Tackling corporate fraud in the Middle East

Corporate fraud in the Middle East

Tackling corporate fraud in the middle east has become even more challenging during the pandemic. ICAEW Insights sat down with our founder and chief executive, Zafar Anjum, to discuss the rising levels of corporate fraud in the middle east during the pandemic and how CRI Group is using AI to investigate wrongdoing.

From fake degrees and doctored CVs to false insurance claims and bogus bills, corporate fraud investigators in the Middle East have seen it all. Founder and chief executive of Corporate Research and Investigations Group (CRI) Zafar Anjum told ICAEW his firm was busier than ever as the pandemic triggered a rise in white-collar crime cases across the region.

From its base in London, Zafar’s team has been helping firms in middle east regions like Qatar, Dubai, Abu Dhabi and Saudi Arabia, where Anti-fraud frameworks are still being built out inside the embryonic corporate regulatory regimes that govern the Middle East.“We’ve seen a lot of insurance fraud claim investigations, fake bills, fake debts and fraudulent certificates designed to cheat insurance companies,” Zafar said. “Covid is definitely affecting this because internal controls are relaxed in this environment; people are working from home, so the usual check and balances are missing.”

Nascent regulatory regime

Last year, PwC research found corporate fraud was on the rise across the region, with nearly half of all local companies reporting at least one occurrence in 12 months. 

Zafar said the lack of counter-corruption model legislation such as the UK Bribery Act 2010 often meant policing the business areas such as the Dubai International Finance Centre (DIFC) fell to private companies as the regulator doesn’t have the resources to cover the scale of the problem.

“In the Middle East, the issues relating to fraud and corruption are of concern because there isn’t the legislation when compared to developed countries. The definition of fraud and fraudulent activities are different across the Middle East,” he said. 

The DIFC was established in 2004 to create a safe and constant upward regulatory environment for companies to do business. One of its aims was to attract investment from London and Wall Street firms and other corporates from both continents. A regulator was created to monitor the market, and the set-up was replicated for the Abu Dhabi and Qatar financial business districts. 

The economic “free zones” have relied on firms themselves to help shape the regulatory framework, Zafar said, which has created a mixture of frameworks as standards are broadly aligned with the UK or US markets.

“It’s not national-level legislation, which carries its own problems. There have been scandals, and a lot of that centres on fraudulent financial statements, investment scams,” Zafar said. “A prevalent problem is vendor/third-party screening and false claims, especially during the bidding process. Some firms exaggerate their capabilities and are not able to deliver.”

Investor scams on the rise

A big part of CRI’s work is analysing financial statements, checking backgrounds, and working with compliance teams to root out bad actors. 

Zafar said investors scams were also on the rise across the UAE; because the country is ripe for development, some fraudsters had found it easy to prey on foreign victims who are drawn to the opportunities but unwilling to carry out proper due diligence. 

The UAE’s family offices are a driving force of industry, and the name carries significant weight regarding deals. 

“It’s very risky to invest without carrying out the proper checks, and unfortunately, a lot of people come in blind,” Zafar said. “Fake property claims are rife. It can be individuals who are targeted or small groups of foreign investors. One case involved a handful of US investors who wanted to invest in some economic and humanitarian projects. They wanted to create jobs, other activities, but fell in with people who weren’t with the families they claim to be a part of.” 

Family names are often taken by scammers and used to convince investors to part with their cash fairly frequently, Zafar said. 

“Because many people don’t care about due diligence, it can end up costing millions of dollars,” he said. “It’s so hard to recover the money, to catch the fraudster. If the victims don’t have local consultants or experts, it can be hard to trace back and recover the damages.” An investor group puts its trust — and its funds — in the hands of an outside business partner without considering a due diligence check on the individual.

Eighteen months into the partnership, the individual has succeeded in fleecing the group of more than $6 million and is still at large.

Investigators such as CRI are increasingly turning to artificial intelligence and machine learning tools to help with screening. Zafar said great strides had been made in tackling corruption and bribery.

Public and private investigation partnerships

Databases of politically exposed individuals, or persons with links to crime, on watchlists or have criminal activity linked to their name or accounts are rapidly being populated for use by regulators and private investigators. 

“We’re trying to prove that there is a role for AI in detecting crime and that it can be a part of the investigative process. Machines will scan publicly available databases, criminal cases and the like, and we can check if firms have been blacklisted by authorities such as the Asian Development Bank, IMF or World Bank, which is really helpful.”

In the past, these checks would have to be carried out by hand, one by one. 

“It’s hard, almost impossible! Name matches are probably the largest problem in the Middle East. You cannot find a person with the first name Mohammad or last name Khan; you’ll get billions of matches, so we need to develop a database that builds on this with other information. There isn’t a nationwide electoral database in any Middle East region, so you can see how much work still has to be done.”

Credit history, employment checks and previous addresses are a handful of ways the files can be built out, Zafar said, and his team is working on ways to streamline that process.

There was no concept of background screening in 2008 when Zafar’s team started, and despite having come a long way, he said they still encounter fraud on a massive scale. 

However, they still encounter fraud on a huge scale, he said. 

Alarming numbers

“Sometimes applicants try to falsely fill the gap in their CV, which is dangerous because we don’t know if they’ve spent time in jail,” he said. “More common red flags are fake degrees and fake previous employment references. We found one in 20 applications for a job had fake degrees, experience letters, or fake references in some regions. It’s a huge number, and some of the universities were prestigious too, which makes it quite alarming.”

Another big area of focus is auditing gifts and donations passed through a company concerning projects carried out. His team works with companies to ensure their anti-bribery controls are as robust as possible, given the tough penalties on offer. 

“It’s a criminal liability for a company, and the directors will be liable if they don’t have the proper anti-bribery procedures in place,” Zadar said. “Accounts and financial teams are critical to making sure firms have proper internal controls.”

CRI is also on a mission to stamp out “box-ticking” compliance, which has traditionally been a problem across the Middle East due to the nascent regulatory framework. 

“If you’re conducting audits, nothing will happen if this is the way; you’ll never spot the problem,” he said. “The role of accountants, whether internal or external, to shape the controls and make sure they are implemented effectively.”

He said bribery through sales commissions, waste for public service, sexual extortion or sextortion as a form of corruption could be rife in some sectors. It was up to companies to ensure money wasn’t being paid outside official channels to staff. 

“We understand it’s a process for some firms who are not used to doing it this way, but we’re here to help,” he said. “Companies need to establish their compliance documentation and make sure it’s up to the standard. The most important areas are due diligence and anti-bribery policies. This should not be a paper-based box-ticking exercise, it has to be implemented, and every employee must know the company believes in zero-tolerance of corruption.” 

Visit ICAEW’s Fraud hub for related articles and case studies, or to see the original article, click here. Fraud help sheets prepared by ICAEW Technical Advisory Service to assist you in your day-to-day work.

Meet our CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations.  Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

5 Reasons To Run Employee Screening

Being HR professional, we have to deal with rigorous recruitment cycles, and for this, we must meet with several candidates before closing the vacancy. Every HR person has their style of evaluating the candidates, but one thing that needs to be kept in mind before making the final hiring decision is to “Never judge a book by its cover” (Stonehouse, 2017), since at times we might overlook some critical points, perhaps due to a fancy resume or qualification. Every HR professional should consider a crucial step before taking a candidate on board: run employee screening.

According to Business Week – 16% of executive resumes contain false academic claims and/or material omissions relating to educational experience. The U.S. Department of Labor estimates that the average cost of a bad hiring decision can equal 30% of the first year’s potential earnings.If you are an HR professional and reading this article, then I can assure you that other HR professionals must be thinking, “is it worth investing additional time and money in pre-employment background screening service?” Let me tell you the key benefits that you can gain from conducting pre-employment background screening services:

1. Better Compliance: it keeps you out of legal issues

Let’s suppose one of your employees commits fraud in your company, and after investigations, you came to know that the employee did the same with previous employers. At this point, you will regret not conducting their background check, as if you had conducted their employment and criminal check, then you wouldn’t have hired them in the first place.

2. Ensures credibility when performing sensitive tasks

In addition to legal issues, some background checks can verify a candidate’s creditability in performing their on-job duties. For instance, when a candidate is being hired for the accounts department where petty cash and the company’s account handling are their primary responsibilities, their employment check may come across that his previous employment has concluded due to mishandling of accounts.

3. Safer Work Environment: keep employees and clients safe

Conducting Background checks can also convey a message throughout the company’s stakeholders, especially its clients, that all employees hired in the company have gone through rigorous checks. Therefore, the data shared by the clients are in safe hands, thus increasing the overall integrity of the company and its staff.

4. Verifies education and certification

The increase in the number of fake degrees has amplified the importance of pre-employment check of educations. Therefore, all degrees and certificates of the applicant under consideration should be verified. The outcome of verification is not just about checking an applicant’s honesty but also verifying the legal status of the degrees and their issuing authorities.

5. Stronger hires, more savings: it gives an overall picture of the applicants

Apart from the interviews, pre-employment background checks can help the interviewer to make their hiring decision accordingly. For instance, candidates may have successfully cleared the interview process, but in their employment checks, the company found that they had resigned from their services after they were accused of sexual harassment by colleagues. Irrespective of how competent a candidate is for the vacancy, such red flags regarding the candidate’s behaviour can completely change the hiring decision and safeguard the company from future issues.

It is indeed worth spending extra time and money on pre-employment background screening because making a wrong hiring decision can not only increase recruitment cost and time but may also incur the cost of damage that employee has given to the company, whether in the form of litigation’s or damaging the company’s goodwill.

5 Reasons To Run Employee Screening
5 Reasons To Run Employee Screening
5 Reasons To Run Employee Screening
5 Reasons To Run Employee Screening
5 Reasons To Run Employee Screening

 

So, if your company is not conducting background screening! Think Again!

Being in HR, you might be creating liability for the company by making the wrong hiring decision. It’s never too late to correct your actions, so contact us, and we can provide our employment background screening services. As it is rightly said, I quote, “better safe than sorry” (Bateson, 2008). 

CRI Group, based in London, works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management and Due Diligence solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

References

  1. Bateson, J., 2008. Building Hope: Leadership in the Nonprofit World. United States Of America: Greenwood Publishing Group.
  2. Stonehouse, R. A., 2017. You’re Hired! Job Search Strategies That Work. 1st ed. s.l.:eBookIt.com.

 

 

Personal Due Diligence, Tips You Need to Know

Personal Due Diligence In Everyday Transactions

In the business world, due diligence refers to the investigation and steps were taken by organisations to satisfy all legal requirements before buying or selling products/ services or entering into a contract or a financial arrangement with another party. An Integrity Due Diligence allows an organisation to reduce risks – including risks arising from the FCPA (Foreign Corrupt Practices Act) and the UKBA (U.K. Bribery Act), to make informed decisions and pursue takeovers or mergers with more confidence. Due diligence is vital to prevent many types of fraud. While in some cases, it is also up to the consumer to do their own personal due diligence. Due diligence sounds complicated, but it is merely the process of doing your homework before you make a significant commitment.

Most of us practice personal due diligence even though we may not think of it that way (i.e. research on the internet before making a purchase or deciding what restaurant to go to). In this process, we are doing our “due diligence” to get the best deal. The level of proper due diligence should be proportionate to the level of commitment involved and your specific status. So when buying a house, the due diligence ought to be more extensive (i.e. a family with children may want to check out the rating of the schools in the area). Another personal area to conduct due diligence involves a new job offer (i.e., the organisation known to treat its employees well). These areas involve a significant amount of due diligence on your part before accepting a new position at a new company.

Due Diligence Makes Trust Possible

In the U.K., the lack of clarity from the Government has already caused problems. Many landlords are averse to letting their properties to non-UK nationals if they are in breach of the Right to Rent rules post-Brexit. The Government is under increased pressure to give clear guidance on post-Brexit Right to Work and Right to Rent checks. Whether you are renting a property, having home renovations done, buying insurance, getting a mortgage, or even entering a new romantic relationship, you can use due diligence to protect yourself. Due diligence can prevent potential fraud and some other types of scams.

The following are tips on how to avoid fraud:

  • Know who you are dealing with, ask questions and verify the information;
  • Check with the governing body for licensing and insurance requirements;
  • Scammers pressure you to act immediately. Don’t sign anything you don’t understand;
  • Don’t sign anything for large amounts of money without having it reviewed by your lawyer;
  • Scammers say there’s a problem or a prize. Do not give out your personal information without verifying who is getting it;
  • Be cautious if you are asked to make up-front payments;
  • Get company information, including name and address and ensure that a written contract backs all verbal promises;
  • Have a contract in place for things like construction work;
  • Never give an unsolicited caller access to your computer;
  • Do not give out a credit card or online account details over the phone unless you made the call and the number you are calling came from a trusted source;
  • Scammers tell you to pay in a specific way. Never wire money unless you’re absolutely confident that you’re sending it to someone you know;
  • Be suspicious of any calls from supposedly distressed relatives who don’t give their names. After hanging up, try calling the family member with the phone numbers you have to see if they actually need help;
  • Scammers pretend to be from an organisation you know. Be suspicious of any calls from a supposed government agency or other businesses demanding payments; and
  • Landlords should check references (in some cases, a police criminal record check), credit reports, and employment information of potential tenants.

Online Fraud is on the rise

In a time of crisis, we often see the best in people. Even before COVID-19 was officially classified by the World Health Organisation (WHO) as a global pandemic, citizens and government leaders alike praised the selfless sacrifice of doctors, nurses, first responders and others putting themselves in harm’s way to help treat and limit the spread of the disease. Unfortunately, a crisis can also bring out the worst in some people; fraudsters prey on fear and confusion.

The research shows that online fraud is on the increase too. Fraudsters are using the surge in online activity to target unsuspecting consumers. Online retailer sectors saw rising transaction volumes in March 2020 compared to the previous year, with 97% in Home products and furnishings, 136% in DIY products, 163% in garden essentials, and 26.6% in electronics.

Online Due Diligence Tips:

  • Change online passwords regularly and make them secure (don’t use standard information about yourself);
  • Don’t post personal info such as date of birth or mailing address on social media sites;
  • Have the most current firewall and anti-virus software on your computer;
  • Don’t send financial or any other type of personal information by email or text;
  • When purchasing online, make sure the site is secure. It should begin with HTTPS;
  • Don’t open links that appear in an email asking you to start a financial transaction. Go directly to the organisation’s website;
  • Don’t download software programs or apps from an unsecured source; and
  • Don’t use unsecured WiFi (such as in a coffee shop) if the device you are using has personal information on it.
Due Diligence 360

Don’t fall prey to unscrupulous business dealings and outside threats. At CRI Group, we specialise in Integrity Due Diligence, working as trusted partners to businesses and institutions worldwide. Our people work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates.

Our DueDiligence360™ expose vulnerabilities and threats that can cause serious damage to your organisation and can significantly reduce business. The world’s largest corporations trust CRI Group and consultancies – outsource your due diligence to an experienced provider, and you will only ever have to look forward, never back.

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Speak Up | Report Illegal, Unethical or Improper Behaviour

Ethics and Compliance Hotline is an anonymous reporting mechanism that facilitates reporting of possible illegal, unethical, or improper conduct when the normal channels of communication have proven ineffective or are impractical under the circumstances. At CRI Group, we are committed to having an open dialogue on ethical dilemmas regardless. We want to introduce a new Ethics & Compliance Hotline. This hotline is available to all employees and clients, contractors, vendors, and others in a business relationship with CRI Group and ABAC Group.

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline in below mentioned ways or provide us with your complaint online on the form below. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy.

What Can You Report?

Feel free to report any known or suspected noncompliant behaviour or violations with any regulatory mandates and/or local policies, including but not limited to:

  • Ethical standards Violations

  • Violation of laws and Company Policy and internal control

  • Risk and Safety

  • Theft, embezzlement or misappropriate of assets and fraud

  • Bribery and corruption

  • Employee Rights, Employee Relation, Work Environment

  • Privacy laws or security of personal information

  • Discrimination

  • The dispute related to Supervisor, H.R. and other Departments

  • Physical and Verbal Harassment on Workplace

  • Issues related to job responsibilities

  • The report related to a suspicious activity being a witness

  • Unfair dismissals

Our Compliance Hotline is accessible by both phone and online. If you make a report directly by telephone, you will speak with the Compliance Department directly. If you submit a report online, the system will guide you through the reporting process, and a PIN generated automatically once you complete the report.

Q&A on how corporate fraud and corruption affect businesses in the UAE 2021

CRI Group and its ABAC® Center of Excellence were featured in Financier Worldwide’s InDepth Feature: Corporate fraud and corruption 2021. In this edition, CRI Group’s CEO Zafar Anjum and ABAC®’s Scheme Manager Huma Khalid talk about how corporate fraud and corruption affect businesses not only in the UK and UAE, but across the globe, and provide solutions and insights for businesses to become better protected from corporate fraud, bribery and corruption.

Q. To what extent have you seen a notable rise in the level of corporate fraud, bribery and corruption uncovered in the UAE?

A. The United Arab Emirates (UAE) remains the least corrupt country in the Middle East and North Africa region. It was perhaps fitting that the United Nations (UN) held its anti-corruption conference in the UAE just over a year ago. At the conference, delegates drafted anti-corruption resolutions and discussed asset recovery, international cooperation, and other topics in preparation for an upcoming special session of the UN General Assembly against corruption. Of course, there is still much work to be done. Fraud, bribery and money laundering are still problems in the UAE that require a united focus to overcome. Of special concern is the real estate sector, which some have called a haven for stashing and laundering cash. In some cases, these funds are linked to terrorist financing, raising the alarm beyond just the balance sheet for typical financial or corporate fraud.

Q. Have there been any legal and regulatory changes implemented in the UAE designed to combat fraud and corruption? What penalties do companies face for failure to comply?

A. The recent Anti-Commercial Fraud Law in the UAE strengthened rules around counterfeiting and intellectual property (IP) theft, among other areas. In addition, lawmakers and regulators are applying an anti-fraud focus to other laws. A perfect example is the UAE’s Insolvency Law 2020. The Ministry of Finance announced that penalties will be imposed on those who fraudulently abuse the law. This could include making a fake claim or a sham debt against a debtor or illegally increasing a debt amount. Such offences are punishable by jail time and fines. An awareness campaign by the UAE Banks Federation (UBF), the Central Bank of the UAE (CBUAE), Abu Dhabi Police, and Dubai Police was the first such collaboration in the UAE and it comes as both corporate and consumer fraud have increased. Companies are expected to protect their stakeholders’ investments, and failure to do so can lead to regulatory and legal punishments.

Q. In your opinion, do regulators in the UAE have sufficient resources to enforce the law in this area? Are they making inroads?

A. There are at least two daunting tasks facing regulators in the UAE at present: detecting and preventing money laundering and stemming the growing threat of cyber crime. While these problems are not unique to the UAE, they do require significant investment and increased investigation and enforcement efforts. Recent reports allege that illicit funds flow through ‘free trade zones’ and into real estate deals, such as luxurious properties in Dubai and other locations. The laws are in place to punish such crimes, but more inroads will need to be made to bring this under control in a country that largely succeeds at fighting fraud in other areas. Cyber crime is also a constant challenge that has been exacerbated by the COVID-19 pandemic. Many fraudsters have sought to take advantage of companies having to transition to different employment models, such as remote working. Fraud fighters are working hard to stay ahead of the curve in this regard.

Q. If a company finds itself subject to a government investigation or dawn raid, how should it respond?

A. If a company finds itself under investigation, one of the first things it must do is mandate down the chain of command that employees cooperate fully with investigators. Any efforts to the contrary may be considered obstruction, and lead to more punishments or a higher likelihood of penalties at the end. In contrast, engaging in a good-faith effort to assist an investigation may weigh in the company’s favour.

Questions will arise, such as: Was this a surprise? What are the facts of the case? How did this occur? Legal counsel must be engaged immediately, but it is also important to speak with compliance officers, risk management, executives and the board in a transparent way to help the company move forward. Communicate a zero-tolerance policy toward fraud, and if employees are proven to have engaged in such behaviour, they should be terminated and prosecuted.

Q. What role are whistleblowers playing in the fight against corporate fraud and corruption? How important is it to train staff to identify and report potentially fraudulent activity?

A. Some business leaders falsely believe that audits, account reconciliation and other procedures offer the best protection against fraud. They are important functions, but they are not the most effective detection method. Fraud is often uncovered by tips, according to the ACFE’s Report to the Nations on Occupational Fraud and Abuse. Employees are truly the front line of defence for companies, and the first to throw up warning flags about unethical behaviour. The question is whether companies listen to their employees. And is there an easy, anonymous way for employees to submit tips, without fear of retaliation? Companies should educate employees about the red flags of fraud, and then make sure they know they can and should report it.

Q. What advice can you offer to companies on conducting an internal investigation to follow up on suspicions of fraud or corruption?

A. If the company does not have an experienced team of anti-fraud professionals on staff, it is crucial to enlist the help of an outside firm with experts who specialise in this area. There are mistakes companies make at the beginning of an investigation that can haunt them later. For example, most countries, including the UAE, have laws that govern the proper collecting and handling of evidence. With most evidence in a digital format, following the right protocols is more important than ever. There are also important guidelines for interviewing witnesses and those suspected of fraud which, when disregarded, could lead to a failed investigation. The bottom line is: do not go it alone – get expert professional help. And if criminal conduct is discovered, contact the authorities.

Q. What general steps can companies take to proactively prevent corruption and fraud within their organisation?

A. Preventing and detecting fraud starts with a company’s employees, so training and communication are key. First, employees must be trained on what constitutes fraud, bribery and corruption, how to recognise it, and how to report it. Second, the company must communicate that fraud will not be tolerated on any level, and those who commit fraud will be terminated and prosecuted if they are found to have broken the law. Companies should also have anti-corruption and anti-fraud controls in place, including an employee code of conduct, regular and surprise audits, and a fraud reporting system available to employees, contractors and even customers. Achieving certification in internationally recognised standards, such as ISO 37001 ABMS, is a good practice too. When it comes to fraud and corruption, an ounce of prevention is worth a pound of cure. Being proactive is truly the only practical option for protecting the business and its assets.

 

Meet Zafar ZAFAR ANJUM, Group Chief Executive Officer

Zafar Anjum is founder and group CEO at CRI Group, and its ABAC Center of Excellence. He uses his extensive knowledge and expertise in creating stable and secure networks across challenging global markets. For organisations needing large project management, security, safeguard and real-time compliance applications, Mr Anjum is the assurance expert of choice for industry professionals.

Corporate Research and Investigations | t: +44 (0)7588 454 959 | e: zanjum@crigroup.com

Meet HUMA KHALID,  Scheme Manager

Huma Khalid, as scheme manager, is responsible for leading ABAC. Ms Khalid’s responsibilities include planning and overseeing all aspects of the ABAC programme, which include certification and training. Additionally, she oversees the compliance department for the implementation, management and internal audit of CRI Group’s and ABAC compliance programmes

ABAC Center of Excellence Limited | t: +44 (0)777 652 4355 | e: huma.k@abacgroup.com

About CRI Group

CRI GROUP works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international risk management, employee background screening, business intelligence, due diligence, compliance solutions and other professional investigative research solutions provider. CRI Group has the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Its global presence ensures that no matter how international your operations are, the company has the network needed to provide you with all you need, wherever you happen to be. For more on our Risk Management solutions just check out our brochure:

View Risk Management Solutions Brochure

Other contacts:

RAZA SHAH Business Development and Marketing Executive | t: +92 300 501 2632 | e: raza.shah@crigroup.com
AYESHA SYED Lead Auditor | t: +971 4 358 9884 | e: ayesha.s@abacgroup.com

Corporate Fraud and Corruption: affect on UK businesses in the 2021

CRI Group and its ABAC® Center of Excellence were featured in Financier Worldwide’s InDepth Feature: Corporate fraud and corruption 2021. In this edition, CRI Group’s CEO Zafar Anjum and ABAC®’s Scheme Manager Huma Khalid talk about how corporate fraud and corruption affect businesses not only in the UK and UAE, but across the globe, and provide solutions and insights for businesses to become better protected from corporate fraud, bribery and corruption.

Q. To what extent have you seen a notable rise in the level of corporate fraud, bribery and corruption uncovered in the UK?

A. The COVID-19 pandemic has created increased opportunities for fraud worldwide. The UK is not immune, unfortunately, and such a disruptive event as the pandemic increases the likelihood that normal safeguards and risk management controls can be bypassed and subverted. There has been an increase in reported fraud and corruption cases over the past year. A survey of fraud experts by the Association of Certified Fraud Examiners (ACFE) in August 2020 showed that 77 percent were seeing an increase in fraud. Perhaps not surprisingly, cyber fraud is the fastest-growing problem area, but there has also been an uptick in unemployment fraud. This is bad news in the UK, where fraud is our most common crime, costing the country £190bn annually, according to the Royal United Services Institute (RUSI).

Q. Have there been any legal and regulatory changes implemented in the UK designed to combat fraud and corruption? What penalties do companies face for failure to comply?

A. There is proposed legislation, supported by the secretary of state of the UK’s Department of Business, Energy and Industrial Strategy, that would increase accountability for corporations that produce falsified financial statements. This includes a provision that would require company directors to personally sign off on their corporation’s financial statements, under penalty of fines and possible prison time. Under the Sarbanes-Oxley Act in the US, the penalty for falsely certifying such statements is steep: up to 20 years in prison and up to $5m in fines, and the UK is looking at similar measures to step up its fight against fraud and corruption. The UK also recently approved the formation of an audit, reporting and governance authority (ARGA) that should come into force within the next two or three years. Accordingly, the UK is taking a stronger stance against fraud going forward.

Q. In your opinion, do regulators in the UK have sufficient resources to enforce the law in this area? Are they making inroads?

A. Combatting fraud is never straightforward. When looking at progress in detecting and preventing fraud, it sometimes feels like a question of whether the glass is half full or half empty. For example, the Serious Fraud Office (SFO) brought 13 fraud defendants to trial in 2019 and 2020, with a 95 percent fouryear success rate by case. Many of these represent large frauds, and they are meaningful wins, but how many more fraudsters are out there undiscovered? Other bodies, including Her Majesty’s Revenue and Customs (HMRC), among others, also have key roles to play in investigating fraud, but a considerable amount of fraud is still investigated and prosecuted at the local level. It is important for leaders in the UK to know what resources law enforcement have and where they need training and support in the fight against fraud.

Q. If a company finds itself subject to a government investigation or dawn raid, how should it respond?

A. Any investigation, and especially a raid, can be an incredibly stressful time for a company and its employees. The important thing is to not panic – the investigators have a job to do, and the sooner they get to the truth of the situation, the better for everyone. Companies should direct their management and their employees to cooperate fully, while also engaging legal counsel to properly protect the corporation from future litigation. If fraud is detected, it is a criminal matter and the company should make a good faith effort to work with prosecutors and regulators, while making sure to document all control measures and prior steps taken to manage fraud risk. Having a track record of meeting compliance requirements and having proper internal controls in place at the time fraud occurs could have a mitigating effect in terms of potential prosecution and penalties down the road.

Q. What role are whistleblowers playing in the fight against corporate fraud and corruption? How important is it to train staff to identify and report potentially fraudulent activity?

A. Employees are a company’s first line of defence against fraud and corruption. But training them to recognise the red flags of fraud is only half of the process. The company must also implement a reporting system that is anonymous and easy to use, so that employees are encouraged to report any suspicions. Then, the company must follow through and fully investigate any reports that do come in. If it does not, whistleblowers will believe that combatting fraud and corruption is not a corporate priority, and the tips will stop coming in. How important are those tips? According to the ACFE, they are by far the highest detection method for fraud, well above audits and other means. The company should communicate that a whistleblower hotline or online reporting system is available, and that there is a zero-tolerance policy for any type of retaliation against whistleblowers. Over time, the tips will come in.

Q. What advice can you offer to companies on conducting an internal investigation to follow up on suspicions of fraud or corruption?

A. Investigations can be challenging, and they require expertise. For example, there are rules for collecting and handling evidence, including physical evidence and witness statements, that must be followed for such evidence to be admissible in court. There are also laws in the UK dealing with privacy and the rights of the accused. The bottom line is that a company already dealing with a potentially costly and damaging fraud scenario should not risk adding more legal trouble through a faulty investigation. Hire experts who deal with corporate crime and specialise in fraud and corruption cases. Like any other area of expertise, they will have the knowledge and resources to help proceed with an investigation and lead it to the most favourable outcome for your company. If you already have anti-fraud professionals on staff, let them take the lead, but provide outside resources as needed.

Q. What general steps can companies take to proactively prevent corruption and fraud within their organisation?

A. A fraud prevention strategy has many different elements, and the sooner companies implement them, the sooner they can begin to work together in a proactive way to prevent fraud. Mandating employee training, such as ISO 37001 ABMS, having an ethical code of conduct signed by every member of staff, providing regular and surprise audits, and implementing a fraud reporting system are all effective ways to help prevent and detect fraud and corruption. None of these methods is strong enough on its own to properly protect organisations. But together, they can be very effective. It is also important to set a ‘tone at the top’, from ownership, directors and management on down, that fraud will not be tolerated. Anti-fraud controls only work if the company sees them through and thoroughly investigates every report. When fraud is confirmed, any perpetrators should be terminated and potentially prosecuted, sending a message of zerotolerance.

 

Meet Zafar ZAFAR ANJUM, Group Chief Executive Officer

Zafar Anjum is founder and group CEO at CRI Group, and its ABAC Center of Excellence. He uses his extensive knowledge and expertise in creating stable and secure networks across challenging global markets. For organisations needing large project management, security, safeguard and real-time compliance applications, Mr Anjum is the assurance expert of choice for industry professionals.

Corporate Research and Investigations | t: +44 (0)7588 454 959 | e: zanjum@crigroup.com

Meet HUMA KHALID,  Scheme Manager

Huma Khalid, as scheme manager, is responsible for leading ABAC. Ms Khalid’s responsibilities include planning and overseeing all aspects of the ABAC programme, which include certification and training. Additionally, she oversees the compliance department for the implementation, management and internal audit of CRI Group’s and ABAC compliance programmes

ABAC Center of Excellence Limited | t: +44 (0)777 652 4355 | e: huma.k@abacgroup.com

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Other contacts:

RAZA SHAH Business Development and Marketing Executive | t: +92 300 501 2632 | e: raza.shah@crigroup.com
AYESHA SYED Lead Auditor | t: +971 4 358 9884 | e: ayesha.s@abacgroup.com

Background Investigations: One-on-one interview with Zafar Anjum

Having dedicated his career to fraud prevention, protective integrity, security and compliance, Zafar Anjum is a distinguished and highly respected professional in his field. As Group Chief Executive Officer at Corporate Research and Investigations Limited, he uses his extensive knowledge and expertise in creating stable and secure networks across challenging global markets. For organisations needing comprehensive project management, security, safeguard testing, background investigations and real-time compliance applications, Anjum is the assurance expert of choice for industry professionals.

Q: To what extent have you seen an increase in corporate fraud in recent years? What are some of the common themes and underlying causes?

Anjum: Fraud always seems to be increasing. No matter how sophisticated our attempts to prevent it become, perpetrators are always adapting with new methods. According to the 2020 Association of Certified Fraud Examiners (ACFE) Report to the nations, asset misappropriation is the leading type of occupational fraud. It makes up 86% of fraud cases and causes a median loss of $100,000. On the other spectrum, financial statement fraud schemes are the least common (10% of cases) but are the most costly, causing a median loss of $954,000. A typical fraud case can last 14 months before detection and cause a loss of $8,300 per month – a whopping 5% of an organisations revenue is lost to fraud each year. There are various factors at play here, but it starts with ‘tone at the top’. Basically, corporate culture often sets the tone for how strict or lax an organisation is when preventing or detecting fraud. Combine a lax approach with a country or jurisdiction where corruption is still prevalent, even considered ‘business as usual, and there will likely be fraud.

Q: Could you outline the benefits of using background investigations to reduce potential fraud? Under what circumstances is it prudent to undertake a background investigation?

Anjum: It should be a priority to conduct thorough background investigations when engaging in a merger or acquisition, an initial public offering (IPO), engaging suppliers, contractors or new clients – your client relationships can affect your organisation’s reputation and your ability – just to name a few situations. This can help you avoid becoming entangled with third parties that have hidden fraud and other legal issues. It will also make you aware of a potential partner who has a credit risk, has claimed bankruptcy or is faced with debtor filings, for example. In one case, a company was seeking to engage a new supplier for medical supplies and equipment. A background investigation revealed that the warehouse’s physical location – claimed by this ‘supplier’ did not exist. The company’s principal had previously been charged with ‘criminal breach of trust’. Three other civil damages claims against the principal were discovered, with millions claimed in liabilities.

Q: What are some of the best practice approaches to conducting a background investigation? 

Anjum: One of the most important aspects of thorough background investigations is having a ‘boots on the ground approach. Online database searches can only take you so far. When conducting due diligence on entities or individuals, red flags that pop up often warrant further checking before they can be truly weighed as part of the decision process. For example, if you are considering partnering with another company and they provide information for their physical location, do you have agents who can visit that location to make sure it is legitimate? Investigations sometimes discover that purported ‘headquarters’ is actually an abandoned home or vacant lot. Also, if certain credentials are claimed, you need to make phone calls or possibly a visit to the school or accrediting bodies to verify them. These are the important details that help you established facts that help guide your decisions.

Looking for an effective RISK MANAGEMENT through background investigations? Learn how with our Risk Management Solutions brochure!

Q: What kinds of legal or regulatory issues might complicate a background investigation?

Anjum: Privacy laws are probably the most important issue, and they need to be carefully understood and followed for every jurisdiction. In the UK, for example, the pandemic has created new data privacy issues, but prudent organisations are constantly evaluating their data protection strategies under the General Data Protection Regulation (GDPR). When it comes to background investigations, similar privacy considerations apply. You might want to check an individuals’ financial or credit history – relevant information if they own a business you seek to partner with or acquire, or if you are considering them for a high-level position at your organisation. Accessing such information is permitted in some jurisdictions and restricted by law in others. The last thing you want is to end up in court for violating someone’s privacy. It is best to engage a professional due diligence background screening firm. They will be trained and up-to-date on the laws governing your background investigations, plus they will have access to resources that most companies do not have.

Q: To what extent are background investigations more challenging in a cross-border or multi-jurisdictional context? How can these additional challenges be overcome or avoided?

Anjum: This goes back to the importance of having investigators in various locations, your ‘boots on the ground’, in your approach to due diligence. The world is much smaller these days as organisations seek to expand across international borders. And the COVID-19 is teaching leaders  invaluable lessons in business efficiencies and future strategy. This can lead to obvious challenges – both with following the laws and regulations in various jurisdictions and overcoming language and cultural barriers. That is why it is important to have access to locally-based agents – including certified fraud examiners and similarly credentialed professionals – to help with your checks, whether investigating a potential third-party partner or an individual being considered for employment. Another advantage is to have a set, written policy and process for conducting background investigations that you can reference and rely upon when undertaking key business decisions. In this way, your organisation is less susceptible to someone convincing you to bypass proper due diligence simply because it might seem logistically difficult to conduct an overseas investigation.

Are you looking to MITIGATE EMPLOYEE RISK before and after hire? Look no more, we have developed EmploySmart, a robust new pre and post-employment background screening service to avoid employee risk. Learn MORE HERE!

Q: Once the background investigation results are collated, what are the key points to analyse?

Anjum: If red flags are uncovered, the best way to proceed is to investigate further to understand discrepancies. For example, suppose you are conducting background screening on a potential employee, and something comes up in their criminal record, rather than eliminating them from consideration. In that case, you should ensure that there was not an error in your background check, investigate the discrepancy and gather all relevant information and ask the person to explain what you found and why they did not disclose it. They might have an explanation that affects your decision process. In other words, do not overlook potential talent. According to Nacro, more than 11 million people in the UK have a criminal record – that’s 1 in 3 men – however, just over half of these had been convicted on only one occasion, and 85% were convicted before they were 30 years old. Not all of those have a prison record, however. Most convictions are for motoring offences, such as speeding or unpaid tickets.

Q: What essential advice would you offer to companies on developing internal policies and processes to combat fraud? should intensive background investigations form part of their standard procedures?

Anjum: Intensive background investigations should be a part of an organisation’s standard procedures. It should be part of a greater risk management plan, be set forth as written policy that owners and director approve, and be reviewed and understood by management and other relevant personnel. Engage risk management professionals when developing your policies and procedures. They can help tailor a plan based o your organisation. Key questions to address should include; who will implement the plan, how an investigation is conducted, who evaluates and reports the results, and so on. Sometimes organisations put forth a thorough, excellent programme for background investigations and then, six months or a year later, nobody is following it. The key to success is following through with it and making sure your entire organisation understands the process and why it is so important. The security of your company depends on effective risk management.

The security of your company depends on effective risk management

Background investigations are critical to any company’s success because working with qualified, honest and hard-working employees and other businesses is an integral part of thriving in the business community. What you don’t know can hurt you, and the simple act of one bad decision can result in an unprecedented loss for your company. 

From vendor and third-party screening to employment screening, CRI Group recommends background investigations as critical proactive measures to help keep your business safe. An effective background screening investigation will help screen for bad apples that can cause havoc down the road. Because we maintain a diverse talent base comprised of multilingual and multi-cultural professionals, CRI can traverse obstacles that often impede international background investigations. That’s why we are frequently contracted by our competitors to conduct background investigations in geographic regions not serviced or accessible by larger investigative firms. 

Meet our CEO

Zafar I. Anjum, is Group Chief Executive Officer of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations.  Headquartered in London (with significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.

Contact CRI Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

Cyber security: how to maintain GDPR compliance?

The European Union’s (EU) General Data Protection Regulation (GDPR) came into force in 2018. The GDPR was a response to massive worldwide data breaches that were undermining the trust and security of private citizens whose personal information was at stake. As this data was exposed by both hackers and, in some cases, simply through poor security measures, governments of the EU felt it was time to create a strong piece of governance to bolster protection. While the initial rollout of GDPR held some uncertainty and unknowns for organisations subject to its guidelines, there is now a much clearer picture of how its standards apply. The punishments for being caught out of compliance can be severe: Violators of the GDPR may be fined up to €20 million or up to 4 percent of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater.

Cybersecurity is a priority for the management

Even with extremely high fines and stringent requirements, GDPR violations and data breaches have been skyrocketing across the world. In 2020, the overall increase of fraudulent activities has been detected, based on ACFE’s “Fraud in the Wake of COVID-19: Benchmarking Report”: 77% of survey participants have seen an increase in the overall level of fraud as of August, compared to 68% who had observed an increase in May. Earlier we wrote how the COVID-19 crisis triggered fraudulent activities and what can businesses do to support anti-fraud movements in their organisations and to strengthen their immunity to fraud. However, cyber-attacks are on the rise – the survey by the gov.uk continues to show that cybersecurity breaches are a serious threat to all types of businesses and charities. 39% of businesses and 26% of charities reported having cybersecurity breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (65%), large businesses (64%) and high-income charities (51%).

The study suggests that the risk level is potentially higher than ever under COVID-19 and that businesses are finding it harder to administer cybersecurity measures during the pandemic: 35% of businesses compared to 40% last year are now deploying security monitoring tools. This reduction suggests that these organisations might simply be less aware than before of the breaches and attacks their staff are facing.

However, among those that have identified breaches or attacks, around 27% of businesses experience them at least once a week. The most common by far are phishing attacks (83%, and 79% in charities), followed by impersonation (for 27% and 23%). Based on a survey by the gov.uk, despite COVID-19 stretching many organisation’s cybersecurity teams to their limits, cybersecurity remains a priority for management boards. But it has not necessarily become a higher priority under the pandemic. Three-quarters (77%) of businesses say cybersecurity is a high priority for their directors or senior managers, while seven in ten charities (68%) say this of their trustees.

The most notable data breaches

In the climate where organisations are putting more emphasis on strengthening their online security systems, there is no shortage of data breaches or GDPR violations. Our experts have noticed and shortlisted a few most notable cases in any order for you to be aware:

1. Booking.com

The very recent case, when travel booking website Booking.com has been hit with a  €475,000 ($560,000) fine after failing to report a data breach within the time period mandated by the GDPR. It happened back in 2018 when telephone scammers targeted 40 employees at various hotels in the United Arab Emirates (UAE). The hackers were able to get login creations for the booking system and to access the personal details of more than 4000 customers who booked hotel rooms via booking.com. The scammers exposed the credit card details of 283 customers, and in 97 cases the CVV code was also compromised. Based on GDPR, the data breach must be reported within 72 hours. Booking.com was late for 22 days (!) to report the breach to the Dutch Data Protection Authority and was issued a fine in April 2021, as reported by Forbes.

2. Twitter

Another company that was late to report the security flaw is Twitter – it was discovered in December 2018 but the social media giant did not report it to Ireland’s Data Protection Commission (DPC) until the following month. As a result, Twitter has been told to pay a €450,000 GDPR fine by Ireland’s data regulator for failing to report a 2018 data breach in the legally required timeframe. The DPC also determined that Twitter failed to adequately document the breach, another requirement under GDPR.

3. Vodafone

The firm that has been warned or fined smaller amounts on at least 50 occasions between January 2018 and February 2020, is in the news again: the Spanish data protection authority has fined Vodafone €8.15 million (approximately £7 million) for aggressive telemarketing tactics and repeated data protection failures. The fine was issued as a result of an investigation that was prompted by hundreds of complaints, with the regulator discovering a system that held up to 4.5 million contact lists purchased from third parties without user consent.

4. Facebook

And another social media giant – Facebook. Ireland’s data protection watchdog is demanding answers from Facebook over the release of records on 533 million people that appeared to stem from the social media site. As reported in April 2021, a spokesman for the Data Protection Commission (DPC) – which regulates Facebook in the European Union – said “a dataset, appearing to be sourced from Facebook, has appeared on a hacking website this weekend for free and contains records of 533 million individuals.”

5. H&M

The Data Protection Authority of Hamburg, Germany, fined clothing retailer H&M €35,258,707.95 — the second-largest GDPR fine ever imposed. H&M’s GDPR violations involved the internal monitoring of employees. After employees took vacation or sick leave, they were required to attend a return-to-work meeting. Some of these meetings were recorded and accessible to over 50 H&M managers. It has violated the GDPR’s principle of data minimisation — don’t process personal information, particularly sensitive data about people’s health and beliefs, unless you need to for a specific purpose.

6. Google

The biggest penalty (€50 million) was issued to Google for its alleged failure to provide notice in an easily accessible form, using clear and plain language, when users configure their Android mobile devices and create Google accounts, and obtain users’ valid consent to process their personal data for ad personalisation purposes. 

COMPLIANCE & ETHICS HOTLINES, REPORT NOW

How to maintain GDPR compliance

What can we learn from these case studies? Maintaining GDPR compliance is a complex process, and requires a lot of diligent work. At CRI Group, we recommend looking at it as a part of your risk management strategies, together with your compliance policies and procedures.

To help you with maintaining compliance with GDPR, our integrity due diligence experts created the following top 10 GDPR best practices for any business or entity that deals with collecting, storing or using personal information:

1. Employ a Data Protection Officer (DPO)

It is a GDPR requirement that entities who carry out regular and systematic monitoring of individuals on a large scale, or large-scale processing of certain special categories of data, have an assigned DPO. It is also recommended, however, for all other entities to help ensure data security. While the GDPR does not specifically list the necessary training or qualifications of a DPO, the regulation does require the DPO to have “expert knowledge of data protection law and practices” (Digital Guardian, 2019). Implement thorough background screening processes and make sure they are trained and qualified to be your DPO.

2. Train your employees

Ensure that all personnel are aware of the GDPR and your organisation’s commitment to compliance. Make sure that all leaders, and especially key personnel charged with collecting, handling or storing data, understand their responsibilities under GDPR. Make date protection training a regular part of your employee curriculum.

3. Confirm the legality of your data collection

GDPR requires that you have a legal basis to collect personal data. For most businesses, the following are the most likely to be applicable:

  • The information is necessary to perform a contract between the organisation and the individual;
  • You have a legal obligation to process the data (such as a court order);
  • The organisation has a legitimate interest in collecting and processing the data – in other words, there needs to be a relationship and business reason to collect the date (it cannot be random);
  • The individual has provided direct consent to the processing of the data.

4. Maintain thorough records

For larger organisations (more than 250 employees), GDPR requires that records of data collection and processing be maintained. Again, this is also a best practice for smaller organisations, as well. It can help establish that the organisation is dutifully complying with the data protection principles in GDPR. Take inventory and make a record of the data you have collected and are storing to date. Create a detailed matrix to understand what types of data you are holding, where/how it is collected, how and where it is held, and whether it is still needed. Based on this information, you can also develop a data-retention policy to govern how long personal data is kept and stored. Keeping data on file longer than needed is a liability, and serves no business purpose.

5. Establish consent policies for data

For some of your records, consent is your lawful basis for holding it. Under GDPR, it is no longer acceptable to assume consent in your collected data, or treat silence as consent. Create clear and unambiguous consent forms for your data collection that demonstrate adherence to GDPR principles. And remember, under GDPR, you must make it a simple process for an individual to withdraw their consent at any time.

6. Perform due diligence on third-parties

Under GDPR, your organisation is responsible if third-party partners collect, store or manage data for your organisation. You must ensure their compliance with GDPR as if it is your own since they are responsible for your data. This is the time to update your contracts with them to include compliance measures, as needed. It is also important that you review their control systems and their data handling processes. They must be comprehensive and meet all of the GDPR requirements to keep data secure. CRI Group’s third-party risk management experts can help you conduct effective reviews of your partners and their processes.

7. Be responsive

Under GDPR, your organisation must respond to requests from individuals whose data you have collected and/or are storing. These requests are spelt out as individuals rights in regards to their personal data and they include the following:

  • Right to be informed about what data is collected and why;
  • Right of access to data that has been collected;
  • Right to rectification/correction of inaccurate data;
  • Right to erasure of data (“right to be forgotten”);
  • Right to restrict processing of personal data;
  • Right to data portability;
  • Right to object to use of data; and
  • Right not to be subject to automated decision making, including profiling.

Have a process in place to timely respond to requests and provide data when requested in order to stay in compliance.

8. Have written policies in place

Develop your internal policies in regards to GDPR and how you protect personal data, and communicate them across your organisation. Take special note to spell out policies on data retention, cross-border processing of data, and how you collect and handle data for persons under the age of 16, as GDPR has special requirements in regards to children’s data.

9. Conduct risk assessments

GDPR requires Data Protection Impact Assessments in certain cases. These assessments measure your organisation’s ability to protect personal data and risks associated with that protection. If your data processing is considered high-risk, uses new technology, or deals in large-scale processing of data in certain categories, the assessments are required – but for any organisation, they are recommended. Data protection experts at an outside firm like CRI Group can help you prepare robust risk assessments and follow-up plans to address their results.

10. Be prepared for a breach

A worst-case scenario in data security is a breach that exposes personal information. Under the steps above, your organisation should be well-positioned to prevent or limit any breach to your data security. However, you should always have a contingency plan in place to immediately respond to a breach should it occur. Understand that GDPR requires that the applicable EU data protection supervisory authority be notified within 72 hours of a breach. Gone are the days where a company can announce it weeks or even months after the fact. Be ready to notify the affected individuals that their data has been compromised, so that they can take the appropriate steps to respond.

Organisations don’t like to think about the impact of a data breach – but major cases have pushed governments to act in the public’s interest. Perhaps nowhere is this more true than in the EU, where the GDPR is now the governing policy for organisations that deal with individuals’ personal data. By being proactive with the steps above, your organisation can be better prepared and maintain compliance with the GDPR. Most importantly, you will have the confidence and trust of your consumers through effective best practices in handling and protecting their data. CRI Group’s experts are here to help. Contact us today so that we can walk you through the steps of GDPR compliance. If you have any further questions or interest in implementing compliance solutions, please contact us.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Stay updated on the go

Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence related news, solutions, events and publications.

Unemployment Insurance Fraud During COVID-19

The Financial Crimes Enforcement Network (FinCEN), a bureau of the United States Department of the Treasury that collects and analyses information about financial transactions in order to combat domestic and international money laundering, terrorist financing, and other financial crimes launched an Advisory on Unemployment Insurance Fraud During the Coronavirus Disease 2019 (COVID-19) Pandemic.

This advisory is aimed “to alert financial institutions to unemployment insurance (UI) fraud observed during the COVID-19 pandemic. Many illicit actors are engaged in fraudulent schemes that exploit vulnerabilities created by the pandemic. This advisory contains descriptions of COVID19-related UI fraud, associated financial red flag indicators, and information on reporting suspicious activity”.

We published recently that COVID-19 continues to affect businesses in a myriad of ways. Organisations are having to adapt quickly to the fast-changing climate of the pandemic, and unfortunately, we’ve recently noticed some business practices of cutting steps in a few internal processes, such as hiring, or lack of risk management controls. It’s a vulnerable time for organisations – earlier we wrote that a crisis can bring out the worst in some people. Fraudsters who prey on people’s fear and confusion tend to waste no time when a global pandemic strikes. COVID-19 is relatively new, yet fraud schemes are multiplied much like the virus itself as criminals look for vulnerabilities among a fearful population. This pandemic also creates risks for employee fraud – CRI Group’s survey revealed that nearly 77 percent of HR professionals accept that there is a risk that employees can initiate fraudulent activity because of the work-from-home arrangement.

But employee fraud might not be the only risk the organisations face today. Earlier this year, we published that some organisations commit fraud themselves and abuse the Coronavirus Job Retention Scheme by engaging in furlough fraud. They do this by accepting taxpayer money designed to help them pay salaries for furloughed workers, who are essentially “deactivated” due to loss of business and quarantine – yet they pressure them to work (or they accept furlough benefits without the employees’ knowledge).

As we can see, a fraudulent activity might happen in a myriad of ways. Let’s dive in what are the red flag indicators of unemployment insurance (UI) fraud as unemployment claims across the globe have surged due to the COVID-19 pandemic.[/vc_column_text][vc_hoverbox image=”8095″ primary_title=”> The Unseen Enemy: Explore Insurance Fraud in-depth with our eBook!” hover_title=”GET YOUR FREE COPY”]DOWNLOAD NOW[/vc_hoverbox]

What are the red flags of unemployment insurance fraud?

In the advisory, FinCEN lists the financial red flag indicators to alert financial institutions to fraud schemes targeting UI programs, and to assist them in detecting, preventing, and reporting suspicious transactions related to such fraud. The illicit activity might include employer-employee fraud-related activities, such as creating a fake company with fictitious employees and providing fabricated details such as wages, or conspiracy between the two parties when an employee receives UI payments while the employer continues to pay reduced and/or officially undisclosed salaries. The fraud scheme might also be happening under the ‘misrepresentation of income fraud’ when the applicant fails to provide the correct income/wage details, or even submits an application with stolen or fake identity information.

A similar case happened when the COVID-19 was in a full swing last year: one for-sale ad was published in the black-market specialising in selling stolen accounts and data – it was for access of the stolen UI claim in California that had been approved and offered benefits worth $17,550. This is just one example of the fraudulent activities – “in California, fraud was so pervasive that officials have suspended processing jobless claims for two weeks to put new controls in place and reduce a bulging backlog”. It also resulted in The U.S. Labor Department making fraud detection a priority and allocating $100 million to combat the issue. To support this fight against illicit activities, FinCEN identifies the following red-flag indicators:

  1. Account(s) held at the financial institution receive(s):
  • UI payments from a state other than the state in which the customer reportedly resides or has previously worked;
  • Multiple state UI payments within the same disbursement timeframe;
  • UI payments in the name of a person other than the accountholder, or in the names of multiple unemployment payments recipients;
  • UI payments and regular work-related earnings, via direct deposit or paper checks;
  • Numerous deposits or electronic funds transfers (EFTs) that indicate they are UI payments from one or more states to persons other than the accountholder(s);
  • A higher amount of UI payments in the same timeframe than similarly situated customers received.
  1. The customer withdraws the disbursed UI funds in a lump sum by cashier’s checks, by purchasing a prepaid debit card, or by transferring the funds to out-of-state accounts.
  2. The customer’s UI payments are quickly diverted via wire transfer to foreign accounts, particularly to accounts in countries with weak anti-money laundering controls.
  3. The customer receives or sends UI payments to a peer-to-peer (P2P) application or app. The funds are then wired to an overseas account, or withdrawn using a debit card, in a manner that is inconsistent with the spending patterns of similarly situated customers.
  4. Individuals quickly withdraw disbursed UI funds via online bill payments addressed to an individual(s), as opposed to businesses, as payee(s), with some individual payees receiving multiple online bill paychecks over a short time period.
  5. The IP address associated with logins for an account conducting suspected UI-fraud activities does not map to the general location of stated address in identity documentation for the customer or where the UI payment originated.
  6. Individuals direct UI-related EFTs, or deposit UI checks into suspected shell/front company accounts, which may be indicative of money mules transferring these funds in and out of the accounts.
  7. Multiple accounts receiving UI payments at one or more financial institutions are associated with the same free, web-based email account that may appear in more than one UI application.
  8. A newly opened account, or an account that has been inactive for more than thirty days, starts to receive numerous UI deposits.
  9. After a financial institution suspects UI fraud and requests additional identification documentation to verify the identity(ies) of the customer(s), queried individuals provide documents that are incorrect or forged, which may be an indicator of an account takeover or identity theft. After a financial institution suspects UI fraud and conducts due diligence, it determines that the customer does not have a history of living at, or being associated with, the address to which the UI check or UI debit card is sent, or within the geographical area in which the registered debit card is being used.

Read the full advisory here.

Insurance fraud is something that no company can afford. It is a serious crime that can result in serious consequences for fraudsters who may find their future job prospects impacted, find it harder to obtain insurance and other vital financial services, obtain a criminal conviction and even face the prospect of imprisonment. CRI Group’s insurance fraud investigations cover the full range of insurance fraud cases, from healthcare fraud to disability and even fake death claims. Our experts are trained to look for the tell-tale signs of fraud: they can view claims, medical and hospital records, conduct interviews, examine statements and documents, as well as perform on-site inspections.[/vc_column_text][/vc_column][/vc_row]

Enhanced risk management

At CRI Group, we suggest you consider looking at your overall risk management process, involving not only potential insurance fraud risks during the COVID-19 pandemic, but a broader range of employee, bribery and corruption, compliance risks your organisation might face.

The “Risk Management & ABMS Playbook” provides tools, checklists, case studies, FAQs and other resources to help you lead your organisation into better preparedness and compliance. Our experts share their own plays to help you reduce risk, thereby preventing and detecting more fraud. The first section addresses risk management directly: proper third-party due diligence and critical background screening take centre stage for this game plan. Section two tackles bribery and corruption, with tried-and-true measures you can implement to stay better protected and in compliance with strict laws and regulations.[/vc_column_text][vc_btn title=”GET YOUR FREE COPY NOW” link=”url:https%3A%2F%2Fcrigroup.com%2Fcase-study%2Frisk-management-abms-playbook%2F|target:_blank”][/vc_column][/vc_row]

Speak up – report illegal and unethical behaviour

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use our Compliance Hotline. This hotline is available to all everyone in a business relationship with CRI Group and ABAC Group. It is an anonymous reporting mechanism that facilitates reporting of possible illegal, unethical, or improper conduct when the normal channels of communication have proven ineffective, or are impractical under the circumstances.[/vc_column_text][vc_btn title=”REPORT NOW” link=”url:https%3A%2F%2Fcrigroup.com%2Fcompliance-ethics-hotlines%2F|target:_blank”][/vc_column][/vc_row][accordion_father][accordion_son title=”Who is CRI Group?” clr=”#1e73be”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][/accordion_father][/vc_column][/vc_row]

The Unseen Enemy: Insurance Fraud – Part III

This three-part series of articles examines the problem of insurance fraud, including its pervasiveness and general characteristics in the United States, the United Kingdom and the world. Insurance fraud is a widespread problem that requires real solutions and is often difficult to detect and combat.

Part One of the series, “What is Insurance Fraud,” provides an introduction to a topic that is important for any business leader, insurance professional, compliance agent or fraud investigator. Part Two, “How do Companies Detect Insurance Fraud,” details red flags of insurance fraud that help tip off investigators to possible illegal behaviour. Part Three, “Anatomy of an Insurance Fraud Investigation,” provides a look at case studies and reveals key tips for handling a successful investigation. To receive the next series subscribe to our monthly newsletter here!

Taken as a whole, this series is the perfect primer for any insurance fraud professional and companies looking to avoid becoming victims of insurance fraud claims. It provides the tools and knowledge needed to effectively combat insurance fraud.

Part Three: Anatomy of an Insurance Fraud Investigation

The insurance fraud epidemic is of serious concern to businesses, insurance providers and consumers worldwide. In Part One of this three-part series, we examined the scope of the problem, and discussed a few cases that illustrate the magnitude of insurance fraud. In Part Two, we looked at how companies can detect insurance fraud, including how to recognise the red flags that represent potential criminal behaviour.

In this final Part Three, we’ll examine the elements of an insurance fraud investigation, beginning with a case study that illustrates how CRI Group’s insurance fraud investigators exposed fraud schemes – saving its clients thousands of dollars.

Case Study: Health Insurance Fraud

A CRI Group client requested an investigation of a health insurance claim filed by one of their employees, “Mr. Jones.” Mr. Jones claimed that while on an official visit to UAE from the U.S., he felt sudden abdominal pain with nausea and vomiting lasting 18 hours. He was admitted to a clinic and stayed under observation for two days, which cost him around $4,000 (US).According to the claim, Mr. Jones (name changed) was discharged from the clinic, but then felt the return of his sickness, so he was admitted to another clinic for two more days. During this time, he was kept under observation. For this second clinic visit, he was charged nearly $1,000.

As part of CRI Group’s “experts in a field” approach, a local investigator visited both of the clinics involved in the claim. One clinic was located in Dubai, while the other was in Abu Dhabi. When he arrived at the Dubai clinic, CRI Group’s local expert immediately learned that the clinic deals specifically in cosmetic surgery for women. In fact, as advertised on the outside of the clinic, its services are only for women. The clinic’s administrator confirmed that the clinic is only in the business of providing cosmetic surgery for women.

CRI Group’s local investigator then visited the clinic in Abu Dhabi. This clinic also appeared to be in the business of providing cosmetic surgery for women. When the local expert tried to contact the doctor who was named as the treating physician for Mr. Jones, the doctor was hesitant to meet the expert. CRI Group’s expert showed the report to the doctor, and though it was on the official letterhead of the clinic, the doctor first denied involvement in the case.

Later, the doctor told CRI Group’s expert that while “we don’t treat that kind of illness,” the patient “was in such bad condition that we treated him on a humanitarian basis.” Yet the doctor was hesitant to accept that the bills came from his clinic (the expert had already learned that the doctor in question was also the owner of the clinic). Regardless, CRI Group successfully secured the evidence that the health insurance invoices were fake and Mr. Jones was making false claims to get money from his employer.

 

When it’s Time to Open an Investigation

When red flags of fraud are uncovered, it’s time to begin an investigation. As you can see from the examples above, CRI Group’s investigations are based on a thorough approach that includes site visits and leaving no stone unturned. When you work with CRI Group, this is how the process will typically proceed. CRI Group will:

  • Assign the appropriate investigators with the right expertise in that area to investigate the claim.
  • Contact the parties involved to gather all relevant details about the incident.
  • Use all resources available, including police reports, court filings, database records and other means to establish the truth in insurance fraud cases.
  • Make site visits, speak to witnesses, take photos and establish timelines as needed to create a full, truthful story of the incident.
  • Uncover useful evidence, carefully documenting and preserving it in a way that is admissible in court.
  • Present investigation findings to the client, with recommendations on how to proceed. Sometimes, legal action is warranted.

Working with an insurance fraud investigation company like CRI Group provides the advantage of having an independent, impartial and unbiased third-party collecting the facts you need regarding any case that might involve potential fraud. CRI Group has been safeguarding businesses for more than 28 years, and you will be assured of the quality, professionalism and discreet nature of all investigations conducted by our experts.

Our global presence ensures that no matter how international your operations are, CRI Group’s investigations have the network needed to provide you all necessary support, wherever you happen to be. We take great care to ensure that our trained and licensed investigators are the best at what they do.

3 types of insurance fraud investigations

1.     Social Media Evidence

“Social media is an absolute gold mine” for insurance fraud investigations, according to Kelly Riddle, founder of private investigation company Kelmar Global. Many people think that setting high privacy settings on their social media accounts makes everything they post impossible to access. On the contrary, social media platforms usually hand over user information if they receive a subpoena for it.

Fraudsters often slip up online and post information revealing their fraud. For instance, someone receiving worker’s compensation for an injured foot may post a video of themselves playing soccer with their kids. Or, someone else may unintentionally expose their scheme, as is the case if friends and family tag the claimant in an incriminating post.

Fraudsters who are proud of their work may boast about it on social media, thinking they will never get caught. Make sure to search for alternate accounts as well as the claimant’s main social media pages to find as much of this type of evidence as you can.

2.     Activity Check

In order to learn everything you can about the claimant, you need to see where and how they live. Good old-fashioned surveillance of their home or workplace can provide evidence. For example, someone who has claimed compensation for a shoulder injury leaving their home with a tennis racket, that is possible evidence for insurance fraud.

While you are in the claimant’s neighbourhood, canvass others in the community. Even if the neighbours don’t know the person well, they may have observed their lifestyle. Ask about the insured person’s financial situation, which can indicate if they are in need of quick money.

In property insurance fraud investigations, be sure to also ask neighbours if they have seen or heard anything out of the ordinary around the time of the claim. This can include moving trucks or more comings and goings than usual from the claimant’s home. They can also help you determine whether or not the claimant is actually living in their home.

3.     Fake Documentation of the Claim

Just because a claimant has included all of the relevant documents in their claim doesn’t mean they aren’t committing insurance fraud. In fact, fake documentation is a very common way to pull off a fraud. Signs of false documents include:

  • An unusual number of receipts.
  • Falsified receipts.
  • Fake affidavits.
  • Photos or receipts used for more than one claim.

When studying accompanying documentation during an insurance fraud investigation, use a keen eye to spot signs of editing. Inconsistent lighting in photos and fonts that don’t match the rest of the document are some common examples. Be sure to also review the claimant’s history to see if they have claimed loss of the same items before

6 Keys to Successful Insurance Fraud Investigations

1. Follow the Law

Nothing can derail your insurance fraud investigation quicker than finding out you have conducted it in violation of the law. Every jurisdiction is different, and privacy laws are the major consideration in these types of investigations. Understand the laws regarding filming or recording a subject or a witness, as doing it without their consent might be a violation of their rights. This is where it is helpful to engage the experts. At CRI Group, our investigators are trained and knowledgeable about local laws and the importance of proper evidence collection. Avoid trying to collect information by deceptive means, such as “friending” a subject on social media.

2. Conduct an Initial Assessment

It’s important to gather the known facts of the case at the outset of your insurance fraud investigation: You need to have some idea of the who, what, when where, and how of the case. With your baseline facts in place, your investigation will proceed much more smoothly. Keep in mind that the subject of an insurance fraud investigation might work quickly to conceal or destroy evidence if they know they are under suspicion. You should make sure to immediately secure all documents and other evidence that you might need late in your investigation. If you are conducting the investigation for a client, make sure they follow proper security measures to keep evidence intact, especially when it comes to digital evidence.

3. Plan the Investigation Well

An effective investigation is one that is carefully planned. Failure to do so can cause problems from the outset, such as missing important details and evidence in the case, or running afoul of regulations such as reporting to FinCEN in the U.S. or FINTRAC in Canada. Before you start the investigation, think about questions like:

  • Who should be interviewed?
  • In what order should you conduct those interviews?
  • What supporting documents do you need to collect?
  • Are there any other allegations against the subject?
  • Which entities need to be informed of the investigation and how should it be done?

Carefully document all the details and steps taken during the case to make sure your insurance fraud investigation stays on track.

When engaging with CRI Group, a fraud investigator will be allocated to your case. Read more about their skills and expertise in our article “The role of a FRAUD INVESTIGATOR.”

4. Perform Great Interviews

This is where being an effective communicator comes into play. Most successful investigations include subject and witness interviews as a critical part of the evidence-gathering process:

  • You need to ask questions in order to find out the “how” and “why” an insurance fraud has occurred.
  • The best interviews are those in which the interviewer is in complete control, yet the subject or witness feels comfortable and undistracted. Have some general questions prepared, but engage the subject in a conversational style, and don’t hesitate to go “off-script” to learn more information.
  • Be friendly and establish trust and build rapport with the subject. Small talk is encouraged, plus warming up with some easy questions so that the interviewee feels comfortable talking to you.
  • Don’t ask “yes” or “no” questions. Instead, ask open-ended questions, such as “tell me about what you did that morning” or “what happened that day?”

5. Understand Evidence

During an insurance fraud investigation, and when reporting the results, an investigator should take care to separate his opinion from the facts of the case. The investigator should let the hard facts of evidence speak for itself in the case, rather than engaging in speculation or providing opinions on guilt or innocence. This is why proper evidence collecting and examination is so important. Files, documents and other evidence should be kept secure and chain-of-custody should be maintained. Never alter or mark up original documents or files with your own notes, even if they seem relevant. Keep copies for your files and make sure nothing slips through the cracks.

6. Report the Findings

When your investigation has concluded, it’s time to report the results. Prepare a thorough, facts-based report detailing the evidence and your findings. A good investigation report should include the following items:

  • Your understanding of the allegation (who, what, where, when, how)
  • The steps taken in the investigation
  • Copies of documents and other material evidence
  • A list of interviewees
  • A summary of interviews
  • A conclusion as to whether the allegation was substantiated or not

Write your report in objective language, avoiding judgemental or inflammatory adjectives when describing details of the case. Use as many direct quotations as possible from interviewees or documents. Only include facts, not opinions or inferences, in your report.

This three-part series of articles is part of our “The Unseen Enemy: Insurance Fraud” e-book. The e-book contains actionable advise on how to protect your business from insurance fraud and much more. Download the FREE e-book here!

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Have you done your Corporate Compliance Programs Gap Analysis (HEBA) yet?

Prove that your business is ethical. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Find out if your organisation’s compliance program is in line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Let our experts prepare a complimentary gap analysis (worth USD 4500/ £3370) of your compliance program to evaluate if it meets “adequate procedures” requirements under UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.

What’s a Gap Analysis, and why do I need it?

In management literature, Gap analysis involves the comparison of actual performance with potential or desired performance. If your organisation does not make the best use of current resources or forgoes investment in capital or technology, it is likely to perform below the desired goal. Our Gap analysis involves determining, if your current set of internal policies and procedures do comply with laws, rules, and regulations to uphold your business reputation and how can you improve current capabilities difference to meet current industry and regulatory requirements.

Our HEBA survey is designed to evaluate your compliance with adequate procedures to prevent bribery and corruption across the organisation. Acting as a benchmarking, the gap analysis will allow you to understand what is the general expectation of performance within your industry and compare that expectation with your organisation’s current level of performance. At this level, the gap analysis will allow you to highlight any gap and focus on ways to address it and improve your Corporate Compliance Program.

Highest Ethical Business Assessment: Evaluating Adequate Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Framework

This survey is monitored and evaluated by qualified ABAC® professionals with Business Ethics, Legal and Compliance background. The questions are open-ended to encourage a qualitative analysis of your Compliance Program and to facilitate the gap analysis process. If you aren’t performing gap analyses within your company, you may have a more significant gap than you think.[/vc_column_text][vc_btn title=”TAKE THE GAP ANALYSIS” link=”url:https%3A%2F%2Fshare.hsforms.com%2F1cjtWwMG9R6alydRIueLL5Q1hq89||target:%20_blank|”]The survey takes around 10 minutes to complete.[/vc_column_text]

Are you addressing corporate compliance?

  1. Implementing written policies, procedures, and standards of conduct;
  2. Designating a compliance officer and compliance committee;
  3. Conducting effective training and education;
  4. Developing effective lines of communication;
  5. Conducting internal monitoring and auditing;
  6. Enforcing standards through well-publicized disciplinary guidelines;
  7. Responding promptly to detected offences and undertaking corrective action; and
  8. Annual reviews.

Each of these elements requires a robust, organisation-wide enforcement and documentation. Corporate compliance programs are most successful when they’re integrated into the management of your practice–creating a culture of compliance within your practice is your best bet to avoid any regulatory breaches and fines!

Why is it important?

Corporate compliance should be an essential part of your business operations, regardless industry or size. How does your business manage compliance and mitigate risk? Taking preventative measures can feel like a hassle upfront, but it can save your organisation untold costs in the long run. Corporate compliance violations can result in fines, penalties, lawsuits, loss of reputation, and more. Keep your business from learning the lesson the hard way.  If you’re ready to take control of compliance and protect your business from risk, learn more about CRI Group today and discover how we can help your corporate compliance program.[/vc_column_text][vc_btn title=”Start developing a compliance program today.” link=”url:https%3A%2F%2Fcrigroup.com%2Fcontact-us%2F||target:%20_blank|”][vc_row_inner][vc_column_inner width=”2/3″]

Stay updated on corporate compliance

Subscribe to our newsletter to get more content like this straight to your inbox.

[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/3″][vc_empty_space][vc_btn title=”Subscribe now” link=”url:https%3A%2F%2Fwww.crigroup.com%2Fnewsletter-subscription%2F%20_blank||target:%20_blank|”][/vc_column_inner][/vc_row_inner][vc_row_inner][vc_column_inner][accordion_father activetabbg=”#ffffff” activetabclr=”#1e73be”][accordion_son title=”About CRI Group” clr=”#ffffff” bgclr=”#1e73be”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][accordion_son title=”Speak up – report any illegal, unethical, or improper behaviour!” clr=”#ffffff” bgclr=”#1e73be”]

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy. COMPLIANCE HOTLINE

[/accordion_son][/accordion_father][vc_empty_space]

Have you read…

[/vc_column_text][vc_basic_grid post_type=”post” max_items=”12″ style=”pagination” items_per_page=”3″ item=”234″ grid_id=”vc_gid:1608713452454-6bc47408-e868-9″ taxonomies=”42″][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_section][/vc_section]