Corporate Research & Investigations

Corporate Fraud and Corruption: Affect on UK Businesses in the 2021

CRI Group™ and its ABAC Center of Excellence were featured in Financier Worldwide’s InDepth Feature: Corporate fraud and corruption 2021. In this edition, CRI Group’s CEO Zafar Anjum and ABAC’s Scheme Manager Huma Khalid talk about how corporate fraud and corruption affect businesses not only in the UK and UAE, but across the globe, and provide solutions and insights for businesses to become better protected from corporate fraud, bribery and corruption.

Q. To what extent have you seen a notable rise in the level of corporate fraud, bribery and corruption uncovered in the UK?

A. The COVID-19 pandemic has created increased opportunities for fraud worldwide. The UK is not immune, unfortunately, and such a disruptive event as the pandemic increases the likelihood that normal safeguards and risk management controls can be bypassed and subverted. There has been an increase in reported fraud and corruption cases over the past year. A survey of fraud experts by the Association of Certified Fraud Examiners (ACFE) in August 2020 showed that 77 percent were seeing an increase in fraud. Perhaps not surprisingly, cyber fraud is the fastest-growing problem area, but there has also been an uptick in unemployment fraud. This is bad news in the UK, where fraud is our most common crime, costing the country £190bn annually, according to the Royal United Services Institute (RUSI).

Q. Have there been any legal and regulatory changes implemented in the UK designed to combat fraud and corruption? What penalties do companies face for failure to comply?

A. There is proposed legislation, supported by the secretary of state of the UK’s Department of Business, Energy and Industrial Strategy, that would increase accountability for corporations that produce falsified financial statements. This includes a provision that would require company directors to personally sign off on their corporation’s financial statements, under penalty of fines and possible prison time. Under the Sarbanes-Oxley Act in the US, the penalty for falsely certifying such statements is steep: up to 20 years in prison and up to $5m in fines, and the UK is looking at similar measures to step up its fight against fraud and corruption. The UK also recently approved the formation of an audit, reporting and governance authority (ARGA) that should come into force within the next two or three years. Accordingly, the UK is taking a stronger stance against fraud going forward.

Q. In your opinion, do regulators in the UK have sufficient resources to enforce the law in this area? Are they making inroads?

A. Combatting fraud is never straightforward. When looking at progress in detecting and preventing fraud, it sometimes feels like a question of whether the glass is half full or half empty. For example, the Serious Fraud Office (SFO) brought 13 fraud defendants to trial in 2019 and 2020, with a 95 percent fouryear success rate by case. Many of these represent large frauds, and they are meaningful wins, but how many more fraudsters are out there undiscovered? Other bodies, including Her Majesty’s Revenue and Customs (HMRC), among others, also have key roles to play in investigating fraud, but a considerable amount of fraud is still investigated and prosecuted at the local level. It is important for leaders in the UK to know what resources law enforcement have and where they need training and support in the fight against fraud.

Q. If a company finds itself subject to a government investigation or dawn raid, how should it respond?

A. Any investigation, and especially a raid, can be an incredibly stressful time for a company and its employees. The important thing is to not panic – the investigators have a job to do, and the sooner they get to the truth of the situation, the better for everyone. Companies should direct their management and their employees to cooperate fully, while also engaging legal counsel to properly protect the corporation from future litigation. If fraud is detected, it is a criminal matter and the company should make a good faith effort to work with prosecutors and regulators, while making sure to document all control measures and prior steps taken to manage fraud risk. Having a track record of meeting compliance requirements and having proper internal controls in place at the time fraud occurs could have a mitigating effect in terms of potential prosecution and penalties down the road.

Q. What role are whistleblowers playing in the fight against corporate fraud and corruption? How important is it to train staff to identify and report potentially fraudulent activity?

A. Employees are a company’s first line of defence against fraud and corruption. But training them to recognise the red flags of fraud is only half of the process. The company must also implement a reporting system that is anonymous and easy to use, so that employees are encouraged to report any suspicions. Then, the company must follow through and fully investigate any reports that do come in. If it does not, whistleblowers will believe that combatting fraud and corruption is not a corporate priority, and the tips will stop coming in. How important are those tips? According to the ACFE, they are by far the highest detection method for fraud, well above audits and other means. The company should communicate that a whistleblower hotline or online reporting system is available, and that there is a zero-tolerance policy for any type of retaliation against whistleblowers. Over time, the tips will come in.

Q. What advice can you offer to companies on conducting an internal investigation to follow up on suspicions of fraud or corruption?

A. Investigations can be challenging, and they require expertise. For example, there are rules for collecting and handling evidence, including physical evidence and witness statements, that must be followed for such evidence to be admissible in court. There are also laws in the UK dealing with privacy and the rights of the accused. The bottom line is that a company already dealing with a potentially costly and damaging fraud scenario should not risk adding more legal trouble through a faulty investigation. Hire experts who deal with corporate crime and specialise in fraud and corruption cases. Like any other area of expertise, they will have the knowledge and resources to help proceed with an investigation and lead it to the most favourable outcome for your company. If you already have anti-fraud professionals on staff, let them take the lead, but provide outside resources as needed.

Q. What general steps can companies take to proactively prevent corruption and fraud within their organisation?

A. A fraud prevention strategy has many different elements, and the sooner companies implement them, the sooner they can begin to work together in a proactive way to prevent fraud. Mandating employee training, such as ISO 37001 ABMS, having an ethical code of conduct signed by every member of staff, providing regular and surprise audits, and implementing a fraud reporting system are all effective ways to help prevent and detect fraud and corruption. None of these methods is strong enough on its own to properly protect organisations. But together, they can be very effective. It is also important to set a ‘tone at the top’, from ownership, directors and management on down, that fraud will not be tolerated. Anti-fraud controls only work if the company sees them through and thoroughly investigates every report. When fraud is confirmed, any perpetrators should be terminated and potentially prosecuted, sending a message of zerotolerance.

Meet HUMA KHALID, Scheme Manager

Huma Khalid, as scheme manager, is responsible for leading ABAC. Ms Khalid’s responsibilities include planning and overseeing all aspects of the ABAC programme, which include certification and training. Additionally, she oversees the compliance department for the implementation, management and internal audit of CRI Group’s and ABAC compliance programmes

ABAC™ Center of Excellence Limited | t: +44 (0)777 652 4355 | e: huma.k@abacgroup.com

About CRI Group™

Based in London, CRI Group™ works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group™ also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group™ launched Anti-Bribery Anti-Corruption (ABAC™) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC™ operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC™ for more on ISO Certification and training.

Filed under: All Industries, All Solutions, Industry Insights, Resources, United Kingdom, London by admin
No Comments »

« Previous Page

CONTACT US

NEWSLETTER SUBSCRIPTION

Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence-related news, solutions, events and publications.

Cyber Security: How to Maintain GDPR Compliance?

The European Union’s (EU) General Data Protection Regulation (GDPR) came into force in 2018. The GDPR was a response to massive worldwide data breaches that were undermining the trust and security of private citizens whose personal information was at stake. As this data was exposed by both hackers and, in some cases, simply through poor security measures, governments of the EU felt it was time to create a strong piece of governance to bolster protection. While the initial rollout of GDPR held some uncertainty and unknowns for organisations subject to its guidelines, there is now a much clearer picture of how its standards apply. The punishments for being caught out of compliance can be severe: Violators of the GDPR may be fined up to €20 million or up to 4 percent of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater.

Cybersecurity is a Priority for the Management

Even with extremely high fines and stringent requirements, GDPR violations and data breaches have been skyrocketing across the world. In 2020, the overall increase of fraudulent activities has been detected, based on ACFE’s “Fraud in the Wake of COVID-19: Benchmarking Report”: 77% of survey participants have seen an increase in the overall level of fraud as of August, compared to 68% who had observed an increase in May. Earlier we wrote how the COVID-19 crisis triggered fraudulent activities and what can businesses do to support anti-fraud movements in their organisations and to strengthen their immunity to fraud. However, cyber-attacks are on the rise – the survey by the gov.uk continues to show that cybersecurity breaches are a serious threat to all types of businesses and charities. 39% of businesses and 26% of charities reported having cybersecurity breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (65%), large businesses (64%) and high-income charities (51%).

The study suggests that the risk level is potentially higher than ever under COVID-19 and that businesses are finding it harder to administer cybersecurity measures during the pandemic: 35% of businesses compared to 40% last year are now deploying security monitoring tools. This reduction suggests that these organisations might simply be less aware than before of the breaches and attacks their staff are facing.

However, among those that have identified breaches or attacks, around 27% of businesses experience them at least once a week. The most common by far are phishing attacks (83%, and 79% in charities), followed by impersonation (for 27% and 23%). Based on a survey by the gov.uk, despite COVID-19 stretching many organisation’s cybersecurity teams to their limits, cybersecurity remains a priority for management boards. But it has not necessarily become a higher priority under the pandemic. Three-quarters (77%) of businesses say cybersecurity is a high priority for their directors or senior managers, while seven in ten charities (68%) say this of their trustees.

The Most Notable Data Breaches

In the climate where organisations are putting more emphasis on strengthening their online security systems, there is no shortage of data breaches or GDPR violations. Our experts have noticed and shortlisted a few most notable cases in any order for you to be aware:

1. Booking.com

The very recent case, when travel booking website Booking.com has been hit with a €475,000 ($560,000) fine after failing to report a data breach within the time period mandated by the GDPR. It happened back in 2018 when telephone scammers targeted 40 employees at various hotels in the United Arab Emirates (UAE). The hackers were able to get login creations for the booking system and to access the personal details of more than 4000 customers who booked hotel rooms via booking.com. The scammers exposed the credit card details of 283 customers, and in 97 cases the CVV code was also compromised. Based on GDPR, the data breach must be reported within 72 hours. Booking.com was late for 22 days (!) to report the breach to the Dutch Data Protection Authority and was issued a fine in April 2021, as reported by Forbes.

2. Twitter

Another company that was late to report the security flaw is Twitter – it was discovered in December 2018 but the social media giant did not report it to Ireland’s Data Protection Commission (DPC) until the following month. As a result, Twitter has been told to pay a €450,000 GDPR fine by Ireland’s data regulator for failing to report a 2018 data breach in the legally required timeframe. The DPC also determined that Twitter failed to adequately document the breach, another requirement under GDPR.

3. Vodafone

The firm that has been warned or fined smaller amounts on at least 50 occasions between January 2018 and February 2020, is in the news again: the Spanish data protection authority has fined Vodafone €8.15 million (approximately £7 million) for aggressive telemarketing tactics and repeated data protection failures. The fine was issued as a result of an investigation that was prompted by hundreds of complaints, with the regulator discovering a system that held up to 4.5 million contact lists purchased from third parties without user consent.

4. Facebook

And another social media giant – Facebook. Ireland’s data protection watchdog is demanding answers from Facebook over the release of records on 533 million people that appeared to stem from the social media site. As reported in April 2021, a spokesman for the Data Protection Commission (DPC) – which regulates Facebook in the European Union – said “a dataset, appearing to be sourced from Facebook, has appeared on a hacking website this weekend for free and contains records of 533 million individuals.”

5. H&M

The Data Protection Authority of Hamburg, Germany, fined clothing retailer H&M €35,258,707.95 — the second-largest GDPR fine ever imposed. H&M’s GDPR violations involved the internal monitoring of employees. After employees took vacation or sick leave, they were required to attend a return-to-work meeting. Some of these meetings were recorded and accessible to over 50 H&M managers. It has violated the GDPR’s principle of data minimisation — don’t process personal information, particularly sensitive data about people’s health and beliefs, unless you need to for a specific purpose.

6. Google

The biggest penalty (€50 million) was issued to Google for its alleged failure to provide notice in an easily accessible form, using clear and plain language, when users configure their Android mobile devices and create Google accounts, and obtain users’ valid consent to process their personal data for ad personalisation purposes.

COMPLIANCE & ETHICS HOTLINES, REPORT NOW

How to Maintain GDPR Compliance

What can we learn from these case studies? Maintaining GDPR compliance is a complex process, and requires a lot of diligent work. At CRI Group, we recommend looking at it as a part of your risk management strategies, together with your compliance policies and procedures.

To help you with maintaining compliance with GDPR, our integrity due diligence experts created the following top 10 GDPR best practices for any business or entity that deals with collecting, storing or using personal information:

1. Employ a Data Protection Officer (DPO)

It is a GDPR requirement that entities who carry out regular and systematic monitoring of individuals on a large scale, or large-scale processing of certain special categories of data, have an assigned DPO. It is also recommended, however, for all other entities to help ensure data security. While the GDPR does not specifically list the necessary training or qualifications of a DPO, the regulation does require the DPO to have “expert knowledge of data protection law and practices” (Digital Guardian, 2019). Implement thorough background screening processes and make sure they are trained and qualified to be your DPO.

2. Train Your Employees

Ensure that all personnel are aware of the GDPR and your organisation’s commitment to compliance. Make sure that all leaders, and especially key personnel charged with collecting, handling or storing data, understand their responsibilities under GDPR. Make date protection training a regular part of your employee curriculum.

3. Confirm the Legality of Your Data Collection

GDPR requires that you have a legal basis to collect personal data. For most businesses, the following are the most likely to be applicable:

The information is necessary to perform a contract between the organisation and the individual;
You have a legal obligation to process the data (such as a court order);
The organisation has a legitimate interest in collecting and processing the data – in other words, there needs to be a relationship and business reason to collect the date (it cannot be random);
The individual has provided direct consent to the processing of the data.

4. Maintain thorough Records

For larger organisations (more than 250 employees), GDPR requires that records of data collection and processing be maintained. Again, this is also a best practice for smaller organisations, as well. It can help establish that the organisation is dutifully complying with the data protection principles in GDPR. Take inventory and make a record of the data you have collected and are storing to date. Create a detailed matrix to understand what types of data you are holding, where/how it is collected, how and where it is held, and whether it is still needed. Based on this information, you can also develop a data-retention policy to govern how long personal data is kept and stored. Keeping data on file longer than needed is a liability, and serves no business purpose.

5. Establish Consent Policies for Data

For some of your records, consent is your lawful basis for holding it. Under GDPR, it is no longer acceptable to assume consent in your collected data, or treat silence as consent. Create clear and unambiguous consent forms for your data collection that demonstrate adherence to GDPR principles. And remember, under GDPR, you must make it a simple process for an individual to withdraw their consent at any time.

6. Perform Due Diligence on Third-Parties

Under GDPR, your organisation is responsible if third-party partners collect, store or manage data for your organisation. You must ensure their compliance with GDPR as if it is your own since they are responsible for your data. This is the time to update your contracts with them to include compliance measures, as needed. It is also important that you review their control systems and their data handling processes. They must be comprehensive and meet all of the GDPR requirements to keep data secure. CRI Group’s third-party risk management experts can help you conduct effective reviews of your partners and their processes.

7. Be Responsive

Under GDPR, your organisation must respond to requests from individuals whose data you have collected and/or are storing. These requests are spelt out as individuals rights in regards to their personal data and they include the following:

Right to be informed about what data is collected and why;
Right of access to data that has been collected;
Right to rectification/correction of inaccurate data;
Right to erasure of data (“right to be forgotten”);
Right to restrict processing of personal data;
Right to data portability;
Right to object to use of data; and
Right not to be subject to automated decision making, including profiling.

Have a process in place to timely respond to requests and provide data when requested in order to stay in compliance.

8. Have Written Policies in Place

Develop your internal policies in regards to GDPR and how you protect personal data, and communicate them across your organisation. Take special note to spell out policies on data retention, cross-border processing of data, and how you collect and handle data for persons under the age of 16, as GDPR has special requirements in regards to children’s data.

9. Conduct Risk Assessments

GDPR requires Data Protection Impact Assessments in certain cases. These assessments measure your organisation’s ability to protect personal data and risks associated with that protection. If your data processing is considered high-risk, uses new technology, or deals in large-scale processing of data in certain categories, the assessments are required – but for any organisation, they are recommended. Data protection experts at an outside firm like CRI Group™ can help you prepare robust risk assessments and follow-up plans to address their results.

10. Be Prepared for a Breach

A worst-case scenario in data security is a breach that exposes personal information. Under the steps above, your organisation should be well-positioned to prevent or limit any breach to your data security. However, you should always have a contingency plan in place to immediately respond to a breach should it occur. Understand that GDPR requires that the applicable EU data protection supervisory authority be notified within 72 hours of a breach. Gone are the days where a company can announce it weeks or even months after the fact. Be ready to notify the affected individuals that their data has been compromised, so that they can take the appropriate steps to respond.

Organisations don’t like to think about the impact of a data breach – but major cases have pushed governments to act in the public’s interest. Perhaps nowhere is this more true than in the EU, where the GDPR is now the governing policy for organisations that deal with individuals’ personal data. By being proactive with the steps above, your organisation can be better prepared and maintain compliance with the GDPR. Most importantly, you will have the confidence and trust of your consumers through effective best practices in handling and protecting their data. CRI Group’s experts are here to help. Contact us today so that we can walk you through the steps of GDPR compliance. If you have any further questions or interest in implementing compliance solutions, please contact us.

Stay Updated on the Go

Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence related news, solutions, events and publications.

Filed under: All Industries, Compliance Solution, Industry Insights, Resources, United Kingdom, London by admin
No Comments »

« Previous Page

BS7858:2019 – everything you need to know and more!

The recent update of the BS7858 standard, “Screening of Individuals Working in a Secure Environment – Code of Practice,” places emphasis on the risk assessment of secure environment workers. The code focuses on the need for tighter controls over the pre-employment screening – and periodic re-screening – of individuals, who in their positions could potentially benefit from illicit personal gain, become compromised, or take advantage of other opportunities for creating breaches of confidentiality, trust or safety.

What is BS7858?

BS7858 stands for “Screening of Individuals Working in a Secure Environment – Code of Practice,” The BS7858 is a code of practice released by BSI (British Standards Institution), a business standards company which supports companies in achieving excellence within their field, and continuously boosting performance. Introduced in 2013, the standard was updated in September 2019 and is now considered to be the industry standard for all screening in employment, despite its original intention for use in security environments only. This code was meant to provide a critical security standard that guided employers on the screening process for security staff before offering full employment. However, the new update has widened the scope of this code.

This British Standard helps employers to screen personnel before they employ them. It gives best-practice recommendations, sets the standard for the screening of staff in an environment where the safety of people, goods or property is essential. This includes data security, sensitive and service contracts and confidential records. It can also be applied to situations where security screening is in the public’s interest. It sets out all the requirements to conduct a screening process. It covers ancillary staff, acquisitions and transfers, and the security conditions of contractors and subcontractors. It also looks at information relating to the Rehabilitation of Offenders and Data Protection Acts. CRI Group is the first and only investigative research company in the Middle East to receive the certifications BS7858:2019 and BS102000:2013, Code of Practice for the Provision of Investigative Services from internationally recognised training and certification body BSI.

Change of scope

The change of scope is possibly the biggest change of the standard. In the old document, the standard concerned the security sector only. However, the scope has been amended to allow organisations in all environments to adopt the standard when employee screening. And due to the current pandemic, this update is more significant than ever. There is a specific section of the standard that relates to risk management which states: “An integral part of risk management is to provide a structured process for organisations to identify how objectives might be affected. It is used to analyse the risk in terms of consequences and their probabilities before the organisation decides what further action is required”.

BS 7858:2019 lays out the scope of “obtaining personal background information to enable organisations to make an informed decision, based on risk, on employing an individual in a secure environment.” Those workers include business owners, directors, partners, silent partners and shareholders holding more than 10% of the business; managers, area managers, department managers, screening managers and staff; installers and service crew; security personnel; and office supervisors and staff with access to customer and system records.

The amended guidelines of the standard put the onus on the organisation’s top management to demonstrate that they are focused on the aspects of the business where the most risk lies, and the particular personnel roles that are involved within those risks areas. This is particularly important because, as the standard states, the “organisation retains ultimate responsibility for an outsourced screening process and is required to review the completed screening file.” Risks assessment includes examining specific roles that involve financial tasks, data security, management of goods, property risks or any number of “people risks” such as roles with direct access to vulnerable adults and children.

To that end, management is charged with ensuring that the organisation has proper and adequate resources and infrastructure in place to manage the adequate vetting of high-risk personnel. Management is tasked with the response and that there is a firm commitment at the top level to manage and support the coordination required to execute the screening process. Finally, management is tasked with ensuring that such responsibilities are correctly assigned and communicated throughout the organisation. The guideline also eliminates from its original text in 2012, a requirement to produce character references as part of the screening process. This decision was based on the supposition that such references are now deemed as potentially weak and difficult to verify. Managing risk effectively is essential to ensure businesses succeed and thrive in an environment of constant uncertainty. ISO 31000 aims to simplify risk management into a set of clearly understandable and actionable guidelines, that should be straightforward to implement, regardless of the size, nature, or location of a business.

BS7858:2019, a new way to mitigate employee risk during COVID-19

The far-reaching impact of the COVID-19 outbreak has affected virtually every business and economic sector worldwide, and depending on the global region, has hampered (on various levels) the ability to conduct proper and thorough background screening investigations. In the United Kingdom and the United Arab Emirates, the countrywide lockdowns forced leaders to close sites and send their workforce home. Many are having to learn how to manged people working from home (WFH) or remotely for the first time. The previous concerns about productivity, privacy and protecting sensitive information only grew more with the practice of WFH. They highlighted the vital importance of pre-employment background screening and background investigations. BS 7858:2019: the revised Standard for screening individuals working in secure environments offers a complete solution.

The revised BS7858 standard enables organisations to demonstrate a commitment to safeguarding their businesses, employees, customers and information utilising widely accepted methods that focus on risk assessment and top-down management involvement in the company’s employment policies and practices. In establishing policies and procedures around the standard, organisations can show that they place a high value on hiring individuals who possess integrity. Organisations can then task them with responsibilities designed to keep their co-workers, customers and information safe from the opposing forces that have become more prevalent in today’s ever-changing COVID-19 world. Find out more on how yo u can mitigate employee risk during this pandemic with BS7858:2019.

Playbook BS7858:2019, everything you need to know and more!

The price of a bad hire has far-reaching consequences for any business, including productivity loss, decreased employee morale, risks to employee safety and increased exposure to costly negligent hiring claims and potentially devastating litigation. The premise behind the standard is to safeguard employers from harmful or fraudulent hires.

Cases of organisations that forego conducting due diligence on a new hire – especially a hire with high-risk exposure – often end badly for those organisations. At CRI Group we know how important is your background screening to your company’s success and to give you an idea of what is new we have produced this playbook detailing the differences between BS7858:2012 standard and the new BS7858:2019 standard.

Download FREE BS7858 playbook

Managing your people through COVID-19

The COVID-19 pandemic is undeniable affecting the world. And the situation is changing at an hourly rate as we go into a second global lockdown. Businesses are having to adapt quickly to survive, i.e. cutting steps in their hiring process, and no-one knows how this will play out. However, there are ways you can mitigate the impact, learn how with this FREE ebook.

Taken as a whole, this ebook is the perfect primer for any HR professional, business leader and companies looking to avoid employee background screening risks. It provides the tools and knowledge needed to stay ahead of COVID-19 effectively. Read the answers to the following questions:

How to turn the tide’ on coronavirus crisis?;
COVID-19 Action point checklist;
Background Screening: Essential Checks;
6 steps for good practice in connection with COVID-19;
11 Steps to Reduce Personnel Costs;
COVID-19 General advice;
How to remove any danger to your business during COVID-19;
… and more!

Download your FREE playbook

Frequently asked questions about background checks

Get answers to frequently asked questions about background checks / screening cost, guidelines, check references etc.

This eBook is a compilation of all of the background screening related questions you ever needed answers to:

Does a candidate have to give consent to process a background check / screening?
How long does it take to conduct a background check?
When should I conduct pre-employment checks?
How often should I screen employees?
How to collect references and what to ask?
How much does it cost to conduct background checks?
What is the difference between employment history verification and employment reference?
How do I check on entitlement to work?
How to conduct identity checks?
What will a financial regulatory check show?
Is it possible to identify a conflict of interest during checks?
What is a bankruptcy check?
What about directorships and shareholding search?
Can I have access to a criminal watch list?
Anti-money laundering check?
Can we conduct FACIS (fraud and abuse control information system) searches?
… and MORE!

Taken as a whole, is the perfect primer for any HR professional, business leader and companies looking to avoid employee background screening risks. It provides the tools and knowledge needed to make the right decisions.

DOWNLOAD THE EBOOK

Let’s Talk!

BS7984:2008 accredited companies (such CRI Group) highlight to their clients that their security personnel are staff that can be trusted and relied upon to complete a high-quality job as the screening process highlights the level of conduct that they have presented in the past. This reassures the safety of the people, goods and property that they have been hired to protect. If you have any further questions or interest in implementing compliance solutions, please contact us.

About the Author

Zafar I. Anjum, is Group Chief Executive Officer of Corporate Research and Investigations Limited “CRI Group” (www.crigroup.com), a global supplier of investigative, forensic accounting, integrity due diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.

Zafar Anjum, MSc, MS, LLM, CFE, CII, MABI, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC)
CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA, United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: All Industries, COVID-19 Insights, Due Diligence, Employee Background Check, Middle East, Resources, United Arab Emirates, Abu Dubai, United Arab Emirates, Dubai, United Kingdom, London by admin
198 Comments »

« Previous Page

Q&A: Corporate Fraud and Corruption in UK is Growing, FAST!

Corporate fraud and corruption is growing in United Kingdom (UK). In a devastating article, Oliver Bullough proved that UK is quickly becoming the money-laundering capital of the world. In addition, the most recent The Guardian article “If you think the UK isn’t corrupt, you haven’t looked hard enough” by George Monbiot highlighted that billions of pounds of COVID-19 contracts issued by the government without competition, have reportedly cost taxpayers £800 for every protective overall delivered, and appear to have been issued to dormant companies, with several of them have benefited from this largesse are closely linked to senior figures in the government. Read more about the situation in UK in the answers to the following questions:

To what extent are boards and senior executives in UK taking proactive steps to reduce incidences of fraud and corruption from surfacing within their company?
Have there been any significant legal and regulatory developments relevant to corporate fraud and corruption in UK over the past 12-18 months?
When suspicions of fraud or corruption arise within a firm, what steps should be taken to evaluate and resolve the potential problem?
Do you believe companies are paying enough attention to employee awareness, such as training staff to identify and report potential fraud and misconduct?
How has the renewed focus on encouraging and protecting whistleblowers changed the way companies manage and respond to reports of potential wrongdoing?
and much more…

Q. To what extent are boards and senior executives in your region taking proactive steps to reduce incidences of fraud and corruption from surfacing within their company?

Anjum: Business leaders in the UK recognise that being proactive against fraud and corruption is about more than just protecting the business – which is critical – but it is also a key component of growing and connecting to more opportunities. According to the World Bank, business grows an average of 3 percent faster where corruption is low. One way for organisations to demonstrate their commitment to preventing bribery and corruption is to engage in ISO 37001 certification. We expect to see more UK companies seeking certification and we expect this trend to increase as organisations look to set themselves apart from their competitors.

Q. Have there been any significant legal and regulatory developments relevant to corporate fraud and corruption in UK?

Anjum: Perhaps the biggest development, by extension, was the official beginning of the Brexit process and its potential impact on how the region continues to enforce and regulate against bribery and corruption. While the UK has a solid record thus far in combating fraud, the Organisation for Economic Co-operation and Development (OECD) recently warned that pressure from businesses to weaken bribery laws, coupled with an inability of the government to focus on non-Brexit issues, have increased the risks that bribery and corruption could increase.

The civil society group Corruption Watch has voiced similar complaints and has noted with concern new settlements that allow companies to resolve investigations with just a fine and an apology. The Serious Fraud Office (SFO) is tasked with policing this volatile landscape, and does so at a time when it has just appointed an interim director, pending the appointment of a new permanent director.

The shifting economic conditions surrounding Brexit have raised uncertainty and vulnerability. Learn how the “Brexit Poses New Bribery & Corruption Challenges” with this ebook. READ MORE!

Q. When suspicions of fraud or corruption arise within a firm, what steps should be taken to evaluate and resolve the potential problem?

Anjum: Any allegation of fraud, including bribery and other forms of corruption, is very serious and requires expert handling. Only those trained in investigative techniques, including thorny issues such as evidence collection and the interviewing of witnesses and suspects, should be engaged to help establish the facts of the case.

To be clear, not all suspicions lead to fraud – trained investigators understand this, and will approach any allegations from an objective, fact-finding point of view. One critical thing to remember is that companies do not get a chance for a ‘do over’ if they bungle an investigation.

Q. Do you believe companies are paying enough attention to employee awareness, such as training staff to identify and report potential fraud and misconduct?

Anjum: We definitely see awareness of fraud and corruption moving in the right direction among business leaders and their employees. This is evident when companies engage in certification courses such as ISO 37001, which certifies that an organisation has implemented reasonable and proportionate measures to prevent bribery.

Q. How has the renewed focus on encouraging and protecting whistleblowers changed the way companies manage and respond to reports of potential wrongdoing?

Anjum: In the UK, there is a strong emphasis on encouraging and protecting corporate whistleblowers because the statistics show that fraud is most often uncovered by tips. Employees truly are the first line of defence against corruption. This change in approach and attitude has exposed two issues that need attention, however.

First, the worker needs to understand what constitutes fraudulent behaviour – otherwise, how will he or she know what to report? That is where a training protocol like ISO 37001 comes in, with a curriculum to help educate a company’s workforce on the red flags of fraud and how to identify it. Second, employees must know how to report fraud.

A hotline or other reporting system is useless if the company does not properly communicate how to engage it – or that it exists at all.

Q. Could you outline the main fraud and corruption risks that can emerge from third-party relationships? In your opinion, do firms pay sufficient attention to due diligence at the outset of a new business relationship?

Anjum: Many business leaders have learned the hard way that new partnerships require more than just handshakes, optimism and a basic level of fact-checking. To be protected, an organisation should engage an expert due diligence firm before undertaking any merger, acquisition, partnership or other third-party engagement.

Some of the risks of inadequate due diligence include merging with an international business embroiled in several behind-the-scenes legal battles, discovering your new partner is a credit risk, has claimed bankruptcy or is faced with debtor filings, learning that your new overseas contractor has none of the industry experience it claimed, affiliating with a partner that is rife with conflicts of interests and, worst of all, having your own organisation’s reputation damaged or destroyed through the actions of a third-party.

Q. What advice can you offer to companies on implementing and maintaining a robust fraud and corruption risk management process, with appropriate internal controls?

Anjum: No matter your location, industry or the size of your organisation, having a fraud and corruption risk management process is a must.

Step one is to establish a zero-tolerance stance against fraud. This is done by communicating the right ‘tone at the top’ across the entire organisation, spelling out the leadership’s stance against corruption. An ethical code of conduct should be adopted and signed by all employees from top to bottom, and the organisation’s hiring policies should include thorough pre-and-post employment background screenings.

The organisation should engage in ISO 37001 certification to ensure that employees are trained to recognise and report bribery and other types of fraud, and that proper controls and compliance procedures are in place to limit the company’s exposure and risk. Finally, the company should conduct regular audits, and encourage whistleblowing through an anonymous reporting system.

At CRI Group™ we use our extensive knowledge and expertise in creating stable and secure networks across challenging global markets. for organisations needing large project management, security, safeguard testing and real time compliance applications, CRI Group™ is the assurance expert of choice for industry professionals.

Speak up – report any illegal, unethical, or improper behaviour

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy.

About CRI Group™

Meet our CEO

Zafar I. Anjum, is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.

Contact CRI Group™ to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group™ Chief Executive Officer, 37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Download 2018 annual reviews by CRI Group™:

Click here to download the review of UAE (Mr. Zafar Anjum, CEO at CRI Group™)
Click here to download the review of UK (Mr. Zafar Anjum, CEO at CRI Group™)
Click here to download the review of Pakistan (Ms. Fatima Farrukh, Compliance professional at CRI Group™)
Download the Financier Worldwide 2018 reprint about the situation in the UK.

Filed under: Compliance Solution, Resources, United Kingdom, London by admin
No Comments »

« Previous Page

FAQ: Employment Screening

Want to know what red flags are most often found on résumés and employment applications? CRI® Group’s EmploySmart™ experts provided some statistics on their latest pre-and post-employment screening engagements, giving insights into where companies are most vulnerable in the hiring process. The operations team found that providing incorrect employment details is the most common red flag, as it was uncovered in about 4.5 per cent of background screenings. This is followed by providing incorrect education degree details and having adverse media (unfavourable news or online mentions), both at 2.33 per cent.

Having a criminal record (1.5 per cent).
A civil litigation record (1.27 per cent).
Providing a fake address (also 1.27 per cent).

To round out the findings, the operations team found bankruptcy records, fake certificates and negative references among 0.85 per cent of those screened.

Get answers to frequently asked questions about background checks/screening cost, guidelines, check references etc. This eBook is a compilation of all of the background screening related questions you ever needed answers to:

Does a candidate have to consent to process a background check/screening?
How long does it take to conduct a background check?
When should I conduct pre-employment checks?
How often should I screen employees?
How to collect references, and what to ask?
How much does it cost to conduct background checks?
What is the difference between employment history verification and employment reference?
How do I check on entitlement to work?
How to conduct identity checks?
What will a financial regulatory check show?
Is it possible to identify conflict of interest during checks?
What is a bankruptcy check?
What about directorships and shareholding search?
Can I have access to a criminal watch list?
Anti-money laundering check?
Can we conduct FACIS (fraud and abuse control information system) searches?
… and MORE!

Taken as a whole, it is the perfect primer for any HR professional, business leader and company looking to avoid employee background screening risks. It provides the tools and knowledge needed to make the right decisions.

Download your “Employee Background Screening FAQ” FREE ebook now!

FAQ employee background screening

Filed under: Due Diligence, Employee Background Check, Pakistan, Islamabad, Pakistan, Karachi, Qatar, Doha, Resources, Shanghai, Singapore, Singapore, United Arab Emirates, Abu Dubai, United Arab Emirates, Dubai, United Kingdom, London, United States of America, New York by admin
No Comments »

« Previous Page

Banking industry squad prevents £20m of fraud

Banking industry squad disrupted 23 Organized Criminal Groups (OCGs) preventing £20 million of fraud. The specialist police unit (DCPCU) is funded by the finance and banking industry in a dedicated effort to stop fraud.

Commonly known as the banking industry squad, the DCPCU (Dedicated Card and Payment Crime Unit) is a joint effort between the Metropolitan Police Service, the City of London Police as well as banking industry fraud investigators. Supported by UK Finance, DCPCU is on the frontline in the fight against fraud. And over the past year, the unit has worked in partnership with several social media platforms to take down over 1,600 accounts which featured posts relating to payment:

500 “money mules” accounts used to recruit young people
250 accounts involved in the trading stolen card details
+400 “brokers” accounts
with the rest of the accounts used for “flipping”

In 2019 DCPCU seized £1.65 million of assets – over double the amount confiscated in the same period in 2018 – with a total of 75 fraudsters convicted to a total of 100 years in prison. DCPCU operational successes include:

“Money mule” gang worth over £1.2 million and sentenced to nearly seven years in prison.
Smising scam of worth £27 million disrupted and prevented with the combined prison sentence of over 14 years for two Londoner criminals who committed almost half a million pounds of fraud
One individual from London found to have committed £50,000 of fraud and consequently sentenced to two years and nine months in prison
A criminal committed over £31,000 of fraud in a Stolen card scheme

The DCPCU is very effective in disrupting criminals and a powerful example of how important is it that all sectors – i.e. banking industry – work with law enforcement to protect the public from fraud.

Read more on what the Head of the DCPCU, Detective Chief Inspector Gary Robinson, UK Finance Managing Director of Economic Crime and National fraud coordinator, Commander Karen Baxter have to say. Read NOW!

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: Finance & Professional services Industry, Industry Insights, Resources, United Kingdom, London by admin
No Comments »

« Previous Page

Background Screening Red flags: Numbers Don’t Lie

Want to know what types of red flags are most often found on résumés and employment applications? CRI® Group’s EmploySmart™ experts provided some statistics on their latest pre- and post-employment screening engagements, and they give insights into where companies are most vulnerable in the hiring process. background screening red flags

The operations team found that providing incorrect employment details is the most common red flag, as it was uncovered in about 4.5 per cent of background screenings. This is followed by providing incorrect education degree details as well as having adverse media (unfavorable news or online mentions), both at 2.33 per cent.

Most employers would probably say that when it comes to educational background, the only thing worse than providing incorrect degree information would be outright claiming a fake degree – which occurred in nearly 2 per cent of cases. Other red flags included having a criminal record (1.5 per cent), a civil litigation record (1.27 per cent), and providing a fake address (also 1.27 per cent). To round out the findings, the operations team found bankruptcy records, fake certificates and negative references among 0.85 per cent of those screened.

Deception Among Job Seekers is Real

Anytime someone intentionally provides false information in their résumé, they are committing résumé fraud – usually in the hopes of gaining a competitive edge in the hiring process. “There are even business services out there that will knowingly assist candidates with changing their résumé in this way, such as offering advice on how to hide employment gaps or how to add false information that looks realistic. Some will even provide fake transcripts and fake letters of recommendation” (HR Daily Advisor, 2018).

The same goes for fabrications on an application. It can occur anywhere in the process, and the candidate will likely continue to misrepresent themselves in the interview process to maintain their fraud. As mentioned above, helping candidates embellish or even fabricate credentials has become a business unto itself. “On the surface, these appear to be candidates taking desperate measures. But the candidates themselves may not be the only ones at fault. As recruitment has migrated online and become automated … opportunities for scammers have arisen. Professional recruiters, who get placement fees when they land candidates in jobs, have a clear incentive to game the system, Zhao says. They are ‘middlemen who can make significant profit by misrepresenting clients’” (Inc.com, 2019).

There is only one clear remedy and protection method to combat this type of fraud: thorough and comprehensive background checks. Most organisations, however, don’t have the time, resources, or the expertise to conduct the needed level of background screening on their own. This is where CRI® Group’s EmploySmart™ comes in. The robust pre-employment background screening service helps organizations worldwide avoid making uninformed and potentially harmful hiring decisions. As a leading provider of specialised local and international employment background screening, CRI® Group’s uses EmploySmart™ to provide risk mitigation and give business leaders confidence in their hiring process. EmploySmart™ includes a thorough menu of screening that fulfills your organization’s risk management needs. These checks include the following:

Address verification – one of the red flags discussed above.
Identity verification – what are they hiding? Falsifying one’s identity is a major red flag.
Previous employment verification – candidates might claim false employment to beef up their résumés.
Education & credential verification – screeners check degrees and education history.
Local language media check – what is uncovered about the candidate in news reports?
Credit verification & financial history – candidates who conceal financial problems can be a fraud risk (local privacy laws apply).
Civil litigation record check – lawsuits can indicate red flags, background screening will uncover the details.
Bankruptcy record check – when hiring someone for a financial or leadership position, it’s important to know if they have bankruptcy filings.
International criminal record check – checking criminal records is essential for the safety of your employees and your business.

These are just a few of the essential checks that are part of the EmploySmart™ process. CRI® Group’s network spans the Americas, Europe, Africa, and Asia-Pacific for providing international risk management, background screening and due diligence solutions provider. Don’t tempt fate and invite red flags into your business by making risky hires. The proper pre-and post-employment screening will uncover those hidden things that a candidate might not want you to know. Contact CRI® today and learn more about how EmploySmart™ will help provide your organisation with that extra layer of protection you need. Get a FREE QUOTE now!

« Previous Page

Fraud Advisory Panel UK counter fraud 2019 report is out!

Fraud poses a major threat to the UK and the world. The slow progress in fighting fraud in 2019 was evident to all of us with the never-ending stream of news stories documenting bribery and corruption cases around the world in 2019. We documented each with our article on Top 10 Bribery and Corruption Cases of 2019 where we count down the stories:

Juniper Networks
Alstom
Microsoft
KPMG
Samsung Heavy Industries
Fresenius Medical
Walmart
TechnipFMC
Ericsson
Unaoil

But these cases helped some of the welcome signs that government and law enforcement were beginning to ratchet-up their interest in fraud with new regulatory updates. 2020 was looking promising to all fraud fighters around the world. Unfortunately COVID-19 pandemic has turned the tide in the fraudsters’ favour – creating the current environment of fear, confusion and economic uncertainty in which fraudsters thrive.

The latest Fraud Advisory Panel’s report, The calm before the storm UK counter fraud in 2019 highlights all of these and more. According to the report the SFO continued to conclude
successful deferred prosecution agreements (though still without converting any of them into individual prosecutions):

53% conviction rate (17 defendants out of 32)
11 criminal investigations opened
8 defendants charged (investigations closed without charge – 14)
16 defendants awaiting trial
£3.9m funds recovered
11 new confiscation orders (combined value £4.1m)
£1.5m for the first Account Forfeiture Order
70 total caseload

And all of the stories help illustrate the need for organisations to have proper controls in place to prevent bribery and corruption. A certification such as ISO 37001 – Anti-Bribery Management Systems standard can provide a comprehensive approach to mitigating bribery and corruption risk. Organisations of all sizes and industries should take steps now to ensure that they don’t end up on a future list of top bribery and corruption scandals. Only a well resourced, cross-sector, intelligence-led response can tackle fraud.

Staying one step ahead of any critical risk to your organisation is part of being an effective business leader. For assistance in developing and implementing a fraud prevention strategy, contact us today or get a FREE QUOTE now!

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, COVID-19 Insights, Due Diligence, ISO 37001, Pakistan, Islamabad, Pakistan, Karachi, Qatar, Doha, Resources, Shanghai, Singapore, Singapore, United Arab Emirates, Abu Dubai, United Arab Emirates, Dubai, United Kingdom, London, United States of America, New York by admin
No Comments »

« Previous Page

Fraud Advisory Panel have set up a COVID-19 fraud watch group

The Fraud Advisory Panel have set up a COVID-19 fraud watch group. A cross-sector and cross-industry coalition of trusted partners (including the Cabinet Office and City of London Police) who meet weekly to share information on emerging fraud threats and trends affecting business. The panel aims to act as a conduit to warn the public, private and third sectors about COVID-19 fraud risks. In addition to supply preventative actions that can be taken.

Measures announced over recent months to deal with COVID-19 have seen our day-to-day life drastically changed forcing us to spend more time at home and online. Unfortunately, criminals are using every opportunity they can to scam innocent people and businesses. GOV.UK has also released advice and guidance on how to protect yourself and your business from fraud and cyber crime. This guidance explains simple steps you can take to protect yourself and your business against fraud and cyber crime and where to get help. The National Cyber Security Centre has also published advice on how to spot COVID-19 scams and keep remote working safe.

If you think you’ve been scammed or you’ve found something which looks like fraud or a scam, contact Action Fraud.

Have you read?

Brexit poses new bribery challenges, ISO 37001 provides solutions
Bribery and corruption plague Middle East, how can ISO 37001 help?
As South Asia Grapples with anti-bribery compliance, ISO 37001 provides solutions
Whitepaper: Organised catastrophe of international Pakistan airlines
Rolls-Royce Case study: Ethics & Compliance
ISO 37001 FAQ
Are you ready for ISO 37001?
Don’t have an ethical code of conduct? Your organisation needs one

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

« Previous Page

Ethical code of conduct: What should be covered?

Business leaders are usually quick to communicate their expectations to employees, especially when it comes to financial goals or tasks that they want to be accomplished. However, what is often lacking is a clear, concise explanation of what the organisation expects in terms of ethical behaviour. The recent article “Puffery or Not? Courts Examine Corporate Codes of Conduct” explains that although a number of federal courts have found code of conduct statements to be non-actionable puffery, given the uncertainty in the face of the novel CODIV19 pandemic, public companies are ought to review their codes of conduct and revise them if necessary to mitigate litigation risk. Ethical code of conduct:

Does your organisation have an ethical code of conduct? If not, you might be making assumptions that your employees know to conduct themselves in an ethical manner, when, in fact, this expectation only exists in a grey area in their minds – if at all. In fact, some employees who have engaged in fraud, corruption or other unethical situations have claimed that while they knew their behaviour was wrong, they thought it was implicitly accepted by their bosses and, in some cases, their company overall.

Rather than assume that ethical rules “go without saying,” every organisation should spell out what they expect of their employees when it comes to ethical behaviour. At CRI Group, we counsel business leaders on the principle that every organisation should have a written, carefully considered ethical code of conduct as part of their fraud prevention strategy. CRI’s Certification program through the ABAC Center of Excellence includes developing an ethical code of conduct as part of the training and development phase for clients.

What should be covered?

An ethical code of conduct should be tailored to your company and your organisation – no two will be the same. What are the risks inherent in your organisation? What about in your industry? A pharmaceutical company will have some different risk areas than a retail store, for example. A nonprofit organisation might have concerns that relate to fundraising, a government agency might be focused on preventing bribery or collusion.

The goal of an ethical code of conduct is to help all employees understand the expectation that they always behave in a legal and ethical manner, and that the organisation has zero tolerance for unethical behaviour. It should include the following focal points:

1. Business values

This can include your organisation’s mission and vision and should help set the tone for how the organisation relates to its clients, partners, its own employees and the public at large.

2. Guiding principles

The principles that guide your company include customer satisfaction, financial success and profitability, improvement and growth. Your company might also follow policies of corporate responsibility, such as respect for social and environmental issues, and support of the community and/or nonprofit efforts.

3. Role of leadership

This section of the code of conduct should state that management has clearly endorsed the code and that employees can approach any manager or executive with ethical concerns or complaints.

4. Regulatory and compliance

This section should communicate the organisation’s commitment to meeting all compliance requirements, from OSHA and EPA to Sarbanes-Oxley and Dodd-Frank. This reinforces leadership’s expectation that employees must act diligently and ethically to uphold those standards, as well.

5. Employee responsibility

Every employee, from top to bottom, shares the responsibility toward upholding the ethical standard defined in the code. Contractors and volunteers are also expected to follow the standard of behaviour. Furthermore, the code should make clear that if the unethical behaviour is detected, turning a blind eye or deciding “it’s not my problem” is unacceptable. That is a breach of the ethical code.

CRI Group can help your organisation with the finer points of drafting and implementing an ethical code of conduct. ABAC Center of Excellence includes this critical piece as a part of any robust fraud, bribery and corruption prevention program.

After the ethical code of conduct is approved by company leadership, it should be read and signed by all employees (with the signed copies kept on file by the organisation). And it should be displayed prominently in the office. Unethical behaviour, including fraud and other corruption, is everyone’s problem, and it must be prevented, detected and reduced. Staying one step ahead of any critical risk to your organisation is part of being an effective business leader.

ISO 37001:2016 Anti-Bribery Management System certification is offered under CRI Group’s ABAC® Centre of Excellence, an independent certification body established for Anti-Bribery Management System training and certification, ISO 37301 Compliance Management Systems and Risk Management System certification. The program will be tailored to your organisation’s needs and requirements. For assistance in developing and implementing a fraud prevention strategy, contact ABAC today or get a FREE QUOTE now!

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Automotive, Aviation, Background Investigation, Compliance Solution, COVID-19 Insights, Due Diligence, Employee Background Check, Finance & Professional services Industry, Insurance, IT & Telecommunications, Oil, Gas & Energy, Pakistan, Karachi, Pharmaceutical & Healthcare, Property, Resources, Third-Party Risk Management, United Kingdom, London by admin
No Comments »

« Previous Page

CONTACT US

NEWSLETTER SUBSCRIPTION

FOLLOW US