COVID-19’s impact on Cyber security: is your team safe?

When you download an app and it asks to access your contacts, location, and other information, it seems harmless enough, right? Surely the app will only use your data for its stated purpose, and only when needed? We all know that is not the whole truth. However, with COVID-19 forcing your workforce to embrace new practices of remote working you need to ensure your team’s business data is safe and your cyber security is too. Cybercriminals around the world are capitalising on this crisis, and your employees may not be aware. WHO reports fivefold increase in cyber attacks, urges vigilance, according to the article some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel COVID-19 response.

According to a ScienceDaily article, “7 in 10 smartphone apps share your data with third-party services.” As the article warns:  “More than 70 percent of smartphone apps are reporting personal data to third-party tracking companies like Google Analytics, the Facebook Graph API or Crashlytics. When people install a new Android or iOS app, it asks the user’s permission before accessing personal information. Generally speaking, this is positive. And some of the information these apps are collecting are necessary for them to work properly: A map app wouldn’t be nearly as useful if it couldn’t use GPS data to get a location. But once an app has permission to collect that information, it can share your data with anyone the app’s developer wants to – letting third-party companies track where you are, how fast you’re moving and what you’re doing.”

The article also finds that the problem is not just limited to cell phones and tablets:

“Tracking users on their mobile devices is just part of a larger problem. More than half of the app-trackers we identified also track users through websites. Thanks to this technique, called “cross-device” tracking, these services can build a much more complete profile of your online persona.”

Another article, “Your Apps May Be Selling You Out” by Mondaq, sounds the alarm as well. The authors write that many of us likely aren’t aware of the degree to which our information is shared with advertisers and other third parties when we sign up for various apps. The principle is simple enough:

“If you have ever downloaded a ‘free’ app, you may have pondered how the app’s creator can maintain a financially viable company by giving away its product. The answer soon becomes evident when an advertisement pops up, interrupting your interaction with the app. The less obvious answer may come to you when you uncomfortably wonder how the ad that just popped up somehow relates to the items you browsed on Amazon a few days ago. Coincidence? Probably not. This happens because, in addition to selling advertisements, app creators may also access and sell information collected from your phone to allow advertisers to customize the ads they send to your device.”

How can people reasonably expect to solve this dilemma, and protect their privacy? How can organisations help their teams protect themselves? Short of changing laws, the answer is to be more vigilant in monitoring downloaded apps and our security settings. Follow this advice:

  • Don’t give apps permission to access your personable information. Most app stores require apps to gain permission before using your location, camera or using other information. If you deny the apps these permissions, your personal information should be safe from their grasps.
  • Check the permissions you have granted your existing apps. You may be letting them access personal information without even realizing it (even for apps you don’t use!).
  • Don’t sign up for apps on websites, especially ones you don’t know or trust. You have more protection when they are downloaded through a popular app store.
  • Delete apps that you don’t remember downloading or no longer need/use.
  • Consider adding security and privacy apps that scan your phone to help you find security risks. In other words, apps that police your other apps!

Unfortunately for those of us who frequently use mobile devices and are now working-from-home because of COVID-19 the odds are stacked against us when it comes to controlling and protecting our personal information. The best we can do is be aware of the risk and try to minimize it as best as possible. And to support new laws and regulations that aim to protect consumers and their privacy in all aspects of our “online lives.”

It is important to remember that the same principles that apply to protecting yourself on mobile devices and elsewhere also apply to protecting your business. Just as you must vet your apps, websites and other content to make sure they come from trusted sources, it is also critical to thoroughly check third party partners and perform background checks on potential and existing employees to ensure that your organization doesn’t face unseen risks from fraud and corruption.

CRI Group offers an entire suite of expert services focused on protecting your organization through proper pre-employment screening and background checks. These protections include:

Staying one step ahead of any critical risk to your organisation is part of being an effective business leader. Contact us today to get started on implementing a robust program that will serve you well for years to come. Get your FREE QUOTE now!

CRI Group, based in London, works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Background Screeningand Due Diligence solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations.

CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligencethird-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

5 Tips for Preventing & Detecting Expense Fraud

It’s one of the most common forms of occupational fraud: employees fudging on their expense accounts. In June, 2020, Lookers (London-listed company) warned investors they might be unable to buy and sell its shares from the beginning of July because of potential fraud on its books – confirming £19m charge to correct books after fraud inquiry. Whether through fictitious charges, fake receipts or invoices, or other improper use of expense funds, an expense account is sometimes seen as a low-risk, high-reward area for committing fraud. It shouldn’t be. If your company takes the proper steps to review expense activity and protect itself from fraud, expense accounts will no longer be a vulnerable area of your finances.

The experts at CRI® Group offer the following tips for bolstering your protection against expense account fraud:

1. Provide strict guidelines for credit card use

Often, expense account fraud is committed with the use of a credit card, with the employee seeking illegitimate reimbursement for various expenses. Detail how personal cards are allowed to be used, and require and review all receipts for claimed expenses. Also require supporting documentation (such as an airline boarding pass, for example) to ensure the purchase was used as intended.

2. Check company credit card statements carefully

In some cases, employees will use a company credit card to make a purchase, but then claim similar or duplicate expenses for reimbursement on their expense report. This is easy to catch if you carefully review company card statements and check them against reimbursements.

3. Ask questions

If a purchase seems odd or unrelated to business use, catching it early is the best way to resolve the issue. After too much time has passed, an employee might claim to have a difficult time remembering exactly what the questionable expense was for. If in doubt about a claim, ask for supporting documentation and a clear explanation of how the expense was used for a business purpose.

4. Implement a Code of Ethics for all employees

By including anti-fraud language in your Code of Ethics, which should communicate a strong anti-fraud stance and be signed by all employees, it will be clear that expense account fraud is not tolerated. Reinforce this with regular communications to employees reminding them that the company does not tolerate fraud in any form and offenders will be prosecuted.

5. Set a Tone at the Top

If the company has rules in place but senior staff aren’t following them, lower-level employees will follow by example and flout the rules, as well. All staff should follow the rules to the letter. Especially while on business trips with lower level employees, senior staff should set a positive example and make a point to follow the rules for business expenses.

Expense account fraud is a persistent problem in business, but it doesn’t have to be a crisis at your company. By using a common sense approach and some key prevention strategies, you can help ensure that your employees know the rules and are less likely to try to take advantage of company expense funds. For assistance in developing and implementing a fraud prevention strategy, contact us today or get a FREE QUOTE now!

 

Let’s Talk!

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

 

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Ethical code of conduct: What should be covered?

Business leaders are usually quick to communicate their expectations to employees, especially when it comes to financial goals or tasks that they want to be accomplished. However, what is often lacking is a clear, concise explanation of what the organisation expects in terms of ethical behaviour. The recent article “Puffery or Not? Courts Examine Corporate Codes of Conduct” explains that although a number of federal courts have found code of conduct statements to be non-actionable puffery, given the uncertainty in the face of the novel CODIV19 pandemic, public companies are ought to review their codes of conduct and revise them if necessary to mitigate litigation risk. Ethical code of conduct:

Does your organisation have an ethical code of conduct? If not, you might be making assumptions that your employees know to conduct themselves in an ethical manner, when, in fact, this expectation only exists in a grey area in their minds – if at all. In fact, some employees who have engaged in fraud, corruption or other unethical situations have claimed that while they knew their behaviour was wrong, they thought it was implicitly accepted by their bosses and, in some cases, their company overall.

Rather than assume that ethical rules “go without saying,” every organisation should spell out what they expect of their employees when it comes to ethical behaviour. At CRI Group, we counsel business leaders on the principle that every organisation should have a written, carefully considered ethical code of conduct as part of their fraud prevention strategy. CRI’s Certification program through the ABAC Center of Excellence includes developing an ethical code of conduct as part of the training and development phase for clients.

What should be covered?

An ethical code of conduct should be tailored to your company and your organisation – no two will be the same. What are the risks inherent in your organisation? What about in your industry? A pharmaceutical company will have some different risk areas than a retail store, for example. A nonprofit organisation might have concerns that relate to fundraising, a government agency might be focused on preventing bribery or collusion.

The goal of an ethical code of conduct is to help all employees understand the expectation that they always behave in a legal and ethical manner, and that the organisation has zero tolerance for unethical behaviour. It should include the following focal points:

1. Business values

This can include your organisation’s mission and vision and should help set the tone for how the organisation relates to its clients, partners, its own employees and the public at large.

2. Guiding principles

The principles that guide your company include customer satisfaction, financial success and profitability, improvement and growth. Your company might also follow policies of corporate responsibility, such as respect for social and environmental issues, and support of the community and/or nonprofit efforts.

3. Role of leadership

This section of the code of conduct should state that management has clearly endorsed the code and that employees can approach any manager or executive with ethical concerns or complaints.

4. Regulatory and compliance

This section should communicate the organisation’s commitment to meeting all compliance requirements, from OSHA and EPA to Sarbanes-Oxley and Dodd-Frank. This reinforces leadership’s expectation that employees must act diligently and ethically to uphold those standards, as well.

5. Employee responsibility

Every employee, from top to bottom, shares the responsibility toward upholding the ethical standard defined in the code. Contractors and volunteers are also expected to follow the standard of behaviour.  Furthermore, the code should make clear that if the unethical behaviour is detected, turning a blind eye or deciding “it’s not my problem” is unacceptable. That is a breach of the ethical code.

CRI Group can help your organisation with the finer points of drafting and implementing an ethical code of conduct. ABAC Center of Excellence includes this critical piece as a part of any robust fraud, bribery and corruption prevention program.

After the ethical code of conduct is approved by company leadership, it should be read and signed by all employees (with the signed copies kept on file by the organisation). And it should be displayed prominently in the office. Unethical behaviour, including fraud and other corruption, is everyone’s problem, and it must be prevented, detected and reduced. Staying one step ahead of any critical risk to your organisation is part of being an effective business leader.

ISO 37001:2016 Anti-Bribery Management System certification is offered under CRI Group’s ABAC® Centre of Excellence, an independent certification body established for Anti-Bribery Management System training and certification, ISO 37301 Compliance Management Systems and Risk Management System certification. The program will be tailored to your organisation’s needs and requirements. For assistance in developing and implementing a fraud prevention strategy, contact ABAC today or get a FREE QUOTE now!

 

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue Diligence and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

 

Middle East Background Screening: Compliance With Privacy Laws

It’s a fact that some of the most talented and promising job candidates possess the most disturbing pasts. Such deception can lead to a perilous future for an employer. This is the primary reason businesses are strongly advised to conduct background screening investigations before hiring seemingly well-qualified managerial candidates. background screening Privacy Laws Compliance

In every region and jurisdiction in the world, there are different regulations that govern what background screeners can and can’t do in regards to providing pre- and post-employment screening services. The laws in the United States, for example, are not the same as those that affect investigations in the Middle East. The concern over individual privacy and data protection are hot discussion items globally. Companies that engage background screening firms for the Middle East need to make sure those investigators are following all rules and regulations in regards to privacy – or else they might face liability along with the screening provider.

Examples of Privacy Laws in the Middle East

While reputable screening firms in the U.S. comply closely with the Fair Credit Reporting Act to conduct domestic background investigations, foreign investigations are much more complex.

Middle East countries have no prohibitive legislation that governs the employment screening process. At the same time, there is no cooperative legislation and regulation to support background screening services for employee due diligence. However, background screening industry professionals must adhere to strict data protection requirements (such as the GDPR, local Data Protection regimes specifically DIFC Data Protection, ADGM Data Protection and QFC Data Protection regulations) to process consensually based personal information.

In UAE, local police departments provide “Good Conduct Certificates” for employees for immigration purposes, while Dubai International Financial Centre (DIFC) Data Protection standards allow for the processing of sensitive personal information, such as criminal history, with signed consent from the data subject for employee due diligence requirements.

In the United Arab Emirates, data protection laws permit investigators to process sensitive personal information such as criminal history data. As a DIFC-licensed entity, the Corporate Research and Investigations Limited “CRI Group” (as well as other reputable background screening firms) must maintain strict adherence to the region’s Data Protection Law in order to fulfil our ongoing DIFC licensed status. As in the United States, the procurement of personal data in this region – and any subsequent transfer of data outside of the DIFC – may only be attained with the written consent of the individual being investigated.

Reputable screening firms in the Middle East will also comply with regional privacy laws (such as the GDPR) by appointing an internal Data Protection Officer (DPO) whose primary responsibility is to conduct independent audits of the firm’s various information processing operations which handle customer and employee data.  The DPO ensures that personal data is handled in accordance with all relevant data protection provisions covering online and offline data procurement while complying with local and regional regulations pertaining to individual privacy standards.

The Urgent Need for Background Checks

While all guidelines and regulations must be followed, the absolute need for comprehensive background screening in the Middle East cannot be disputed. The region has a labor force of over 150 million individuals serving in all capacities and industries (World Bank, 2019). Those statistics can be quickly put into context when considering that deception in the employment process, such as résumé fraud, is believed to be rampant and widespread: One report estimates that 80 percent of all job applicants intentionally mislead potential employers on their résumé or application (Security, 2017).

Case Study

To help understand the problem, consider this case study: An international company was hiring to fill a position in the Middle East. When they engaged a firm that specialises in pre- and post-employment background screening, the firm’s investigators uncovered disturbing details about an applicant. One of the individual’s previous employers reported that the applicant was hired without any prior experience, was trained for a couple of months, and then terminated due to committing cash embezzlement as well as participating in harassment and workplace violence. A second employment verification revealed his termination, as he caused a financial loss to the company.

In the above example, the background checking company uncovered the deception through comprehensive background screening that went beyond basic database checks and reviews of public records. In the Middle East, background investigations – both for pre- and post-employment screening – often require a “boots on the ground” approach. This can mean conducting much of an investigation literally on foot, travelling to remote regions to interview sources and check documents in person. And, the entire investigation was conducted within all privacy laws and regulations.

Some job candidates will seek an advantage through fraudulent means. The hidden truth might even include criminal behavior. It is important for any organisation to verify information provided by individuals they seek to hire. In the Middle East, this process will often look different than it would in the U.S. By following all local laws and regulations, however, a reputable background check firm will be helping to protect your company – while also safeguarding your future.

Let’s Talk!

If you have any further questions or interest in implementing compliance solutions, please contact us.

About the Author

Zafar Anjum | Group Chief Executive, CRI Group

Anjum is founder and CEO of CRI Group and ABAC Center of Excellence. Having dedicated three decades to the areas of fraud prevention, protective integrity, security, compliance, anti-bribery and anti-corruption, Zafar Anjum is a highly respected professional in his field.

Middle East corruption: how can ISO 37001 help?

Political and governmental unrest can affect a region’s economy and the integrity of business transactions. The current state of the Middle East exemplifies this phenomenon. While governments in the region are making efforts to curb corruption, political instability and regime changes often undermine these measures. Bad actors understand how to take advantage of such vulnerabilities, leading to increased bribery and corruption across international borders. Recent cases and statistics show that the problem persists in most countries in the region. Against this backdrop, most government officials and private sector business leaders view it as a high priority to reduce bribery and corruption. One of the problems, however, is that some dishonest politicians use supposed anti-corruption efforts as a tool against political enemies. This makes clear that the best approach is for government agencies and businesses themselves to lead from the front. By adopting an internationally recognised set of anti-bribery anti-corruption standards, increased business integrity will result. Organisations that are committed this effort are adopting the ISO 37001 – Anti-Bribery Management Systems standard as a comprehensive approach to mitigating bribery and corruption risk. ISO 37001 and its elements can be tailored to any type of organisation, of any size. The key elements include adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates. ISO 37001 also calls for implementing financial and commercial controls, and instituting reporting and investigation procedures.

 

Corruption a Major Challenge in the Middle East

The Middle East lags behind several other regions when it comes to bribery and corruption. Even as these elements are on a slight decrease globally, the Transparency International Corruption Perceptions Index shows the troubled state of the Middle East and North Africa. “The Corruption Perceptions Index 2018 presents a grim reality in the Middle East and Northern Africa where, despite some incremental progress by a select few, most countries are failing in the fight against corruption”. Syria, Yemen and Libya are at the bottom (worst) end of the list. There are some bright spots, though. United Arab Emirates (UAE) and Qatar, both countries that have taken strong stances on fraud and corruption, score the highest for the Middle East. Morocco and Egypt showed some improvement. Overall, however, the political instability in the region has created a tumultuous business environment. According to the article: “In many Arab governments, powerful individuals have actively influenced government policies and diverted public funds and state assets for their own self-interest and enrichment at the expense of citizens. This reduces anti-corruption efforts to merely ink on paper, where laws pass, but are rarely enforced or implemented.”

This is underscored by limits and obstacles that corruption throws up in the way of those looking to enact real change. “Across much of the developing world, the corruption of courts and other government institutions threatens the free flow of goods and capital that promotes economic growth. Left unaddressed, such threats can lead to heightened tensions among nations and even outright trade wars. Diplomats operate under constraints that limit how much they can call out international bad actors who violate the rule of law. That’s why the role of outside watchdogs is so important in promoting the Rule of Law and holding nations to the standards of fairness and impartiality they claim to meet,” writes National Review.

 

Iran: Power Structures Hamper Progress

One country that exemplifies the Middle East difficulties with corruption is Iran. The problem is described by one analyst as “deeply rooted,” and even recognised by the country’s conservative rulers. In such a political structure as Iran’s, a campaign to combat “systemic corruption” is often seen as the lens of political reprisals against rivals. “In autocratic systems, every now and then, a campaign emerges under the banner of fighting corruption. The main reason is to buy legitimacy for the system. During the last years of the rule of the former Shah of Iran, in an attempt to tame the revolution, such a campaign led to the arrest of several prominent political figures, including Amir-Abbas Hoveyda, who served for 13 years as prime minister”.

“While the same impetus could be behind the current move by Raisi, there is strong speculation in Iran that the move also, and more importantly, aims to shape a consensus within the country to accept Raisi’s giant leap towards assuming the leadership of the country after Khamenei’s death”.

While there has been some concern that the corruption crackdown is a cover for prosecuting reformers, some disagree – positing that it depends more on which party is leading the effort. “Corruption in Iran is linked to political power. Therefore, whichever of Iran’s two main political factions—fundamentalist or moderate-reformist—takes over the executive branch, corruption among the members of that faction increases. At the end of former President Mahmoud Ahmadinejad’s term in office, for instance, his first vice president, Mohammad-Reza Rahimi, and his Vice President for Executive Affairs, Hamid Baghaei, were imprisoned for economic corruption and embezzlement. Such corruption reached an all-time high during his tenure in office”. In any case, it’s clear that most observers aren’t convinced that the country’s anti-corruption campaign is to be taken at face-value – yet.

 

Bribery Cases Exposed in UAE

Two bribery cases demonstrate some common characteristics among such schemes. While both of these instances were uncovered (and prosecuted) in the UAE, they are likely typical for the Middle East region and beyond.

In 2018, an Emirates Post revenue officer was sentenced to prison after being convicted of attempted bribery. The officer solicited a Dh100,000 bribe from a corporate customer. He was in a unique position to attempt the crime, as his duties included collecting and auditing profits for the Emirates Post office in Dubai. The Jordanian revenue officer, 28, collected and audited profits, among other duties, on behalf of Emirates Post office in Dubai. The offender perpetrated the scheme by leveraging fines on a shipping company based in India for supposed postal fee violations. The alleged fine, according to the revenue officer, totaled Dh2.4 million, and he attempted to negotiate a scheme with the client to have the fine reduced to Dh400,000 – in exchange for the Dh100,000 bribe. Instead of paying, the client wisely contacted the police. In a sting operation, the client was fitted with a listening device, and met and paid the bribe – under coordination of the police. As a result, the revenue officer was arrested, and subsequently convicted.

In another case, two Asian residents of UAE were sentenced to three years and one year in jail for giving and accepting a bribe. They were also fined Dh5,000. One of the perpetrators was a government officer. The first defendant, a trader, offered a bribe of Dh900 to the government officer, who works as a customs clearance staff member with the Saqr Port in Ras Al Khaimah. The goal was to ship two containers full of scrap iron out of the UAE without paying taxes or undergoing an inspection. When they were caught, the trader who gave the bribe claimed that it was just a loan, and that he had already paid “over DH50,000 in taxes and charges”. The other defendant (the customs officer) agreed, but the court did not accept their explanation. Both defendants will be deported to their home countries after serving their prison sentences. These types of cases are typical among positions of access, and can happen in any jurisdiction. They exemplify the problem that government agencies and companies alike are trying to reduce and prevent.

 

‘Relationship Building’ v. Bribery

To some degree, the same problems that plague the Middle East are endemic around the world. Among them, the dilemma of misunderstanding in terms of what constitutes bribery. In nearly all cultures, relationship building is considered an essential part of doing business. Often, business associates consist of numerous friends or even family members. When that is the case, there can be a slippery scale in terms of what is merely a favor or a gift, versus what constitutes bribery or corruption. The Foreign Corrupt Practices Act (FCPA) can provide some guidelines here. A case involving Bank of New York Mellon is instructive. “On 18 August 2015, Bank of New York Mellon (“BNYM”) consented to a Securities and Exchange Commission (“SEC”) Order requiring BNYM to pay $14.8 million to settle charges that it violated the FCPA by providing student internships to family members of foreign government officials affiliated with a Middle Eastern Sovereign Wealth Fund (“SWF”). All parties involved, except BNYM, have been anonymised in the Order so that the nationality of the foreign public officials and the SWF is publicly unknown beyond being described as ‘Middle Eastern’.

“The BNYM internships were given to three people: the son and nephew of one key figure of the SWF and the son of another. The internships were given despite the facts that the interns did not meet the rigorous selection criteria usually applied by BNYM and did not go through the standard (or any) recruitment process before being awarded the internships. In addition, these internships were found by the SEC to be more valuable than those offered to the regular applicants, who had endured the competitive admissions process against strict entry requirements. For example, rotation between business units was arranged, which is not an opportunity afforded to regular interns.”

“Emails between BNYM employees clearly demonstrate that the motivation behind the favour to the foreign officials was to influence the latter’s decision-making in the interests of BNYM. There can be no doubt that this was bribery in action – the BNYM employees expected to retain and gain business from the foreign officials in return for offering their relatives valuable internships to which they would not otherwise have had access”.

The case clearly describes what could be considered a “gray area” compared to some of the more extreme realities of bribery and corruption. One study of the Middle East and North Africa in 2016 suggested that people felt the need to bribe officials for basic services. “About 30 percent of those polled said that they had to access basic public services by bribing officials. If that figure holds across the entire MENA region, that would mean that about 50 million people, the majority of whom are poor, feel they must pay bribes in order to have access to basic public services. In five countries, the rich reported being far less likely to have to pay a bribe: 63 percent of poor Sudanese citizens versus 38 percent of wealthy ones, for example, and 23 percent versus 12 percent, respectively, in Algeria”.

 

ISO 37001:2016 to Combat Bribery & Corruption

Corruption certainly isn’t exclusively a Middle Eastern problem. Organisations around the world are taking action to reduce risk. They’ve found the structure and process they need in ISO 37001. ISO 37001 was issued by the International Organization for Standardization (ISO) in 2016 to help organisations worldwide increase and measure their efforts against bribery and corruption. Through ISO 37001 ABMS, organisations can implement standards at every level. These measures include adopting an anti-bribery policy and appointing a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates. It’s also critical that the organisation implement financial and commercial controls, along with reporting procedures and investigation processes.

CRI Group founded ABAC® (Anti-Bribery and Anti-Corruption) Center of Excellence to help organisations of all types and industries implement ISO 37001 certification and/or training. ABAC® has a team of experts around the world that include certified ethics and compliance professionals, financial and corporate investigators, forensic analysts, certified fraud examiners, qualified auditors, and accountants. They are trained and experienced in the implementation of ISO 37001’s key elements, helping clients more effectively prevent bribery and corruption. ABAC Certification is an accredited provider of ISO 37001 ABMS, and it provides certification and training for organisations of various types and industries.

There are requirements and guidance that the ISO 37001 standard prescribes for a comprehensive anti-bribery management system. The following bribery elements are addressed by ISO 37001 in relation to the organisation’s business processes and activities:

  • Bribery in the public, private and not-for-profit sectors
  • Bribery by the organisation
  • Bribery by the organisation’s personnel acting on the organisation’s behalf or for its benefit
  • Bribery by the organisation’s business associates acting on the organisation’s behalf or for its benefit
  • Bribery of the organisation
  • Bribery of the organisation’s personnel in relation to the organisation’s activities
  • Bribery of the organisation’s business associates in relation to the organisation’s activities
  • Direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party)

Government organisations and companies can reduce the risk of bribery through ISO 37001’s best practices for anti-bribery and anti-corruption. The following are just a few of the ways ISO 37001 helps accomplish this goal:

  • Provide needed tools to prevent bribery and mitigate related risks
  • Help an organisation create new and better business partnerships with entities that recognise ISO 37001 certified status, including supply chain manufacturing, joint ventures, pending acquisitions and co-marketing alliances
  • Potentially reduce corporate insurance premiums
  • Provide customers, stakeholders, employees and partners with confidence in the entity’s business operations and ethics
  • Provide a competitive edge over non-certified organisations the organisation’s industry or niche
  • Provide acceptable evidence to prosecutors or courts that the organisation has taken reasonable steps to prevent bribery and corruption

It is important to note that “Conformity with (ISO 37001) cannot provide assurance that no bribery has occurred or will occur in relation to the organisation, as it is not possible to completely eliminate the risk of bribery”, according to ISO.  The certification is potentially an important piece of evidence, however, that shows regulators, prosecutors, and the courts that the organisation has taken meaningful action to prevent bribery and corruption.

 

Conclusion

All is not lost. Some Middle Eastern countries, like the United Arab Emirates, have made a commitment and continue to demonstrate positive strides toward combating corruption. UAE has expanded its laws, broadened the definitions of what is considered bribery and corruption, and increased punishments. But the country is largely an outlier in a region that is struggling under the weight of instability and corruption.

In this type of environment, both government organisations and the businesses they serve (and regulate) need ISO 37001. The sooner organisations implement the comprehensive measures prescribed by ISO 37001, the calmer the seas will be for international trade, business agreements and mergers, acquisitions and other positive elements of economic growth.

An established standard like ISO 37001 ABMS can help organisations address bribery and corruption through implementing best practices in a program of training and certification. While following the curriculum, the training process can easily be tailored to the organisation based on its size, type, industry or risk level. Bribery and corruption are pervasive problems that won’t be solved overnight. It will take a concerted effort by all major players in the region to make positive strides and reduce risk factors. ISO 37001 provides a blueprint for making those changes. Twenty or thirty years ago, organisations were mostly on their own went it came to developing an anti-corruption strategy. Today, there is a tried-and-true path forward. Committing to it is the first step toward making real progress in the Middle East.

 

Sources

  1. “Middle East & North Africa: Corruption Continues As Institutions And Political Rights Weaken,” Transparency International, 29 Jan. 2019,

< https://www.transparency.org/news/feature/regional-analysis-MENA> (accessed 25 Oct. 2019)

  1. John Fund, “Cleaning Up Corruption Is a Key to Middle East Stability,” National Review, 23 October 2019,

<https://www.nationalreview.com/corner/cleaning-up-corruption-is-a-key-to-middle-east-stability/> (accessed 25 Oct. 2019)  OECD, The rationale for fighting corruption. 2014

  1. Shahir Shahidsaless, “Iran’s conservatives are saying it: Corruption is ‘systemic’”, Middle East Eye, 7 Oct. 2019,

<https://www.middleeasteye.net/opinion/whats-behind-irans-crackdown-corruption> (accessed 25 Oct. 2019)

  1. Jalil Bayat, “Iran’s Goals In The Fight Against Economic Corruption,” Lobe Log, 18 Oct. 2019,

<https://lobelog.com/irans-goals-in-the-fight-against-economic-corruption/> (accessed 25 Oct. 2019)

  1. Salam Al Amir, “Emirates Post worker jailed for seeking Dh100k bribe from customer”, The National, 31 Oct. 2018,

< https://www.thenational.ae/uae/emirates-post-worker-jailed-for-seeking-dh100k-bribe-from-customer-1.786526> (accessed 10 Nov. 2019)

  1. Ahmed Sheeban, “Government officer jailed for accepting Dh900 bribe in UAE”, Khaleej Times, 13 April 2019,

< https://www.khaleejtimes.com/nation/ras-al-khaimah/government-officer-jailed-for-accepting-dh900-bribe-in-uae> (accessed 10 Nov. 2019)

  1. Andrew Hudson, “Middle East meets West: Where is the line between relationship-building and bribery?,” Al Tamimi 7 Co., September 2015,

< https://www.tamimi.com/law-update-articles/middle-east-meets-west-where-is-the-line-between-relationship-building-and-bribery/> (accessed 25 Oct. 2019)

  1. Ben Thompson, “Bribery worsening in the Middle East and North Africa, citizens say,” CSM, 3 May 2016,

< https://www.csmonitor.com/World/Global-News/2016/0503/Bribery-worsening-in-the-Middle-East-and-North-Africa-citizens-say> (accessed 25 Oct. 2019)

  1. “ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMS — REQUIREMENTS WITH GUIDANCE FOR USE”, www.ISO.org,

< https://www.iso.org/standard/65034.html > (accessed 5 Aug. 2019)

  1. Adam Vause, Zara Merali, “The UAE’s fight against bribery and corruption,” DLA Piper, 16 July 2019,

< https://www.dlapiper.com/en/dubai/insights/publications/2019/07/the-uaes-fight-against-bribery-and-corruption/> (accessed 25 Oct. 2019)