Inadequate due diligence hit Space-transport SPAC Momentus $8 million SEC fine

Home | All Regions | United Kingdom, London

Inadequate due diligence hit SPAC Momentus $8 million SEC fine

Inadequate due diligence hit SPAC Momentus $8 million SEC fine after misleading investors. The Securities and Exchange Commission (SEC) has charged the Momentus particular purpose acquisition company (SPAC), its sponsor SRC-NI, the sponsor’s CEO Brian Kabot, the company, and founder Mikhail Kokorich – which involved in a $1.2 billion space-transport SPAC for defrauding investors and obscuring the CEO’s status as a US national security risk.

The Fraud Claimed

The SPAC, Stable Road Acquisition Corp, had sought to merge with Momentus, a private start-up, to take it public. Momentus’s key offering was a “microwave electro-thermal water plasma thruster,” a way of zapping water vapour to propel a spacecraft, intending to transport satellites into space.

But Momentus’s propulsion tech failed to show results, according to SEC filings. A test mission fell well short of the company’s benchmarks, and a former Momentus employee said that the test yielded “no data to suggest that that thruster would deliver an impulse of any commercial significance.”

According to the SEC’s settled order, Kokorich and Momentus, an early-stage space transportation company, repeatedly told investors that it had “successfully tested” its propulsion technology in space when, in fact, the company’s only in-space test had failed to achieve its primary mission objectives or demonstrate the technology’s commercial viability.

The order finds that Momentus and Kokorich also misrepresented the extent to which national security concerns involving Kokorich undermined Momentus’s ability to secure required governmental licenses essential to its operations.

Join our mailing list and get exclusive industrial insights for subscriber-only!

The compliance issue: Inadequate due diligence

The SEC’s settled order finds that Stable Road repeated Momentus’s misleading statements in public filings associated with the proposed merger and failed its due diligence obligations to investors.

According to the order, while Stable Road claimed to have conducted extensive due diligence of Momentus, it never reviewed Momentus’s in-space test results or received sufficient documents relevant to assessing the national security risks posed by Kokorich.

The order finds that Kabot participated in Stable Road’s inadequate due diligence and filed its inaccurate registration statements and proxy solicitations. The SEC’s complaint against Kokorich includes factual allegations that are consistent with the findings in the order.

“This case illustrates risks inherent to SPAC transactions, as those who stand to earn significant profits from a SPAC merger may conduct inadequate due diligence and mislead investors. Stable Road, a SPAC, and its merger target, Momentus, both misled the investing public. The fact that Momentus lied to Stable Road does not absolve Stable Road of its failure to undertake adequate due diligence to protect shareholders. Today’s actions will prevent the wrongdoers from benefitting at the expense of investors and help to better align the incentives of parties to a SPAC transaction with those of investors relying on truthful information to make investment decisions.

SEC Chair Gary Gensler

The litigation against Momentus, Stable Road, and Kabot

Associate Director of the SEC’s Division of Enforcement, Anita B, mentioned in her statement that Momentus’s former CEO alleged to have engaged in fraud by misrepresenting the viability of the company’s technology and his status as a national security threat, inducing shareholders to approve a merger in which he stood to obtain shares worth upwards of $200 million.

The SEC’s order finds that Momentus violated scienter-based antifraud provisions of the federal securities laws and caused sure of Stable Road’s violations. It also considers that Stable Road violated negligence-based antifraud provisions of the US federal securities laws as well as specific reporting and proxy solicitation provisions.

The order finds that Kabot violated provisions of the federal securities laws related to proxy solicitations. Kabot and SRC-NI caused Stable Road’s violation of Section 17(a)(3) of the Securities Act of 1933. Without admitting or denying the SEC’s findings, Momentus, Stable Road, Kabot, and SRC-NI consented to an order requiring them to cease from future violations. Momentus, Stable Road, and Kabot will pay civil penalties of $7 million, $1 million, and $40,000, respectively.

Inadequate due diligence hit SPAC Momentus $8 million SEC fine. Source: US Securities and Exchange Commission 

What do you actually know about the integrity of the 3rd party and their way of doing business? Do they adhere to (inter)national regulations on anti-bribery and anti-corruption? Is it possible that there is a liability risk?

Due diligence on potential business partners when adding a new vendor or even hiring a new employee is vital to confirm the legitimacy and reduce the risks associated with such professional relationships. Global integrity DueDiligence360TM investigations provide your business with the critical information it needs in making sound decisions regarding mergers and acquisitions, strategic partnerships, and the selection of vendors, suppliers, and employees. It will ensure that working with an, i.e. potential trade partner will ultimately achieve your organisation’s strategic and financial goals.

At CRI Group, we specialise in Integrity Due Diligence, working as trusted partners to businesses and institutions worldwide. Our people work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates. CRI’s unique identity and vision evolved from our fundamental desire to support our clients and their candidates. Safeguard your business and its integrity with DueDiligence360™.

Our DueDiligence360™ expose vulnerabilities and threats that can cause serious damage to your organisation and can significantly reduce business. CRI Group is trusted by the world’s largest corporations and consultancies – outsource your due diligence to an experienced provider, and you will only ever have to look forward, never back.

CRI Group investigators employ a proven, multi-faceted research approach that involves a global array of databases, courts and public record searches, local contacts, industry and media resources, and in-depth web-based research. Our resources include:

  • International business verification
  • Individual business interest search
  • Personal profile on individual subjects
  • Company profile on corporate entities
  • Historical ownership analysis
  • Identification of subsidiaries & connected parties
  • Global/national criminality & regulatory records checks
  • Politically Exposed Person database
  • International digital media research
  • Company background analysis
  • Industry reputational assessment
  • FCPA, UK Anti-Bribery & corruption risk databases
  • Global terrorism checks
  • Global financial regulatory authorities checks
  • Money laundering risk database
  • Financial reports
  • Asset tracing
  • Country-specific databases that include litigation checks, law enforcement agencies & capital market, regulators

Protect your reputation and the risk of financial damage and regulator action using our detailed reports. They enhance your knowledge and understanding of the customer, supplier, and third-party risk, helping you avoid those involved with financial crime.

DueDiligence360™ from CRI Group

WHAT DO YOU ACTUALLY KNOW ABOUT THE INTEGRITY OF THE PARTY & THEIR WAY OF DOING BUSINESS? DOES OR DID THIS PARTY ADHERE TO (INTER)NATIONAL REGULATIONS ON ANTI-CORRUPTION & ANTI-BRIBERY? IS IT POSSIBLE THAT THERE IS A LIABILITY RISK?

At CRI Group, we specialise in Integrity Due Diligence, working as trusted partners to businesses and institutions across the world. Our people work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates.

CRI’s unique identity and vision evolved from our fundamental desire to support our clients and their candidates. Safeguard your business and its integrity with DueDiligence360™.

Our DueDiligence360™ expose vulnerabilities and threats that can cause serious damage to your organisation and can significantly reduce business. CRI Group is trusted by the world’s largest corporations and consultancies – outsource your due diligence to an experienced provider and you will only ever have to look forward, never back. Clients who partner with us benefit from our:

Expertise
CRI Group has one of the largest, most experienced and best-trained integrity due diligence teams in the world.

Global scope
Our multi-lingual teams have conducted assignments on thousands of subjects in over 80 countries, and we’re committed to maintaining and constantly evolving our global network.

Flexibility
Our DueDiligence360TM service is flexible and can apply different levels of scrutiny to the subjects of our assignments, according to client needs and the nature of the project.

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, the CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations.

UK solicitor sentenced to four years in prison over £2.3m fraud

UK solicitor, Andrew Davies defrauding his firm £2.3m jailed

A former senior partner, the UK solicitor, has been jailed for four years after defrauding his firm out of a total of £2.3m. Andrew Davies, 59, paid personal invoices to himself from the business and under-declared £1.1m in stamp duty land tax to HM Revenue and Customs (HMRC) for over nine years.

Davies pleaded guilty to one count of fraud by false representation at Reading Crown Court in 2019 and was sentenced to four years imprisonment in January this year. As a senior partner at the firm, Andrew Davies managed to defraud it out of the money by paying personal invoices to himself from the business account.

The 59-year-old also under-declared £1.1m in Stamp Duty Land Tax to HMRC over nine years, over-declaring tax to clients and then taking money from the solicitor’s firms account for himself, both defrauding the company he worked for and HMRC at the same time.

Davies also raised invoices to pay over £1.6 million to his friend Stephen Allan, who worked as a property developer and was a firm client. The 62-year-old from Bishop’s Stortford was convicted at Reading Crown Court on one count of money laundering and jailed for three years.

In a statement, police mentioned the convictions and sentencing of a solicitor’s firm in Berkshire defrauded out of £2.3m between 2010 and 2017.

Allan then made smaller payments into Davies’ account and also pocketed around £400,000 himself. The solicitor extracted funds from the firm’s client account, paying it to Allan in transactions described as ‘fees’, but there was no known work for this.

Davies of The Street, West Clandon, Guildford, and Allan of Thornberry Road, Bishops Stortford, Hertfordshire, were charged by police officers in August 2019.

The statement did not name the firm, but a Solicitors Regulation Authority notice has previously stated that Davies worked for Reading firm Pitmans LLP, which has since become part of another practice. Davies has already been struck by the Solicitors’ Disciplinary Tribunal and ordered to pay £17,000 in costs.

Investigating officer Detective Constable Katie Taylor of Thames Valley Police’s Economic Crime Unit said: ‘In this case, a solicitor trusted to safeguard client funds abused this position and systematically defrauded his firm of large sums of money for his benefit.

‘He then used a corrupt relationship to launder the proceeds of his crime through a property developer. These professional enablers of organised crime represent a significant risk, and we hope that the conviction and sentence, in this case, will act as a deterrent to others.’

Source: Financial Crime News & The Law Society Gazette

 

Get exclusive insights curated for subscriber-only when you join our mailing list.

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, the CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations.

You suspect employee fraud. Now what?

When any type of fraud, including employee fraud, is discovered, it’s usually by surprise. That’s because most of us aren’t used to looking for criminal behaviour inside our own organisation. We trust…
Read More

John Wood Group to pay $177 million to settle bribery charges inherited through its merger

John Wood Group bribery probe trace back to its merger with Amec Foster Wheeler Plc.

John Wood Group Plc has agreed to pay $177 million to settle the UK led bribery and corruption probe into a British engineering firm it acquired in 2017. The settlement is part of a so-called deferred prosecution agreement with the Serious Fraud Office and the US Department of Justice concerning Amec Foster Wheeler Plc.

The UK agreement is still subject to court approval. As part of the deal, the company can avoid prosecution for three years if it cooperates in the continuing bribery probe. Wood Group’s payment is one of the largest ever obtained in the UK led bribery and corruption case. The biggest was a $1.2 billion settlement with Airbus SE that also involved the US and French authorities.

In 2017, the SFO opened an investigation into Amec’s use of third parties to gain contracts, just weeks after Shareholders approved wood Group’s proposed acquisition. The DOJ said the probe concerned a scheme to pay bribes to officials in Brazil for a $190 million contract to design a gas-to-chemicals complex.

As part of the deal announced, at least $10.1 million will settle charges brought by the US Securities and Exchange Commission. The DOJ said it would get about $18.4 million to resolve its criminal charges in the Brazil bribery probe. Amounts to be paid to the UK and Brazil are yet to be made public.

Wood Group announced that it was close to a settlement. It originally said it expected a deal for $186 million, with about $60 million paid in the first half of 2021 and the rest over three years. The company also agreed to pay $10 million to Scottish authorities earlier this year to settle the case.

“The investigations brought to light unacceptable, albeit historical, behaviour that I condemn in the strongest terms,” Wood Group Chief Executive Officer Robin Watson said in a statement. “Although we inherited these issues through acquisition, we took full responsibility in addressing them, as any responsible business would.”

The company has “cooperated fully with the authorities” and “taken steps to improve further our ethics and compliance program from an already strong foundation,” Watson said. “I’m pleased that, subject to final court approval in the UK, we have been able to resolve these issues and can now look to the future.”

The agreement comes amid criticism of the SFO and its inability to prosecute individuals after securing settlements with companies. Earlier this year, the SFO dropped its probe into former Airbus directors and was dealt a humiliating setback after its trial against two former Serco Group Plc directors fell apart because it failed to disclose evidence.

In May 2021, the SFO opened one of its biggest investigations into suspected fraud and money laundering concerning GFG Alliance and its financing agreements with Greensill Capital. It was after months of intense pressure from lawmakers to investigate Sanjeev Gupta’s empire.

John Wood Group bribery probe

Source: Financial Crimes News

Join our mailing list and get exclusive industrial insights for subscriber-only!

The importance of due diligence in merger and acquisition to avoid a similar incident happened like in John Wood Group.

Due diligence is understood as the reasonable steps taken to satisfy legal requirements in the conduct of business relations. That allows you to reduce risks – including risks arising from the FCPA (Foreign Corrupt Practices Act) and the UKBA (UK Bribery Act), to make informed decisions and to pursue takeovers or mergers with more confidence.

Unlike other kinds of control (audits, market analysis, etc.), it must be completely independent and rely as little on information provided by the researched subject. The other important difference lies in the methodology: commercial or financial due diligence analyses available information, investigative type provides reliable and pertinent, but raw, information.

Due diligence on potential business partners when adding a new vendor or hiring a new employee is vital to confirm the legitimacy and reduce the risks associated with such professional relationships. Global integrity due diligence investigations provides your business with the critical information it needs to make sound decisions regarding mergers and acquisitions, strategic partnerships, and the selection of vendors, suppliers, and employees.

It will ensure that working with an, i.e. potential trade partner will ultimately achieve your organisation’s strategic and financial goals. CRI Group investigators employ a proven, multi-faceted research approach that involves a global array of databases, courts and public record searches, local contacts, industry and media resources, and in-depth web-based research. Our resources include:

  • International business verification

  • Individual business interest search

  • Personal profile on individual subjects

  • Company profile on corporate entities

  • Historical ownership analysis

  • Identification of subsidiaries & connected parties

  • Global/national criminality & regulatory records checks

  • Politically Exposed Person database

  • International digital media research

  • Company background analysis

  • Industry reputational assessment

  • FCPA, UK Anti-Bribery & corruption risk databases

  • Global terrorism checks

  • Global financial regulatory authorities checks

  • Money laundering risk database

  • Financial reports

  • Asset tracing

  • Country-specific databases that include litigation checks, law enforcement agencies & capital market regulators

DueDiligence360™ from CRI Group

WHAT DO YOU ACTUALLY KNOW ABOUT THE INTEGRITY OF THE PARTY & THEIR WAY OF DOING BUSINESS? DOES OR DID THIS PARTY ADHERE TO (INTER)NATIONAL REGULATIONS ON ANTI-CORRUPTION & ANTI-BRIBERY? IS IT POSSIBLE THAT THERE IS A LIABILITY RISK?

At CRI Group, we specialise in Integrity Due Diligence, working as trusted partners to businesses and institutions across the world. Our people work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates.

CRI’s unique identity and vision evolved from our fundamental desire to support our clients and their candidates. Safeguard your business and its integrity with DueDiligence360™.

Our DueDiligence360™ expose vulnerabilities and threats that can cause serious damage to your organisation and can significantly reduce business. CRI Group is trusted by the world’s largest corporations and consultancies – outsource your due diligence to an experienced provider and you will only ever have to look forward, never back. Clients who partner with us benefit from our:

Expertise
CRI Group has one of the largest, most experienced and best-trained integrity due diligence teams in the world.

Global scope
Our multi-lingual teams have conducted assignments on thousands of subjects in over 80 countries, and we’re committed to maintaining and constantly evolving our global network.

Flexibility
Our DueDiligence360TM service is flexible and can apply different levels of scrutiny to the subjects of our assignments, according to client needs and the nature of the project.

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, the CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations.

Corporate Fraud and Corruption: affect on UK businesses in the 2021

CRI Group and its ABAC® Center of Excellence were featured in Financier Worldwide’s InDepth Feature: Corporate fraud and corruption 2021. In this edition, CRI Group’s CEO Zafar Anjum and ABAC®’s Scheme Manager Huma Khalid talk about how corporate fraud and corruption affect businesses not only in the UK and UAE, but across the globe, and provide solutions and insights for businesses to become better protected from corporate fraud, bribery and corruption.

Q. To what extent have you seen a notable rise in the level of corporate fraud, bribery and corruption uncovered in the UK?

A. The COVID-19 pandemic has created increased opportunities for fraud worldwide. The UK is not immune, unfortunately, and such a disruptive event as the pandemic increases the likelihood that normal safeguards and risk management controls can be bypassed and subverted. There has been an increase in reported fraud and corruption cases over the past year. A survey of fraud experts by the Association of Certified Fraud Examiners (ACFE) in August 2020 showed that 77 percent were seeing an increase in fraud. Perhaps not surprisingly, cyber fraud is the fastest-growing problem area, but there has also been an uptick in unemployment fraud. This is bad news in the UK, where fraud is our most common crime, costing the country £190bn annually, according to the Royal United Services Institute (RUSI).

Q. Have there been any legal and regulatory changes implemented in the UK designed to combat fraud and corruption? What penalties do companies face for failure to comply?

A. There is proposed legislation, supported by the secretary of state of the UK’s Department of Business, Energy and Industrial Strategy, that would increase accountability for corporations that produce falsified financial statements. This includes a provision that would require company directors to personally sign off on their corporation’s financial statements, under penalty of fines and possible prison time. Under the Sarbanes-Oxley Act in the US, the penalty for falsely certifying such statements is steep: up to 20 years in prison and up to $5m in fines, and the UK is looking at similar measures to step up its fight against fraud and corruption. The UK also recently approved the formation of an audit, reporting and governance authority (ARGA) that should come into force within the next two or three years. Accordingly, the UK is taking a stronger stance against fraud going forward.

Q. In your opinion, do regulators in the UK have sufficient resources to enforce the law in this area? Are they making inroads?

A. Combatting fraud is never straightforward. When looking at progress in detecting and preventing fraud, it sometimes feels like a question of whether the glass is half full or half empty. For example, the Serious Fraud Office (SFO) brought 13 fraud defendants to trial in 2019 and 2020, with a 95 percent fouryear success rate by case. Many of these represent large frauds, and they are meaningful wins, but how many more fraudsters are out there undiscovered? Other bodies, including Her Majesty’s Revenue and Customs (HMRC), among others, also have key roles to play in investigating fraud, but a considerable amount of fraud is still investigated and prosecuted at the local level. It is important for leaders in the UK to know what resources law enforcement have and where they need training and support in the fight against fraud.

Q. If a company finds itself subject to a government investigation or dawn raid, how should it respond?

A. Any investigation, and especially a raid, can be an incredibly stressful time for a company and its employees. The important thing is to not panic – the investigators have a job to do, and the sooner they get to the truth of the situation, the better for everyone. Companies should direct their management and their employees to cooperate fully, while also engaging legal counsel to properly protect the corporation from future litigation. If fraud is detected, it is a criminal matter and the company should make a good faith effort to work with prosecutors and regulators, while making sure to document all control measures and prior steps taken to manage fraud risk. Having a track record of meeting compliance requirements and having proper internal controls in place at the time fraud occurs could have a mitigating effect in terms of potential prosecution and penalties down the road.

Q. What role are whistleblowers playing in the fight against corporate fraud and corruption? How important is it to train staff to identify and report potentially fraudulent activity?

A. Employees are a company’s first line of defence against fraud and corruption. But training them to recognise the red flags of fraud is only half of the process. The company must also implement a reporting system that is anonymous and easy to use, so that employees are encouraged to report any suspicions. Then, the company must follow through and fully investigate any reports that do come in. If it does not, whistleblowers will believe that combatting fraud and corruption is not a corporate priority, and the tips will stop coming in. How important are those tips? According to the ACFE, they are by far the highest detection method for fraud, well above audits and other means. The company should communicate that a whistleblower hotline or online reporting system is available, and that there is a zero-tolerance policy for any type of retaliation against whistleblowers. Over time, the tips will come in.

Q. What advice can you offer to companies on conducting an internal investigation to follow up on suspicions of fraud or corruption?

A. Investigations can be challenging, and they require expertise. For example, there are rules for collecting and handling evidence, including physical evidence and witness statements, that must be followed for such evidence to be admissible in court. There are also laws in the UK dealing with privacy and the rights of the accused. The bottom line is that a company already dealing with a potentially costly and damaging fraud scenario should not risk adding more legal trouble through a faulty investigation. Hire experts who deal with corporate crime and specialise in fraud and corruption cases. Like any other area of expertise, they will have the knowledge and resources to help proceed with an investigation and lead it to the most favourable outcome for your company. If you already have anti-fraud professionals on staff, let them take the lead, but provide outside resources as needed.

Q. What general steps can companies take to proactively prevent corruption and fraud within their organisation?

A. A fraud prevention strategy has many different elements, and the sooner companies implement them, the sooner they can begin to work together in a proactive way to prevent fraud. Mandating employee training, such as ISO 37001 ABMS, having an ethical code of conduct signed by every member of staff, providing regular and surprise audits, and implementing a fraud reporting system are all effective ways to help prevent and detect fraud and corruption. None of these methods is strong enough on its own to properly protect organisations. But together, they can be very effective. It is also important to set a ‘tone at the top’, from ownership, directors and management on down, that fraud will not be tolerated. Anti-fraud controls only work if the company sees them through and thoroughly investigates every report. When fraud is confirmed, any perpetrators should be terminated and potentially prosecuted, sending a message of zerotolerance.

 

Meet Zafar ZAFAR ANJUM, Group Chief Executive Officer

Zafar Anjum is founder and group CEO at CRI Group, and its ABAC Center of Excellence. He uses his extensive knowledge and expertise in creating stable and secure networks across challenging global markets. For organisations needing large project management, security, safeguard and real-time compliance applications, Mr Anjum is the assurance expert of choice for industry professionals.

Corporate Research and Investigations | t: +44 (0)7588 454 959 | e: zanjum@crigroup.com

Meet HUMA KHALID,  Scheme Manager

Huma Khalid, as scheme manager, is responsible for leading ABAC. Ms Khalid’s responsibilities include planning and overseeing all aspects of the ABAC programme, which include certification and training. Additionally, she oversees the compliance department for the implementation, management and internal audit of CRI Group’s and ABAC compliance programmes

ABAC Center of Excellence Limited | t: +44 (0)777 652 4355 | e: huma.k@abacgroup.com

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Other contacts:

RAZA SHAH Business Development and Marketing Executive | t: +92 300 501 2632 | e: raza.shah@crigroup.com
AYESHA SYED Lead Auditor | t: +971 4 358 9884 | e: ayesha.s@abacgroup.com

Cyber security: how to maintain GDPR compliance?

The European Union’s (EU) General Data Protection Regulation (GDPR) came into force in 2018. The GDPR was a response to massive worldwide data breaches that were undermining the trust and security of private citizens whose personal information was at stake. As this data was exposed by both hackers and, in some cases, simply through poor security measures, governments of the EU felt it was time to create a strong piece of governance to bolster protection. While the initial rollout of GDPR held some uncertainty and unknowns for organisations subject to its guidelines, there is now a much clearer picture of how its standards apply. The punishments for being caught out of compliance can be severe: Violators of the GDPR may be fined up to €20 million or up to 4 percent of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater.

Cybersecurity is a priority for the management

Even with extremely high fines and stringent requirements, GDPR violations and data breaches have been skyrocketing across the world. In 2020, the overall increase of fraudulent activities has been detected, based on ACFE’s “Fraud in the Wake of COVID-19: Benchmarking Report”: 77% of survey participants have seen an increase in the overall level of fraud as of August, compared to 68% who had observed an increase in May. Earlier we wrote how the COVID-19 crisis triggered fraudulent activities and what can businesses do to support anti-fraud movements in their organisations and to strengthen their immunity to fraud. However, cyber-attacks are on the rise – the survey by the gov.uk continues to show that cybersecurity breaches are a serious threat to all types of businesses and charities. 39% of businesses and 26% of charities reported having cybersecurity breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (65%), large businesses (64%) and high-income charities (51%).

The study suggests that the risk level is potentially higher than ever under COVID-19 and that businesses are finding it harder to administer cybersecurity measures during the pandemic: 35% of businesses compared to 40% last year are now deploying security monitoring tools. This reduction suggests that these organisations might simply be less aware than before of the breaches and attacks their staff are facing.

However, among those that have identified breaches or attacks, around 27% of businesses experience them at least once a week. The most common by far are phishing attacks (83%, and 79% in charities), followed by impersonation (for 27% and 23%). Based on a survey by the gov.uk, despite COVID-19 stretching many organisation’s cybersecurity teams to their limits, cybersecurity remains a priority for management boards. But it has not necessarily become a higher priority under the pandemic. Three-quarters (77%) of businesses say cybersecurity is a high priority for their directors or senior managers, while seven in ten charities (68%) say this of their trustees.

The most notable data breaches

In the climate where organisations are putting more emphasis on strengthening their online security systems, there is no shortage of data breaches or GDPR violations. Our experts have noticed and shortlisted a few most notable cases in any order for you to be aware:

1. Booking.com

The very recent case, when travel booking website Booking.com has been hit with a  €475,000 ($560,000) fine after failing to report a data breach within the time period mandated by the GDPR. It happened back in 2018 when telephone scammers targeted 40 employees at various hotels in the United Arab Emirates (UAE). The hackers were able to get login creations for the booking system and to access the personal details of more than 4000 customers who booked hotel rooms via booking.com. The scammers exposed the credit card details of 283 customers, and in 97 cases the CVV code was also compromised. Based on GDPR, the data breach must be reported within 72 hours. Booking.com was late for 22 days (!) to report the breach to the Dutch Data Protection Authority and was issued a fine in April 2021, as reported by Forbes.

2. Twitter

Another company that was late to report the security flaw is Twitter – it was discovered in December 2018 but the social media giant did not report it to Ireland’s Data Protection Commission (DPC) until the following month. As a result, Twitter has been told to pay a €450,000 GDPR fine by Ireland’s data regulator for failing to report a 2018 data breach in the legally required timeframe. The DPC also determined that Twitter failed to adequately document the breach, another requirement under GDPR.

3. Vodafone

The firm that has been warned or fined smaller amounts on at least 50 occasions between January 2018 and February 2020, is in the news again: the Spanish data protection authority has fined Vodafone €8.15 million (approximately £7 million) for aggressive telemarketing tactics and repeated data protection failures. The fine was issued as a result of an investigation that was prompted by hundreds of complaints, with the regulator discovering a system that held up to 4.5 million contact lists purchased from third parties without user consent.

4. Facebook

And another social media giant – Facebook. Ireland’s data protection watchdog is demanding answers from Facebook over the release of records on 533 million people that appeared to stem from the social media site. As reported in April 2021, a spokesman for the Data Protection Commission (DPC) – which regulates Facebook in the European Union – said “a dataset, appearing to be sourced from Facebook, has appeared on a hacking website this weekend for free and contains records of 533 million individuals.”

5. H&M

The Data Protection Authority of Hamburg, Germany, fined clothing retailer H&M €35,258,707.95 — the second-largest GDPR fine ever imposed. H&M’s GDPR violations involved the internal monitoring of employees. After employees took vacation or sick leave, they were required to attend a return-to-work meeting. Some of these meetings were recorded and accessible to over 50 H&M managers. It has violated the GDPR’s principle of data minimisation — don’t process personal information, particularly sensitive data about people’s health and beliefs, unless you need to for a specific purpose.

6. Google

The biggest penalty (€50 million) was issued to Google for its alleged failure to provide notice in an easily accessible form, using clear and plain language, when users configure their Android mobile devices and create Google accounts, and obtain users’ valid consent to process their personal data for ad personalisation purposes. 

COMPLIANCE & ETHICS HOTLINES, REPORT NOW

How to maintain GDPR compliance

What can we learn from these case studies? Maintaining GDPR compliance is a complex process, and requires a lot of diligent work. At CRI Group, we recommend looking at it as a part of your risk management strategies, together with your compliance policies and procedures.

To help you with maintaining compliance with GDPR, our integrity due diligence experts created the following top 10 GDPR best practices for any business or entity that deals with collecting, storing or using personal information:

1. Employ a Data Protection Officer (DPO)

It is a GDPR requirement that entities who carry out regular and systematic monitoring of individuals on a large scale, or large-scale processing of certain special categories of data, have an assigned DPO. It is also recommended, however, for all other entities to help ensure data security. While the GDPR does not specifically list the necessary training or qualifications of a DPO, the regulation does require the DPO to have “expert knowledge of data protection law and practices” (Digital Guardian, 2019). Implement thorough background screening processes and make sure they are trained and qualified to be your DPO.

2. Train your employees

Ensure that all personnel are aware of the GDPR and your organisation’s commitment to compliance. Make sure that all leaders, and especially key personnel charged with collecting, handling or storing data, understand their responsibilities under GDPR. Make date protection training a regular part of your employee curriculum.

3. Confirm the legality of your data collection

GDPR requires that you have a legal basis to collect personal data. For most businesses, the following are the most likely to be applicable:

  • The information is necessary to perform a contract between the organisation and the individual;
  • You have a legal obligation to process the data (such as a court order);
  • The organisation has a legitimate interest in collecting and processing the data – in other words, there needs to be a relationship and business reason to collect the date (it cannot be random);
  • The individual has provided direct consent to the processing of the data.

4. Maintain thorough records

For larger organisations (more than 250 employees), GDPR requires that records of data collection and processing be maintained. Again, this is also a best practice for smaller organisations, as well. It can help establish that the organisation is dutifully complying with the data protection principles in GDPR. Take inventory and make a record of the data you have collected and are storing to date. Create a detailed matrix to understand what types of data you are holding, where/how it is collected, how and where it is held, and whether it is still needed. Based on this information, you can also develop a data-retention policy to govern how long personal data is kept and stored. Keeping data on file longer than needed is a liability, and serves no business purpose.

5. Establish consent policies for data

For some of your records, consent is your lawful basis for holding it. Under GDPR, it is no longer acceptable to assume consent in your collected data, or treat silence as consent. Create clear and unambiguous consent forms for your data collection that demonstrate adherence to GDPR principles. And remember, under GDPR, you must make it a simple process for an individual to withdraw their consent at any time.

6. Perform due diligence on third-parties

Under GDPR, your organisation is responsible if third-party partners collect, store or manage data for your organisation. You must ensure their compliance with GDPR as if it is your own since they are responsible for your data. This is the time to update your contracts with them to include compliance measures, as needed. It is also important that you review their control systems and their data handling processes. They must be comprehensive and meet all of the GDPR requirements to keep data secure. CRI Group’s third-party risk management experts can help you conduct effective reviews of your partners and their processes.

7. Be responsive

Under GDPR, your organisation must respond to requests from individuals whose data you have collected and/or are storing. These requests are spelt out as individuals rights in regards to their personal data and they include the following:

  • Right to be informed about what data is collected and why;
  • Right of access to data that has been collected;
  • Right to rectification/correction of inaccurate data;
  • Right to erasure of data (“right to be forgotten”);
  • Right to restrict processing of personal data;
  • Right to data portability;
  • Right to object to use of data; and
  • Right not to be subject to automated decision making, including profiling.

Have a process in place to timely respond to requests and provide data when requested in order to stay in compliance.

8. Have written policies in place

Develop your internal policies in regards to GDPR and how you protect personal data, and communicate them across your organisation. Take special note to spell out policies on data retention, cross-border processing of data, and how you collect and handle data for persons under the age of 16, as GDPR has special requirements in regards to children’s data.

9. Conduct risk assessments

GDPR requires Data Protection Impact Assessments in certain cases. These assessments measure your organisation’s ability to protect personal data and risks associated with that protection. If your data processing is considered high-risk, uses new technology, or deals in large-scale processing of data in certain categories, the assessments are required – but for any organisation, they are recommended. Data protection experts at an outside firm like CRI Group can help you prepare robust risk assessments and follow-up plans to address their results.

10. Be prepared for a breach

A worst-case scenario in data security is a breach that exposes personal information. Under the steps above, your organisation should be well-positioned to prevent or limit any breach to your data security. However, you should always have a contingency plan in place to immediately respond to a breach should it occur. Understand that GDPR requires that the applicable EU data protection supervisory authority be notified within 72 hours of a breach. Gone are the days where a company can announce it weeks or even months after the fact. Be ready to notify the affected individuals that their data has been compromised, so that they can take the appropriate steps to respond.

Organisations don’t like to think about the impact of a data breach – but major cases have pushed governments to act in the public’s interest. Perhaps nowhere is this more true than in the EU, where the GDPR is now the governing policy for organisations that deal with individuals’ personal data. By being proactive with the steps above, your organisation can be better prepared and maintain compliance with the GDPR. Most importantly, you will have the confidence and trust of your consumers through effective best practices in handling and protecting their data. CRI Group’s experts are here to help. Contact us today so that we can walk you through the steps of GDPR compliance. If you have any further questions or interest in implementing compliance solutions, please contact us.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Stay updated on the go

Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence related news, solutions, events and publications.

BS7858:2019: everything you need to know and more!

The recent update of the BS7858 standard, “Screening of Individuals Working in a Secure Environment – Code of Practice,” places emphasis on the risk assessment of secure environment workers. The code focuses on the need for tighter controls over the pre-employment screening – and periodic re-screening – of individuals, who in their positions could potentially benefit from illicit personal gain, become compromised, or take advantage of other opportunities for creating breaches of confidentiality, trust or safety.

What is BS7858?

BS7858 stands for “Screening of Individuals Working in a Secure Environment – Code of Practice,” The BS7858 is a code of practice released by BSI (British Standards Institution), a business standards company which supports companies in achieving excellence within their field, and continuously boosting performance. Introduced in 2013, the standard was updated in September 2019 and is now considered to be the industry standard for all screening in employment, despite its original intention for use in security environments only. This code was meant to provide a critical security standard that guided employers on the screening process for security staff before offering full employment. However, the new update has widened the scope of this code.

This British Standard helps employers to screen personnel before they employ them. It gives best-practice recommendations, sets the standard for the  screening of staff in an environment where the safety of people, goods or property is essential. This includes data security, sensitive and service contracts and confidential records. It can also be applied to situations where security screening is in the public’s interest. It sets out all the requirements to conduct a screening process. It covers ancillary staff, acquisitions and transfers, and the security conditions of contractors and subcontractors. It also looks at information relating to the Rehabilitation of Offenders and Data Protection Acts. CRI Group is the first and only investigative research company in the Middle East to receive the certifications BS7858:2019 and BS102000:2013, Code of Practice for the Provision of Investigative Services from internationally recognised training and certification body BSI. 

Change of scope

The change of scope is possibly the biggest change of the standard. In the old document, the standard concerned the security sector only. However, the scope has been amended to allow organisations in all environments to adopt the standard when employee screening. And due to the current pandemic, this update is more significant than ever. There is a specific section of the standard that relates to risk management which states: “An integral part of risk management is to provide a structured process for organisations to identify how objectives might be affected. It is used to analyse the risk in terms of consequences and their probabilities before the organisation decides what further action is required”.

BS 7858:2019 lays out the scope of “obtaining personal background information to enable organisations to make an informed decision, based on risk, on employing an individual in a secure environment.” Those workers include business owners, directors, partners, silent partners and shareholders holding more than 10% of the business; managers, area managers, department managers, screening managers and staff; installers and service crew; security personnel; and office supervisors and staff with access to customer and system records.

The amended guidelines of the standard put the onus on the organisation’s top management to demonstrate that they are focused on the aspects of the business where the most risk lies, and the particular personnel roles that are involved within those risks areas. This is particularly important because, as the standard states, the “organisation retains ultimate responsibility for an outsourced screening process and is required to review the completed screening file.” Risks assessment includes examining specific roles that involve financial tasks, data security, management of goods, property risks or any number of “people risks” such as roles with direct access to vulnerable adults and children.

To that end, management is charged with ensuring that the organisation has proper and adequate resources and infrastructure in place to manage the adequate vetting of high-risk personnel. Management is tasked with the response and that there is a firm commitment at the top level to manage and support the coordination required to execute the screening process. Finally, management is tasked with ensuring that such responsibilities are correctly assigned and communicated throughout the organisation. The guideline also eliminates from its original text in 2012, a requirement to produce character references as part of the screening process. This decision was based on the supposition that such references are now deemed as potentially weak and difficult to verify. Managing risk effectively is essential to ensure businesses succeed and thrive in an environment of constant uncertainty. ISO 31000 aims to simplify risk management into a set of clearly understandable and actionable guidelines, that should be straightforward to implement, regardless of the size, nature, or location of a business.

BS7858:2019, a new way to mitigate employee risk during COVID-19

The far-reaching impact of the COVID-19 outbreak has affected virtually every business and economic sector worldwide, and depending on the global region, has hampered (on various levels) the ability to conduct proper and thorough background screening investigations. In the United Kingdom and the United Arab Emirates, the countrywide lockdowns forced leaders to close sites and send their workforce home. Many are having to learn how to manged people working from home (WFH) or remotely for the first time. The previous concerns about productivity, privacy and protecting sensitive information only grew more with the practice of WFH. They highlighted the vital importance of pre-employment background screening and background investigations. BS 7858:2019: the revised Standard for screening individuals working in secure environments offers a complete solution.

The revised BS7858 standard enables organisations to demonstrate a commitment to safeguarding their businesses, employees, customers and information utilising widely accepted methods that focus on risk assessment and top-down management involvement in the company’s employment policies and practices. In establishing policies and procedures around the standard, organisations can show that they place a high value on hiring individuals who possess integrity. Organisations can then task them with responsibilities designed to keep their co-workers, customers and information safe from the opposing forces that have become more prevalent in today’s ever-changing COVID-19 world. Find out more on how you can mitigate employee risk during this pandemic with BS7858:2019.

Playbook BS7858:2019, everything you need to know and more!

The price of a bad hire has far-reaching consequences for any business, including productivity loss, decreased employee morale, risks to employee safety and increased exposure to costly negligent hiring claims and potentially devastating litigation. The premise behind the standard is to safeguard employers from harmful or fraudulent hires.

Cases of organisations that forego conducting due diligence on a new hire – especially a hire with high-risk exposure – often end badly for those organisations. At CRI Group we know how important is your background screening to your company’s success and to give you an idea of what is new we have produced this playbook detailing the differences between BS7858:2012 standard and the new BS7858:2019 standard.

BS 7858:2019 playbook: everything you need to know and more!

Download FREE BS7858 playbook

Managing your people through COVID-19

The COVID-19 pandemic is undeniable affecting the world. And the situation is changing at an hourly rate as we go into a second global lockdown. Businesses are having to adapt quickly to survive, i.e. cutting steps in their hiring process, and no-one knows how this will play out. However, there are ways you can mitigate the impact, learn how with this FREE ebook.

Taken as a whole, this ebook is the perfect primer for any HR professional, business leader and companies looking to avoid employee background screening risks. It provides the tools and knowledge needed to stay ahead of COVID-19 effectively. Read the answers to the following questions:

  • How to turn the tide’ on coronavirus crisis?;
  • COVID-19 Action point checklist;
  • Background Screening: Essential Checks;
  • 6 steps for good practice in connection with COVID-19;
  • 11 Steps to Reduce Personnel Costs;
  • COVID-19 General advice;
  • How to remove any danger to your business during COVID-19;
  • … and more!
COVID-19 background screening and all you need to know | eBook | MockUp

Download your FREE playbook 

 

 

Frequently asked questions about background checks

Get answers to frequently asked questions about background checks / screening cost,  guidelines, check references etc.

This eBook is a compilation of all of the background screening related questions you ever needed answers to:

  • Does a candidate have to give consent to process a background check / screening?
  • How long does it take to conduct a background check?
  • When should I conduct pre-employment checks?
  • How often should I screen employees?
  • How to collect references and what to ask?
  • How much does it cost to conduct background checks?
  • What is the difference between employment history verification and employment reference?
  • How do I check on entitlement to work?
  • How to conduct identity checks?
  • What will a financial regulatory check show?
  • Is it possible to identify a conflict of interest during checks?
  • What is a bankruptcy check?
  • What about directorships and shareholding search?
  • Can I have access to a criminal watch list?
  • Anti-money laundering check?
  • Can we conduct FACIS (fraud and abuse control information system) searches?
  • … and MORE!
 

FAQ employee background screening | eBook | MockUp

Taken as a whole, is the perfect primer for any HR professional, business leader and companies looking to avoid employee background screening risks. It provides the tools and knowledge needed to make the right decisions.

DOWNLOAD THE EBOOK


Let’s Talk!

BS7984:2008 accredited companies (such CRI Group) highlight to their clients that their security personnel are staff that can be trusted and relied upon to complete a high-quality job as the screening process highlights the level of conduct that they have presented in the past. This reassures the safety of the people, goods and property that they have been hired to protect. If you have any further questions or interest in implementing compliance solutions, please contact us.

About the Author

Zafar I. Anjum, is Group Chief Executive Officer of Corporate Research and Investigations Limited “CRI Group” (www.crigroup.com), a global supplier of investigative, forensic accounting, integrity due diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.

Zafar Anjum, MSc, MS, LLM, CFE, CII, MABI, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC)
CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA, United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Q&A: Corporate Fraud and Corruption in UK is growing, FAST!

Corporate fraud and corruption is growing in United Kingdom (UK). In a devastating article, Oliver Bullough proved that UK is quickly becoming the money-laundering capital of the world. In addition, the most recent The Guardian article “If you think the UK isn’t corrupt, you haven’t looked hard enough” by  highlighted that billions of pounds of COVID-19 contracts issued by the government without competition, have reportedly cost taxpayers £800 for every protective overall delivered, and appear to have been issued to dormant companies, with several of them have benefited from this largesse are closely linked to senior figures in the government.  Read more about the situation in UK in the answers to the following questions:

  • To what extent are boards and senior executives in UK taking proactive steps to reduce incidences of fraud and corruption from surfacing within their company?
  • Have there been any significant legal and regulatory developments relevant to corporate fraud and corruption in UK over the past 12-18 months?
  • When suspicions of fraud or corruption arise within a firm, what steps should be taken to evaluate and resolve the potential problem?
  • Do you believe companies are paying enough attention to employee awareness, such as training staff to identify and report potential fraud and misconduct?
  • How has the renewed focus on encouraging and protecting whistleblowers changed the way companies manage and respond to reports of potential wrongdoing?
  • and much more…

Q. To what extent are boards and senior executives in your region taking proactive steps to reduce incidences of fraud and corruption from surfacing within their company?

Anjum: Business leaders in the UK recognise that being proactive against fraud and corruption is about more than just protecting the business – which is critical – but it is also a key component of growing and connecting to more opportunities. According to the World Bank, business grows an average of 3 percent faster where corruption is low. One way for organisations to demonstrate their commitment to preventing bribery and corruption is to engage in ISO 37001 certification. We expect to see more UK companies seeking certification and we expect this trend to increase as organisations look to set themselves apart from their competitors.

Q. Have there been any significant legal and regulatory developments relevant to corporate fraud and corruption in UK?

Anjum: Perhaps the biggest development, by extension, was the official beginning of the Brexit process and its potential impact on how the region continues to enforce and regulate against bribery and corruption. While the UK has a solid record thus far in combating fraud, the Organisation for Economic Co-operation and Development (OECD) recently warned that pressure from businesses to weaken bribery laws, coupled with an inability of the government to focus on non-Brexit issues, have increased the risks that bribery and corruption could increase. The civil society group Corruption Watch has voiced similar complaints and has noted with concern new settlements that allow companies to resolve investigations with just a fine and an apology. The Serious Fraud Office (SFO) is tasked with policing this volatile landscape, and does so at a time when it has just appointed an interim director, pending the appointment of a new permanent director.

> The shifting economic conditions surrounding Brexit have raised uncertainty and vulnerability. Learn how the “Brexit Poses New Bribery & Corruption Challenges” with this ebook. READ MORE!

Q. When suspicions of fraud or corruption arise within a firm, what steps should be taken to evaluate and resolve the potential problem?

Anjum: Any allegation of fraud, including bribery and other forms of corruption, is very serious and requires expert handling. Only those trained in investigative techniques, including thorny issues such as evidence collection and the interviewing of witnesses and suspects, should be engaged to help establish the facts of the case. To be clear, not all suspicions lead to fraud – trained investigators understand this, and will approach any allegations from an objective, fact-finding point of view. One critical thing to remember is that companies do not get a chance for a ‘do over’ if they bungle an investigation.

Q. Do you believe companies are paying enough attention to employee awareness, such as training staff to identify and report potential fraud and misconduct?

Anjum: We definitely see awareness of fraud and corruption moving in the right direction among business leaders and their employees. This is evident when companies engage in certification courses such as ISO 37001, which certifies that an organisation has implemented reasonable and proportionate measures to prevent bribery.

Q. How has the renewed focus on encouraging and protecting whistleblowers changed the way companies manage and respond to reports of potential wrongdoing?

Anjum: In the UK, there is a strong emphasis on encouraging and protecting corporate whistleblowers because the statistics show that fraud is most often uncovered by tips. Employees truly are the first line of defence against corruption. This change in approach and attitude has exposed two issues that need attention, however. First, the worker needs to understand what constitutes fraudulent behaviour – otherwise, how will he or she know what to report? That is where a training protocol like ISO 37001 comes in, with a curriculum to help educate a company’s workforce on the red flags of fraud and how to identify it. Second, employees must know how to report fraud. A hotline or other reporting system is useless if the company does not properly communicate how to engage it – or that it exists at all.

Q. Could you outline the main fraud and corruption risks that can emerge from third-party relationships? In your opinion, do firms pay sufficient attention to due diligence at the outset of a new business relationship?

Anjum: Many business leaders have learned the hard way that new partnerships require more than just handshakes, optimism and a basic level of fact-checking. To be protected, an organisation should engage an expert due diligence firm before undertaking any merger, acquisition, partnership or other third-party engagement. Some of the risks of inadequate due diligence include merging with an international business embroiled in several behind-the-scenes legal battles, discovering your new partner is a credit risk, has claimed bankruptcy or is faced with debtor filings, learning that your new overseas contractor has none of the industry experience it claimed, affiliating with a partner that is rife with conflicts of interests and, worst of all, having your own organisation’s reputation damaged or destroyed through the actions of a third-party.

Q. What advice can you offer to companies on implementing and maintaining a robust fraud and corruption risk management process, with appropriate internal controls?

Anjum: No matter your location, industry or the size of your organisation, having a fraud and corruption risk management process is a must. Step one is to establish a zero-tolerance stance against fraud. This is done by communicating the right ‘tone at the top’ across the entire organisation, spelling out the leadership’s stance against corruption. An ethical code of conduct should be adopted and signed by all employees from top to bottom, and the organisation’s hiring policies should include thorough pre-and-post employment background screenings. The organisation should engage in ISO 37001 certification to ensure that employees are trained to recognise and report bribery and other types of fraud, and that proper controls and compliance procedures are in place to limit the company’s exposure and risk. Finally, the company should conduct regular audits, and encourage whistleblowing through an anonymous reporting system.

At CRI Group we use our extensive knowledge and expertise in creating stable and secure networks across challenging global markets. for organisations needing large project management, security, safeguard testing and real time compliance applications, CRI Group is the assurance expert of choice for industry professionals.

Speak up – report any illegal, unethical, or improper behaviour

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy.[/vc_column_text][accordion_father][accordion_son title=”About CRI Group” clr=”#ffffff” bgclr=”#1e73be”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Meet our CEO

Zafar I. Anjum, is Group Chief Executive Officer of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations.  Headquartered in London (with significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.

Contact CRI Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

 

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Download 2018 annual reviews by CRI Group:

Click here to download the review of UAE (Mr. Zafar Anjum, CEO at CRI Group)
Click here to download the review of UK (Mr. Zafar Anjum, CEO at CRI Group)
Click here to download the review of Pakistan (Ms. Fatima Farrukh, Compliance professional at CRI Group)

Download the Financier Worldwide 2018 reprint about the situation in the UK.

FAQ: Employment Screening

Want to know what types of red flags are most often found on résumés and employment applications? CRI Group’s EmploySmart™ experts provided some statistics on their latest pre- and post-employment screening engagements, and they give insights into where companies are most vulnerable in the hiring process. The operations team found that providing incorrect employment details is the most common red flag, as it was uncovered in about 4.5 per cent of background screenings. This is followed by providing incorrect education degree details as well as having adverse media (unfavourable news or online mentions), both at 2.33 per cent.

Most employers would probably say that when it comes to educational background, the only thing worse than providing incorrect degree information would be outright claiming a fake degree – which occurred in nearly 2 per cent of cases. Other red flags included having a criminal record (1.5 per cent), a civil litigation record (1.27 per cent), and providing a fake address (also 1.27 per cent). To round out the findings, the operations team found bankruptcy records, fake certificates and negative references among 0.85 per cent of those screened.

Get answers to frequently asked questions about background checks / screening cost,  guidelines, check references etc. This eBook is a compilation of all of the background screening related questions you ever needed answers to:

  • Does a candidate have to give consent to process a background check / screening?
  • How long does it take to conduct a background check?
  • When should I conduct pre-employment checks?
  • How often should i screen employees?
  • How to collect references and what to ask?
  • How much does it cost to conduct a background checks?
  • What is he difference between employment history verification and employment reference?
  • How do I check on entitlement to work?
  • How to conduct identity checks?
  • What will a financial regulatory check show?
  • Is it possible to identify conflict of interest during checks?
  • What is a bankruptcy check?
  • What about directorships and shareholding search?
  • Can I have access to a criminal watch list?
  • Anti-money laundering check?
  • Can we conduct FACIS (fraud and abuse control information system) searches?
  • … and MORE!

Taken as a whole, is the perfect primer for any HR professional, business leader and companies looking to avoid employee background screening risks. It provides the tools and knowledge needed to make the right decisions.

Download your “Employee Background Screening FAQ” FREE ebook now!

FAQ employee background screening

FAQ employee background screening

 

 

 

 

 

 

 

 

 

 

 

 

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Banking industry squad prevents £31.2m of fraud

Banking industry squad disrupted 23 Organised Criminal Groups (OCGs) preventing £31.2 million of fraud. The specialist police unit (DCPCU) is funded by the finance and banking industry in a dedicated effort to stop fraud.

Commonly known as the banking industry squad, the DCPCU (Dedicated Card and Payment Crime Unit) is a joint effort between the Metropolitan Police Service, the City of London Police as well as banking industry fraud investigators. Supported by UK Finance, DCPCU is on the frontline in the fight against fraud. And over the past year, the unit has worked in partnership with several social media platforms to take down over 1,600 accounts which featured posts relating to payment:

  • 500 “money mules” accounts used to recruit young people
  • 250 accounts involved in the trading stolen card details
  • +400 “brokers” accounts 
  • with the rest of the accounts used for “flipping”

In 2019 DCPCU seized £1.65 million of assets – over double the amount confiscated in the same period in 2018 – with a total of 75 fraudsters convicted to a total of 100 years in prison. DCPCU operational successes include:

The DCPCU is very effective in disrupting criminals and a powerful example of how important is it that all sectors – i.e. banking industry – work with law enforcement to protect the public from fraud. 

Read more on what the Head of the DCPCU, Detective Chief Inspector Gary Robinson, UK Finance Managing Director of Economic Crime and National fraud co-ordinator, Commander Karen Baxter have to say. Read NOW!

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Background Screening Red flags: Numbers Don’t Lie

Want to know what types of red flags are most often found on résumés and employment applications? CRI® Group’s EmploySmart™ experts provided some statistics on their latest pre- and post-employment screening engagements, and they give insights into where companies are most vulnerable in the hiring process. background screening red flags

The operations team found that providing incorrect employment details is the most common red flag, as it was uncovered in about 4.5 per cent of background screenings. This is followed by providing incorrect education degree details as well as having adverse media (unfavourable news or online mentions), both at 2.33 per cent.

Most employers would probably say that when it comes to educational background, the only thing worse than providing incorrect degree information would be outright claiming a fake degree – which occurred in nearly 2 per cent of cases. Other red flags included having a criminal record (1.5 per cent), a civil litigation record (1.27 per cent), and providing a fake address (also 1.27 per cent). To round out the findings, the operations team found bankruptcy records, fake certificates and negative references among 0.85 per cent of those screened.

Deception among job seekers is real

Anytime someone intentionally provides false information in their résumé, they are committing résumé fraud – usually in the hopes of gaining a competitive edge in the hiring process. “There are even business services out there that will knowingly assist candidates with changing their résumé in this way, such as offering advice on how to hide employment gaps or how to add false information that looks realistic. Some will even provide fake transcripts and fake letters of recommendation” (HR Daily Advisor, 2018).

The same goes for fabrications on an application. It can occur anywhere in the process, and the candidate will likely continue to misrepresent themselves in the interview process to maintain their fraud. As mentioned above, helping candidates embellish or even fabricate credentials has become a business unto itself. “On the surface, these appear to be candidates taking desperate measures. But the candidates themselves may not be the only ones at fault. As recruitment has migrated online and become automated … opportunities for scammers have arisen. Professional recruiters, who get placement fees when they land candidates in jobs, have a clear incentive to game the system, Zhao says. They are ‘middlemen who can make significant profit by misrepresenting clients’” (Inc.com, 2019).

There is only one clear remedy and protection method to combat this type of fraud: thorough and comprehensive background checks. Most organisations, however, don’t have the time, resources, or the expertise to conduct the needed level of background screening on their own. This is where CRI® Group’s EmploySmart™ comes in. The robust pre-employment background screening service helps organisations worldwide avoid making uninformed and potentially harmful hiring decisions. As a leading provider of specialised local and international employment background screening, CRI® Group’s uses EmploySmart™ to provide risk mitigation and give business leaders confidence in their hiring process. EmploySmart™ includes a thorough menu of screening that fulfills your organisation’s risk management needs. These checks include the following:

  • Address verification – one of the red flags discussed above.
  • Identity verification – what are they hiding? Falsifying one’s identity is a major red flag.
  • Previous employment verification – candidates might claim false employment to beef up their résumés.
  • Education & credential verification – screeners check degrees and education history.
  • Local language media check – what is uncovered about the candidate in news reports?
  • Credit verification & financial history – candidates who conceal financial problems can be a fraud risk (local privacy laws apply).
  • Civil litigation record check – lawsuits can indicate red flags, background screening will uncover the details.
  • Bankruptcy record check – when hiring someone for a financial or leadership position, it’s important to know if they have bankruptcy filings.
  • International criminal record check – checking criminal records is essential for the safety of your employees and your business.

These are just a few of the essential checks that are part of the EmploySmart™ process. CRI® Group’s network spans the Americas, Europe, Africa, and Asia-Pacific for providing international risk management, background screening and due diligence solutions provider. Don’t tempt fate and invite red flags into your business by making risky hires. The proper pre-and post-employment screening will uncover those hidden things that a candidate might not want you to know. Contact CRI® today and learn more about how EmploySmart™ will help provide your organisation with that extra layer of protection you need. Get a FREE QUOTE now!

Who is CRI® Group?

Based in London, CRI® works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI® also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.