewing, and informs on how to mitigate risks and rectify these unintentional gaps in your policies and procedures.
In September, CRI Group™’s ABAC™ proudly participated in important anti-corruption events in Malaysia. The first was a briefing session and discussed ‘The Importance of ISO 37001 ABMS’ at the Malaysia German Chamber of Commerce and Industry. ABAC™ also proudly supported at Malaysia Anti-Corruption Forum, themed “Understanding and Addressing the World’s Biggest Problem,” organised by International Strategy Institute (ISI).
In December, “Manage your business risks with confidence” was the theme for CRI™ Group’s ABAC™ Center of Excellence anti-bribery anti-corruption training event held on International Anti-Corruption Day (Monday, 9 December) in Dubai. Hosted at Dubai Quality Group’s offices at Emarat Atrium Building, “Introductory Seminar on ISO 37001:2016 Anti-Bribery Management System” provided critical insight on how to protect businesses from bribery and corruption risks.
Expanding the Global Reach: CRI Group™’s ABAC™ Opens New Office in Abu Dhabi Global Market
In January, ABAC™ proudly announced the opening of its offices in the Abu Dhabi Global Market (ADGM). “ABAC Certification’s worldwide network of multi-disciplined subject specialist auditors and analysts help organisations prevent and deter bribery and corruption, third-party malfeasance, threats and corruption risks while ensuring our clients conform to the local and international regulatory framework, specifically UK Bribery Act 2010 and Foreign Corrupt Practices Act (FCPA),” said Zafar Anjum, ABAC CoE CEO. “The establishment of our offices in the Abu Dhabi Global Market (ADGM) gives us the platform to expand our Accredited Certification capabilities further and enhance the level of support we offer to the international business community.”
Dynamic New Partnerships and Certifications for clients
ABAC™ Center of Excellence also announced that Apex Shipping Services LLC, based in Dubai (UAE), successfully demonstrated compliance with ISO 37001 Anti-Bribery Management System (ABMS) requirements and attained ABAC Certification. Kanwal Zafar, Managing Director at ABAC™ CoE, said “It is our honour to recognise Apex and certify them for implementing ISO 37001 anti-bribery management standards. From the beginning of the certification process, Apex has demonstrated a commitment to achieving the highest level of compliance, preventing and detecting bribery.”
Award-winning information technology services company ISS Middle East FZC (IntelliSoft) also attained ABAC Certification in ISO 37001:2016 ABMS for services such as SAP Professional, Technology, Infra services & solutions (Data Management, Application development, Legacy Modernisation Cloud service, Analytics & Mobility), Staffing, Recruitment and Outsourcing services in IT. “We are honoured to work with ISS Middle East FZC towards their commitment to prevent, detect, report and eliminate bribery and corruption,” said Kanwal Zafar. “This zero-tolerance approach helps organisations to emerge as a global ethical and trusted partner, as this standard is recognised and practised worldwide.”
New Ethics and Compliance Hotline to Foster Prevention and Detection
In keeping with one of the most effective methods for detecting fraud and corruption, CRI Group™ implemented an anonymous reporting mechanism that facilitates reporting of possible illegal, unethical, or improper conduct when the normal channels of communication have proven ineffective, or are impractical under the circumstances. The new Ethics & Compliance Hotline is available to all employees, as well as clients, contractors, vendors and others in a business relationship with CRI Group™ and ABAC Group. The Ethics & Compliance Hotline is a secure and confidential reporting channel managed by an independent provider that provides protection through a Non-Retaliation Policy.
CRI Group™: A Brief History
The story of CRI Group™ began when it was originally founded as the “Metropolitan Detective Agency” by Mr. Muhammad Anwar Naveed, the father of CRI Group™ CEO Mr. Zafar I. Anjum. It was a one-man private investigation firm that dealt with insurance claim investigations. In 1990, Anjum (a former member of the Pakistan Rangers who had earned a Graduate Diploma from Pakistan Detective Training Institute PDTI) formally launched the business as a full flagged district level detection agency with a full range of services including insurance claim fraud investigations, background checks and due diligence.
It was while Anjum was working on an insurance fraud case that he came to a realisation about the nature of fraud. Whereas most types of crime are dealt with by the justice system, fraud is handled differently. It can be so complex and specialised that it often requires investigation by an external agency or organisation with expertise in fraud detection.
In 2001, Anjum increased the scope and mission of his firm, along with a new name: Corporate Research and Investigations (Private) Limited, offering full-scale investigative research services. Expansion would come quickly with incorporation in 2006 in the UK, and 2008 in UAE.
In 2016, Anjum and CRI Group™ embraced a bold new initiative with the founding of the Anti-Bribery and Anti-Corruption ABAC™ Center of Excellence, with world-class programs to train and certify organisations in compliance processes, including the comprehensive ISO 37001:2016 Anti-Bribery Management System Certification.
Today, CRI Group™ is a recognised global leader in employee background screening services, investigative due diligence, third-party risk management services and Anti-bribery Management Systems. CRI Group™ safeguards some of the world’s leading businesses by establishing the legal compliance, financial viability and integrity levels of outside partners, suppliers and customers seeking for affiliation.
“Our business is preserving and improving Corporate Fraud Control, facilitating to get informed decisions and lessens the crime picture from society and working businesses,” Anjum said.
“Above all, we value our ability to serve the business community who can benefit from the appropriate use of our investigative results and services,” Anjum added. “We are dedicated to providing the highest level of professional excellence and result oriented delivery systems. We strive to identify the most critical needs of professionals and consumers, and we devote our resources to meeting those needs.”
Looking Ahead to More Success
CRI® Group is honoured to have proudly served businesses, government agencies and other organisations for the past 30 years. The company’s mission is to safeguard the corporate world by detecting and exposing bribery and corruption before it can cause irreparable harm to a business. ABAC™ Center of Excellence also fills a critical role in educating, training and certifying organisations to prevent bribery and corruption.
The industry-leading services CRI Group™ and ABAC™ CoE provide are in high demand, and we look forward to the next 30 years and beyond in preventing and detecting fraud, corruption and unethical behaviour for clients worldwide. Visit CRIgroup.com and ABAC® Center of Excellence today.[/vc_column_text][/vc_column][/vc_row][vc_section][accordion_father][accordion_son clr=”#ffffff” bgclr=”#1e73be” title=”Who is CRI Group?”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group™ also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI Group™ launched Anti-Bribery Anti-Corruption (ABAC™) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC™ operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group™’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC™ for more on ISO Certification and training.[/accordion_son][accordion_son clr=”#ffffff” bgclr=”#1e73be” title=”27th Anniversary”]Corporate Research and Investigations Group celebrated its 27th Anniversary in all the offices across the globe. We all know that Company’s Anniversary is a special occasion for all its’ stakeholders because it marks the success of the company. The success of every company is not only linked with the strategies, mission statements and vision but is also backed by the brains behind these, which are our employees. These are our employees who have combined their diligence, inspiration and passion for supporting the management’s vision for bringing CRI Group™ to this level. CRI™ celebrates 27 years
Therefore, Mr Zafar Anjum, Group CEO announced lunch for its employees across the globe to commemorate CRI Group™’s 27th Anniversary. The wave of excitement was also reflected from employee’s end when they decorated their respective regional offices. Also, colleagues designed personally customised 27th-anniversary cards for all the staff to give a token of thanks for all their efforts they have put in last year. This gesture of distributing cards was extended throughout the group for all CRI Group™’s employees worldwide to thank for successful collaboration with each other.
CRI Group™’s Senior Management is looking forward to coming year’s milestone achievement with the existing team and longing to extend this celebration to next level towards the year end.
29th Anniversary
CRI Group™’s mission is to safeguard the corporate world by detecting and exposing bribery and corruption before it can cause irreparable harm to a business. As the global firm celebrates 29 years, the industry-leading services it provides are in high demand. The way companies conduct business has changed dramatically over the past three decades, and preventing and detecting fraud, corruption and unethical behaviour is a leading priority among organisations worldwide.
A Year of Milestones
During just the past year alone, CRI Group™’s accomplishments stand out as success stories for organisations that depend on expert help to protect their financial, reputational and legal standing in the face of corruption risks.
A critical part of this effort is the sharing of knowledge and training. CRI Group™ hosted its third annual Anti-Bribery Anti-Corruption Summit, attracting leading industry professionals to Islamabad, Pakistan for insightful keynote addresses, instructional sessions, panel discussions and workshops. In addition, CRI Group™’s experts participated as hosts, panelist and speakers at a variety of global conferences addressing anti-bribery management employee background screening solutions, reaching more than 1,200 professionals in 10 cities —and our investigative analysts have detected more than 700 red flags across 80 countries worldwide. If not discovered, any one of these red flags could have turned into the next massive fraud.
CRI Group™’s experts also published more than 50 informative articles worldwide to help educate business and industry leaders, government officials, corporate professionals and the public on topics ranging from corruption, due diligence and employee background investigations. These include primary research papers, case studies and features in leading industry publications.
Strategic alliances were formed to help strengthen the fight against fraud and corruption. CRI Group™ teamed up with the Malaysian Anti-Corruption Commission (MACC), Transparency International, The Malaysian Youth Council and Malaysian Anti-Corruption Foundation to develop a nationwide anti-corruption awareness campaign, reaching more than 30,000 Malaysians on International Anti-Corruption Day. CRI Group™ also expanded services into Brazil, China and Canada.
United For Anti-Bribery and Anti-Corruption
CRI Group™ hosted its first Anti-Bribery Anti-Corruption Summit in 2017 in Karachi, Pakistan, the first event of its kind sharing invaluable expertise in due diligence, internal controls and compliance issues, along with showcasing the latest resources and solutions to detect and prevent combat bribery and corruption. The Summit was such a success that CRI Group™ hosted the event again in 2018, with CEOs, CFOs, directors, compliance and legal officers, lawyers, and due diligence and risk management professionals gathering in Kuala Lumpur, Malaysia, for the second annual Anti-Bribery Anti-Corruption Summit.
Just this year, the third annual Anti-Bribery Anti-Corruption Summit returned to Pakistan (this time in Islamabad) and it embraced the theme of “Setting the Tone at the Top”. Anjum provided the introductory welcome, noting that the event was a great success at a critical time in the fight against bribery and corruption. “Nowhere is that more prevalent than right here in Pakistan, a country whose Transparency International corruption perception index ranking has decreased steadily over the past several years, thanks to effective anti-corruption programs, increased awareness, and ever-stringent enforcement measures”, Anjum said.
A post-event survey of the attendees found that 79 percent face challenges raising awareness amongst employees about anti-bribery and anti-corruption measures. They are doing something to remedy that, however: 81 percent said they are looking to implement ABMS certification and/or ABMS training at their organisations within the next six months. Attendees noted their overwhelming satisfaction with the event in the survey results, and CRI Group™ is already looking forward to hosting another successful ABAC™ Summit in 2020.
CRI Group™: Continue Leading Business Towards a Fraud-Free Future
The most successful organisations don’t rest on their laurels – they are constantly innovating and growing to provide new services and resources that directly benefit their clients in real, measurable ways. CRI Group™ is definitely in this category, charting exciting new paths in investigation, anti-corruption compliance, background checks, due diligence, and an entire range of offerings that fill urgent needs among businesses. With the expansion of ABAC™ Center of Excellence, the growth of the annual Anti-Bribery Anti-Corruption Summit, CRI Group™’s participation in other industry events and though leadership worldwide, the firm is at the forefront of the newest measures and best practices for preventing and detecting fraud and corruption.
For business and government leaders, catching corruption after its already wreaked havoc is too late. They depend on CRI Group™ to help uncover and mitigate risks before they cause irreparable harm. For 29 years, CRI Group™ has proved ready and able to answer the call.
About us…
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.
In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
MEET THE CEO
Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.
Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.
[/accordion_son][/accordion_father][vc_empty_space][/vc_column][/vc_row][/vc_section]
Wal-Mart: a professional TPRM implementation would have avoided this situation.
Lack of TPRM strategy can be an expensive reminder of how important is it to balance the risks and benefits of using third parties to deliver business services.
On June 20, 2019, Walmart Inc global retail corporation, settled a long-running corruption investigation by the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) to resolve a long-running U.S. bribery investigation into allegations of bribery by its employees.
According to the agreed-upon statement of facts in the DOJ settlement documents, as well as allegations in the SEC administrative order, from 2000 until 2011, despite the fact that certain Walmart personnel responsible for implementing and maintaining the Company’s internal accounting controls related to anti-corruption were aware of certain controls failures, including failures related to potentially improper payments to government officials by certain Walmart foreign subsidiaries, Walmart failed to implement appropriate internal controls to prevent such improper payments.
The DOJ alleged that Walmart failed to do the following:
- Conduct sufficient anti-corruption due diligence on third-party intermediaries (“TPIs”) who interacted with foreign officials;
- Implement appropriate controls related to payments to TPIs;
- Require proof of services before paying TPIs;
- Require that TPIs had written contracts with anti-corruption compliance provisions;
- Ensure that donations ostensibly made to foreign government agencies were not converted to personal use by foreign officials; and
- Implement appropriate policies covering gifts, travel and entertainment for foreign officials.
With a total of $282 million in penalties and disgorgement and its Brazilian subsidiary pleading guilty to criminal charges, the deal could have easily been avoided with a professional due diligence implementation.
The Arkansas-based global retail corporation settled a long-running corruption investigation by the U.S. Department of Justice (the “DOJ”) and the Securities and Exchange Commission (the “SEC”) (collectively the “Government”), with the Company paying a total of $282 million in penalties and disgorgement and its Brazilian subsidiary pleading guilty to criminal charges.
Expensive Reminder About the Importance of Due diligence
What is due diligence?
Due diligence is understood as the reasonable steps taken to satisfy legal requirements in the conduct of business relations. An Integrity Due Diligence allows you to reduce risks arising from the FCPA (Foreign Corrupt Practices Act) and the UKBA (U.K. Bribery Act), make informed decisions, and pursue takeovers or mergers confidently. In the business world, due diligence refers to the organisation’s investigation and steps to satisfy all legal requirements before buying or selling products and services or entering into a contract or a financial arrangement with another party.
Unlike other kinds of control (audits, market analysis, etc.), it must be independent and rely as little as possible upon information provided by the researched subject. The other significant difference lies in the methodology: commercial or financial due diligence analyses available information, Investigative Due Diligence provides reliable and pertinent, but raw, information.
When conducting investigative due diligence, you can identify key risks; it can enhance your knowledge and understanding of the customer, supplier, employee and third-party risk, helping you avoid any compliance.
Protect your reputation and the risk of financial damage and regulator action using our detailed reports.
Types of transactions
Professionals can be hired to conduct investigations or audits of business deals involving a variety of transactions, such as:
- merger & acquisition;
- potential investment in securities;
- real estate transaction;
- business purchase or sale; and
- investment in a new product or technology, and so on.
Types of investigations
The standard types of investigations that are conducted include:
- Conflict of interest investigation;
- Review of financial records;
- Confirmation of financials with a bank or other financial institution;
- Credit checks from credit reporting companies (such as Equifax);
- Property title checks obtained from a trusted source (e.g. land titles office or your lawyer); and
- Confirmation of corporate status, directors, officers, and shareholders (if applicable).
How can a professional fraud investigator help?
- review client documentation and information to identify red flags of fraud;
- conduct standard public record searches on the people or issues identified;
- conduct covert and overt interviews and gather intelligence utilising other covert and overt methods; and
- after an initial investigation is completed, request that their clients meet with the proposed parties to the transaction to gauge their credibility against the information that the investigator has found about them.
How CRI® can help
We enable businesses to make better decisions about the third parties they choose to work with. We help you make better decisions faster. We examine risk from every angle so you can make better-informed decisions. And we provide you with the insights you need to identify the partners who will create better long-term value for your business.
COVID-19: Top risk management concerns
A global crisis calls for a fresh due diligence and risk management review of your company’s third-party partnerships
The worldwide coronavirus pandemic has disrupted life in just about every word, from personal health concerns and social distancing to shelter-in-place mandates and business closures. But in the corporate world, life plods on. Critical concerns about ongoing sales and revenue, keeping personnel employed, safety issues inside the workplace, and uncertainty about the future make business leaders lose a lot of sleep these days.
An added element that global organisations should genuinely be concerned about is the ongoing viability of the supply chain. The pandemic is affecting different parts of the world at varying levels, so it’s vitally important to be continually vigilant in how the crisis affects your third-party suppliers and how those supply chain partners behave and maintain legitimacy in these uncertain times.
The healthcare industry is on the front line of the global supply chain battle, as it feverishly addresses an unprecedented demand for personal protective equipment. The shortage of PPE (Personal Protective Equipment) has forced many organisations – out of sheer desperation – to seek and purchase supplies from just about any outside source that can produce what’s needed. This panic buying has led to unscrupulous manufacturers producing and flooding the market with sub-standard products that, aside from being grossly overpriced, are putting an untold number of lives in peril. Further, the global demand for PPE has fostered rising occurrences of bad actors who see lucrative opportunities for bribery, tax evasion and money laundering amid crisis and confusion.
The pandemic has thrown many other industries into complete disarray, which will naturally open the doors for opportunists to do what’s necessary to take advantage of the situation. And suppose your organisation happens to be affiliated with these bad actors. In that case, the long-term effects can be potentially devastating, affecting the organisation’s reputation, and resulting in untrusting customers, lost business, loss of market value, decreased share price, litigation, and any number of regulatory penalties.
Crisis Situations Require Enhanced Due Diligence
A Third-Party Risk Management Program is not a passive process. It requires time and effort, and, as we’ve witnessed during the present global crisis, the risks associated with Third-Party partnerships are continually evolving. Those outside risks can be found on many operational levels, from a supplier’s present working conditions and the protection of customer data to safeguarding the company’s intellectual property and suspicious changes in pricing and payment terms, among others. Here are several items to consider in re-evaluating the company’s relationship with Third-Party partners during this critical period:
- Essential Workers – Is the company observing the latest guidance related to safety practices for that personnel still working on the production lines? Is the company providing PPE protection and following social distancing on the factory floor?
- Remote Workers – Is the supplier’s staff working from home now? How do you know those staff members, working on your behalf, are behaving correctly and completing their work? Who is overseeing the production of at-home workers?
- Customer Data – If staff is working remotely, how are they accessing vital company data? Is the at-home network protected? Can it be accessed and infiltrated by unaffiliated outside parties?
- Information Sharing – Has the supplier addressed intellectual property protection concerning at-home workers? Are the various corporate (and at-home) communication channels safeguarded, including email accounts, online chats, direct messaging, video conferencing and phone calls?
- Product Quality – Can the supplier still provide proof of product viability, including compliance with safety, quality, labelling and other standards?
- Production, Component and Logistical Costs – Has the supplier altered its various costs in response to the crisis? Has it provided acceptable reasons for the changes? Are these additional costs verified and justified?
- Relationships with Agents – Are the agents that assist in your global supply chain maintaining business integrity during the crisis? Are there unreasonable changes to pricing, terms and delivery dates?
- Regulatory Compliance – Is the supplier complying with local, regional and national mandates recently enacted as a result of the pandemic?
Remember, your organisation is only as safe as the least protected component of your Third-Party supplier network. It’s vital to ensure adequate protection against the rising number of risks associated with the recent worldwide crisis.
The Need for Leadership in These Challenging Times
Desperate times call for desperate measures, and these are most undoubtedly desperate times. An organisation where leadership, management and workforce do not take the third-party risk seriously will eventually suffer the consequences brought on by lack of action. And to those organisations that practice effective risk management, passive engagement in times of crisis is not enough.
The key to effective risk management during these times is proactivity. Asking difficult questions now can save you from answering accusatory questions later. Questions company management might immediately consider include:
- Are our suppliers equipped to protect our sensitive information against today’s risks?
- How sophisticated are our cloud and social media security?
- Are our suppliers capable of adapting to regulatory compliance changes?
- Are proper redundancies in place to ensure our information is protected against disaster?
- Will we be prepared if one of our suppliers unexpectedly shut down a line or closed its doors?
- Do we have the adequate tools to vet new or replacement suppliers properly?
- Who owns the risk management process internally? What additional resources do they need to succeed in the current situation?
- Do we have a set methodology for addressing incidents involving our suppliers?
- Do we maintain an accurate and complete interactive inventory of our suppliers?
- Can we identify warning signs with suppliers?
- Do we have a well-communicated reporting process?
The coronavirus pandemic has created crisis and uncertainty that we’ve never experienced. And crises are breeding grounds for bad actors who see opportunity in the midst of uncertainty. Ongoing due diligence of third-party partners in times of crisis is vital to safeguard the organisation’s long-term interests and protect it from an increasing number of outside risks.
Let’s Talk!
If you have any further questions or are interested in implementing compliance solutions, please contact us.
Who is CRI® Group?
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider.
We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body that provides education and certification services for individuals and organisations on a wide range of disciplines and ISO standards, including ISO 31000:2018 Risk Management- Guidelines, ISO 37000:2021 Governance of Organisations, ISO 37002:2021 Whistleblowing Management System, ISO 37301:2021 (formerly ISO 19600) Compliance Management system, Anti-Money Laundering (AML) and ISO 37001:2016 Anti-Bribery Management Systems.
ABOUT THE AUTHOR
Zafar I. Anjum is Group Chief Executive Officer of CRI® Group, a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.
t: +44 207 8681415 | m: +44 7588 454959 |e: zanjum@crigroup.com
10 top business risks
Sometimes business owners or management have an outsized sense of business risks for a particular threat. For example, some companies place extreme emphasis on guarding their intellectual property (IP), when in actuality the incidence of IP theft for their industry might be low. Other times, however, their priorities are firmly in line with the threat posed by the risk. According to a recent study, this is exactly the case when it comes to leaks of internal information, data theft, and reputational damage due to third-party relationships (Global Fraud Risk Report 2019/20).
This report is based on a survey of 588 senior executives from 13 countries and regions and 10 industries. It provides valuable insight into what types of threats are keeping business leaders awake at night. “The broadening of the risk landscape is visible in the types of significant incidents our survey respondents report experiencing in the last 12 months and in the priority levels they assign to various risk mitigations,” the report states. “The most frequently cited incident is leaks of internal information, reported by 39 percent. But this perennial challenge now coexists with risks from relatively recent threats, such as data theft, and even newer threats, such as adversarial social media activity.”
Business information leaks occur when confidential information is revealed to unauthorized persons or parties. This happens with alarming frequency, as recent news stories illustrate. Headlines include “Stunning iPhone 12 video shows Apple’s leaked prototype design with no notch” (BGR, 2020); “New Leaks Show Business and Politics Behind Tiktok Content Management” (China Digital Times, 2020); “DOJ charges Defense Intelligence Agency employee for leaking highly classified information to the media” (Business Insider, 2019). There can be direct and/or indirect negative repercussions from an information leak at your business. It can affect product rollouts, or give you a disadvantage in a competitive market; among other effects. At CRI Group, our experts work with companies to develop policies that provide zero-tolerance for information leaks, and put controls in place (such as secure communications and data systems) to prevent such leaks from occurring in the first place.
Data theft
Perhaps the fastest-growing scourge of businesses since the beginning of this century. Massive data breaches have cause major distrust among consumers worldwide, and have led directly to identity theft and financial crimes such as theft of credit, illegitimate loans and other schemes. Data theft involves stealing computer-based information from an unknowing victim, usually a company with a large customer or client base. This usually results in the sale or sharing or private information. Most recently, a data breach reportedly exposed more than 200 million Americans: “Data Breach Exposes 200 million Americans: What You Need To Know” (Screen Rant, 2020). In another case, a major cruise operator saw its customers’ information exposed: “Norwegian Cruise Line Suffers Data Breach” (infosecurity, 2020).
For any company that is entrusted with customers’ or members’ private information, especially personally identifying information (PII), data theft can be a devastating crime. Beyond lawsuits and financial damage caused by such a disaster, rebuilding the company’s reputation (and earning back customers’ trust) is an uphill battle that might take years or more. That’s why CRI Group recommends that every business, regardless of size or industry, make protecting customer data one of its highest priorities. Today, leading technology can help make data more secure. But even the most secure system is dependent upon a properly trained workforce that follows all of the protocols to achieve effective data protection.
Reputational damage due to third-party relationship
Another serious business risk to any organisation that partners with other companies, suppliers or contractors. Even worse, they can be completely outside of your control. Here are examples of some of the risks: A business partner is embroiled in behind-the-scenes legal battles; a supplier makes procurement decisions involving the inappropriate influence of government officials who receive kickbacks; a partner falsely claims to have experience in an industry, and cannot deliver on its contractual promises. CRI Group’s integrity due diligence experts have helped clients avoid those very scenarios. Our investigators employ a proven, multi-faceted research approach which involves a global array of databases, courts and public record searches, local contacts, industry and media resources, and in-depth web-based research.
As the report states, “The last decade has seen cybercrime evolve from an IT issue to a boardroom concern, mirroring the digital transformation of the global economy on the macro level and of business operations on the micro level. The more the business world integrates digital elements, the more likely it is that computer systems have or will become a pathway for crime.” Now, more than ever, it is important for business leaders to be proactive in managing these modern business risks. Fraudsters and those who steal information are evolving their methods every day. Depend on the experts to help you stay one step ahead.
Lets Talk!
If you have any further questions or interest in implementing compliance solutions, please contact us.
About us…
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.
In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
MEET THE CEO
Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.
Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.
CONTACT INFORMATION
Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com
ISO 37001 Can Help US Organizations Prevent Corruption
First-world countries are not immune to the global problem of corruption. The United States – considered by many as one of the leaders in anti-corruption laws and enforcement – has faced a rash of major corruption scandals over the past 20 years and beyond. In the early 2000s, accounting scandals like Enron and WorldCom rocked the business world and caused major economic losses among investors and other stakeholders. More recently, investigations into alleged violations of the Foreign Corrupt Practices Act (FCPA) often begin with illicit actions taken broad but are traced back to U.S.-based companies right here at home. Iconic companies like Walmart and Microsoft are among the U.S. organizations that have been involved in large settlements with the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) over bribery and corruption charges. These fines, coupled with criminal prosecutions in certain cases, have demonstrated the U.S. government’s aggressive stance toward reducing corruption at home and abroad.
For this reason, and as a matter of good business practice, U.S. organizations should quickly adopt an internationally recognized set of anti-bribery anti-corruption standards. Foremost among such initiatives is ISO 37001:2016 – Anti-Bribery Management Systems standard, providing a comprehensive approach to mitigating the risk of bribery and corruption. Companies will find that ISO 37001 and its essential elements can be tailored to their organization, regardless of the organization size or industry. Among its many features, ISO 37001 promotes implementing an anti-bribery policy, appointing a person to oversee anti-bribery, compliance, training, risk assessments, and conducting due diligence on projects and business associates. Implementing financial controls and instituting reporting and investigation procedures are also key within the ISO 37001 framework.
U.S. Losing Ground on Corruption
The result might be surprising for those who expect the U.S. to score near the top of the most recent Transparency International Corruption Perceptions Index. Canada ranks higher, and the U.S. score of 69 marks a two-point drop from the previous year – earning its worst score in eight years. [1]. “The U.S. faces a wide range of challenges, from threats to its system of checks and balances, and the ever-increasing influence of special interests in government, to the use of anonymous shell companies by criminals, corrupt individuals and even terrorists, to hide illicit activities.” The Americas do not get a glowing review from T.I.: “With an average score of 43 for the fourth consecutive year on the Corruption Perceptions Index (CPI), the Americas region fails to make significant progress in the fight against corruption.”
Transparency International’s frank assessment of the U.S.’s standing among other countries and regions in terms of corruption is useful. It helps dispel the notion held by some that bribery, fraud and other misconduct are primarily “third-world problems” that don’t impact large first-world economies. The fact is, large Western companies that seek to expand into new markets, including underdeveloped regions, are often guilty and liable for the corrupt practices that some employees or contractors might employ to advance that growth. Not only is that a problem in itself for its illegality and the damage often inflicted on economies in those areas, but it also creates serious legal and financial peril for companies that are caught and punished for violating the FCPA (as well as other international laws such as the U.K. Bribery Act).
Bribery Cases Prosecuted in the U.S.
Among the cases involving U.S. companies that were investigated, prosecuted, and/or resolved in 2019, a few stand out as clear warnings that punishment is catching up to those who commit bribery and collusion. Household names like Microsoft and Walmart make a list, and smaller organisations and even individuals who faced fines and, in some cases, custodial punishments.
Microsoft was fined $23 million in combined criminal and civil penalties after a subsidiary, Microsoft Hungary, was investigated for a bid-rigging and bribery scheme. According to court documents, the alleged violations lasted from 2013 until “at least 2015,” according to court documents. The action was brought by the U.S. Department of Justice (DOJ) and the SEC for the sale of Microsoft software licenses to Hungarian government agencies. Microsoft Hungary executives and other employees were found to have violated the FCPA by falsely representing large “discounts” to close deals with resellers. The SEC also found that Microsoft’s subsidiary in Turkey “provided an excessive discount to an unauthorised third party in a licensing transaction for which Microsoft’s records do not reflect any services provided.” [3]
Walmart has been embroiled for more than 10 years in allegations of making corrupt payments to governments and officials worldwide, according to an agreement the massive corporation reached with the DOJ and SEC. Walmart agreed to pay $282 million to settle charges that violated the FCPA to open new locations in various countries and jurisdictions around the world. In court, Walmart’s Brazilian subsidy pleaded guilty to breaking U.S. federal law. On the whole, allegations include cases in Mexico, China, India and other locations. According to federal investigators, Walmart looked the other way as its subsidiaries on three continents paid millions of dollars, between July 2000 to April 2011, to middlemen in order to help the company obtain permits and other government approvals.
Lesser-known companies also faced scrutiny and, in some cases, prosecution. Juniper Networks, a California-based cybersecurity firm, was ordered by the SEC to pay more than $11.7 for FCPA violations. According to the SEC investigation, some of the sales employees in Juniper’s Russian subsidiary “secretly agreed with third-party distributors to fund leisure trips for customers, including government officials through the use of off-book accounts.” It is notable that Juniper did not explicitly admit nor deny the SEC’s claims in coming to terms for the settlement – but the company agreed to “cease and desist from committing or causing any violations.”
Some significant DOJ and SEC actions targeted individuals. For example, Hawaiian resident Frank James Lyon, 53, was charged and pleaded guilty to conspiracy to violate the anti-bribery provisions of the FCPA, as well as conspiracy to commit federal program fraud, after trying to bribe government officials in the Federal States of Micronesia. Lyon, a Hawaii-based engineering and consulting company owner was sentenced to 30 months in prison, followed by three years of supervised release. “According to admissions made as part of his plea agreement, between 2006 and 2016, Lyon and his co-conspirators paid bribes to foreign officials in the Federated States of Micronesia (FSM) and Hawaii state officials in exchange for those officials’ assisting Lyon’s company in obtaining and retaining contracts valued at more than $10 million. The bribes included, among other things, cash to FSM officials and Hawaii officials, and vehicles, gifts and entertainment for FSM officials.”
The cases above make clear that U.S. corporations and business leaders are vulnerable to bribery and corruption schemes that are often considered endemic in certain other regions of the world. The DOJ, SEC and other regulatory and investigatory bodies are scrutinizing transactions and behaviors, and conduct that runs afoul of provisions in the FCPA are likely to be met with prosecution and fines.
ISO 37001:2016 to Combat Bribery & Corruption
Corruption is a global problem. In the U.S., business and government leaders are urging organizations to take action now to reduce their risk exposure. To implement best practices and better protect themselves, organizations have found ISO 37001:2016 Anti-Bribery Management Systems standard. Issued by the International Organization for Standardization (ISO) in 2016, ISO 37001 helps organizations of all sizes and industries increase and measure their efforts against bribery and corruption. Organizations can use the principles provided by ISO 37001 to implement the highest integrity standards at every level. At its core, ISO 37001 calls for an organization to establish an anti-bribery policy and appoint a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates. The organization must also implement robust internal controls and reporting procedures, and investigation processes to help make ISO 37001 truly effective.
ABAC® (Anti-Bribery and Anti-Corruption) Center of Excellence Limited was founded by international security firm CRI® Group to help organisations of all types and industries implement the highest standards of training and Certification. With a team of experts around the world, ABAC® Center of Excellence is composed of certified ethics and compliance professionals, financial and corporate investigators, forensic analysts, certified fraud examiners, qualified auditors, and accountants. Through their training and experience in implementing ISO 37001 standards, ABAC® Center of Excellence’s agents helps clients more effectively prevent bribery and corruption. As an accredited provider of ISO 37001 ABMS, ABAC® Center of Excellence provides Certification and training for various types and industries organizations.
There are many elements of a comprehensive anti-bribery anti-corruption system. ISO 37001 lays these out in detailed guidance. The following are just a few of the elements of bribery that are addressed by ISO 37001:
- Bribery in the public, private and not-for-profit sectors
- Bribery by the organization
- Bribery by the organization’s personnel acting on the organization’s behalf or for its benefit
- Bribery by the organization’s business associates acting on the organization’s behalf or for its benefit
- Bribery of the organization
- Bribery of the organization’s personnel in relation to the organization’s activities
- Bribery of the organization’s business associates in relation to the organization’s activities
- Direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party)
Benefits of ISO 37001:2016 Certification
ISO 37001:2016 certification is designed to help protect the organization, its assets, and shareholders from bribery and corruption. Because Certification must be completed by a qualified, independent third party, it adds a distinct level of credibility to the organization’s management system. It ensures that the organization is implementing a viable anti-bribery management program using widely accepted controls and systems.
Companies and government organisations can rely on best practices set out by ISO 37001’s standards to reduce the risk of bribery and corruption. The following are some of the ways ISO 37001 helps organisations accomplish this goal:
- Provides needed tools to prevent bribery and mitigate related risks
- Helps an organisation create new and better business partnerships with entities that recognise ISO 37001 certified status, including supply chain manufacturing, joint ventures, pending acquisitions and co-marketing alliances
- Potentially reduces corporate insurance premiums
- Provides customers, stakeholders, employees and partners with confidence in the entity’s business operations and ethics
- Provides a competitive edge over non-certified organisations the organisation’s industry or niche
- Provides acceptable evidence to prosecutors or courts that the organisation has taken reasonable steps to prevent bribery and corruption
ISO 37001 certification should not be considered “legal cover” for all liability issues related to bribery – but it can be a mitigating factor: “Conformity with (ISO 37001) cannot provide assurance that no bribery has occurred or will occur in relation to the organization, as it is not possible to eliminate the risk of bribery,” according to ISO. ISO 37001 certification can be considered an important piece of evidence, however, demonstrating to regulators, prosecutors, and the courts that the organization has taken meaningful action to prevent bribery and corruption.
Costs and Timeframes of ISO 37001:2016 Certification
The time and cost of Certification depend on the size of the organization, as well as the state of its existing anti-bribery management system. If it’s very well developed, the process will be shorter and the organization can showcase it to their stakeholders and third parties. For organizations that don’t already have developed good policies, training and due diligence, the standard provides requirements and guidance on how to achieve it.
Some major corporations are seeking Certification. Microsoft, whose prior compliance issues were highlighted earlier in this paper, is reportedly one of them: Microsoft’s Deputy General Counsel, David Howard, wrote that “Microsoft will seek Certification from an independent and accredited third party to demonstrate that our anti-bribery program satisfies the requirements of the standard. We hope other companies will do the same.”
Conclusion
Regulators and enforcement bodies in the U.S. have prioritized rooting out fraud and other financial crimes. Bribery and corruption are at, or near, the top of this list. Investigations and prosecutions have increased in recent years and will continue to do so. Against this backdrop, it is critical that U.S.-based companies, corporations and government organizations take action now to reduce their risk profile and be better protected from liability. ISO 37001 is a perfect first step – or, for some, a next step – toward increasing that level of protection.
ISO 37001 ABMS provides the training and Certification program that organizations need for accountability and effectiveness. The training process can be tailored based on the size, type, industry or risk level. Bribery and corruption are not exclusive to the third world or developing economies. They are pervasive in Western countries, including the U.S., and they require comprehensive measures to make an impact and lessen their effects. ISO 37001 provides solutions that any organization can implement – not tomorrow, but today. The positives of decreased risk, decreased liability and better financial protection outweigh any negatives of the minimal investment in cost and effort.
CONTACT INFORMATION
Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group™ Chief Executive Officer
7th Floor, South Quay Building, 77 Marsh Wall, London, E14 9SH United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com
References
- “Corruption Perceptions Index 2019,” Transparency International, 2020 <https://www.transparency.org/cpi2019> (accessed 10 Feb. 2020)
- “CPI 2019: AMERICAS,” Transparency International, 23 Jan. 2020 <https://www.transparency.org/news/feature/cpi_2019_Americas> (accessed 10 Feb. 2020)
- Jaclyn Jaeger, “Microsoft to pay $25M in FCPA case,” Compliance Week, 23 July 2019, <https://www.complianceweek.com/anti-corruption/microsoft-to-pay-25m-in-fcpa-case/27446.article > (accessed 10 Feb. 2020)
- Michael Corkery, “A ‘Sorceress’ in Brazil, a ‘Wink’ in India: Walmart Pleads Guilty After a Decade of Bribes,” The New York Times, 20 June 2019, <https://www.nytimes.com/2019/06/20/business/walmart-bribery-settlement.html > (accessed 10 Feb. 2020)
- “SEC fines Juniper Networks more than $11.7 million to settle internal control violations,” Reuters, 28 Aug. 2019,< https://www.reuters.com/article/us-usa-sec-fcpa/sec-fines-juniper-networks-more-than-11-7-million-to-settle-internal-control-violations-idUSKCN1VJ2OD > (accessed 11 Feb. 2020).
- “U.S. Executive Sentenced to Prison for Role in Conspiracy to Violate Foreign Corrupt Practices Act,” U.S. Department of Justice, 14 May 2019,< https://www.justice.gov/opa/pr/us-executive-sentenced-prison-role-conspiracy-violate-foreign-corrupt-practices-act> (accessed 10 Feb. 2020)
- “ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMS — REQUIREMENTS WITH GUIDANCE FOR USE”, www.ISO.org, < https://www.iso.org/standard/65034.html > (accessed 5 Aug. 2019)
- David Howard, “An update on Microsoft’s approach to compliance,” Microsoft, 7 Mar. 2017, < https://blogs.microsoft.com/on-the-issues/2017/03/07/update-microsofts-approach-compliance/ > (accessed 17 Feb. 2020)
[/accordion_son][/accordion_father][vc_empty_space][/vc_column][/vc_row]
BS 7858:2019 playbook: everything you need to know and more!
Times are changing, and the resources required to conduct background searches and investigations have strained businesses worldwide. With a dramatic rise in business liability associated with hiring the wrong individuals and the increase in penalties imposed on companies that extend from C-suites to Boards of Directors, businesses are taking a closer look at the systems, procedures and resources utilised to screen potential job candidates. It is important to know that the BS7858:2012 standard has been replaced with the new BS7858:2019 standard. The British Standards Institutions have released a new edition that has brought the standard up to date and features many changes. BS 7858:2019 employee screening offers you the complete solution now.
In balancing the effectiveness and accuracy of a background screening investigation with the limited time normally allowed to conduct such a search, the onus falls chiefly on the screening firm and its ability to acquire timely information. The Global Community has become one collective hiring pool. Thanks to technology, a top candidate for a high-level position in one corner of the world might hail from a remote province on the opposite side of the globe. This poses a significant problem for organisations looking to acquire the best talent:
- How can you be confident your candidate truly has the skills, credentials, knowledge and experience they claim to possess?
- How can you be certain of that candidate’s integrity, background, and personal history?
BS 7858:2019 Playbook
The premise behind the standard is to safeguard employers from bad or fraudulent hires. The price of a bad hire has far-reaching consequences for any business, including productivity loss, decreased employee morale, risks to employee safety, increased exposure to costly negligent hiring claims, and potentially devastating litigation. Cases of organisations that forego conducting due diligence on a new hire – especially a hire with high-risk exposure – often end badly for those organisations. Due to COVID-19, times are changing, and the resources required to conduct background searches and investigations have strained businesses worldwide.
At CRI®, we know how important is your background screening to your company’s success and to give you an idea of what is new, we have produced this playbook detailing the differences between the BS7858:2012 standard and the new BS7858:2019 standard.
Let’s Talk!
BS 7858:2019 accredited companies (such as CRI®) highlight to their clients that their security personnel are staff that can be trusted and relied upon to complete a high-quality job. The screening process highlights the level of conduct they have presented in the past. This reassures the safety of the people, goods, and property they have been hired to protect. If you have any further questions or are interested in implementing compliance solutions, please contact us.
Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.
About CRI® Group
Based in London, CRI® works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI® launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
Meet our CEO
Zafar I. Anjum is Group Chief Executive Officer of CRI®, a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI® safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.
Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime)
CRI® Group Chief Executive Officer
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com
COVID-19: Fraudsters are preying on fear and confusion
In a time of crisis, we often see the best in people. Even before COVID-19 was officially classified by the World Health Organization (WHO) as a global pandemic, citizens and government leaders were praising the selfless sacrifice of doctors, nurses, first responders and others putting themselves in harm’s way to help treat and limit the spread of the disease. Unfortunately, a crisis can also bring out the worst in some people. Fraudsters who prey on people’s fear and confusion tend to waste no time when a global disaster strikes. COVID-19 is relatively new and still spreading, yet fraud schemes are multiplying like the virus itself as criminals look for vulnerabilities among a fearful population.
Interpol issued a warning on March 13 that fraudsters are “exploiting the fear and uncertainty” around COVID-19 through several different schemes utilizing different approaches. These include telephone fraud, through which “victims receive calls from criminals pretending to be medical officials, claiming a relative has fallen sick with the virus and then requesting payment for their treatment;” and phishing, in which “victims receive emails from criminals pretending to be from health authorities, or legitimate companies, using similar looking websites or email addresses” (Euronews, 2020).
While the public might be surprised to see an uptick in shameless fraud schemes during such a time, investigators are not. Disaster fraud is a common scourge of law enforcement and regulatory bodies everywhere. For example, in 2012, Hurricane Sandy devastated the Caribbean and eventually wreaked havoc upon the U.S. eastern seaboard. More than a hundred individuals in New Jersey alone were prosecuted for filing fraudulent applications for relief funding. Investigators in the southern U.S. launched similar actions after Hurricane Harvey in 2017.
Fraud that preys on the fearful or vulnerable is even more insidious. That’s what investigators are seeing right now as COVID-19 continues to spread. The Food and Drug Administration (FDA) and the Federal Trade Commission (FTC) recently issued warning letters to seven companies for selling fraudulent COVID-19 products. “These products are unapproved drugs that pose significant risks to patient health and violate federal law. The warning letters are the first to be issued by the FDA for unapproved products intended to prevent or treat “Novel Coronavirus Disease 2019″ (COVID-19)” (FDA, 2020). The FDA and FTC are taking this action as part of their response to protecting Americans during the global COVID-19 outbreak.
The FDA and FTC issued warning letters to Vital Silver, Quinessence Aromatherapy Ltd., Xephyr, LLC (doing business as N-Ergetics), GuruNanda, LLC Vivify Holistic Clinic, Herbal Amy LLC, and The Jim Bakker Show. In some cases, colloidal silver was being fraudulently peddled as a successful treatment for preventing and/or curing COVID-19.
An article in New York Magazine provides an insightful look at various herbal and homeopathic “cures” that become a hot commodity at times of widespread illness. As the article points out, useless treatments aren’t simply harmless. They can have a seriously detrimental effect when they replace actual science: “Even without the looming threat of a pandemic, pseudoscientific cures can pose a real threat to the public. No scientific evidence supports the claim that homeopathy has curative properties, for example, and relying on unproven treatments without the assistance of conventional medicine can put a person’s health at risk. Some popular treatments, like colloidal silver, can actually be dangerous if consumed in enough quantities. Nevertheless, alternative medicine is a big market in the U.S. Americans spent $30 billion on alternative medicine in 2012; by the time COVID-19 appeared, people were already primed to trust dubious cures” (New York Magazine, 2020).
So how can the general public avoid frauds and phishing schemes during a crisis? Here are some things to keep in mind:
- Be suspicious of emails that are peddling cures or medical devices. Don’t click links or open attachments.
- When searching for information online, be aware of fake websites impersonating legitimate organisations. Check the web address carefully and don’t provide any personal information.
- Follow the same rule for unsolicited phone calls – under no circumstances should you reveal any personal or financial information.
- If you believe you have fallen for a scheme, contact your bank or credit card provider immediately.
Remember, fraudsters take advantage of a sense of panic among their victims that they have to take action immediately. Anyone (other than a legitimate government or medical official) who tries to pressure you to make a decision, especially a financial one, may try to scam you. Keep a cool head, do your research, and don’t panic. Businesses are not immune to such frauds, either. If you think your business has fallen prey to a scam, contact CRI® Group immediately. Our investigators are standing by to help prevent and detect such schemes.
Let us know if you would like to learn more
If you have any further questions or are interested in implementing compliance solutions, please contact us.
About us…
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.
In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.
MEET THE CEO
Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.
Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.
CONTACT INFORMATION
Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com
Middle East Background Screening: Compliance With Privacy Laws
It’s a fact that some of the most talented and promising job candidates possess the most disturbing pasts. Such deception can lead to a perilous future for an employer. This is the primary reason businesses are strongly advised to conduct background screening investigations before hiring seemingly well-qualified managerial candidates. background screening Privacy Laws Compliance
In every region and jurisdiction in the world, there are different regulations that govern what background screeners can and can’t do in regards to providing pre- and post-employment screening services. The laws in the United States, for example, are not the same as those that affect investigations in the Middle East. The concern over individual privacy and data protection are hot discussion items globally. Companies that engage background screening firms for the Middle East need to make sure those investigators are following all rules and regulations in regards to privacy – or else they might face liability along with the screening provider.
Examples of Privacy Laws in the Middle East
While reputable screening firms in the U.S. comply closely with the Fair Credit Reporting Act to conduct domestic background investigations, foreign investigations are much more complex.
Middle East countries have no prohibitive legislation that governs the employment screening process. At the same time, there is no cooperative legislation and regulation to support background screening services for employee due diligence. However, background screening industry professionals must adhere to strict data protection requirements (such as the GDPR, local Data Protection regimes specifically DIFC Data Protection, ADGM Data Protection and QFC Data Protection regulations) to process consensually based personal information.
In UAE, local police departments provide “Good Conduct Certificates” for employees for immigration purposes, while Dubai International Financial Centre (DIFC) Data Protection standards allow for the processing of sensitive personal information, such as criminal history, with signed consent from the data subject for employee due diligence requirements.
In the United Arab Emirates, data protection laws permit investigators to process sensitive personal information such as criminal history data. As a DIFC-licensed entity, the Corporate Research and Investigations Limited “CRI Group” (as well as other reputable background screening firms) must maintain strict adherence to the region’s Data Protection Law in order to fulfil our ongoing DIFC licensed status. As in the United States, the procurement of personal data in this region – and any subsequent transfer of data outside of the DIFC – may only be attained with the written consent of the individual being investigated.
Reputable screening firms in the Middle East will also comply with regional privacy laws (such as the GDPR) by appointing an internal Data Protection Officer (DPO) whose primary responsibility is to conduct independent audits of the firm’s various information processing operations which handle customer and employee data. The DPO ensures that personal data is handled in accordance with all relevant data protection provisions covering online and offline data procurement while complying with local and regional regulations pertaining to individual privacy standards.
The Urgent Need for Background Checks
While all guidelines and regulations must be followed, the absolute need for comprehensive background screening in the Middle East cannot be disputed. The region has a labor force of over 150 million individuals serving in all capacities and industries (World Bank, 2019). Those statistics can be quickly put into context when considering that deception in the employment process, such as résumé fraud, is believed to be rampant and widespread: One report estimates that 80 percent of all job applicants intentionally mislead potential employers on their résumé or application (Security, 2017).
Case Study
To help understand the problem, consider this case study: An international company was hiring to fill a position in the Middle East. When they engaged a firm that specialises in pre- and post-employment background screening, the firm’s investigators uncovered disturbing details about an applicant. One of the individual’s previous employers reported that the applicant was hired without any prior experience, was trained for a couple of months, and then terminated due to committing cash embezzlement as well as participating in harassment and workplace violence. A second employment verification revealed his termination, as he caused a financial loss to the company.
In the above example, the background checking company uncovered the deception through comprehensive background screening that went beyond basic database checks and reviews of public records. In the Middle East, background investigations – both for pre- and post-employment screening – often require a “boots on the ground” approach. This can mean conducting much of an investigation literally on foot, travelling to remote regions to interview sources and check documents in person. And, the entire investigation was conducted within all privacy laws and regulations.
Some job candidates will seek an advantage through fraudulent means. The hidden truth might even include criminal behavior. It is important for any organisation to verify information provided by individuals they seek to hire. In the Middle East, this process will often look different than it would in the U.S. By following all local laws and regulations, however, a reputable background check firm will be helping to protect your company – while also safeguarding your future.
Let’s Talk!
If you have any further questions or interest in implementing compliance solutions, please contact us.
About the Author
Zafar Anjum | Group Chief Executive, CRI Group
Anjum is founder and CEO of CRI Group and ABAC Center of Excellence. Having dedicated three decades to the areas of fraud prevention, protective integrity, security, compliance, anti-bribery and anti-corruption, Zafar Anjum is a highly respected professional in his field.
How to demonstrate “Adequate Procedures” in Malaysia?
Adequate Procedures in Malaysia, how to demonstrate it?
State of Corruption in Malaysia
While a large part of the political and economic universe still believes that engaging in some form of corruption is the only way to survive and advance, many countries now are taking drastic measures to root out corruption, and Malaysia is rushing to the forefront of that trend. Currently ranked at 51 out of 180 countries on Transparency International’s “Corruption Perception Index” (2019), with a score of 53 (where 0 is perceived to be highly corrupt and 100 is perceived to be very clean), the Malaysian government emerged from the highly publicized 1MDB financial scandal on high alert and with a firm resolve to adopt tough anti-corruption legislation as one of its main priorities.
The result was the empowerment of the Malaysian Anti-Corruption Commission (MACC) and its 2009 Act which addressed corruption on both the political and private sector levels. The Parliament’s subsequent amendment – Section 17A – was added in 2018, which likened the legislation to the UK Bribery Act but added a “parallel” element of personal criminal liability in corporate bribery cases. And that’s where business organisations need to take notice and take immediate action.
Demonstrating “Adequate Procedures” through ISO 37001 Certification
ISO 37001 Anti-Bribery Management System is an internationally accepted standard that specifies the procedures by which an organisation should implement in preventing bribery while detecting and reporting any bribery incident that occurs. The standard requires organisations to implement these procedures on a reasonable and proportionate basis according to the type and size of the organisation, and the nature and extent of bribery risks faced. It applies to small, medium and large organisations in the public and private sector and can be implemented in any country. Though it will not provide absolute assurance that bribery will completely cease, the standard can help establish that the organisation has in place reasonable, proportionate and adequate anti-bribery procedures.
ABAC® Center of Excellence Limited is fully accredited as a Conformity Assessment Body (Certification Body) to assist your organisation in attaining ISO 37001 certification through a thorough bribery risk assessment and audit covering the entire scope of the standard The audit methodology is evidence-based, meaning any issues raised will be confirmed through adequate evidence that the ABAC® Certification team has discovered during the audit. Auditing techniques take a risk-based approach to examining your organisation’s Anti-Bribery Management System (ABMS), and the ABAC® Certification team will increase the scale of the investigation if they determine that a specific process presents a higher risk side. Factors such as Impact, Negligence, Minor, Major, and Critical are taken into consideration during the audit.
A separate audit method is a process-based approach where the ABAC® Certification examines the organisation’s processes while considering the interaction between those processes. Finally, there is a sampling-based audit approach where ABAC® Certification incorporates an appropriate sampling plan utilising samples from different ABMS processes to conclude and support the audit findings and results.
The audit is extremely thorough in its approach, which results in accredited certification for the scope of the ISO 37001 Anti-Bribery Management System. Because of the standard’s international acceptance and the thoroughness of the audit process, such certification can provide a valuable safeguard in demonstrating an “adequate procedures” compliance defence in cases posing a liability for a company’s failure to prevent bribery. Indeed, from an FCPA perspective, certification may provide tangible evidence that a compliance program was in place at the time of the alleged bribery actions. And from a UK Bribery Act perspective, the certification could provide the company with tangible prima facie evidence presented by an accredited certification body attesting to the establishment and effectiveness of the organisation’s compliance program. Notably, per Section 17A of the Malaysian Anti-Corruption Commission, the Prime Minister’s National Anti-Corruption Plan 2019-2023 has declared ISO 37001 certification a requirement for companies operating in Malaysia.
There is a strong likelihood that ISO 37001 Anti-Bribery Management System will continue to set the pace for a globally recognised “adequate procedures” standard for corporations embroiled in corruption litigation proceedings. But for now, the most powerful “insurance” tool that public and private sector organisations can use in their defence strategy is ISO 37001 ABMS certification.
About CRI Group
Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
CONTACT US
Headquarter: +44 7588 454959
Local: +971 800 274552
Email: info@crigroup.com
Headquarter: 454959 7588 44
Local: 274552 800 971
Email: info@crigroup.com
NEWSLETTER SUBSCRIPTION