Understanding BS7858 Standard

The British Standards Institution (BSI) has recently revised the British Standard for Security Screening of Security Personnel (BS7858:2004). The new code of practice BS7858:2019 came into effect at the end of September 2020, substituting the revoked BS7858:2012 revised standard, which was rescinded on the 31st  March 2020. The BS7858 standard has become progressively more crucial when it comes to the protection of individuals, goods & services, estate, and personal data. The BS7858 safeguards such elements by guaranteeing that the veracity of the person authorised to access such sensitive data is certified and retains as such.

There is a lot of misrepresentation circulating regarding the changes to BS7858 Standard which CRI Group, as the only company in the Middle East and Asian region with an implemented BS 7858:2019 standard and BS 102000:2018 code of practice for investigative services and ISO27001 (Information Security Management System) certification, want to help clean up.

Why is BS7858 so important? 

It is no secret that confidence is key when it comes to the mass of decision ruling. Instilling confidence in its personnel is critical for all organisations and their triumph, particularly when said personnel oversees susceptible individuals, valuable resources or data protection. Organisations have to be able to guarantee that their security personnel have been subordinate to the best meticulous screening process. This ensures pleased clients, as well as pleased personnel as the foundation to a fortunate and reliable organisation, begins from within. The BS7585 aids organisations to avoid scandals such as:

The revised BS7858 has been made clear that the responsibility and accountability for the security and effectiveness of the vetting process rest with the organisation itself and leading management. The BS7858:2019 connects with the move we have seen worldwide to corporate social responsibility and compliance and follows that trend. Other occurrences of the movement consist of instances such as the GDPR (April 2016) and the FCA (Dec 2020) which both expect leading management to be practical in their approach to compliance.

As a significant volume of data requires authentication in a screening process, several organisations may find executing an employee screening and vetting process to be highly complex. Additionally, the degree of evaluation of the applicant’s provisional data must be carried out effectively as well as promptly and include specific checks, such as credit checks or checks against the Financial Services Register.

BSI brought the BS7858 Standard to 2021 with the inclusion of:

Right to Work checks in line with Disclosure and Barring Service (DBS) identity requirements:

In antithesis to common acceptance, the BS7858-compliant vetting checks do not need to include DBS checks. This is due to the fact that the Security Industry Authority (SIA) oversees these criminal record checks as part of an individual’s registration process. Nevertheless, they do continue to be a measure of best practice, and the revised Standard firmly contends in its favour. See 7.3.2 (c) and 7.7. (j) in the 7858 Standard. Organisations can also refer to the SIA’s ‘Get Licensed’ handbook which asserts that when an operative is in connection with children or susceptible adults, the Standard or an alternate heightened degree of admission should be deemed essential.

Global watchlist checks during the application process

7.4 (c) of the BS7858 Standard comprises the compulsory requirement to examine a variety of international watchlists, sanctions and fraud databases. Hitherto to this, the Standard simply asked the examining of the HMG sanctions list. 

Social media checks as an advised best practice for pre-and post-employment

Personnel social media posts could generate problems for organisations that are operational in protected and regulated conditions; BSI has updated the BS7858 Standard to consider this matter. The BS7858:2019 Standard urges organisations to complete social media screening pre and post-employment.

Searching for supplementary data utilizing best practice social media and additional open-source internet checks can support your organisation with superior perceptions and decrease your employee risk.

For extra assistance on social media and further knowledge on the perils of social media within your organisation, please see our article and free playbook on “Risks of Cybercrime & Social Media“. A complete Guide on How to Protect Your Organisation and Team!

Other significant changes of the BS7858 Standard:

  • Removal of character references
  • Approval to passing on pre-employment screening records from vocation to vocation.
  • Conditional Offer: Formerly, there were two steps an employer was obliged to follow before making an offer of conditional employment; fulfilling the stipulated preliminary checks and adequately fulfilling limited screening on the subject. The new standard initiated the third element on top of the other two conditions – to commence a risk review and confirm that “the degree of risk in the envisioned employment has been evaluated and is deemed to be acceptable and documented” and consequently, the organisation is happy to extend the offer based on their evaluation and the candidate’s risk profile.
  • Preservation of candidates’ background screening records during their employment. Ineffective applicants records can be retained for 12 months while for ex-employees, particular records can be kept for an additional seven years after the employment ended.
  • All groups involved in carrying out BS7858 vetting should be prepared for envisioned obligations.

It is clear to see that the BS7858 standard is crucial for employment in not only the security region but each region of employment; pre-employment screening expending the updated BS7858 standards promises that each member of the public, from manual labourers to office workers, can maintain life in a safe environment.

If the new standard still feels a little daunting to you, why not consider booking a free 30-minute consultation with one of our experts here at CRI Group? Our specialists have years of experience and are qualified to offer your organisation personalised guidance to fit your professional requirements. Don’t hesitate, get in touch today and stay on ahead of the vetting rules and regulations.

Get in Touch

Author bio

Zafar I. Anjum, is Group CEO of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, integrity due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London, with offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China and USA, CRI is licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM.

Contact Details

Zafar Anjum, MSc, MS, LLM, CFE, CII, MABI, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC)
CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA, United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

 

More on BS 7858 and employment background screening…

 

The British Standards Institution (BSI) has recently revised the British Standard for Security Screening of Security Personnel (BS7858:2004). The new code of practice BS7858:2019 came into effect at the end of September 2020, substituting the revoked BS7858:2012 revised standard, which was rescinded on the 31st  March 2020. The BS7858 standard has become progressively more crucial when it comes to the protection of individuals, goods & services, estate, and personal data. The BS7858 safeguards such elements by guaranteeing that the veracity of the person authorised to access such sensitive data is certified and retains as such.

There is a lot of misrepresentation circulating regarding the changes to BS7858 Standard which CRI Group, as the only company in the Middle East and Asian region with an implemented BS 7858:2019 standard and BS 102000:2018 code of practice for investigative services and ISO27001 (Information Security Management System) certification, want to help clean up.

Why is BS7858 so important? 

It is no secret that confidence is key when it comes to the mass of decision ruling. Instilling confidence in its personnel is critical for all organisations and their triumph, particularly when said personnel oversees susceptible individuals, valuable resources or data protection. Organisations have to be able to guarantee that their security personnel have been subordinate to the best meticulous screening process. This ensures pleased clients, as well as pleased personnel as the foundation to a fortunate and reliable organisation, begins from within. The BS7585 aids organisations to avoid scandals such as:

The revised BS7858 has been made clear that the responsibility and accountability for the security and effectiveness of the vetting process rest with the organisation itself and leading management. The BS7858:2019 connects with the move we have seen worldwide to corporate social responsibility and compliance and follows that trend. Other occurrences of the movement consist of instances such as the GDPR (April 2016) and the FCA (Dec 2020) which both expect leading management to be practical in their approach to compliance.

As a significant volume of data requires authentication in a screening process, several organisations may find executing an employee screening and vetting process to be highly complex. Additionally, the degree of evaluation of the applicant’s provisional data must be carried out effectively as well as promptly and include specific checks, such as credit checks or checks against the Financial Services Register.

BSI brought the BS7858 Standard to 2021 with the inclusion of:

Right to Work checks in line with Disclosure and Barring Service (DBS) identity requirements:

In antithesis to common acceptance, the BS7858-compliant vetting checks do not need to include DBS checks. This is due to the fact that the Security Industry Authority (SIA) oversees these criminal record checks as part of an individual’s registration process. Nevertheless, they do continue to be a measure of best practice, and the revised Standard firmly contends in its favour. See 7.3.2 (c) and 7.7. (j) in the 7858 Standard. Organisations can also refer to the SIA’s ‘Get Licensed’ handbook which asserts that when an operative is in connection with children or susceptible adults, the Standard or an alternate heightened degree of admission should be deemed essential.

Global watchlist checks during the application process

7.4 (c) of the BS7858 Standard comprises the compulsory requirement to examine a variety of international watchlists, sanctions and fraud databases. Hitherto to this, the Standard simply asked the examining of the HMG sanctions list. 

Social media checks as an advised best practice for pre-and post-employment

Personnel social media posts could generate problems for organisations that are operational in protected and regulated conditions; BSI has updated the BS7858 Standard to consider this matter. The BS7858:2019 Standard urges organisations to complete social media screening pre and post-employment.

Searching for supplementary data utilizing best practice social media and additional open-source internet checks can support your organisation with superior perceptions and decrease your employee risk.

For extra assistance on social media and further knowledge on the perils of social media within your organisation, please see our article and free playbook on “Risks of Cybercrime & Social Media“. A complete Guide on How to Protect Your Organisation and Team!

Other significant changes of the BS7858 Standard:

  • Removal of character references
  • Approval to passing on pre-employment screening records from vocation to vocation.
  • Conditional Offer: Formerly, there were two steps an employer was obliged to follow before making an offer of conditional employment; fulfilling the stipulated preliminary checks and adequately fulfilling limited screening on the subject. The new standard initiated the third element on top of the other two conditions – to commence a risk review and confirm that “the degree of risk in the envisioned employment has been evaluated and is deemed to be acceptable and documented” and consequently, the organisation is happy to extend the offer based on their evaluation and the candidate’s risk profile.
  • Preservation of candidates’ background screening records during their employment. Ineffective applicants records can be retained for 12 months while for ex-employees, particular records can be kept for an additional seven years after the employment ended.
  • All groups involved in carrying out BS7858 vetting should be prepared for envisioned obligations.

It is clear to see that the BS7858 standard is crucial for employment in not only the security region but each region of employment; pre-employment screening expending the updated BS7858 standards promises that each member of the public, from manual labourers to office workers, can maintain life in a safe environment.

If the new standard still feels a little daunting to you, why not consider booking a free 30-minute consultation with one of our experts here at CRI Group? Our specialists have years of experience and are qualified to offer your organisation personalised guidance to fit your professional requirements. Don’t hesitate, get in touch today and stay on ahead of the vetting rules and regulations.

Get in Touch

Author bio

Zafar I. Anjum, is Group CEO of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, integrity due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London, with offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China and USA, CRI is licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM.

Contact Details

Zafar Anjum, MSc, MS, LLM, CFE, CII, MABI, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC)
CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA, United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

 

More on BS 7858 and employment background screening…

 

The British Standards Institution (BSI) has recently revised the British Standard for Security Screening of Security Personnel (BS7858:2004). The new code of practice BS7858:2019 came into effect at the end of September 2020, substituting the revoked BS7858:2012 revised standard, which was rescinded on the 31st  March 2020. The BS7858 standard has become progressively more crucial when it comes to the protection of individuals, goods & services, estate, and personal data. The BS7858 safeguards such elements by guaranteeing that the veracity of the person authorised to access such sensitive data is certified and retains as such.

There is a lot of misrepresentation circulating regarding the changes to BS7858 Standard which CRI Group, as the only company in the Middle East and Asian region with an implemented BS 7858:2019 standard and BS 102000:2018 code of practice for investigative services and ISO27001 (Information Security Management System) certification, want to help clean up.

Why is BS7858 so important? 

It is no secret that confidence is key when it comes to the mass of decision ruling. Instilling confidence in its personnel is critical for all organisations and their triumph, particularly when said personnel oversees susceptible individuals, valuable resources or data protection. Organisations have to be able to guarantee that their security personnel have been subordinate to the best meticulous screening process. This ensures pleased clients, as well as pleased personnel as the foundation to a fortunate and reliable organisation, begins from within. The BS7585 aids organisations to avoid scandals such as:

The revised BS7858 has been made clear that the responsibility and accountability for the security and effectiveness of the vetting process rest with the organisation itself and leading management. The BS7858:2019 connects with the move we have seen worldwide to corporate social responsibility and compliance and follows that trend. Other occurrences of the movement consist of instances such as the GDPR (April 2016) and the FCA (Dec 2020) which both expect leading management to be practical in their approach to compliance.

As a significant volume of data requires authentication in a screening process, several organisations may find executing an employee screening and vetting process to be highly complex. Additionally, the degree of evaluation of the applicant’s provisional data must be carried out effectively as well as promptly and include specific checks, such as credit checks or checks against the Financial Services Register.

BSI brought the BS7858 Standard to 2021 with the inclusion of:

Right to Work checks in line with Disclosure and Barring Service (DBS) identity requirements:

In antithesis to common acceptance, the BS7858-compliant vetting checks do not need to include DBS checks. This is due to the fact that the Security Industry Authority (SIA) oversees these criminal record checks as part of an individual’s registration process. Nevertheless, they do continue to be a measure of best practice, and the revised Standard firmly contends in its favour. See 7.3.2 (c) and 7.7. (j) in the 7858 Standard. Organisations can also refer to the SIA’s ‘Get Licensed’ handbook which asserts that when an operative is in connection with children or susceptible adults, the Standard or an alternate heightened degree of admission should be deemed essential.

Global watchlist checks during the application process

7.4 (c) of the BS7858 Standard comprises the compulsory requirement to examine a variety of international watchlists, sanctions and fraud databases. Hitherto to this, the Standard simply asked the examining of the HMG sanctions list. 

Social media checks as an advised best practice for pre-and post-employment

Personnel social media posts could generate problems for organisations that are operational in protected and regulated conditions; BSI has updated the BS7858 Standard to consider this matter. The BS7858:2019 Standard urges organisations to complete social media screening pre and post-employment.

Searching for supplementary data utilizing best practice social media and additional open-source internet checks can support your organisation with superior perceptions and decrease your employee risk.

For extra assistance on social media and further knowledge on the perils of social media within your organisation, please see our article and free playbook on “Risks of Cybercrime & Social Media“. A complete Guide on How to Protect Your Organisation and Team!

Other significant changes of the BS7858 Standard:

  • Removal of character references
  • Approval to passing on pre-employment screening records from vocation to vocation.
  • Conditional Offer: Formerly, there were two steps an employer was obliged to follow before making an offer of conditional employment; fulfilling the stipulated preliminary checks and adequately fulfilling limited screening on the subject. The new standard initiated the third element on top of the other two conditions – to commence a risk review and confirm that “the degree of risk in the envisioned employment has been evaluated and is deemed to be acceptable and documented” and consequently, the organisation is happy to extend the offer based on their evaluation and the candidate’s risk profile.
  • Preservation of candidates’ background screening records during their employment. Ineffective applicants records can be retained for 12 months while for ex-employees, particular records can be kept for an additional seven years after the employment ended.
  • All groups involved in carrying out BS7858 vetting should be prepared for envisioned obligations.

It is clear to see that the BS7858 standard is crucial for employment in not only the security region but each region of employment; pre-employment screening expending the updated BS7858 standards promises that each member of the public, from manual labourers to office workers, can maintain life in a safe environment.

If the new standard still feels a little daunting to you, why not consider booking a free 30-minute consultation with one of our experts here at CRI Group? Our specialists have years of experience and are qualified to offer your organisation personalised guidance to fit your professional requirements. Don’t hesitate, get in touch today and stay on ahead of the vetting rules and regulations.

Get in Touch

Author bio

Zafar I. Anjum, is Group CEO of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, integrity due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London, with offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China and USA, CRI is licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM.

Contact Details

Zafar Anjum, MSc, MS, LLM, CFE, CII, MABI, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC)
CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA, United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

 

More on BS 7858 and employment background screening…

 

Risk assessment breakdown: Identification, Analysis, Evaluation

Risk management is a full-time, ongoing endeavour for organisations in today’s business world, and it poses constant challenges. Unfortunately, fraud, bribery and corruption are major factors affecting businesses and agencies of all sizes and industries. Being proactive against these risks can mean the difference between success and ruin. Whatever your reasons or motivations might be, if your organisation’s objective is to have an effective risk assessment management strategy in place. This article discusses the importance of Risk Assessment. There are two important building blocks that form the core of risk management:

  • Risk assessment
  • Risk treatment

Each of these stages can stand on their own – in this article we will go into detail about best practices for identifying risks, how to analyse them in terms of probability and severity, and how they can be evaluated in terms of the company’s risk appetite.

What is Risk Assessment?

Risk assessment is the overall process of identification, analysis and evaluation of any given risk. It can be a systematic examination of a task, job or process that a risk professional carries out at work for the purpose of identifying significant hazards. For example, the risk of someone being harmed and deciding what further control measures to take to reduce the risk to an acceptable level. The process will vary between organisations, but it should start with identification of hazards, analysis of who and what might be harmed, evaluation of the risk, documentation of the risks, taking action and review. Your organisation should conduct a risk assessment systematically, interactively and collaboratively, drawing on the knowledge and views of stakeholders. It should use the best available information, supplemented by a further inquiry as necessary.

Risk assessment breaks down into:

  • Step 1: Identification
  • Step 2: Analysis
  • Step 3: Evaluation

Business Intelligence (BI) Solutions can help during this stage. BI take many shapes and forms in today’s complex business environment. Budgets are stretched and the challenges facing a business and its employees can sometimes lead to issues that start off small, but then lead to wider spread problems which can affect the very fabric of your organisation and damage both your credibility, reputation and bottom line profits. CRI® Group takes two approaches to BI solutions:

  • Intelligence operations (via market research and analysis): we focus on researching the future and potential growth of your business – i.e. determine the commercial viability and potential for success in the market, analyse consumer behaviour and business trends in that market, etc.
  • Investigative operations (via commercial investigations): we focus on the current status of your business – i.e. location of assets, financial information, identification of unmet needs of any market, gauge brand awareness and identity in the market, etc.)

CHECK OUT OUR BI SOLUTIONS  or  DOWNLOAD BROCHURE

 

Risk Identification

The purpose of risk identification is to find, recognise and describe risks that might help or prevent an organisation achieving its objectives. Relevant, appropriate and up-to-date information is important in identifying risks. The organisation can use a range of techniques for identifying uncertainties that may affect one or more objectives. The following factors, and the relationship between these factors, should be considered:

  • Tangible and intangible sources of risk;
  • Causes and events;
  • Threats and opportunities;
  • Vulnerabilities and capabilities;
  • Changes in the external and internal context;
  • Indicators of emerging risks;
  • The nature and value of assets and resources;
  • Consequences and their impact on objectives;
  • Limitations of knowledge and reliability of information;
  • Time-related factors;
  • Biases, assumptions and beliefs of those involved.

Your organisation should identify risks, whether or not your sources are under your control. Consideration should be given that there may be more than one type of outcome, which may result in a variety of tangible or intangible consequences.

Risk analysis

Risk analysis allows you to understand the nature of risk, its characteristics and level. Because an event can have multiple causes and consequences and can affect multiple objectives a risk analysis should involve a detailed consideration of uncertainties such as risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness.

Risk analysis can be undertaken with varying degrees of detail and complexity, depending on the purpose of the analysis, the availability and reliability of the information, and the resources available. Analysis techniques can be qualitative, quantitative or a combination of both, depending on the circumstances and intended use. Risk analysis should consider factors such as:

  • The likelihood of events and consequences;
  • The nature and magnitude of consequences;
  • Complexity and connectivity;
  • Time-related factors and volatility;
  • The effectiveness of existing controls;
  • Sensitivity and confidence levels.

A risk analysis is likely to be influenced by a wide range of variables, from any divergence of opinions, biases to perceptions of risk, from judgements, quality of the information used to the assumptions and exclusions made and any limitations of the techniques and how they are executed. These influences should be considered any risk analysis, documented and communicated to any decision-makers involved in the process.

It is important to remember that any highly uncertain event can be difficult to quantify, and this is an issue. If you find yourself in such a situation, using a combination of techniques generally provides greater insight. Risk analysis provides input to risk evaluation, to decisions on whether risk needs to be treated and how, and on the most appropriate risk treatment strategy and methods. The results provide insight for decisions, where choices are being made, and the options involve different types and levels of risk.

Risk evaluation

Risk evaluation can support your decisions. Risk evaluation involves comparing the results of the risk analysis with the established risk criteria to determine where additional action is required. This can lead to a decision to:

  • Do nothing further;
  • Consider risk treatment options;
  • Undertake further analysis to better understand the risk;
  • Maintain existing controls;
  • Reconsider objectives.

Any decisions should take into account the wider context and the actual and perceived consequences to external and internal stakeholders. The outcome of risk evaluation should be recorded, communicated and then validated at appropriate levels of the organisation.

Who should do risk assessments?

Well, by law, every employer must conduct risk assessments. Risk assessments should always be carried out by a professional who is familiar to risk, a person who is experienced and competent to do so.  Competence can be expressed as a combination of knowledge, awareness, training, and experience. Remember competence does not mean you have to know everything about everything, competence also means knowing when you know enough or when you should call in further expert help.

But we all like to think that all of our employees will be trustworthy, but this is not always the case. There have been many instances in which an employee has been dishonest about their job history, qualifications or even criminal history. A dishonest employee could be unqualified for the position, possibly endangering others on the job. Or they might be a fraud risk, willing to bend the truth in other ways in order to enrich or advance themselves on your dime. No organisation can afford to have employees or staff who aren’t what they claim to be. Even a seemingly innocent embellishment can indicate more background problems under the surface, and the potential for future problems down the road so remember, trust your employees but, verify them too. 

CHECK OUT OUR EMPLOYEE BACKGROUND SCREENING SOLUTIONS  or  DOWNLOAD BROCHURE

Risk Assessment and ISO 31000 certification with ABAC®

While the team at CRI® do not deliver any training or certification on ISO 31000, our partner ABAC® Center of Excellence do. ISO 31000 can provide the principles, framework and a process for managing risk. ISO 31000 is not a certifiable standard; the standard is a set of guidelines which provide guidance for internal or external audit programmes. However we recommend taking ISO 31000 Awareness training, this will enable you to fully understand Risk Management activities and mitigate risk. 

ISO 31000 was developed by hundreds of experts in risk mitigation, from thirty countries. This international effort produced a standard that is worldwide and represents best practices and leading operations for risk management. Organisations can trust that they are following a tested, robust standard to increase success. The standard converts risk management into a set of “friendly” and actionable – and straightforward to implement – guidelines, regardless of the size, nature, or location of a business. 

The training helps establish an ethical culture by educating your personnel on the following:

  • What constitutes fraud, corruption, and bribery, and why these are so damaging to business
  • How to identify red flags of fraud, corruption, and bribery
  • The process for reporting fraudulent and unethical acts
  • The organization’s zero-tolerance attitude toward unethical behaviour and willingness to terminate employees for breaches, and prosecute unethical acts
  • The serious ramifications for committing fraud or bribery, the legal consequences, and the negative impact on one’s career

The ISO certifications helps us at ABAC® to provide appropriate anti-bribery training to personnel across various industries. This standard helps to assess bribery risks, perform the appropriate due diligence required for your business and to take reasonable and proportionate steps to ensure that controlled organizations and business associates have implemented appropriate anti-bribery controls.

> Find out more about ISO 31000 Risk Management and other standards now!

Other Solutions

While CRI® may not offer the ISO certification, we do offer other services. We specialise in solutions regarding compliance, working as trusted partners to businesses and institutions across the globe. Our experts work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates. CRI’s unique identity and vision evolved from our fundamental desire to support our clients and their candidates, thus creating the DueDiligence360™.

The DueDiligence360TM reports to help organisations comply with anti-money launderinganti-bribery, and anti-corruption regulations. This service also proves beneficial ahead of a merger, acquisition, or joint venture as it can be used for a third-party risk assessment, onboarding decision-making, and identifying beneficial ownership structures. Identifying key risk issues clearly and concisely helps enhance your knowledge and understanding of the customer, supplier, and third-party risk, helping you avoid those involved with financial crime.

Why not consider our background investigative solutions? Employee Background Checks can aid in reducing the risk of hiring an employee who does not live up to their supposed skill set and could cause irrevocable damage. Firms spend years, thousands, even millions to brand their products and services – it only takes one bad hire to cause loss of capital and reputation. It can go as far as bringing a business to fail – especially if the employee holds malice towards the organisation. EmploySmart™ is CRI’s own solution aiming to expose vulnerabilities and threats within your organisation. Much like the ISO certification, our EmploySmart™ is a risk management measure which can be used to significantly reduce business and financial crime, fraud and malpractice within your workplace.

Our solutions are also certified by the British Standard Institute BSI for the scope of BS 7858:2019 Screening of individuals working in a secure environment, Code of practice (the only BS 7858 certified background screening services provider in the UAE and across the Middle East); and BS 102000:2018 Code of practice for the provision of investigative services.

Another risk management solution to consider from CRI® is our Third-Party Risk Management solution (TPRM),  also known as 3PRM™. In wake of the global pandemic, the 3PRM™ was developed in a bid to aid organisations to accurately determine the legal compliance, financial viability, and integrity levels of external parties, vendors, and customers who seek to be affiliated with and represent the business.

The 3PRM-Certified™ program consists of gap analysis and investigative due diligence on the targeted above parties.  This highly thorough program reveals anti-corruption, compliance and risk management discrepancies associated with the international regulatory framework helping your business to flourish at any scale. Find out more about CRI Group’s Solutions here.

If you’re unsure of what solution may be best for you and your business, how about connecting with one of our experts for a free consultation? Receive tailored advice from the top analysts and investigators across the globe.

CONTACT US

About CRI® Group

Based in London, CRI® works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI® also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Why Financial Services Firms Need ISO 37001 ABMS?

When Société Générale, a global financial services institution based in France, agreed to pay a combined total penalty of more than $860 million for an alleged bribery and corruption scheme, it served as a warning shot to financial firms worldwide that a culture of enforcement has arrived. Société Générale was accused of paying bribes to officials in Libya and committing violations in manipulating the London InterBank Offered Rate (LIBOR), one of the world’s leading benchmark interest rates. Together with other regulatory penalties faced by the financial services giant, the total amount to be paid exceeds $1 billion. (The United States Department of Justice, 2018)

Bribery and corruption often go together with money laundering – and, as such, the financial sector faces new Anti-Money Laundering (AML) rules and legislation that is strict and increasingly enforced. Remaining in compliance through implementing proper prevention controls is a must. Failing to do so can mean a loss of business, trust and reputation: Banking giant Citibank was fined $70 million in the US for failing to address shortcomings in its anti-money laundering policies. We at CRI intend on being apart of the solution. Therefore, CRI Group’s ABAC will be hosting a webinar on the 30th of September exploring the Pitfalls Most Organisations Often Commit – the importance of implementing Anti-Bribery Management System (ABMS). Being a part of the solution means sharing our knowledge so society is one step closer to an ethical reality.

Register Here 

In the US alone, more than 100 bribery investigations were in progress at the end of last year, with the financial services industry facing the most investigations. (Wall Street Journal, 2019)

Having layers of safeguards in place is required both from a legal and compliance standpoint. One of the most critical layers is an effective anti-bribery management system (ABMS).

Prevent corruption and promote compliance

There is a solution that financial services organisations can implement to take a proactive stance against bribery and corruption: The ISO 37001:2016 Anti-Bribery Management System standard. ISO 37001 ABMS is designed to help global organisations implement an anti-bribery management system (ABMS), as the standard specifies a series of measures required by the organisation to prevent, detect and address bribery, and provides guidance relative to that implementation.

For financial services firms, this is a critical layer of protection that provides both anti-bribery controls and a system for compliance with various anti-corruption legislation, such as the FCPA and UK Bribery Act. The UK Bribery Act’s adequate procedures requirement dictates that all companies need to have ongoing monitoring, training, surveillance and risk assessments – ISO 37001 ABMS is designed to fulfil these criteria and more.

CRI Group’s ABAC Certification Services is accredited to offer independent ISO 37001 certification to ensure that an organisation is in compliance with the standard, which is recognised and practised in more than 160 countries worldwide. CRI Group’s auditors and analysts work with financial services organisations to develop measures that integrate with existing management processes and controls, and include:

  • Adopting an anti-bribery policy
  • Establishing buy-in and leadership from management
  • Training personnel in charge of overseeing compliance
  • Communicating the policy and program to all personnel and business associates
  • Providing bribery and corruption risk assessments
  • Conducting due diligence on projects, business associates and other third-party affiliations
  • Implementing financial and commercial controls
  • Developing reporting and investigation procedures

Our paid webinar will have a rundown of the following:

  • What are the core Bribery and Corruption Risks for Financial Institution?
  • How to protect financial institutions and corporations from bribery and corruption risk
  • Reparations from bribery that could affect the businesses, clients, and employees
  • Successful regulations to mitigate risk for bribery and corruption.
  • What can be done if bribery is detected?
  • Internationally recognised solutions laid forth by ISO 37001: Anti-Bribery Management System that gives businesses effective controls to mitigate risk
  • Components of risk management at a financial institution

We will also be exploring how the implementation of such a standard aids in examining and dealing fittingly with any actual or suspected bribery within the corporation and also how to implement appropriate financial, procurement and other commercial controls so as to help prevent the risk of bribery in financial services as these organisations face unique challenges.

Register Here 

Among them are maintaining proper internal procedures as they relate to bribery and AML regulations. These measures can be logistically challenging, especially in the auditing process – but keeping accurate books and records is a key provision of the UK Bribery Act. ISO 37001 ABMS standard makes this a key provision in cultivating proper due diligence and reporting procedures.

Another major challenge involves monitoring third-party risk. The due diligence practices and risk assessments implemented through ISO 37001 ABMS are critical in this area. Financial services firms, more than any other sector, must conduct effective vetting and ongoing monitoring of third-parties. This goes beyond “on-boarding” and relates to how companies continually assess risk from outside partners – including brokerage firms, introducers, agents, joint-venture relationships, even clients – as borrowers, for example, represent a major risk on the balance sheet.

Some financial services companies do not properly score or assign risk profiles to third-party partners, and this can represent a major weak point in efforts to prevent bribery, corruption and money laundering. Regulators understand this, too. That’s why ISO 37001 ABMS dictates thorough and comprehensive due diligence in regards to all third-parties and especially in the case of mergers and acquisitions.

Once certified, an organisation must continue surveillance and undergo a recertification audit over three years to ensure that the organisation still complies with the ISO 37001:2016 ABMS standard. During this time, any changes to processes, the addition of new partners and expansion/acquisition of new assets or energy contracts, etc. are carefully reviewed.

Long-lasting benefits of certification

ISO 37001 ABMS provides a strong framework for addressing and isolating risk factors, and the benefits of certification are far-reaching, impacting not just the primary organisation but also influencing contractors, clients, and raising the profile of the company as an ethical entity that is a good trading partner. By achieving ISO 37001:2016 ABMS certification, a financial services firm will:

  • Ensure that the organisation is implementing a viable anti-bribery management system utilising widely accepted controls and systems.
  • Assure management, investors, business associates, personnel and other stakeholders that the organisation is actively pursuing internationally recognised and accepted processes to prevent bribery and corruption.
  • If needed, provide acceptable evidence to prosecutors or courts that the organisation has taken reasonable steps to prevent bribery and corruption.

Cases like Société Générale are not isolated, but more and more, we are seeing companies punished for not taking proper preventative action with a robust anti-bribery management system (ABMS). Financial services firms need to be aware and stay in front of increased anti-bribery and corruption legislation given that such regulations have, in most cases, achieved a global reach. For ownership and management, the stakes are especially high – accountability now includes criminal liability for organisation personnel as individuals, beyond (and in addition to) liabilities faced by the organisation. This trend will only continue as governments, and their publics become increasingly intolerant of fraud, bribery and corruption. Significant media coverage and the real and perceived threat to governments’ economies contribute to this changing landscape of public opinion.

As the ISO 37001 International standard document states, “Conformity with (ISO 37001) cannot provide assurance that no bribery has occurred or will occur in relation to the organisation, as it is not possible to eliminate the risk of bribery. However, (the standard) can help the organisation implement reasonable and proportionate measures designed to prevent, detect and respond to bribery”. With this in mind, It’s important to note that ISO 37001 certification, on its own, is not a “safe harbour” from prosecution should bribery or corruption be discovered. Significantly, ISO certification is, as the above explains, a potential mitigating piece of evidence to regulators or even prosecutors and the courts that the entity has taken meaningful steps in its efforts to prevent bribery and corruption.

Financial Services Firms Need ISO 37001 ABMS

It is critical that any financial services organisation have a proper, comprehensive strategy to prevent and detect bribery and corruption, and remain in compliance with all regulations – on the local, regional, and international levels. The ISO 37001 ABMS standard is an established, tried and tested program to address those issues head-on through a comprehensive program of training and certification. The training process is tailored to the organisation while still following the developed curriculum and documented best practices. Due diligence procedures and risk assessments are applied in a thorough, comprehensive manner. Certification requires the demonstration that processes have been implemented effectively, with follow-up evaluations.

Worldwide developments in laws and regulations have demonstrated that there isn’t time to wait to implement controls and compliance procedures – the next investigation and/or prosecution may be too late. The harm caused by bribery and corruption to an entity’s reputation, investments and business can be far-reaching and long-lasting.

This paid webinar will be running from the following times on Thursday the 30th of September;

  • 08:00 to 10:00 GMT
  • 15:00 to 17:00 MYT
  • 12:00 to 14:00 GST

Your turnout with come with a certificate of Attendance (COA) as well as a complimentary webinar ABMS Awareness for 2 Pax per company. While you’re there, why not attain a Continuing Professional Development (CPD) certificate and stay on top of your industry?

Register your place for this webinar here and find out how to tackle the issue of bribery and corruption in your workplace before it has time to manifest itself into a greater issue. Finance is the greatest asset to the economy after all.

Complete Registration 

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Common Fraud in the Pharmaceutical Industry reported by whistleblowers

Pharmaceutical Fraud

Pharmaceutical fraud involves activities that result in false claims to insurers or programs such as Medicare in the US or equivalent state programs for financial gain to a pharmaceutical company. Several different schemes are used to defraud the health care system, which is particular to the pharmaceutical industry. These include:

  • Good Manufacturing Practice (GMP) Violations,
  • Off Label Marketing,
  • Best Price Fraud,
  • CME Fraud,
  • Medicaid Price Reporting, and
  • Manufactured Compound Drugs.

The pharmaceutical industry is regularly found to be engaging in fraud of many types, and it appears as though each year, the number of pharmaceutical fraud is on the rise. Each year big pharma giants end up spending billions of dollars in paying for fraud, misrepresentation of data and other such corruption allegations levelled out against them. In the last years, global pharma giants have paid fines to the tune of $11 billion for criminal wrongdoing, including withholding safety data and promoting drugs for use, beyond any licensed condition; GlaxoSmithKline paid a $3 billion settlement, Pfizer $2.3 billion settlement, and Merck $650 million settlement. Damages from fraud can be recovered using the False Claims Act, most commonly under the qui tam provisions, which rewards an individual for being a “whistleblower” or relator (law).

July of 2021 saw Bolton pharmacist David “Jason” Rutland pleading guilty to conspiracy to solicit and pay kickbacks and bribes in a $182.5m fraud case in which Rutland himself pocketed $13.3m. This conspiracy is noted as the state’s largest health care/pharmaceutical fraud to date. It is estimated that more than $515 million in fraudulent prescription billings were made to TRICARE, Medicare, Medicaid, and private health care benefit providers in Mississippi.

In the US, whistleblowers are uniquely positioned to report this fraud to the government under the False Claims Act.

Common Fraud in the Pharmaceutical Industry Includes:

  • Unlawful Kickbacks
  • Clinical trials manipulation/fraud against the Food and Drug Administration (FDA)
  • Off-label marketing/Food Drug and Cosmetic Act (FDCA) violation
  • Failure to comply with Current Good Manufacturing Practices (CGMP) requirements
  • Compounded drug fraud
  • Illegal drug-switching
  • Misuse of the 340B drug discount program
  • Medicaid best price fraud
  • Medicare Part D Fraud
  • Fraud by Pharmacy Benefit Managers (PBMs)

Understanding the most common types of pharmaceutical industry fraud reported by whistleblowers

Unlawful Kickbacks

The pharmaceutical industry influences doctors’ prescribing habits, especially in the US. Drug manufacturers and distributors may pay unlawful kickbacks to physicians or others in the form of sham “consulting fees,” luxury vacations, and expensive meals in exchange for increased prescriptions of the company’s drugs.

Clinical trials manipulation/fraud against the Food and Drug Administration (FDA)

Drug manufacturers must obtain FDA approval before marketing a new drug. The FDA approves new drugs proven safe, effective, and properly labelled following extensive preclinical and clinical testing and analysis, which results in a wealth of data regarding the drug’s safety, efficacy, pharmacology and toxicology. The FDA relies on the accuracy of the data that drug manufacturers submit in New Drug Applications (NDAs). Pharmaceutical companies that make false statements to the FDA, omit relevant data in NDAs, or otherwise misrepresent the safety or efficacy of drugs in clinical trials can be subject to False Claims Act (FCA) liability. The same is true of drug companies that pay researchers to falsify clinical trial data.

Off-label marketing/Food Drug and Cosmetic Act (FDCA) violation

Pharmaceutical companies may not promote their drugs for uses, doses, or populations not specifically approved by the FDA as safe and effective. Such “off-label” marketing and promotion violates the FCA. This could include, for example, if a drug is approved for use in treating severe psychiatric disorders, and the drug company’s sales representatives promote it for widespread use in calming elderly patients in nursing homes.

Failure to comply with Current Good Manufacturing Practices (CGMP) requirements

Drug and medical device manufacturers are subject to strict FDA manufacturing rules known as the Current Good Manufacturing Practice (CGMP) regulations. The CGMP exists to ensure manufactured drugs’ identity, strength, quality, and purity and protect consumers from tainted, ineffective, and harmful drugs. Government-funded healthcare programs pay for prescription drugs on the premise that CGMP regulations have manufactured the drugs. If they are not, it can be a violation of the False Claims Act. This could include, for example, a pharmaceutical company’s manufacturing facility using dirty equipment to make drugs, or using equipment that does not accurately measure the type or amount of the active ingredients incorporated into a drug, and then selling these tainted drugs to patients covered by Government-funded health care programs.

Compounded drug fraud

Compounding pharmacies prepare medications tailored to meet the needs of individual patients by mixing drugs or changing the route of administration. Compounding pharmacies can violate the FCA by making large batches of drugs—known as mass-compounding—rather than providing the required individualised service, “compounding” drugs that are already commercially available, or inflating the number of particular medications used in the mixture to increase the cost. Compounded drugs are primarily regulated by the states, meaning efficacy and safety need not be proven to the FDA.

Illegal drug-switching

As a general rule, pharmacies must fill patients’ prescriptions as written by the ordering physician. Putting aside situations where a generic drug may be substituted for a name-brand drug, pharmacists may not simply replace one drug for another or dispense a liquid form of a drug when a pill or tablet was prescribed. Billing government insurers for medications that have been so manipulated can violate the False Claims Act.

Misuse of the 340B drug discount program

The federally mandated 340B drug discount program requires most drug companies to provide hefty discounts — typically 20 to 50 per cent — to hospitals and clinics that treat low-income and uninsured patients. Pharmaceutical companies are required to cap outpatient drug prices at a statutorily defined “ceiling price” equal to the Average Manufacturer Price (AMP) reduced by the rebate percentage or Unit Rebate Amount (URA). Manufacturers submit both the AMP and URA to the Centers for Medicare and Medicaid Services (CMS) quarterly and can defraud the government by misrepresenting these figures, overcharging 340B entities, and/or not providing rebates to which 340B entities are entitled.

Medicaid best price fraud

To obtain Medicaid coverage of their drugs, pharmaceutical companies generally must promise to give state Medicaid programs the lowest price made available to almost any buyer of the drug. To provide this price, pharmaceutical companies report their “best price” on a drug—often calculated based on the drug’s “average wholesale price” or “average manufacturer price”—and payback to Medicaid in rebates any amount the programs paid more than this price. Pharmaceutical companies can defraud Medicaid and violate the False Claims Act by manipulating their “best price” to reduce the amount of money they must return to state Medicaid programs.

Medicare Part D Fraud

Implemented in 2006, Medicare Part D, also referred to as the Medicare Prescription Drug Program, provides drug coverage for tens of millions of elderly and disabled Americans. Under the program, private insurance companies—referred to as Part D Sponsors—offer prescription drugs to eligible beneficiaries directly or through pharmacy benefit managers (so-called “PBMs”) and then submit claims to Medicare for the drugs’ cost. Fraud can occur under Medicare Part D in many ways, including:

Some of the more common types of fraud occurring under the Medicare Part D program include:

  • Billing for drugs not provided.
  • Billing for drugs not covered by Medicare.
  • Billing for brand name drugs when generic drugs are provided instead.
  • Billing for drugs—especially opioids and other controlled substances—diverted for illegitimate purposes.
  • Billing for expired drugs.
  • Billing for drugs dispensed without a prescription or with a falsified prescription.
  • Billing for drugs dispensed with prescriptions from unauthorized, excluded, or non-existent healthcare providers.
  • Billing for drugs provided in quantities that exceed approved limits.

Fraud by Pharmacy Benefit Managers (PBMs)

PBMs are an increasingly common target of fraud investigations. PBMs are third-party administrators of prescription drug programs for, among others, Medicare Part D plans. PBMs contract with health plans to provide pharmaceuticals at low prices, which PBMs keep low through negotiation, generic substitution, manufacturer rebates, cost-sharing, formularies, and other methods. PBMs commit fraud by failing to pass savings from rebate arrangements and subsidies to clients, developing forms that favour more expensive drugs, and improperly switching drugs to generic or different brand name drugs instead of prescribed drugs. Drug manufacturers commit fraud by, for example, providing price concessions on certain drugs in exchange for a PBM’s favourable coverage of the manufacturer’s drug.

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

 

How Risky is Non-Compliance to your Business?

How risky is non-compliance to your business?

How risky is non-compliance to your business? Last year we saw our fair share of AML (anti-money laundering) failures and violations, resulting in eye-watering FCA and HMRC fines. According to Ponemon Institute and security company GlobalScape recent report, the annual cost of non-compliance to businesses now runs an average of $14.8 million, a 45 per cent increase since 2011.

Meanwhile, the range can be anywhere from $2.2 million to $39.2 million. On the other hand, the cost of compliance was found to average $5.5 million, up 43 per cent from 2011. In recent years, adhering to the laws and standards and monitoring the compliance of business processes has evolved as a major concern for business owners.

Staying compliant with ever-evolving regulations has become an ‘obvious’ business imperative, and failing to adhere to these regulations can put organisations in a fix. Before we dive into the risks of falling into the ‘non-compliant dungeon, let’s understand what corporate compliance is. Operating in a multiplicity of countries inevitably also means having to comply with any local regulations.

VIEW RISK MANAGEMENT BROCHURE

 

What is Corporate Compliance?

Compliance at the corporate level involves adhering to a wide range of rules, regulations, laws, and standards designed to protect every aspect of your business. Right from obeying safety guidelines to following the standards for paying wages, an organisation must comply with all the local, state, and federal laws at all times.

Monitoring not only refers to continuously observing possible compliance violations but also includes predicting their occurrence. Since the concept of business process compliance is vast, approaches related to process monitoring are hard to identify. Monitoring the compliance of business processes with relevant regulations, constraints, and rules during runtime has evolved as a major concern in practice.

The cost of non-compliance and monetary fines have been continuously increasing in the past few years. However, business owners are becoming impatient, as these consequences would affect the organisation in many ways. Increased complexity, enforced business changes, and individuals being held personally accountable are all set to continue because of continuous compliance failures.

Why is Compliance crucial?

The following are six fundamental reasons why an organisation should implement statutory compliance.

  • Reason No. 1: is required by Law – All registered companies are mandatorily obligated by the law to follow statutory regulations and comply with them.
  • Reason No. 2: surprise audits – Non-compliance also invites unnecessary inspection and audits, leading to a waste of time and money.
  • Reason No. 3: the financial penalties are high – Failing to adhere to statutory compliance will lead to hefty fines and indirect losses to organisations.
  • Reason No.4: potential imprisonment for everyone involved – Severe cases of non-compliance could result in imprisonment of the organisation’s CEO/Directors/Board members.
  • Reason No.5: Brand Value and Market Reputation – Payment of fines and imprisonment can destroy a company’s brand name in the market it thrives in.
  • Reason No.6: the organisation can be forced to a shutdown – In cases that exhibit perilous non-compliance, authorities can even order companies to cease operations.

Several examples in the global business environment show the repercussions of non-compliance. Look at the following cases:

  • Amazon found guilty of breaching Dangerous Goods Regulations
  • Thames Water was ordered to pay record £20 million for river pollution
  • Google Is Fined $57 Million Under Europe’s Data Privacy Law
  • Westpac accused of 23 million breaches by money-laundering watchdog
  • Italy’s civil aviation authority ENAC threatens to ban Ryanair over alleged non-compliance

The biggest fine so far was the £102m imposed on Standard Chartered for “poor AML controls”, which saw “breaches in two higher risk areas of its business.” This is the second-largest financial penalty for AML failures ever imposed by the FCA.

Improve Your Compliance

A comprehensive compliance solution:

  • Reduces business risks
  • Helps to expedite global expansion
  • Enhances control and visibility
  • Enables the elimination of business risks

After all, when it comes to non-compliance issues, ignorance of the law is no defence. As they say – “Being Compliance is not a choice, but a mandate” the regulatory environment is only going to get fiercer day by day, and companies that miss staying abreast of the global legal amendments might regret big-time.

The UAE, for example, has cracked down on their Ultimate Beneficial Owner compliance requirements – a requirement that costs roughly DH15  but results in a penalty of Dh15,000 up to Dh100,000 if businesses fail to comply.  The Ultimate Beneficial Owner requirement was set up to prevent illicit activities such as money laundering or financing of terrorism.

The requirement reveals anyone who has direct or indirect control of an organisation and requires all such information to set up or renew business licenses to the UAE Government. It’s great to see so many new procedures being put in place that can help you safeguard your business. Are you interested to know how your organisation can excel in global compliance?

Topic: how risky non-compliance to business

 

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

 

What Is Corporate Compliance and Why It’s Important

Home | All Industries

The Importance of Corporate Compliance

Corporate compliance should be an essential part of your business operations, regardless of size or industry. How does your business manage compliance and mitigate risk? Taking preventative measures can feel like a hassle upfront, but it can save you untold organisational costs in the long run.

Corporate compliance violations can result in fines, penalties, lawsuits, loss of reputation, and more. Keep your business from learning the lesson the hard way. Start developing a compliance program today. This article will define compliance, what it means for your business, and how you can create a successful compliance program.

What is Compliance in Business?

The definition of compliance is “the action of complying with a command,” or “the state of meeting rules or standards.” In the corporate world, it’s defined as the process of making sure your company and employees follow all laws, regulations, standards, and ethical practices that apply to your organisation and industry.

Corporate compliance covers both internal policies and procedures, as well as federal and state laws. Enforcing compliance helps your company prevent and detect violations of rules, protecting your organisation from fines and lawsuits.

The compliance process should be ongoing. Many organisations  to consistently and accurately govern their compliance policies over time.

The Purpose of a Corporate Compliance Program

The purpose is to protect your business. It’s as simple as that. But the return on investment could be significant, helping you avoid waste, fraud, abuse, discrimination, and other practices that disrupt operations and put your company at risk.

Your corporate compliance program needs to be integrated with all compliance efforts enterprise-wide, from the management of external regulations and internal policies to comprehensive employee training. By making sure all departments and staff are working together to maintain standards, you can mitigate the risk of significant failures and violations.

An effective program improves communication between leadership and staff. It should include a process for creating, updating, distributing, and tracking compliance policies. After all, employees can’t be held responsible for rules and regulations they don’t know exists. But once they understand expectations, your staff can stay focused on your organisation’s broader goals and help operations run smoothly. What’s more, when employees are adequately trained on compliance requirements, they are more likely to recognise and report illegal or unethical activity.

Maintaining compliance equips your employees to do their jobs well, reach their career goals, and keep customers happy. In turn, your company can achieve its goals and grow faster.

In the unfortunate event that your organisation faces a lawsuit, your corporate compliance program will help in court.

As one report from Rutgers School of Law explained, “An organisation that has made a robust effort to prevent and detect violations of the law by its employees and others acting for it will be treated less harshly than one that was indifferent to complying with the law.”

How to Create a Successful Corporate Compliance Program

Very few businesses can afford to procrastinate on a corporate compliance program. Don’t let hindsight be 20/20 for your organisation. Have the foresight to take action today.

Your program should be carefully planned and implemented, with coinciding training programs to guarantee personnel are well-versed in all areas of compliance. Here are a few steps to establish or refine your corporate compliance program:

1. Get Your Leadership on Board

Your corporate compliance program won’t run itself. One person should be assigned the responsibility of managing the program day-to-day.

Depending on the size of your organisation, you could have one compliance officer or several. Regardless, those in charge of the compliance program must have the authority to enforce the rules and hold staff at all levels accountable.

They also need direct access to the company’s governing body, including senior management or the board of directors.

Access to senior management and authority to enforce rules is essential when potential compliance issues come up, empowering your officers to respond quickly. But communication goes both ways. The governing body needs to assess the effectiveness of the corporate compliance program regularly.

Corporate compliance is about fostering a workplace culture that values integrity and ethical conduct.

This starts at the top.

For the program to work, your leaders need to follow the rules first. They should encourage ethical behaviour and openly talk about the importance of compliance.

Company leaders should encourage employee input, emphasising that they won’t be punished for reporting unlawful or unethical behaviour.

The Department of Justice created a checklist for evaluating corporate compliance programs and suggest asking the following questions:

  • How have senior leaders encouraged or discouraged the type of misconduct in question through their words and actions?
  • What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts?
  • How does the company monitor its senior leadership’s behaviour? How has senior leadership modelled proper behaviour to subordinates?
2. Conduct Risk Assessments

Corporate compliance is about managing risk.

To build an effective program, you need to know what compliance areas pose the highest risks to your organisation. Once you have identified these areas, you can focus your resources on addressing them.

Federal and state regulations, as well as industry standards, are continually evolving. To avoid the risk of non-compliance, it’s essential to conduct regular assessments. The Association of Corporate Counsel (ACC) suggests conducting a risk assessment once a year.

A formal assessment process, like this one recommended by the ACC, can help your organisation be proactive about preventing corporate compliance violations:

  • Audit results
  • Recent litigation
  • Compliance complaints
  • Employee claims
  • Industry enforcement trends
  • Compliance policies in each risk area
3. Establish and Maintain Your Code of Conduct, Policies, and Standards

Your corporate compliance program needs a well-defined code of conduct. Why? Because it can help define your program’s purpose and set expectations for behaviour.

The code of conduct acts as a foundation and should explain the following key points:

  • Who is responsible for managing the program
  • How employees should report misconduct
  • Disciplinary measures for violating the code of conduct

Your corporate policies should build on top of that foundation by providing guidelines for specific areas of compliance. For example, they may address common corporate compliance violations:

  • Corporate corruption
  • Bribery
  • Tax practices
  • Conflicts of interest
  • Record retention

The list goes on. But the exact areas you need to address will depend on your industry.

Once risk areas have been identified and policies created, you should establish procedures to help employees carry out policies correctly. Creating step-by-step guidelines makes it easier to follow procedures and identify non-compliance.

Risk areas in specific industries may require additional standards. For example, the Foreign Corrupt Practices Act may require you to keep detailed protocols for screening third-party business partners.

4. Properly Train All Employees

Compliance policies and standards are useless if employees don’t follow them. 

After establishing the policies and procedures for your corporate compliance program, you need to disseminate them to every member of your staff.

Ensure company officers, employees, and third-party vendors read and sign off on all compliance policies and procedures.

All employees and relevant vendors should be trained on laws, regulations, corporate policies, and prohibited conduct. Depending on the size of your organisation, you may want to conduct training tailored to specific employees in high-risk areas.

The ACC recommends that you track, document, and follow up on training. By implementing a compliance policy and training management tool, you can accomplish this and automate many of your manual processes. The right software lets you distribute policies, conduct online training, create custom tests, and more.

5. Improve Your Compliance 

Creating or revising your compliance policies and training takes a lot of work. It’s an ongoing process requiring consistent monitoring and updates. But don’t wait until an incident has occurred to take action. If you and your compliance officers are already busy and time-constrained, finding the right time to implement a new program can be hard. The trick is finding a compliance management solution that fits your organisation.

If you’re ready to take control of compliance, and protect your business from risk, learn more about CRI Group compliance solutions and discover how we can help your corporate compliance program.

Compliance Solutions by CRI Group

Due Diligence 360° | Third-Party Risk Management 3PRM™ | Anti-Money Laundering Solutions 

CRI Group’s compliance solutions are tailored to your organisation’s needs, helping assure compliance in all areas and keeping you one step ahead of regulatory requirements.

Money laundering is a serious global issue and recent legislation is aimed at requiring organisations to follow strict anti-money laundering protocols.

Our Due diligence 360° services provide the specialised intelligence needed by global financial institutions and multinational corporations to guarantee complete compliance with anti-money laundering (AML) regulations and legislations.

Manage your third-party risks confidently with customised 3PRM™ solutions for your organisation or get certified. CRI Group’s own exclusive, expert-developed 3PRM™ services help you proactively mitigate risks from third-party affiliations, protecting your organisation from liability, brand damage and harm to the business.

Whether your organisation has a large, well-established third-party program, is in the early stages of development, or is anywhere in between, 3PRM™ solution can improve the health of your program and future-proof your entire business in many forms.

CONTACT US TODAY

WHO IS CRI GROUP

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be.

CRI Group also holds B.S. 102000:2013 and B.S. 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations.

Contact ABAC® for more on ISO Certification and training.

To check or not to check?

Background Checks: To check or not to check?

Background checks don’t tend to make international news. They are the low-key diligent step in most well-managed recruitment processes to comfort employers that the person they are hiring is everything they seem – and nothing more.

That’s why the background checks of Belle Gibson, a super influencer who lied about having cancer, and Brett Kavanaugh, a nominee to the US Supreme Court, tend to make news headlines for who can you trust if not those in direct line of the public eye?

The Story of Belle Gibson & Brett Kavanaugh

Belle Gibson was a Melbourne “wellness” who rose to fame after sharing her story on Instagram of her terminal brain cancer and how she controls it through the power of healthy eating. Gibson claimed to have kept her cancer under control by turning away conventional medicinal practices and instead of following what she termed a “wellness” diet, a diet consisting of avocados, berries, no alcohol and so on.

Sounds impressive, right? To rid yourself of an incurable disease simply through eating better? Think again – it is too good to be true. The influencers lie caused untold damage, including turning a 44-year-old mother away from her chemotherapy in hopes of attaining Ms Gibson’s lifestyle.

But the reason why this lie broke headlines is because of what followed; a book deal with Penguin Books publishing company and an Apple app titled ‘The Whole Pantry’. It was evident that neither the tech giants nor the publishers thought to verify her assertions, thus leading to a $320,000 fine and a lot more emotional damage for the individual’s that Ms Gibson had provided false hope.

Context is everything, of course, and this job-for-life is one of the more crucial public office positions in the United States. Mr Kavanaugh had undergone six separate background checks during his career before the latest, which the FBI recently completed on behalf of the White House. Each of these will have been meticulous and thorough, right down to interviews with neighbours and acquaintances.

But you don’t have to be entrusted with national security clearance to pose a real risk to your employer. All staff members are in a position of trust, and even the humblest labourers or office workers will have privileged access to property – whether physical or intellectual. And this is not a theoretical risk – it’s a truism that employees or contractors cause the vast majority of security breaches.

The compliance perspective

Interviewing the ex-wives and sports coaches of factory and desk clerks is overkill and not economic. And that is where professional background checking comes in. It allows low hassle, cost-effective and fast checking for all recruits and employees to ensure everyone is what they claim to be, from the CEO to the company mascot.

Such checks will cover everything required to give HR directors and governing boards peace of mind: from criminal record checks and right-to-work documentation to education and qualification verifications and employment records.

A properly systematised process, supported by local intelligence, is essential to keeping costs low without compromising quality or effectiveness.

CRI Group is one of the few providers with a truly global reach and more than thirty years of experience in the sector. Our proven process means that we have one of the fastest turnaround times in the industry – typically just 3-5 days. Meanwhile, our more than 175 investigatory experts on the ground across the US, Europe, the Middle East and Asia, ensure we can navigate local customs, processes and regulations, no matter where your employees are based.

 

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds B.S. 102000:2013 and B.S. 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s international team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

 

How to Identify and Prevent Employee Fraud?

In 2017 the major European ABB conglomerate admitted that an employee took advantage of serious management failings to disappear with $103 million of the firm’s cash. According to CNN business, ABB CEO Ulrich Spiesshofer and Chief Financial Officer Eric Elzvik admitted that the organisations managers had failed to maintain sufficient segregation of duties in the treasury unit of its subsidiary in South Korea and did not provide enough oversight of local treasury activities.

To top it all off, ABB also failed to keep the signature seals of the South Korean unit secure which as a result, has lead the company became “bound to unauthorised financial contracts, resulting in undetected financial obligations.” 

Organisations rely on the honesty and integrity of their employees, however employee fraud does unfortunately cost companies vast sums of money. Employee fraud is a reality across all sectors – no matter how credible a job applicant is and how stringent your hiring process is – your business is at risk.

Tips on Identifying and Preventing Employee Fraud

When you trust your employees, it is difficult to think the worst of them, even when there are red flags – circumstances or patterns that are out of the ordinary – alerting you to the contrary. If you have suspicions of employee fraud, it is recommended to hire a forensic accountant to help you detect fraud, understand your circumstances, and put together evidence to target and confront the employee without tipping them off.

The good news is that you can plan and train your team to prevent this from taking place; the best thing you can do for your business is to learn how to recognise the warning signs of employee fraud and have robust procedures in place to minimise the risks and opportunities for fraud. Employee fraud covers a wide range of fraudulent activities in the workplace and can vary in seriousness including embezzlement.

Embezzlement involves an employee who transfers company funds into their bank account. One example of an act of embezzlement is deliberately writing cheques in the employees’ name or diverting company assets without authorisation, e.g. customers unknowingly pay into an employee-controlled bank account, not the business’. This is serious fraudulent behaviour, but employees usually get away with it without raising any suspicion by creating non-existent suppliers and fake employees or using counterfeit credit notes to hide/disguise misappropriated monies.

An easy way to spot this type of financial fraud is to scour through the bank statements and financial records of your organisation and check for irregular activities or patterns of unusual and unauthorised transactions.

Another common sign of embezzlement is when either an employee or a manager/director begins to enjoy a lavish lifestyle that is obviously beyond their means, e.g. holidays, cars, clothes/jewellery. In the case that you suspect an employee or director might be embezzling funds from within your company, it is essential to be discreet in your employee fraud investigation to prevent the employee from covering their tracks and disposing of substantial evidence.

Other Common Types of Employee Fraud

  • Commission fraud – inflating sales figures to gain a more significant commission than deserved.
  • Petty fraud – for example, embellishing an expense claim or taking office supplies.
  • Money laundering – hiding the origin of illegally obtained money and washing it through your business.
  • Insider Trading – making a profit by using valuable information that is unavailable to the public to their advantage, for example, confidential information that could impact the prices of shares, securities, goods/commodities.
  • Manipulation of accounts – false information on sales, purchases or stock can be used to perpetrate fraud for personal financial gain, e.g. overstated trading profits to receive cash/share bonuses, or get a promotion, creating false trading accounts or stock/fixed asset write-offs to obtain goods.

What can you do (as an employer) to minimise employee fraud?

The most effective way to minimise employee fraud as an employer is to implement robust management procedures and employee background screening; the implementation of these preventative measures will ensure staff are adequately investigated and monitored and consider the possibilities for collusion between employees – including a conflict of interest. Paying attention to only the procedures within your accounts department is not sufficient. The same procedures can help you across your operations, including sales and procurement.

Minimise the chances of employee fraud with the following procedures:

  • Separation of employee responsibilities such as placing orders, recording invoices and collecting debts.
  • Requiring purchase or payment authorisation by more than one person.
  • Compare actual to budgeted expenditure for unexpected patterns.
  • Examine bank reconciliations thoroughly.
  • Scrutinise cancelled cheques and cheques made out to employees or unusual vendors.
  • Review supplier invoices for significant amounts, pricing or volumes.
  • Verify credit notes and write-offs with receiving records.
  • Install and monitor CCTV to deter theft of stock or equipment.

Fraud Triangle

An American criminologist, Donald R Cressey, devised a theory that involved three aspects that trigger fraud. Understanding these triggers will help you prevent fraud:

  • Opportunity – the lack of internal controls or reporting structure/oversight increase the chance of fraud.
  • Rationalisation – the fraudster will rationalise the continued deception, which increases slowly, perhaps over a few years, becoming an entitlement, i.e. I deserve this. This offers the chance to stop some employee fraud early if robust detection procedures are in place.
  • Pressure – overwhelming pressure, be it business factors such as company targets to meet or personal pressures, such as gambling or financial problems.

Implement Pre-employment and Post-employment employee screening now!

Preventing financial loss is crucial for your business’s survival and expansion, which is why it’s essential to know and understand its obvious signs. Use the list above as a guide to protecting your organisation.

To detect employee fraud professionally and thoroughly, it is recommended you seek the expertise of a skilled employee fraud accountant as early as possible. They can help you investigate your employees by reviewing your bank statements and financial documents and advise you whether an employee is committing fraud and to what extent. A forensic accountant’s report will also give you the evidence you need to take the necessary action against your employee and act as a deterrent to others.

For a free and confidential chat to discuss how we can help your business, contact us. 

 

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Risks of Cybercrime and Social Media: NEW PLAYBOOK

The risks of cybercrime claims many victims over many sectors. The PwC Global Economic Crime Survey 2020 found that a company falls victim to six frauds on average. The most common types are customer fraud, asset misappropriation as well as cybercrime. It also proved a roughly even split between frauds committed by internal and external perpetrators, at almost 40% each – with the rest being mostly collusion between the two. Few can deny the enormous technological advancements that are constantly taking place in the modern world. The internet, the computer, and other technological advancements have dramatically changed what it means to socialise, ‘chat’, and even read a book. Both the disadvantages and advantages of such developments are clear, and as technology gains pace, so have the unlawful activities of those who seek to take advantages of such developments.

According to a 2020 cybercrime report from Europol, COVID-19 sparked upward trend in cybercrime. In fact, since the beginning of the pandemic, the FBI has seen a fourfold increase in cybersecurity complaints, whereas the global losses from cybercrime exceeded $1 trillion in 2020. 

In other words, as technology evolves, the risks of cybercrime have become complex. The sense that one is safe from crime in the privacy of one’s own home has been lost. In fact, according to World Economic Forum’s “Global Risks Report 2020” the chances of catching and prosecuting a cybercriminal are almost nil (0.05%).

Take the first steps towards developing measures against the risks of cybercrime! 

This playbook critically examines the growth of cybercrime, evaluating the risks it poses in terms of the different forms of cybercrime that exist and the regulations that seek to detect, prevent and punish them.

The extension of an old legislation to include cybercrime is not entirely effective – especially not for crimes committed within the realm of social media and social networking. Therefore the need to develop an ‘anti-cybercrime culture emerges. It has to be implemented on an international scale that safeguards these crimes – the promotion of careful use would therefore be facilitated to hinder such crimes before they can materialise. Our playbook includes:

  • What is cybercrime and why is it important?
  • Top corporate cybersecurity risks and 10 types of high-tech crimes
  • How cybercrime impacts business and your company’s growth
  • Cybercrime and regulations in place
  • And how your response as a business matters – how to can you protect your business from cybercrime including advice and tips on how to telework safely

Download the full playbook today and learn step-by-step things your company can do to be better protected from cybercrime. Robust cyber-security, data protection, anti-fraud and risk management all come together to mitigate the dangers posed by hackers, phishers and other cybercriminals.

DOWNLOAD PLAYBOOK

With the playbook in your hands, you’ll learn about the most common cyber attacks. This includes viruses, phishing attacks and website hacks. You’ll also gain a better understanding of the consequences of different types of cybercrime.

To sum it up, the playbook provides best-practices and ways that companies are lessening their risk without spending prohibitive resources to do so. Above all, the right expert advice means that any company can be on the right track to protecting their customers, their assets, and their employees from the risks of cybercrime.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds B.S. 102000:2013 and B.S. 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Review and Reassess Your Organisation’s Third-Party Relationships

The global pandemic is rattling economies worldwide, disrupting supply chains, interrupting production, wreaking havoc on industry sectors and shuttering businesses; this is ultimately having an impact on the third-party relationships businesses have. 

It’s highly probable that, at some point, organisations that affiliate with outside providers will eventually have to deal with any number of operational interruptions resulting from a third-party relationships related issue. And while the risks involved in partnering with outsiders haven’t changed over time, the potential level of liability has been ratcheted up several notches.

International Borders have been ripped down. Technology has improved the way businesses communicate. Easy access to data and information enables the media to report on business news before a business can adequately respond. Consequently, the markets are quick to react based on this 24/7 on-demand news cycle.

The result of this increased liability can be highly problematic:

  • Business litigation has skyrocketed.
  • Corporate reputations are negatively impacted due to the fallout from the current global pandemic.
  • Risk management frameworks are continually evolving to acclimate to changing business environments.
  • Board members are becoming increasingly subjected to intense scrutiny from outside critics.

THE CHALLENGE: The Global Business Climate is Changing. So Are Your Third-Party Partners.

  • Organisations suffer financial loss as the supply chain falters and loses customers because of poor-quality service from a third-party.
  • Company data systems are exposed and breached because of poor security practices by third-parties.
  • Companies are experiencing supply chain issues due to poor disaster recovery procedures by third-parties.
  • Organisations are increasingly being exposed to litigation because of relationships with an outside provider that significantly violated contractual terms, potentially resulting in regulatory exposure.

THE SOLUTION: 3PRM:  A Third-Party Certification Program; Qualify Your Partners.  Protect Your Organisation.

Corporate Research and Investigations Limited (CRI Group) is pleased to announce the rollout of its 3PRM-Certified™ program, specifically designed for organisations across the Middle East, Europe and Asian regions. 

This highly specialised Third-Party Risk Management assessment and certification program was developed to help organisations accurately determine the legal compliance, financial viability, and integrity levels of outside partners, suppliers, and customers who seek to affiliate with and represent your business.

The 3PRM-Certified™ program consists of gap analysis and investigative due diligence on targeted third-party partners, suppliers and agents seeking to affiliate with your organisation.  This highly thorough program can reveal any anti-corruption, compliance and risk management deficiencies associated with the international regulatory framework.

CRI Group employs a network of locally qualified, subject-specific auditors, investigators, certified fraud examiners and industry-specific professionals across the Middle East, European and Asian regions who can provide expert counsel in offering 3PRM-Certified™ strategies as an effective preemptive measure. 

OUTCOMES – IDENTIFYING RED FLAGS

  • Undisclosed third-party transactions
  • Material misrepresentations or ommissions
  • Unreported financial liabilities
  • Criminal or regulatory sanctions
  • Prior bribe or corruption allegations
  • Undisclosed legal or bankruptcy proceedings
  • Politically Exposed Persons (PEPs)

RESULT: A highly educated market responds immediately with their pocketbooks.

CRI Group’s 3PRM™ Third-Party Risk Management Strategy™ Can Safeguard Your Organisation Against: Has your organisation adequately vetted its third-party relationships lately?  Contact CRI Group to learn more about our 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous threats posed by third-party partnerships.

We Look Forward to Assisting You.

GET A QUOTE

our feel free to reach out to our CEO, Zafar I. Anjum, MSc, MS, LLM CFE, CIS, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC), MBCI, CII Int. Dip. (AML) | e: zanjum@crigroup.com | t:+44 7588 454959

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.