Fraud prevention is one of the key policies that can aid an organisation in safeguarding itself against reprimands of the matter. One of the greatest encounters a fraud auditor can confront is the mission of persuading management that the peril of fraud is in existence across all aspects of corporate culture – regardless of whether it is from internal factors or external factors. Sadly, fraud cannot ever be eradicated from the corporation wholly as collusion is adept in continually conquering routine organisational regulations.
The objective of a Fraud Prevention Strategy is to identify a high-level proposal on how an organisation should go about implementing its fraud prevention policy in the presence of its internal and external influences. The strategy forms the most important part of the fraud deterrence strategy thus the policy an organisation chooses to implement must be necessitated be straightforward and pragmatic.
Combatting fraud requires a distinct and refreshing methodology that entails including all three facets of the fraud cycle:
Preferably, with the fraud cycle in mind, every enterprise ought to put together a distinctly specified fraud prevention strategy that integrates the following:
VIEW OUR SOLUTIONS HERE or DOWNLOAD THE BROCHURE
Whistle-blowing policy:
Identify the risks:
Implement effective controls:
Increase awareness of the risks:
Plan for the worst:
Want to know more about recruiting the right people for your organisation? Visit our page on Background Screening services or view the brochure below.
BACKGROUND SCREENING SOLUTIONS or DOWNLOAD THE BROCHURE
It is easy to infer that fraud can leak into all aspects of corporate culture and can destroy an organisation from within. Despite this issue, several organisations opt not to implement a fraud prevention strategy – it is primarily implied that this is ascribed to the absence of knowledge circulating on the benefits of such a strategy. However, the rewards reaped from this type of policy is beneficial to corporations in the long run and can reap rewards such as:
All in all, the process of preventing fraud can be an extensive one but one that’s benefits outweighs the onerous course. If you still have any questions surrounding fraud prevention, why not get in touch with CRI? Our experts have years of experience and have been trained to provide your business with bespoke advice fit for your organisations’ needs. Don’t hesitate, prevent fraud in your workplace today.
Who is CRI Group?
Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
The British Standards Institution (BSI) has recently revised the British Standard for Security Screening of Security Personnel (BS7858:2004). The new code of practice BS7858:2019 came into effect at the end of September 2020, substituting the revoked BS7858:2012 revised standard, which was rescinded on the 31st March 2020. The BS7858 standard has become progressively more crucial when it comes to the protection of individuals, goods & services, estate, and personal data. The BS7858 safeguards such elements by guaranteeing that the veracity of the person authorised to access such sensitive data is certified and retains as such.
There is a lot of misrepresentation circulating regarding the changes to BS7858 Standard which CRI Group, as the only company in the Middle East and Asian region with an implemented BS 7858:2019 standard and BS 102000:2018 code of practice for investigative services and ISO27001 (Information Security Management System) certification, want to help clean up.
It is no secret that confidence is key when it comes to the mass of decision ruling. Instilling confidence in its personnel is critical for all organisations and their triumph, particularly when said personnel oversees susceptible individuals, valuable resources or data protection. Organisations have to be able to guarantee that their security personnel have been subordinate to the best meticulous screening process. This ensures pleased clients, as well as pleased personnel as the foundation to a fortunate and reliable organisation, begins from within. The BS7585 aids organisations to avoid scandals such as:
The revised BS7858 has been made clear that the responsibility and accountability for the security and effectiveness of the vetting process rest with the organisation itself and leading management. The BS7858:2019 connects with the move we have seen worldwide to corporate social responsibility and compliance and follows that trend. Other occurrences of the movement consist of instances such as the GDPR (April 2016) and the FCA (Dec 2020) which both expect leading management to be practical in their approach to compliance.
As a significant volume of data requires authentication in a screening process, several organisations may find executing an employee screening and vetting process to be highly complex. Additionally, the degree of evaluation of the applicant’s provisional data must be carried out effectively as well as promptly and include specific checks, such as credit checks or checks against the Financial Services Register.
In antithesis to common acceptance, the BS7858-compliant vetting checks do not need to include DBS checks. This is due to the fact that the Security Industry Authority (SIA) oversees these criminal record checks as part of an individual’s registration process. Nevertheless, they do continue to be a measure of best practice, and the revised Standard firmly contends in its favour. See 7.3.2 (c) and 7.7. (j) in the 7858 Standard. Organisations can also refer to the SIA’s ‘Get Licensed’ handbook which asserts that when an operative is in connection with children or susceptible adults, the Standard or an alternate heightened degree of admission should be deemed essential.
7.4 (c) of the BS7858 Standard comprises the compulsory requirement to examine a variety of international watchlists, sanctions and fraud databases. Hitherto to this, the Standard simply asked the examining of the HMG sanctions list.
Personnel social media posts could generate problems for organisations that are operational in protected and regulated conditions; BSI has updated the BS7858 Standard to consider this matter. The BS7858:2019 Standard urges organisations to complete social media screening pre and post-employment.
Searching for supplementary data utilizing best practice social media and additional open-source internet checks can support your organisation with superior perceptions and decrease your employee risk.
For extra assistance on social media and further knowledge on the perils of social media within your organisation, please see our article and free playbook on “Risks of Cybercrime & Social Media“. A complete Guide on How to Protect Your Organisation and Team!
It is clear to see that the BS7858 standard is crucial for employment in not only the security region but each region of employment; pre-employment screening expending the updated BS7858 standards promises that each member of the public, from manual labourers to office workers, can maintain life in a safe environment.
If the new standard still feels a little daunting to you, why not consider booking a free 30-minute consultation with one of our experts here at CRI Group? Our specialists have years of experience and are qualified to offer your organisation personalised guidance to fit your professional requirements. Don’t hesitate, get in touch today and stay on ahead of the vetting rules and regulations.
Author bio
Zafar I. Anjum, is Group CEO of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, integrity due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London, with offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China and USA, CRI is licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM.
Contact Details
Zafar Anjum, MSc, MS, LLM, CFE, CII, MABI, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC)
CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA, United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com
The British Standards Institution (BSI) has recently revised the British Standard for Security Screening of Security Personnel (BS7858:2004). The new code of practice BS7858:2019 came into effect at the end of September 2020, substituting the revoked BS7858:2012 revised standard, which was rescinded on the 31st March 2020. The BS7858 standard has become progressively more crucial when it comes to the protection of individuals, goods & services, estate, and personal data. The BS7858 safeguards such elements by guaranteeing that the veracity of the person authorised to access such sensitive data is certified and retains as such.
There is a lot of misrepresentation circulating regarding the changes to BS7858 Standard which CRI Group, as the only company in the Middle East and Asian region with an implemented BS 7858:2019 standard and BS 102000:2018 code of practice for investigative services and ISO27001 (Information Security Management System) certification, want to help clean up.
It is no secret that confidence is key when it comes to the mass of decision ruling. Instilling confidence in its personnel is critical for all organisations and their triumph, particularly when said personnel oversees susceptible individuals, valuable resources or data protection. Organisations have to be able to guarantee that their security personnel have been subordinate to the best meticulous screening process. This ensures pleased clients, as well as pleased personnel as the foundation to a fortunate and reliable organisation, begins from within. The BS7585 aids organisations to avoid scandals such as:
The revised BS7858 has been made clear that the responsibility and accountability for the security and effectiveness of the vetting process rest with the organisation itself and leading management. The BS7858:2019 connects with the move we have seen worldwide to corporate social responsibility and compliance and follows that trend. Other occurrences of the movement consist of instances such as the GDPR (April 2016) and the FCA (Dec 2020) which both expect leading management to be practical in their approach to compliance.
As a significant volume of data requires authentication in a screening process, several organisations may find executing an employee screening and vetting process to be highly complex. Additionally, the degree of evaluation of the applicant’s provisional data must be carried out effectively as well as promptly and include specific checks, such as credit checks or checks against the Financial Services Register.
In antithesis to common acceptance, the BS7858-compliant vetting checks do not need to include DBS checks. This is due to the fact that the Security Industry Authority (SIA) oversees these criminal record checks as part of an individual’s registration process. Nevertheless, they do continue to be a measure of best practice, and the revised Standard firmly contends in its favour. See 7.3.2 (c) and 7.7. (j) in the 7858 Standard. Organisations can also refer to the SIA’s ‘Get Licensed’ handbook which asserts that when an operative is in connection with children or susceptible adults, the Standard or an alternate heightened degree of admission should be deemed essential.
7.4 (c) of the BS7858 Standard comprises the compulsory requirement to examine a variety of international watchlists, sanctions and fraud databases. Hitherto to this, the Standard simply asked the examining of the HMG sanctions list.
Personnel social media posts could generate problems for organisations that are operational in protected and regulated conditions; BSI has updated the BS7858 Standard to consider this matter. The BS7858:2019 Standard urges organisations to complete social media screening pre and post-employment.
Searching for supplementary data utilizing best practice social media and additional open-source internet checks can support your organisation with superior perceptions and decrease your employee risk.
For extra assistance on social media and further knowledge on the perils of social media within your organisation, please see our article and free playbook on “Risks of Cybercrime & Social Media“. A complete Guide on How to Protect Your Organisation and Team!
It is clear to see that the BS7858 standard is crucial for employment in not only the security region but each region of employment; pre-employment screening expending the updated BS7858 standards promises that each member of the public, from manual labourers to office workers, can maintain life in a safe environment.
If the new standard still feels a little daunting to you, why not consider booking a free 30-minute consultation with one of our experts here at CRI Group? Our specialists have years of experience and are qualified to offer your organisation personalised guidance to fit your professional requirements. Don’t hesitate, get in touch today and stay on ahead of the vetting rules and regulations.
Author bio
Zafar I. Anjum, is Group CEO of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, integrity due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London, with offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China and USA, CRI is licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM.
Contact Details
Zafar Anjum, MSc, MS, LLM, CFE, CII, MABI, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC)
CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA, United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com
The British Standards Institution (BSI) has recently revised the British Standard for Security Screening of Security Personnel (BS7858:2004). The new code of practice BS7858:2019 came into effect at the end of September 2020, substituting the revoked BS7858:2012 revised standard, which was rescinded on the 31st March 2020. The BS7858 standard has become progressively more crucial when it comes to the protection of individuals, goods & services, estate, and personal data. The BS7858 safeguards such elements by guaranteeing that the veracity of the person authorised to access such sensitive data is certified and retains as such.
There is a lot of misrepresentation circulating regarding the changes to BS7858 Standard which CRI Group, as the only company in the Middle East and Asian region with an implemented BS 7858:2019 standard and BS 102000:2018 code of practice for investigative services and ISO27001 (Information Security Management System) certification, want to help clean up.
It is no secret that confidence is key when it comes to the mass of decision ruling. Instilling confidence in its personnel is critical for all organisations and their triumph, particularly when said personnel oversees susceptible individuals, valuable resources or data protection. Organisations have to be able to guarantee that their security personnel have been subordinate to the best meticulous screening process. This ensures pleased clients, as well as pleased personnel as the foundation to a fortunate and reliable organisation, begins from within. The BS7585 aids organisations to avoid scandals such as:
The revised BS7858 has been made clear that the responsibility and accountability for the security and effectiveness of the vetting process rest with the organisation itself and leading management. The BS7858:2019 connects with the move we have seen worldwide to corporate social responsibility and compliance and follows that trend. Other occurrences of the movement consist of instances such as the GDPR (April 2016) and the FCA (Dec 2020) which both expect leading management to be practical in their approach to compliance.
As a significant volume of data requires authentication in a screening process, several organisations may find executing an employee screening and vetting process to be highly complex. Additionally, the degree of evaluation of the applicant’s provisional data must be carried out effectively as well as promptly and include specific checks, such as credit checks or checks against the Financial Services Register.
In antithesis to common acceptance, the BS7858-compliant vetting checks do not need to include DBS checks. This is due to the fact that the Security Industry Authority (SIA) oversees these criminal record checks as part of an individual’s registration process. Nevertheless, they do continue to be a measure of best practice, and the revised Standard firmly contends in its favour. See 7.3.2 (c) and 7.7. (j) in the 7858 Standard. Organisations can also refer to the SIA’s ‘Get Licensed’ handbook which asserts that when an operative is in connection with children or susceptible adults, the Standard or an alternate heightened degree of admission should be deemed essential.
7.4 (c) of the BS7858 Standard comprises the compulsory requirement to examine a variety of international watchlists, sanctions and fraud databases. Hitherto to this, the Standard simply asked the examining of the HMG sanctions list.
Personnel social media posts could generate problems for organisations that are operational in protected and regulated conditions; BSI has updated the BS7858 Standard to consider this matter. The BS7858:2019 Standard urges organisations to complete social media screening pre and post-employment.
Searching for supplementary data utilizing best practice social media and additional open-source internet checks can support your organisation with superior perceptions and decrease your employee risk.
For extra assistance on social media and further knowledge on the perils of social media within your organisation, please see our article and free playbook on “Risks of Cybercrime & Social Media“. A complete Guide on How to Protect Your Organisation and Team!
It is clear to see that the BS7858 standard is crucial for employment in not only the security region but each region of employment; pre-employment screening expending the updated BS7858 standards promises that each member of the public, from manual labourers to office workers, can maintain life in a safe environment.
If the new standard still feels a little daunting to you, why not consider booking a free 30-minute consultation with one of our experts here at CRI Group? Our specialists have years of experience and are qualified to offer your organisation personalised guidance to fit your professional requirements. Don’t hesitate, get in touch today and stay on ahead of the vetting rules and regulations.
Author bio
Zafar I. Anjum, is Group CEO of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, integrity due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London, with offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China and USA, CRI is licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM.
Contact Details
Zafar Anjum, MSc, MS, LLM, CFE, CII, MABI, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC)
CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA, United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com
How do you manage risk? Managing risk effectively is essential to ensure businesses succeed and thrive in an environment of constant uncertainty. All types and sizes of organisations face internal and external factors that directly impact whether an organisation can achieve their objectives or not. CRI® Group can help you simplify risk management through a wide range of solutions that can be fully customised, regardless of the size, nature, or location of a business.
An organisation can implement risk management across the entire company, and it can do so at any time. Risk management plans, such as ISO 37001 Audit Process, can offer several benefits that make them a worthwhile endeavour for every business. For example, risk management plans help companies to identify the potential risks they may face. Being aware of these risks allows businesses to make plans to avoid specific risks or deal with them when they arise. There are many benefits of implementing a risk management strategy:
This playbook covers everything you need to know about Risk Management; here’s a quick rundown of the playbook structure:
In a risk environment that continues to grow more hazardous and expensive, companies need to consider implementing strategic risk resources throughout their organisation as a means of developing buoyancy and to gain a competitive edge in the market.
If you’re still unsure, why not arrange a free consultation with one of our risk management experts today? CRI Group has worked with clients from all over the globe and ensure that each client receives personalised advice in accordance with their needs.
CRI® offers a wide variety of risk management solutions to meet the needs of different companies. Please contact us today to learn more about the importance of a risk management plan, general risk assessment or to know about our solutions.
Who is CRI® Group?
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. In addition, CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI® Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37001:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
Risk management is a full-time, ongoing endeavour for organisations in today’s business world, and it poses constant challenges. Unfortunately, fraud, bribery and corruption are major factors affecting businesses and agencies of all sizes and industries. Being proactive against these risks can mean the difference between success and ruin. Whatever your reasons or motivations might be, if your organisation’s objective is to have an effective risk assessment management strategy in place. This article discusses the importance of Risk Assessment. There are two important building blocks that form the core of risk management:
Each of these stages can stand on their own – in this article we will go into detail about best practices for identifying risks, how to analyse them in terms of probability and severity, and how they can be evaluated in terms of the company’s risk appetite.
Risk assessment is the overall process of identification, analysis and evaluation of any given risk. It can be a systematic examination of a task, job or process that a risk professional carries out at work for the purpose of identifying significant hazards. For example, the risk of someone being harmed and deciding what further control measures to take to reduce the risk to an acceptable level. The process will vary between organisations, but it should start with identification of hazards, analysis of who and what might be harmed, evaluation of the risk, documentation of the risks, taking action and review. Your organisation should conduct a risk assessment systematically, interactively and collaboratively, drawing on the knowledge and views of stakeholders. It should use the best available information, supplemented by a further inquiry as necessary.
Risk assessment breaks down into:
Business Intelligence (BI) Solutions can help during this stage. BI take many shapes and forms in today’s complex business environment. Budgets are stretched and the challenges facing a business and its employees can sometimes lead to issues that start off small, but then lead to wider spread problems which can affect the very fabric of your organisation and damage both your credibility, reputation and bottom line profits. CRI® Group takes two approaches to BI solutions:
CHECK OUT OUR BI SOLUTIONS or DOWNLOAD BROCHURE
The purpose of risk identification is to find, recognise and describe risks that might help or prevent an organisation achieving its objectives. Relevant, appropriate and up-to-date information is important in identifying risks. The organisation can use a range of techniques for identifying uncertainties that may affect one or more objectives. The following factors, and the relationship between these factors, should be considered:
Your organisation should identify risks, whether or not your sources are under your control. Consideration should be given that there may be more than one type of outcome, which may result in a variety of tangible or intangible consequences.
Risk analysis allows you to understand the nature of risk, its characteristics and level. Because an event can have multiple causes and consequences and can affect multiple objectives a risk analysis should involve a detailed consideration of uncertainties such as risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness.
Risk analysis can be undertaken with varying degrees of detail and complexity, depending on the purpose of the analysis, the availability and reliability of the information, and the resources available. Analysis techniques can be qualitative, quantitative or a combination of both, depending on the circumstances and intended use. Risk analysis should consider factors such as:
A risk analysis is likely to be influenced by a wide range of variables, from any divergence of opinions, biases to perceptions of risk, from judgements, quality of the information used to the assumptions and exclusions made and any limitations of the techniques and how they are executed. These influences should be considered any risk analysis, documented and communicated to any decision-makers involved in the process.
It is important to remember that any highly uncertain event can be difficult to quantify, and this is an issue. If you find yourself in such a situation, using a combination of techniques generally provides greater insight. Risk analysis provides input to risk evaluation, to decisions on whether risk needs to be treated and how, and on the most appropriate risk treatment strategy and methods. The results provide insight for decisions, where choices are being made, and the options involve different types and levels of risk.
Risk evaluation can support your decisions. Risk evaluation involves comparing the results of the risk analysis with the established risk criteria to determine where additional action is required. This can lead to a decision to:
Any decisions should take into account the wider context and the actual and perceived consequences to external and internal stakeholders. The outcome of risk evaluation should be recorded, communicated and then validated at appropriate levels of the organisation.
Well, by law, every employer must conduct risk assessments. Risk assessments should always be carried out by a professional who is familiar to risk, a person who is experienced and competent to do so. Competence can be expressed as a combination of knowledge, awareness, training, and experience. Remember competence does not mean you have to know everything about everything, competence also means knowing when you know enough or when you should call in further expert help.
But we all like to think that all of our employees will be trustworthy, but this is not always the case. There have been many instances in which an employee has been dishonest about their job history, qualifications or even criminal history. A dishonest employee could be unqualified for the position, possibly endangering others on the job. Or they might be a fraud risk, willing to bend the truth in other ways in order to enrich or advance themselves on your dime. No organisation can afford to have employees or staff who aren’t what they claim to be. Even a seemingly innocent embellishment can indicate more background problems under the surface, and the potential for future problems down the road so remember, trust your employees but, verify them too.
CHECK OUT OUR EMPLOYEE BACKGROUND SCREENING SOLUTIONS or DOWNLOAD BROCHURE
While the team at CRI® do not deliver any training or certification on ISO 31000, our partner ABAC® Center of Excellence do. ISO 31000 can provide the principles, framework and a process for managing risk. ISO 31000 is not a certifiable standard; the standard is a set of guidelines which provide guidance for internal or external audit programmes. However we recommend taking ISO 31000 Awareness training, this will enable you to fully understand Risk Management activities and mitigate risk.
ISO 31000 was developed by hundreds of experts in risk mitigation, from thirty countries. This international effort produced a standard that is worldwide and represents best practices and leading operations for risk management. Organisations can trust that they are following a tested, robust standard to increase success. The standard converts risk management into a set of “friendly” and actionable – and straightforward to implement – guidelines, regardless of the size, nature, or location of a business.
The training helps establish an ethical culture by educating your personnel on the following:
The ISO certifications helps us at ABAC® to provide appropriate anti-bribery training to personnel across various industries. This standard helps to assess bribery risks, perform the appropriate due diligence required for your business and to take reasonable and proportionate steps to ensure that controlled organizations and business associates have implemented appropriate anti-bribery controls.
> Find out more about ISO 31000 Risk Management and other standards now!
While CRI® may not offer the ISO certification, we do offer other services. We specialise in solutions regarding compliance, working as trusted partners to businesses and institutions across the globe. Our experts work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates. CRI’s unique identity and vision evolved from our fundamental desire to support our clients and their candidates, thus creating the DueDiligence360™.
The DueDiligence360TM reports to help organisations comply with anti-money laundering, anti-bribery, and anti-corruption regulations. This service also proves beneficial ahead of a merger, acquisition, or joint venture as it can be used for a third-party risk assessment, onboarding decision-making, and identifying beneficial ownership structures. Identifying key risk issues clearly and concisely helps enhance your knowledge and understanding of the customer, supplier, and third-party risk, helping you avoid those involved with financial crime.
Why not consider our background investigative solutions? Employee Background Checks can aid in reducing the risk of hiring an employee who does not live up to their supposed skill set and could cause irrevocable damage. Firms spend years, thousands, even millions to brand their products and services – it only takes one bad hire to cause loss of capital and reputation. It can go as far as bringing a business to fail – especially if the employee holds malice towards the organisation. EmploySmart™ is CRI’s own solution aiming to expose vulnerabilities and threats within your organisation. Much like the ISO certification, our EmploySmart™ is a risk management measure which can be used to significantly reduce business and financial crime, fraud and malpractice within your workplace.
Our solutions are also certified by the British Standard Institute BSI for the scope of BS 7858:2019 Screening of individuals working in a secure environment, Code of practice (the only BS 7858 certified background screening services provider in the UAE and across the Middle East); and BS 102000:2018 Code of practice for the provision of investigative services.
Another risk management solution to consider from CRI® is our Third-Party Risk Management solution (TPRM), also known as 3PRM™. In wake of the global pandemic, the 3PRM™ was developed in a bid to aid organisations to accurately determine the legal compliance, financial viability, and integrity levels of external parties, vendors, and customers who seek to be affiliated with and represent the business.
The 3PRM-Certified™ program consists of gap analysis and investigative due diligence on the targeted above parties. This highly thorough program reveals anti-corruption, compliance and risk management discrepancies associated with the international regulatory framework helping your business to flourish at any scale. Find out more about CRI Group’s Solutions here.
If you’re unsure of what solution may be best for you and your business, how about connecting with one of our experts for a free consultation? Receive tailored advice from the top analysts and investigators across the globe.
Based in London, CRI® works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI® also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI® launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
There is no “one-size-fits-all” method to the ISO 37001 Audit Process to achieve the anti-bribery management systems certification
There’s been much discussion surrounding ISO 37001:2016 Anti-Bribery Management Systems and the ways that attaining certification to the standard can enhance an organisation’s existing anti-corruption compliance program.
The ISO 37001:2016 standard specifies a series of measures and controls to help organisations prevent, detect and address bribery. These measures include adopting an anti-bribery policy, appointing an individual to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates, implementing financial and commercial controls, and instituting reporting, investigation and monitoring procedures.
CRI Group’s ABAC will be hosting a paid webinar on the 30th of September exploring the Pitfalls Most Organisations Often Commit – the importance of implementing Anti-Bribery Management System (ABMS). Being a part of the solution means being able to share our expert knowledge on what would be best for your organisation.
Our webinar will have a rundown of the following:
Certification of compliance with the standard is based on an impartial, independent third-party review, assessment and audit of the organisation’s anti-bribery management system and the versatility, effectiveness and proactive nature of said system.
The compliance audit itself has too often been referred to as a “one-size-fits-all” or “check-the-box” subjective process, which couldn’t be further from the truth. Proper certification to the standard requires a substantial amount of preparation and self-assessment beforehand; a highly involved review, interview and audit process (often involving a sampling of affiliated or regional offices); and an evaluation and monitoring phase which is annually conducted over the three-year certification cycle.
Let’s take a brief look at the audit process and examine why large multi-national companies such as Walmart, Microsoft, Alstom and a host of others have weighed the costs and benefits, and subsequently committed to attaining ISO 37001:2016 certification.
The ABMS audit is a diligent approach that links auditing activity to an organisation’s overall risk management framework, providing assurance to top management that risk management processes are effectively addressing all bribery risks throughout the organisation and its operations.
It should be noted that the certification audit isn’t solely structured on a review of paper-based controls. As you’ll read below, the process assesses the organisation’s overarching stance on anti-bribery and how that stance is conveyed — tangibly and intangibly — from the board of directors right down to lower-level staff members.
Employing interviews, policy reviews, sampling, due diligence and testing of methods and techniques, the audit will produce sufficient evidence of a sound anti-bribery management system, while spotlighting specific areas of risk that demand attention and subsequent improvement to adhere to the standard.
First and foremost, ISO 37001:2016 auditors must be specifically certified and credentialed in order to lead and conduct such audits. Auditors are guided by the requirements of ISO 17021-9 to conduct an ABMS assessment. To attain this status, auditors must undergo intensive training to fully comprehend the concepts and principles behind the various ISO management systems compliance, and the corresponding specifications and auditing techniques associated with those ISO guidelines. From that training, auditors will gain the necessary knowledge and skills to effectively plan and perform related audits.
Further — and just as vital — auditing professionals must possess considerable experience in the areas of anti-bribery and anti-corruption, and have deep-seated knowledge of the industry sectors and the respective geographic regions (with a familiarity of the legal jurisdictions) served by the organisation being certified.
And finally, the ISO 37001:2016 auditor must be qualified to serve as a helpful, non-confrontational advocate during the entire audit process, expertly guiding the organisation through the process with the shared goal of achieving outcomes that will ultimately fortify the organisation’s commitment to battling instances of bribery in the global marketplace.
The process, which adheres closely to ISO 19011 requirements, begins well in advance of the on-site visit, with the auditor conducting a thorough analysis of news, social media and other public domain information pertaining to the organisation. This outside review oftentimes helps the auditor determine the organisation’s perceived “culture of compliance” prior to initiating the audit.
The audit process itself is a critical assessment of a number of crucial elements that are required by the ISO 37001:2016 standard, and a determination of how the overall policy is represented by the various roles and responsibilities throughout the organisation. The process entails:
And throughout the various processes of observation, document review, sampling, interviews, technical verification and evaluation, the audit team is constantly meeting and communicating through the proper channels to assist the organisation in identifying risks and improving its processes and procedures.
The audit process can take weeks or months to complete, and needless to say, this process varies widely between organisations, industry sectors and geographic regions.
Post-audit, the team convenes an oversight board comprised of anti-bribery experts to review the audit reports and findings, and makes recommendations to both the organisation and the certification committee.
The ensuing documentation covers a host of topics, including risk areas (by project, personnel group, and geographic region), training recommendations, investigative techniques, reporting processes, and other areas of improvement.
The certification process doesn’t end after the initial audit phase. Certification to the standard requires verification of continuous improvement and confirmation of how outcomes are implemented, documented, monitored and assessed over time. To achieve this, the audit team will conduct annual surveillance audits of the organisation’s anti-bribery system over the three-year certification cycle. Surveillance audits verify the organisation’s continued adherence to the standard, evaluate any prescribed corrective action plans, and review what the organisation is doing to improve its anti-bribery management systems.
Certification in ISO 37001:2016 symbolises an organisation’s unrelenting commitment to fight corruption and pursue best practices in an ongoing quest for compliance to the widely-accepted anti-bribery standards. And the in-depth process involved in achieving certification to the standard — together with the counsel, risk assessment, and improvement recommendations that result from the audit — can make the certification process well worth the investment.
This paid webinar will be running from the following times on Thursday the 30th of September;
Your turnout with come with a certificate of Attendance (COA) as well as a complimentary webinar ABMS Awareness for 2 Pax per company. While you’re there, why not attain a Continuing Professional Development (CPD) certificate and stay on top of your industry?
Register your place for this webinar here and find out how to tackle the issue of bribery and corruption in your workplace before it has time to manifest itself into a greater issue. Finance is the greatest asset to the economy after all.
Who is CRI Group?
Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
ABOUT THE AUTHOR
Zafar I. Anjum, is Group Chief Executive Officer of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, Canada, Latin America and the United Kingdom.
CONTACT INFORMATION
Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group Chief Executive Officer
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@CRIGroup.com
When Société Générale, a global financial services institution based in France, agreed to pay a combined total penalty of more than $860 million for an alleged bribery and corruption scheme, it served as a warning shot to financial firms worldwide that a culture of enforcement has arrived. Société Générale was accused of paying bribes to officials in Libya and committing violations in manipulating the London InterBank Offered Rate (LIBOR), one of the world’s leading benchmark interest rates. Together with other regulatory penalties faced by the financial services giant, the total amount to be paid exceeds $1 billion. (The United States Department of Justice, 2018)
Bribery and corruption often go together with money laundering – and, as such, the financial sector faces new Anti-Money Laundering (AML) rules and legislation that is strict and increasingly enforced. Remaining in compliance through implementing proper prevention controls is a must. Failing to do so can mean a loss of business, trust and reputation: Banking giant Citibank was fined $70 million in the US for failing to address shortcomings in its anti-money laundering policies. We at CRI intend on being apart of the solution. Therefore, CRI Group’s ABAC will be hosting a webinar on the 30th of September exploring the Pitfalls Most Organisations Often Commit – the importance of implementing Anti-Bribery Management System (ABMS). Being a part of the solution means sharing our knowledge so society is one step closer to an ethical reality.
In the US alone, more than 100 bribery investigations were in progress at the end of last year, with the financial services industry facing the most investigations. (Wall Street Journal, 2019)
Having layers of safeguards in place is required both from a legal and compliance standpoint. One of the most critical layers is an effective anti-bribery management system (ABMS).
There is a solution that financial services organisations can implement to take a proactive stance against bribery and corruption: The ISO 37001:2016 Anti-Bribery Management System standard. ISO 37001 ABMS is designed to help global organisations implement an anti-bribery management system (ABMS), as the standard specifies a series of measures required by the organisation to prevent, detect and address bribery, and provides guidance relative to that implementation.
For financial services firms, this is a critical layer of protection that provides both anti-bribery controls and a system for compliance with various anti-corruption legislation, such as the FCPA and UK Bribery Act. The UK Bribery Act’s adequate procedures requirement dictates that all companies need to have ongoing monitoring, training, surveillance and risk assessments – ISO 37001 ABMS is designed to fulfil these criteria and more.
CRI Group’s ABAC Certification Services is accredited to offer independent ISO 37001 certification to ensure that an organisation is in compliance with the standard, which is recognised and practised in more than 160 countries worldwide. CRI Group’s auditors and analysts work with financial services organisations to develop measures that integrate with existing management processes and controls, and include:
Our paid webinar will have a rundown of the following:
We will also be exploring how the implementation of such a standard aids in examining and dealing fittingly with any actual or suspected bribery within the corporation and also how to implement appropriate financial, procurement and other commercial controls so as to help prevent the risk of bribery in financial services as these organisations face unique challenges.
Among them are maintaining proper internal procedures as they relate to bribery and AML regulations. These measures can be logistically challenging, especially in the auditing process – but keeping accurate books and records is a key provision of the UK Bribery Act. ISO 37001 ABMS standard makes this a key provision in cultivating proper due diligence and reporting procedures.
Another major challenge involves monitoring third-party risk. The due diligence practices and risk assessments implemented through ISO 37001 ABMS are critical in this area. Financial services firms, more than any other sector, must conduct effective vetting and ongoing monitoring of third-parties. This goes beyond “on-boarding” and relates to how companies continually assess risk from outside partners – including brokerage firms, introducers, agents, joint-venture relationships, even clients – as borrowers, for example, represent a major risk on the balance sheet.
Some financial services companies do not properly score or assign risk profiles to third-party partners, and this can represent a major weak point in efforts to prevent bribery, corruption and money laundering. Regulators understand this, too. That’s why ISO 37001 ABMS dictates thorough and comprehensive due diligence in regards to all third-parties and especially in the case of mergers and acquisitions.
Once certified, an organisation must continue surveillance and undergo a recertification audit over three years to ensure that the organisation still complies with the ISO 37001:2016 ABMS standard. During this time, any changes to processes, the addition of new partners and expansion/acquisition of new assets or energy contracts, etc. are carefully reviewed.
ISO 37001 ABMS provides a strong framework for addressing and isolating risk factors, and the benefits of certification are far-reaching, impacting not just the primary organisation but also influencing contractors, clients, and raising the profile of the company as an ethical entity that is a good trading partner. By achieving ISO 37001:2016 ABMS certification, a financial services firm will:
Cases like Société Générale are not isolated, but more and more, we are seeing companies punished for not taking proper preventative action with a robust anti-bribery management system (ABMS). Financial services firms need to be aware and stay in front of increased anti-bribery and corruption legislation given that such regulations have, in most cases, achieved a global reach. For ownership and management, the stakes are especially high – accountability now includes criminal liability for organisation personnel as individuals, beyond (and in addition to) liabilities faced by the organisation. This trend will only continue as governments, and their publics become increasingly intolerant of fraud, bribery and corruption. Significant media coverage and the real and perceived threat to governments’ economies contribute to this changing landscape of public opinion.
As the ISO 37001 International standard document states, “Conformity with (ISO 37001) cannot provide assurance that no bribery has occurred or will occur in relation to the organisation, as it is not possible to eliminate the risk of bribery. However, (the standard) can help the organisation implement reasonable and proportionate measures designed to prevent, detect and respond to bribery”. With this in mind, It’s important to note that ISO 37001 certification, on its own, is not a “safe harbour” from prosecution should bribery or corruption be discovered. Significantly, ISO certification is, as the above explains, a potential mitigating piece of evidence to regulators or even prosecutors and the courts that the entity has taken meaningful steps in its efforts to prevent bribery and corruption.
It is critical that any financial services organisation have a proper, comprehensive strategy to prevent and detect bribery and corruption, and remain in compliance with all regulations – on the local, regional, and international levels. The ISO 37001 ABMS standard is an established, tried and tested program to address those issues head-on through a comprehensive program of training and certification. The training process is tailored to the organisation while still following the developed curriculum and documented best practices. Due diligence procedures and risk assessments are applied in a thorough, comprehensive manner. Certification requires the demonstration that processes have been implemented effectively, with follow-up evaluations.
Worldwide developments in laws and regulations have demonstrated that there isn’t time to wait to implement controls and compliance procedures – the next investigation and/or prosecution may be too late. The harm caused by bribery and corruption to an entity’s reputation, investments and business can be far-reaching and long-lasting.
This paid webinar will be running from the following times on Thursday the 30th of September;
Your turnout with come with a certificate of Attendance (COA) as well as a complimentary webinar ABMS Awareness for 2 Pax per company. While you’re there, why not attain a Continuing Professional Development (CPD) certificate and stay on top of your industry?
Register your place for this webinar here and find out how to tackle the issue of bribery and corruption in your workplace before it has time to manifest itself into a greater issue. Finance is the greatest asset to the economy after all.
Who is CRI Group?
Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
Pharmaceutical fraud involves activities that result in false claims to insurers or programs such as Medicare in the US or equivalent state programs for financial gain to a pharmaceutical company. Several different schemes are used to defraud the health care system, which is particular to the pharmaceutical industry. These include:
The pharmaceutical industry is regularly found to be engaging in fraud of many types, and it appears as though each year, the number of pharmaceutical fraud is on the rise. Each year big pharma giants end up spending billions of dollars in paying for fraud, misrepresentation of data and other such corruption allegations levelled out against them. In the last years, global pharma giants have paid fines to the tune of $11 billion for criminal wrongdoing, including withholding safety data and promoting drugs for use, beyond any licensed condition; GlaxoSmithKline paid a $3 billion settlement, Pfizer $2.3 billion settlement, and Merck $650 million settlement. Damages from fraud can be recovered using the False Claims Act, most commonly under the qui tam provisions, which rewards an individual for being a “whistleblower” or relator (law).
July of 2021 saw Bolton pharmacist David “Jason” Rutland pleading guilty to conspiracy to solicit and pay kickbacks and bribes in a $182.5m fraud case in which Rutland himself pocketed $13.3m. This conspiracy is noted as the state’s largest health care/pharmaceutical fraud to date. It is estimated that more than $515 million in fraudulent prescription billings were made to TRICARE, Medicare, Medicaid, and private health care benefit providers in Mississippi.
In the US, whistleblowers are uniquely positioned to report this fraud to the government under the False Claims Act.
The pharmaceutical industry influences doctors’ prescribing habits, especially in the US. Drug manufacturers and distributors may pay unlawful kickbacks to physicians or others in the form of sham “consulting fees,” luxury vacations, and expensive meals in exchange for increased prescriptions of the company’s drugs.
Drug manufacturers must obtain FDA approval before marketing a new drug. The FDA approves new drugs proven safe, effective, and properly labelled following extensive preclinical and clinical testing and analysis, which results in a wealth of data regarding the drug’s safety, efficacy, pharmacology and toxicology. The FDA relies on the accuracy of the data that drug manufacturers submit in New Drug Applications (NDAs). Pharmaceutical companies that make false statements to the FDA, omit relevant data in NDAs, or otherwise misrepresent the safety or efficacy of drugs in clinical trials can be subject to False Claims Act (FCA) liability. The same is true of drug companies that pay researchers to falsify clinical trial data.
Pharmaceutical companies may not promote their drugs for uses, doses, or populations not specifically approved by the FDA as safe and effective. Such “off-label” marketing and promotion violates the FCA. This could include, for example, if a drug is approved for use in treating severe psychiatric disorders, and the drug company’s sales representatives promote it for widespread use in calming elderly patients in nursing homes.
Drug and medical device manufacturers are subject to strict FDA manufacturing rules known as the Current Good Manufacturing Practice (CGMP) regulations. The CGMP exists to ensure manufactured drugs’ identity, strength, quality, and purity and protect consumers from tainted, ineffective, and harmful drugs. Government-funded healthcare programs pay for prescription drugs on the premise that CGMP regulations have manufactured the drugs. If they are not, it can be a violation of the False Claims Act. This could include, for example, a pharmaceutical company’s manufacturing facility using dirty equipment to make drugs, or using equipment that does not accurately measure the type or amount of the active ingredients incorporated into a drug, and then selling these tainted drugs to patients covered by Government-funded health care programs.
Compounding pharmacies prepare medications tailored to meet the needs of individual patients by mixing drugs or changing the route of administration. Compounding pharmacies can violate the FCA by making large batches of drugs—known as mass-compounding—rather than providing the required individualised service, “compounding” drugs that are already commercially available, or inflating the number of particular medications used in the mixture to increase the cost. Compounded drugs are primarily regulated by the states, meaning efficacy and safety need not be proven to the FDA.
As a general rule, pharmacies must fill patients’ prescriptions as written by the ordering physician. Putting aside situations where a generic drug may be substituted for a name-brand drug, pharmacists may not simply replace one drug for another or dispense a liquid form of a drug when a pill or tablet was prescribed. Billing government insurers for medications that have been so manipulated can violate the False Claims Act.
The federally mandated 340B drug discount program requires most drug companies to provide hefty discounts — typically 20 to 50 per cent — to hospitals and clinics that treat low-income and uninsured patients. Pharmaceutical companies are required to cap outpatient drug prices at a statutorily defined “ceiling price” equal to the Average Manufacturer Price (AMP) reduced by the rebate percentage or Unit Rebate Amount (URA). Manufacturers submit both the AMP and URA to the Centers for Medicare and Medicaid Services (CMS) quarterly and can defraud the government by misrepresenting these figures, overcharging 340B entities, and/or not providing rebates to which 340B entities are entitled.
To obtain Medicaid coverage of their drugs, pharmaceutical companies generally must promise to give state Medicaid programs the lowest price made available to almost any buyer of the drug. To provide this price, pharmaceutical companies report their “best price” on a drug—often calculated based on the drug’s “average wholesale price” or “average manufacturer price”—and payback to Medicaid in rebates any amount the programs paid more than this price. Pharmaceutical companies can defraud Medicaid and violate the False Claims Act by manipulating their “best price” to reduce the amount of money they must return to state Medicaid programs.
Implemented in 2006, Medicare Part D, also referred to as the Medicare Prescription Drug Program, provides drug coverage for tens of millions of elderly and disabled Americans. Under the program, private insurance companies—referred to as Part D Sponsors—offer prescription drugs to eligible beneficiaries directly or through pharmacy benefit managers (so-called “PBMs”) and then submit claims to Medicare for the drugs’ cost. Fraud can occur under Medicare Part D in many ways, including:
Some of the more common types of fraud occurring under the Medicare Part D program include:
PBMs are an increasingly common target of fraud investigations. PBMs are third-party administrators of prescription drug programs for, among others, Medicare Part D plans. PBMs contract with health plans to provide pharmaceuticals at low prices, which PBMs keep low through negotiation, generic substitution, manufacturer rebates, cost-sharing, formularies, and other methods. PBMs commit fraud by failing to pass savings from rebate arrangements and subsidies to clients, developing forms that favour more expensive drugs, and improperly switching drugs to generic or different brand name drugs instead of prescribed drugs. Drug manufacturers commit fraud by, for example, providing price concessions on certain drugs in exchange for a PBM’s favourable coverage of the manufacturer’s drug.
Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider.
We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000 Risk Management, providing training and certification.
ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
How risky is non-compliance to your business? Last year we saw our fair share of AML (anti-money laundering) failures and violations, resulting in eye-watering FCA and HMRC fines. According to Ponemon Institute and security company GlobalScape recent report, the annual cost of non-compliance to businesses now runs an average of $14.8 million, a 45 per cent increase since 2011.
Meanwhile, the range can be anywhere from $2.2 million to $39.2 million. On the other hand, the cost of compliance was found to average $5.5 million, up 43 per cent from 2011. In recent years, adhering to the laws and standards and monitoring the compliance of business processes has evolved as a major concern for business owners.
Staying compliant with ever-evolving regulations has become an ‘obvious’ business imperative, and failing to adhere to these regulations can put organisations in a fix. Before we dive into the risks of falling into the ‘non-compliant dungeon, let’s understand what corporate compliance is. Operating in a multiplicity of countries inevitably also means having to comply with any local regulations.
Compliance at the corporate level involves adhering to a wide range of rules, regulations, laws, and standards designed to protect every aspect of your business. Right from obeying safety guidelines to following the standards for paying wages, an organisation must comply with all the local, state, and federal laws at all times.
Monitoring not only refers to continuously observing possible compliance violations but also includes predicting their occurrence. Since the concept of business process compliance is vast, approaches related to process monitoring are hard to identify. Monitoring the compliance of business processes with relevant regulations, constraints, and rules during runtime has evolved as a major concern in practice.
The cost of non-compliance and monetary fines have been continuously increasing in the past few years. However, business owners are becoming impatient, as these consequences would affect the organisation in many ways. Increased complexity, enforced business changes, and individuals being held personally accountable are all set to continue because of continuous compliance failures.
The following are six fundamental reasons why an organisation should implement statutory compliance.
Several examples in the global business environment show the repercussions of non-compliance. Look at the following cases:
The biggest fine so far was the £102m imposed on Standard Chartered for “poor AML controls”, which saw “breaches in two higher risk areas of its business.” This is the second-largest financial penalty for AML failures ever imposed by the FCA.
A comprehensive compliance solution:
After all, when it comes to non-compliance issues, ignorance of the law is no defence. As they say – “Being Compliance is not a choice, but a mandate” the regulatory environment is only going to get fiercer day by day, and companies that miss staying abreast of the global legal amendments might regret big-time.
The UAE, for example, has cracked down on their Ultimate Beneficial Owner compliance requirements – a requirement that costs roughly DH15 but results in a penalty of Dh15,000 up to Dh100,000 if businesses fail to comply. The Ultimate Beneficial Owner requirement was set up to prevent illicit activities such as money laundering or financing of terrorism.
The requirement reveals anyone who has direct or indirect control of an organisation and requires all such information to set up or renew business licenses to the UAE Government. It’s great to see so many new procedures being put in place that can help you safeguard your business. Are you interested to know how your organisation can excel in global compliance?
Topic: how risky non-compliance to business
Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider.
We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000 Risk Management, providing training and certification.
ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
Inadequate due diligence hit SPAC Momentus $8 million SEC fine after misleading investors. The Securities and Exchange Commission (SEC) has charged the Momentus particular purpose acquisition company (SPAC), its sponsor SRC-NI, the sponsor’s CEO Brian Kabot, the company, and founder Mikhail Kokorich – which involved in a $1.2 billion space-transport SPAC for defrauding investors and obscuring the CEO’s status as a US national security risk.
The Fraud Claimed
The SPAC, Stable Road Acquisition Corp, had sought to merge with Momentus, a private start-up, to take it public. Momentus’s key offering was a “microwave electro-thermal water plasma thruster,” a way of zapping water vapour to propel a spacecraft, intending to transport satellites into space.
But Momentus’s propulsion tech failed to show results, according to SEC filings. A test mission fell well short of the company’s benchmarks, and a former Momentus employee said that the test yielded “no data to suggest that that thruster would deliver an impulse of any commercial significance.”
According to the SEC’s settled order, Kokorich and Momentus, an early-stage space transportation company, repeatedly told investors that it had “successfully tested” its propulsion technology in space when, in fact, the company’s only in-space test had failed to achieve its primary mission objectives or demonstrate the technology’s commercial viability.
The order finds that Momentus and Kokorich also misrepresented the extent to which national security concerns involving Kokorich undermined Momentus’s ability to secure required governmental licenses essential to its operations.
Join our mailing list and get exclusive industrial insights for subscriber-only!
The compliance issue: Inadequate due diligence
The SEC’s settled order finds that Stable Road repeated Momentus’s misleading statements in public filings associated with the proposed merger and failed its due diligence obligations to investors.
According to the order, while Stable Road claimed to have conducted extensive due diligence of Momentus, it never reviewed Momentus’s in-space test results or received sufficient documents relevant to assessing the national security risks posed by Kokorich.
The order finds that Kabot participated in Stable Road’s inadequate due diligence and filed its inaccurate registration statements and proxy solicitations. The SEC’s complaint against Kokorich includes factual allegations that are consistent with the findings in the order.
“This case illustrates risks inherent to SPAC transactions, as those who stand to earn significant profits from a SPAC merger may conduct inadequate due diligence and mislead investors. Stable Road, a SPAC, and its merger target, Momentus, both misled the investing public. The fact that Momentus lied to Stable Road does not absolve Stable Road of its failure to undertake adequate due diligence to protect shareholders. Today’s actions will prevent the wrongdoers from benefitting at the expense of investors and help to better align the incentives of parties to a SPAC transaction with those of investors relying on truthful information to make investment decisions.
SEC Chair Gary Gensler
The litigation against Momentus, Stable Road, and Kabot
Associate Director of the SEC’s Division of Enforcement, Anita B, mentioned in her statement that Momentus’s former CEO alleged to have engaged in fraud by misrepresenting the viability of the company’s technology and his status as a national security threat, inducing shareholders to approve a merger in which he stood to obtain shares worth upwards of $200 million.
The SEC’s order finds that Momentus violated scienter-based antifraud provisions of the federal securities laws and caused sure of Stable Road’s violations. It also considers that Stable Road violated negligence-based antifraud provisions of the US federal securities laws as well as specific reporting and proxy solicitation provisions.
The order finds that Kabot violated provisions of the federal securities laws related to proxy solicitations. Kabot and SRC-NI caused Stable Road’s violation of Section 17(a)(3) of the Securities Act of 1933. Without admitting or denying the SEC’s findings, Momentus, Stable Road, Kabot, and SRC-NI consented to an order requiring them to cease from future violations. Momentus, Stable Road, and Kabot will pay civil penalties of $7 million, $1 million, and $40,000, respectively.
Inadequate due diligence hit SPAC Momentus $8 million SEC fine. Source: US Securities and Exchange Commission
Due diligence on potential business partners when adding a new vendor or even hiring a new employee is vital to confirm the legitimacy and reduce the risks associated with such professional relationships. Global integrity DueDiligence360TM investigations provide your business with the critical information it needs in making sound decisions regarding mergers and acquisitions, strategic partnerships, and the selection of vendors, suppliers, and employees. It will ensure that working with an, i.e. potential trade partner will ultimately achieve your organisation’s strategic and financial goals.
At CRI Group, we specialise in Integrity Due Diligence, working as trusted partners to businesses and institutions worldwide. Our people work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates. CRI’s unique identity and vision evolved from our fundamental desire to support our clients and their candidates. Safeguard your business and its integrity with DueDiligence360™.
Our DueDiligence360™ expose vulnerabilities and threats that can cause serious damage to your organisation and can significantly reduce business. CRI Group is trusted by the world’s largest corporations and consultancies – outsource your due diligence to an experienced provider, and you will only ever have to look forward, never back.
CRI Group investigators employ a proven, multi-faceted research approach that involves a global array of databases, courts and public record searches, local contacts, industry and media resources, and in-depth web-based research. Our resources include:
|
|
Protect your reputation and the risk of financial damage and regulator action using our detailed reports. They enhance your knowledge and understanding of the customer, supplier, and third-party risk, helping you avoid those involved with financial crime.
WHAT DO YOU ACTUALLY KNOW ABOUT THE INTEGRITY OF THE PARTY & THEIR WAY OF DOING BUSINESS? DOES OR DID THIS PARTY ADHERE TO (INTER)NATIONAL REGULATIONS ON ANTI-CORRUPTION & ANTI-BRIBERY? IS IT POSSIBLE THAT THERE IS A LIABILITY RISK?
At CRI Group, we specialise in Integrity Due Diligence, working as trusted partners to businesses and institutions across the world. Our people work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates.
CRI’s unique identity and vision evolved from our fundamental desire to support our clients and their candidates. Safeguard your business and its integrity with DueDiligence360™.
Our DueDiligence360™ expose vulnerabilities and threats that can cause serious damage to your organisation and can significantly reduce business. CRI Group is trusted by the world’s largest corporations and consultancies – outsource your due diligence to an experienced provider and you will only ever have to look forward, never back. Clients who partner with us benefit from our:
Expertise
CRI Group has one of the largest, most experienced and best-trained integrity due diligence teams in the world.
Global scope
Our multi-lingual teams have conducted assignments on thousands of subjects in over 80 countries, and we’re committed to maintaining and constantly evolving our global network.
Flexibility
Our DueDiligence360TM service is flexible and can apply different levels of scrutiny to the subjects of our assignments, according to client needs and the nature of the project.
Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, the CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations.
Corporate compliance should be an essential part of your business operations, regardless of size or industry. How does your business manage compliance and mitigate risk? Taking preventative measures can feel like a hassle upfront, but it can save you untold organisational costs in the long run.
Corporate compliance violations can result in fines, penalties, lawsuits, loss of reputation, and more. Keep your business from learning the lesson the hard way. Start developing a compliance program today. This article will define compliance, what it means for your business, and how you can create a successful compliance program.
The definition of compliance is “the action of complying with a command,” or “the state of meeting rules or standards.” In the corporate world, it’s defined as the process of making sure your company and employees follow all laws, regulations, standards, and ethical practices that apply to your organisation and industry.
Corporate compliance covers both internal policies and procedures, as well as federal and state laws. Enforcing compliance helps your company prevent and detect violations of rules, protecting your organisation from fines and lawsuits.
The compliance process should be ongoing. Many organisations to consistently and accurately govern their compliance policies over time.
The purpose is to protect your business. It’s as simple as that. But the return on investment could be significant, helping you avoid waste, fraud, abuse, discrimination, and other practices that disrupt operations and put your company at risk.
Your corporate compliance program needs to be integrated with all compliance efforts enterprise-wide, from the management of external regulations and internal policies to comprehensive employee training. By making sure all departments and staff are working together to maintain standards, you can mitigate the risk of significant failures and violations.
An effective program improves communication between leadership and staff. It should include a process for creating, updating, distributing, and tracking compliance policies. After all, employees can’t be held responsible for rules and regulations they don’t know exists. But once they understand expectations, your staff can stay focused on your organisation’s broader goals and help operations run smoothly. What’s more, when employees are adequately trained on compliance requirements, they are more likely to recognise and report illegal or unethical activity.
Maintaining compliance equips your employees to do their jobs well, reach their career goals, and keep customers happy. In turn, your company can achieve its goals and grow faster.
In the unfortunate event that your organisation faces a lawsuit, your corporate compliance program will help in court.
As one report from Rutgers School of Law explained, “An organisation that has made a robust effort to prevent and detect violations of the law by its employees and others acting for it will be treated less harshly than one that was indifferent to complying with the law.”
Very few businesses can afford to procrastinate on a corporate compliance program. Don’t let hindsight be 20/20 for your organisation. Have the foresight to take action today.
Your program should be carefully planned and implemented, with coinciding training programs to guarantee personnel are well-versed in all areas of compliance. Here are a few steps to establish or refine your corporate compliance program:
Your corporate compliance program won’t run itself. One person should be assigned the responsibility of managing the program day-to-day.
Depending on the size of your organisation, you could have one compliance officer or several. Regardless, those in charge of the compliance program must have the authority to enforce the rules and hold staff at all levels accountable.
They also need direct access to the company’s governing body, including senior management or the board of directors.
Access to senior management and authority to enforce rules is essential when potential compliance issues come up, empowering your officers to respond quickly. But communication goes both ways. The governing body needs to assess the effectiveness of the corporate compliance program regularly.
Corporate compliance is about fostering a workplace culture that values integrity and ethical conduct.
This starts at the top.
For the program to work, your leaders need to follow the rules first. They should encourage ethical behaviour and openly talk about the importance of compliance.
Company leaders should encourage employee input, emphasising that they won’t be punished for reporting unlawful or unethical behaviour.
The Department of Justice created a checklist for evaluating corporate compliance programs and suggest asking the following questions:
Corporate compliance is about managing risk.
To build an effective program, you need to know what compliance areas pose the highest risks to your organisation. Once you have identified these areas, you can focus your resources on addressing them.
Federal and state regulations, as well as industry standards, are continually evolving. To avoid the risk of non-compliance, it’s essential to conduct regular assessments. The Association of Corporate Counsel (ACC) suggests conducting a risk assessment once a year.
A formal assessment process, like this one recommended by the ACC, can help your organisation be proactive about preventing corporate compliance violations:
Your corporate compliance program needs a well-defined code of conduct. Why? Because it can help define your program’s purpose and set expectations for behaviour.
The code of conduct acts as a foundation and should explain the following key points:
Your corporate policies should build on top of that foundation by providing guidelines for specific areas of compliance. For example, they may address common corporate compliance violations:
The list goes on. But the exact areas you need to address will depend on your industry.
Once risk areas have been identified and policies created, you should establish procedures to help employees carry out policies correctly. Creating step-by-step guidelines makes it easier to follow procedures and identify non-compliance.
Risk areas in specific industries may require additional standards. For example, the Foreign Corrupt Practices Act may require you to keep detailed protocols for screening third-party business partners.
Compliance policies and standards are useless if employees don’t follow them.
After establishing the policies and procedures for your corporate compliance program, you need to disseminate them to every member of your staff.
Ensure company officers, employees, and third-party vendors read and sign off on all compliance policies and procedures.
All employees and relevant vendors should be trained on laws, regulations, corporate policies, and prohibited conduct. Depending on the size of your organisation, you may want to conduct training tailored to specific employees in high-risk areas.
The ACC recommends that you track, document, and follow up on training. By implementing a compliance policy and training management tool, you can accomplish this and automate many of your manual processes. The right software lets you distribute policies, conduct online training, create custom tests, and more.
Creating or revising your compliance policies and training takes a lot of work. It’s an ongoing process requiring consistent monitoring and updates. But don’t wait until an incident has occurred to take action. If you and your compliance officers are already busy and time-constrained, finding the right time to implement a new program can be hard. The trick is finding a compliance management solution that fits your organisation.
If you’re ready to take control of compliance, and protect your business from risk, learn more about CRI Group compliance solutions and discover how we can help your corporate compliance program.
Due Diligence 360° | Third-Party Risk Management 3PRM™ | Anti-Money Laundering Solutions
CRI Group’s compliance solutions are tailored to your organisation’s needs, helping assure compliance in all areas and keeping you one step ahead of regulatory requirements.
Money laundering is a serious global issue and recent legislation is aimed at requiring organisations to follow strict anti-money laundering protocols.
Our Due diligence 360° services provide the specialised intelligence needed by global financial institutions and multinational corporations to guarantee complete compliance with anti-money laundering (AML) regulations and legislations.
Manage your third-party risks confidently with customised 3PRM™ solutions for your organisation or get certified. CRI Group’s own exclusive, expert-developed 3PRM™ services help you proactively mitigate risks from third-party affiliations, protecting your organisation from liability, brand damage and harm to the business.
Whether your organisation has a large, well-established third-party program, is in the early stages of development, or is anywhere in between, 3PRM™ solution can improve the health of your program and future-proof your entire business in many forms.
Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider.
We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be.
CRI Group also holds B.S. 102000:2013 and B.S. 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.
ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations.
Contact ABAC® for more on ISO Certification and training.
Contact Us
Headquarter: +44 203 9275250
Newsletter subscription
Subscribe Today
Background screening survey
Your opinion matters! Participate in the background screening survey now and let us know how COVID-19 and WFH has affected your business.
ANSWER THE SURVEY NOW
CONTACT DETAILS
LONDON:
Corporate Research and Investigations Limited
2nd Floor, 5 Harbour Exchange Square South Quay, London E14 9GE United Kingdom
Tel: +44 207 8681415 | +44 758 8454959
Email: london@crigroup.com
DUBAI:
Corporate Research and Investigations Limited
917, Liberty House, DIFC P.O. Box 111794 Dubai, U.A.E.
Tel: +971 43588577 | +971 43589884
Toll Free: +971 800 274552
Email: cridxb@crigroup.com
Publications
Getting Started with Risk Management?
Download this ISO 31000 Risk Management playbook now!
DownloadRISKS OF CYBERCRIME AND SOCIAL MEDIA: NEW PLAYBOOK
Complete Guide on How to Protect Your Organisation and Team! Take the first steps towards developing measures against cybercrime! This paper critically examines the growth of cybercrime, evaluating the risks it poses in terms of the different forms of cybercrime that exist and the regulations that seek to detect, prevent and punish them.
DownloadResources | EU Directive Corporate due diligence and corporate accountability
Download the study on Corporate due diligence and corporate accountability by EPRS (European Parliamentary Research Service)
DownloadPublications