Understanding BS7858 Standard

The British Standards Institution (BSI) has recently revised the British Standard for Security Screening of Security Personnel (BS7858:2004). The new code of practice BS7858:2019 came into effect at the end of September 2020, substituting the revoked BS7858:2012 revised standard, which was rescinded on the 31st  March 2020. The BS7858 standard has become progressively more crucial when it comes to the protection of individuals, goods & services, estate, and personal data. The BS7858 safeguards such elements by guaranteeing that the veracity of the person authorised to access such sensitive data is certified and retains as such.

There is a lot of misrepresentation circulating regarding the changes to BS7858 Standard which CRI Group, as the only company in the Middle East and Asian region with an implemented BS 7858:2019 standard and BS 102000:2018 code of practice for investigative services and ISO27001 (Information Security Management System) certification, want to help clean up.

Why is BS7858 so important? 

It is no secret that confidence is key when it comes to the mass of decision ruling. Instilling confidence in its personnel is critical for all organisations and their triumph, particularly when said personnel oversees susceptible individuals, valuable resources or data protection. Organisations have to be able to guarantee that their security personnel have been subordinate to the best meticulous screening process. This ensures pleased clients, as well as pleased personnel as the foundation to a fortunate and reliable organisation, begins from within. The BS7585 aids organisations to avoid scandals such as:

The revised BS7858 has been made clear that the responsibility and accountability for the security and effectiveness of the vetting process rest with the organisation itself and leading management. The BS7858:2019 connects with the move we have seen worldwide to corporate social responsibility and compliance and follows that trend. Other occurrences of the movement consist of instances such as the GDPR (April 2016) and the FCA (Dec 2020) which both expect leading management to be practical in their approach to compliance.

As a significant volume of data requires authentication in a screening process, several organisations may find executing an employee screening and vetting process to be highly complex. Additionally, the degree of evaluation of the applicant’s provisional data must be carried out effectively as well as promptly and include specific checks, such as credit checks or checks against the Financial Services Register.

BSI brought the BS7858 Standard to 2021 with the inclusion of:

Right to Work checks in line with Disclosure and Barring Service (DBS) identity requirements:

In antithesis to common acceptance, the BS7858-compliant vetting checks do not need to include DBS checks. This is due to the fact that the Security Industry Authority (SIA) oversees these criminal record checks as part of an individual’s registration process. Nevertheless, they do continue to be a measure of best practice, and the revised Standard firmly contends in its favour. See 7.3.2 (c) and 7.7. (j) in the 7858 Standard. Organisations can also refer to the SIA’s ‘Get Licensed’ handbook which asserts that when an operative is in connection with children or susceptible adults, the Standard or an alternate heightened degree of admission should be deemed essential.

Global watchlist checks during the application process

7.4 (c) of the BS7858 Standard comprises the compulsory requirement to examine a variety of international watchlists, sanctions and fraud databases. Hitherto to this, the Standard simply asked the examining of the HMG sanctions list. 

Social media checks as an advised best practice for pre-and post-employment

Personnel social media posts could generate problems for organisations that are operational in protected and regulated conditions; BSI has updated the BS7858 Standard to consider this matter. The BS7858:2019 Standard urges organisations to complete social media screening pre and post-employment.

Searching for supplementary data utilizing best practice social media and additional open-source internet checks can support your organisation with superior perceptions and decrease your employee risk.

For extra assistance on social media and further knowledge on the perils of social media within your organisation, please see our article and free playbook on “Risks of Cybercrime & Social Media“. A complete Guide on How to Protect Your Organisation and Team!

Other significant changes of the BS7858 Standard:

  • Removal of character references
  • Approval to passing on pre-employment screening records from vocation to vocation.
  • Conditional Offer: Formerly, there were two steps an employer was obliged to follow before making an offer of conditional employment; fulfilling the stipulated preliminary checks and adequately fulfilling limited screening on the subject. The new standard initiated the third element on top of the other two conditions – to commence a risk review and confirm that “the degree of risk in the envisioned employment has been evaluated and is deemed to be acceptable and documented” and consequently, the organisation is happy to extend the offer based on their evaluation and the candidate’s risk profile.
  • Preservation of candidates’ background screening records during their employment. Ineffective applicants records can be retained for 12 months while for ex-employees, particular records can be kept for an additional seven years after the employment ended.
  • All groups involved in carrying out BS7858 vetting should be prepared for envisioned obligations.

It is clear to see that the BS7858 standard is crucial for employment in not only the security region but each region of employment; pre-employment screening expending the updated BS7858 standards promises that each member of the public, from manual labourers to office workers, can maintain life in a safe environment.

If the new standard still feels a little daunting to you, why not consider booking a free 30-minute consultation with one of our experts here at CRI Group? Our specialists have years of experience and are qualified to offer your organisation personalised guidance to fit your professional requirements. Don’t hesitate, get in touch today and stay on ahead of the vetting rules and regulations.

Get in Touch

Author bio

Zafar I. Anjum, is Group CEO of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, integrity due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London, with offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China and USA, CRI is licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM.

Contact Details

Zafar Anjum, MSc, MS, LLM, CFE, CII, MABI, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC)
CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA, United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

 

More on BS 7858 and employment background screening…

 

The British Standards Institution (BSI) has recently revised the British Standard for Security Screening of Security Personnel (BS7858:2004). The new code of practice BS7858:2019 came into effect at the end of September 2020, substituting the revoked BS7858:2012 revised standard, which was rescinded on the 31st  March 2020. The BS7858 standard has become progressively more crucial when it comes to the protection of individuals, goods & services, estate, and personal data. The BS7858 safeguards such elements by guaranteeing that the veracity of the person authorised to access such sensitive data is certified and retains as such.

There is a lot of misrepresentation circulating regarding the changes to BS7858 Standard which CRI Group, as the only company in the Middle East and Asian region with an implemented BS 7858:2019 standard and BS 102000:2018 code of practice for investigative services and ISO27001 (Information Security Management System) certification, want to help clean up.

Why is BS7858 so important? 

It is no secret that confidence is key when it comes to the mass of decision ruling. Instilling confidence in its personnel is critical for all organisations and their triumph, particularly when said personnel oversees susceptible individuals, valuable resources or data protection. Organisations have to be able to guarantee that their security personnel have been subordinate to the best meticulous screening process. This ensures pleased clients, as well as pleased personnel as the foundation to a fortunate and reliable organisation, begins from within. The BS7585 aids organisations to avoid scandals such as:

The revised BS7858 has been made clear that the responsibility and accountability for the security and effectiveness of the vetting process rest with the organisation itself and leading management. The BS7858:2019 connects with the move we have seen worldwide to corporate social responsibility and compliance and follows that trend. Other occurrences of the movement consist of instances such as the GDPR (April 2016) and the FCA (Dec 2020) which both expect leading management to be practical in their approach to compliance.

As a significant volume of data requires authentication in a screening process, several organisations may find executing an employee screening and vetting process to be highly complex. Additionally, the degree of evaluation of the applicant’s provisional data must be carried out effectively as well as promptly and include specific checks, such as credit checks or checks against the Financial Services Register.

BSI brought the BS7858 Standard to 2021 with the inclusion of:

Right to Work checks in line with Disclosure and Barring Service (DBS) identity requirements:

In antithesis to common acceptance, the BS7858-compliant vetting checks do not need to include DBS checks. This is due to the fact that the Security Industry Authority (SIA) oversees these criminal record checks as part of an individual’s registration process. Nevertheless, they do continue to be a measure of best practice, and the revised Standard firmly contends in its favour. See 7.3.2 (c) and 7.7. (j) in the 7858 Standard. Organisations can also refer to the SIA’s ‘Get Licensed’ handbook which asserts that when an operative is in connection with children or susceptible adults, the Standard or an alternate heightened degree of admission should be deemed essential.

Global watchlist checks during the application process

7.4 (c) of the BS7858 Standard comprises the compulsory requirement to examine a variety of international watchlists, sanctions and fraud databases. Hitherto to this, the Standard simply asked the examining of the HMG sanctions list. 

Social media checks as an advised best practice for pre-and post-employment

Personnel social media posts could generate problems for organisations that are operational in protected and regulated conditions; BSI has updated the BS7858 Standard to consider this matter. The BS7858:2019 Standard urges organisations to complete social media screening pre and post-employment.

Searching for supplementary data utilizing best practice social media and additional open-source internet checks can support your organisation with superior perceptions and decrease your employee risk.

For extra assistance on social media and further knowledge on the perils of social media within your organisation, please see our article and free playbook on “Risks of Cybercrime & Social Media“. A complete Guide on How to Protect Your Organisation and Team!

Other significant changes of the BS7858 Standard:

  • Removal of character references
  • Approval to passing on pre-employment screening records from vocation to vocation.
  • Conditional Offer: Formerly, there were two steps an employer was obliged to follow before making an offer of conditional employment; fulfilling the stipulated preliminary checks and adequately fulfilling limited screening on the subject. The new standard initiated the third element on top of the other two conditions – to commence a risk review and confirm that “the degree of risk in the envisioned employment has been evaluated and is deemed to be acceptable and documented” and consequently, the organisation is happy to extend the offer based on their evaluation and the candidate’s risk profile.
  • Preservation of candidates’ background screening records during their employment. Ineffective applicants records can be retained for 12 months while for ex-employees, particular records can be kept for an additional seven years after the employment ended.
  • All groups involved in carrying out BS7858 vetting should be prepared for envisioned obligations.

It is clear to see that the BS7858 standard is crucial for employment in not only the security region but each region of employment; pre-employment screening expending the updated BS7858 standards promises that each member of the public, from manual labourers to office workers, can maintain life in a safe environment.

If the new standard still feels a little daunting to you, why not consider booking a free 30-minute consultation with one of our experts here at CRI Group? Our specialists have years of experience and are qualified to offer your organisation personalised guidance to fit your professional requirements. Don’t hesitate, get in touch today and stay on ahead of the vetting rules and regulations.

Get in Touch

Author bio

Zafar I. Anjum, is Group CEO of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, integrity due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London, with offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China and USA, CRI is licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM.

Contact Details

Zafar Anjum, MSc, MS, LLM, CFE, CII, MABI, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC)
CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA, United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

 

More on BS 7858 and employment background screening…

 

The British Standards Institution (BSI) has recently revised the British Standard for Security Screening of Security Personnel (BS7858:2004). The new code of practice BS7858:2019 came into effect at the end of September 2020, substituting the revoked BS7858:2012 revised standard, which was rescinded on the 31st  March 2020. The BS7858 standard has become progressively more crucial when it comes to the protection of individuals, goods & services, estate, and personal data. The BS7858 safeguards such elements by guaranteeing that the veracity of the person authorised to access such sensitive data is certified and retains as such.

There is a lot of misrepresentation circulating regarding the changes to BS7858 Standard which CRI Group, as the only company in the Middle East and Asian region with an implemented BS 7858:2019 standard and BS 102000:2018 code of practice for investigative services and ISO27001 (Information Security Management System) certification, want to help clean up.

Why is BS7858 so important? 

It is no secret that confidence is key when it comes to the mass of decision ruling. Instilling confidence in its personnel is critical for all organisations and their triumph, particularly when said personnel oversees susceptible individuals, valuable resources or data protection. Organisations have to be able to guarantee that their security personnel have been subordinate to the best meticulous screening process. This ensures pleased clients, as well as pleased personnel as the foundation to a fortunate and reliable organisation, begins from within. The BS7585 aids organisations to avoid scandals such as:

The revised BS7858 has been made clear that the responsibility and accountability for the security and effectiveness of the vetting process rest with the organisation itself and leading management. The BS7858:2019 connects with the move we have seen worldwide to corporate social responsibility and compliance and follows that trend. Other occurrences of the movement consist of instances such as the GDPR (April 2016) and the FCA (Dec 2020) which both expect leading management to be practical in their approach to compliance.

As a significant volume of data requires authentication in a screening process, several organisations may find executing an employee screening and vetting process to be highly complex. Additionally, the degree of evaluation of the applicant’s provisional data must be carried out effectively as well as promptly and include specific checks, such as credit checks or checks against the Financial Services Register.

BSI brought the BS7858 Standard to 2021 with the inclusion of:

Right to Work checks in line with Disclosure and Barring Service (DBS) identity requirements:

In antithesis to common acceptance, the BS7858-compliant vetting checks do not need to include DBS checks. This is due to the fact that the Security Industry Authority (SIA) oversees these criminal record checks as part of an individual’s registration process. Nevertheless, they do continue to be a measure of best practice, and the revised Standard firmly contends in its favour. See 7.3.2 (c) and 7.7. (j) in the 7858 Standard. Organisations can also refer to the SIA’s ‘Get Licensed’ handbook which asserts that when an operative is in connection with children or susceptible adults, the Standard or an alternate heightened degree of admission should be deemed essential.

Global watchlist checks during the application process

7.4 (c) of the BS7858 Standard comprises the compulsory requirement to examine a variety of international watchlists, sanctions and fraud databases. Hitherto to this, the Standard simply asked the examining of the HMG sanctions list. 

Social media checks as an advised best practice for pre-and post-employment

Personnel social media posts could generate problems for organisations that are operational in protected and regulated conditions; BSI has updated the BS7858 Standard to consider this matter. The BS7858:2019 Standard urges organisations to complete social media screening pre and post-employment.

Searching for supplementary data utilizing best practice social media and additional open-source internet checks can support your organisation with superior perceptions and decrease your employee risk.

For extra assistance on social media and further knowledge on the perils of social media within your organisation, please see our article and free playbook on “Risks of Cybercrime & Social Media“. A complete Guide on How to Protect Your Organisation and Team!

Other significant changes of the BS7858 Standard:

  • Removal of character references
  • Approval to passing on pre-employment screening records from vocation to vocation.
  • Conditional Offer: Formerly, there were two steps an employer was obliged to follow before making an offer of conditional employment; fulfilling the stipulated preliminary checks and adequately fulfilling limited screening on the subject. The new standard initiated the third element on top of the other two conditions – to commence a risk review and confirm that “the degree of risk in the envisioned employment has been evaluated and is deemed to be acceptable and documented” and consequently, the organisation is happy to extend the offer based on their evaluation and the candidate’s risk profile.
  • Preservation of candidates’ background screening records during their employment. Ineffective applicants records can be retained for 12 months while for ex-employees, particular records can be kept for an additional seven years after the employment ended.
  • All groups involved in carrying out BS7858 vetting should be prepared for envisioned obligations.

It is clear to see that the BS7858 standard is crucial for employment in not only the security region but each region of employment; pre-employment screening expending the updated BS7858 standards promises that each member of the public, from manual labourers to office workers, can maintain life in a safe environment.

If the new standard still feels a little daunting to you, why not consider booking a free 30-minute consultation with one of our experts here at CRI Group? Our specialists have years of experience and are qualified to offer your organisation personalised guidance to fit your professional requirements. Don’t hesitate, get in touch today and stay on ahead of the vetting rules and regulations.

Get in Touch

Author bio

Zafar I. Anjum, is Group CEO of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, integrity due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London, with offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China and USA, CRI is licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM.

Contact Details

Zafar Anjum, MSc, MS, LLM, CFE, CII, MABI, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC)
CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA, United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

 

More on BS 7858 and employment background screening…

 

Risk assessment breakdown: Identification, Analysis, Evaluation

Risk management is a full-time, ongoing endeavour for organisations in today’s business world, and it poses constant challenges. Unfortunately, fraud, bribery and corruption are major factors affecting businesses and agencies of all sizes and industries. Being proactive against these risks can mean the difference between success and ruin. Whatever your reasons or motivations might be, if your organisation’s objective is to have an effective risk assessment management strategy in place. This article discusses the importance of Risk Assessment. There are two important building blocks that form the core of risk management:

  • Risk assessment
  • Risk treatment

Each of these stages can stand on their own – in this article we will go into detail about best practices for identifying risks, how to analyse them in terms of probability and severity, and how they can be evaluated in terms of the company’s risk appetite.

What is Risk Assessment?

Risk assessment is the overall process of identification, analysis and evaluation of any given risk. It can be a systematic examination of a task, job or process that a risk professional carries out at work for the purpose of identifying significant hazards. For example, the risk of someone being harmed and deciding what further control measures to take to reduce the risk to an acceptable level. The process will vary between organisations, but it should start with identification of hazards, analysis of who and what might be harmed, evaluation of the risk, documentation of the risks, taking action and review. Your organisation should conduct a risk assessment systematically, interactively and collaboratively, drawing on the knowledge and views of stakeholders. It should use the best available information, supplemented by a further inquiry as necessary.

Risk assessment breaks down into:

  • Step 1: Identification
  • Step 2: Analysis
  • Step 3: Evaluation

Business Intelligence (BI) Solutions can help during this stage. BI take many shapes and forms in today’s complex business environment. Budgets are stretched and the challenges facing a business and its employees can sometimes lead to issues that start off small, but then lead to wider spread problems which can affect the very fabric of your organisation and damage both your credibility, reputation and bottom line profits. CRI® Group takes two approaches to BI solutions:

  • Intelligence operations (via market research and analysis): we focus on researching the future and potential growth of your business – i.e. determine the commercial viability and potential for success in the market, analyse consumer behaviour and business trends in that market, etc.
  • Investigative operations (via commercial investigations): we focus on the current status of your business – i.e. location of assets, financial information, identification of unmet needs of any market, gauge brand awareness and identity in the market, etc.)

CHECK OUT OUR BI SOLUTIONS  or  DOWNLOAD BROCHURE

 

Risk Identification

The purpose of risk identification is to find, recognise and describe risks that might help or prevent an organisation achieving its objectives. Relevant, appropriate and up-to-date information is important in identifying risks. The organisation can use a range of techniques for identifying uncertainties that may affect one or more objectives. The following factors, and the relationship between these factors, should be considered:

  • Tangible and intangible sources of risk;
  • Causes and events;
  • Threats and opportunities;
  • Vulnerabilities and capabilities;
  • Changes in the external and internal context;
  • Indicators of emerging risks;
  • The nature and value of assets and resources;
  • Consequences and their impact on objectives;
  • Limitations of knowledge and reliability of information;
  • Time-related factors;
  • Biases, assumptions and beliefs of those involved.

Your organisation should identify risks, whether or not your sources are under your control. Consideration should be given that there may be more than one type of outcome, which may result in a variety of tangible or intangible consequences.

Risk analysis

Risk analysis allows you to understand the nature of risk, its characteristics and level. Because an event can have multiple causes and consequences and can affect multiple objectives a risk analysis should involve a detailed consideration of uncertainties such as risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness.

Risk analysis can be undertaken with varying degrees of detail and complexity, depending on the purpose of the analysis, the availability and reliability of the information, and the resources available. Analysis techniques can be qualitative, quantitative or a combination of both, depending on the circumstances and intended use. Risk analysis should consider factors such as:

  • The likelihood of events and consequences;
  • The nature and magnitude of consequences;
  • Complexity and connectivity;
  • Time-related factors and volatility;
  • The effectiveness of existing controls;
  • Sensitivity and confidence levels.

A risk analysis is likely to be influenced by a wide range of variables, from any divergence of opinions, biases to perceptions of risk, from judgements, quality of the information used to the assumptions and exclusions made and any limitations of the techniques and how they are executed. These influences should be considered any risk analysis, documented and communicated to any decision-makers involved in the process.

It is important to remember that any highly uncertain event can be difficult to quantify, and this is an issue. If you find yourself in such a situation, using a combination of techniques generally provides greater insight. Risk analysis provides input to risk evaluation, to decisions on whether risk needs to be treated and how, and on the most appropriate risk treatment strategy and methods. The results provide insight for decisions, where choices are being made, and the options involve different types and levels of risk.

Risk evaluation

Risk evaluation can support your decisions. Risk evaluation involves comparing the results of the risk analysis with the established risk criteria to determine where additional action is required. This can lead to a decision to:

  • Do nothing further;
  • Consider risk treatment options;
  • Undertake further analysis to better understand the risk;
  • Maintain existing controls;
  • Reconsider objectives.

Any decisions should take into account the wider context and the actual and perceived consequences to external and internal stakeholders. The outcome of risk evaluation should be recorded, communicated and then validated at appropriate levels of the organisation.

Who should do risk assessments?

Well, by law, every employer must conduct risk assessments. Risk assessments should always be carried out by a professional who is familiar to risk, a person who is experienced and competent to do so.  Competence can be expressed as a combination of knowledge, awareness, training, and experience. Remember competence does not mean you have to know everything about everything, competence also means knowing when you know enough or when you should call in further expert help.

But we all like to think that all of our employees will be trustworthy, but this is not always the case. There have been many instances in which an employee has been dishonest about their job history, qualifications or even criminal history. A dishonest employee could be unqualified for the position, possibly endangering others on the job. Or they might be a fraud risk, willing to bend the truth in other ways in order to enrich or advance themselves on your dime. No organisation can afford to have employees or staff who aren’t what they claim to be. Even a seemingly innocent embellishment can indicate more background problems under the surface, and the potential for future problems down the road so remember, trust your employees but, verify them too. 

CHECK OUT OUR EMPLOYEE BACKGROUND SCREENING SOLUTIONS  or  DOWNLOAD BROCHURE

Risk Assessment and ISO 31000 certification with ABAC®

While the team at CRI® do not deliver any training or certification on ISO 31000, our partner ABAC® Center of Excellence do. ISO 31000 can provide the principles, framework and a process for managing risk. ISO 31000 is not a certifiable standard; the standard is a set of guidelines which provide guidance for internal or external audit programmes. However we recommend taking ISO 31000 Awareness training, this will enable you to fully understand Risk Management activities and mitigate risk. 

ISO 31000 was developed by hundreds of experts in risk mitigation, from thirty countries. This international effort produced a standard that is worldwide and represents best practices and leading operations for risk management. Organisations can trust that they are following a tested, robust standard to increase success. The standard converts risk management into a set of “friendly” and actionable – and straightforward to implement – guidelines, regardless of the size, nature, or location of a business. 

The training helps establish an ethical culture by educating your personnel on the following:

  • What constitutes fraud, corruption, and bribery, and why these are so damaging to business
  • How to identify red flags of fraud, corruption, and bribery
  • The process for reporting fraudulent and unethical acts
  • The organization’s zero-tolerance attitude toward unethical behaviour and willingness to terminate employees for breaches, and prosecute unethical acts
  • The serious ramifications for committing fraud or bribery, the legal consequences, and the negative impact on one’s career

The ISO certifications helps us at ABAC® to provide appropriate anti-bribery training to personnel across various industries. This standard helps to assess bribery risks, perform the appropriate due diligence required for your business and to take reasonable and proportionate steps to ensure that controlled organizations and business associates have implemented appropriate anti-bribery controls.

> Find out more about ISO 31000 Risk Management and other standards now!

Other Solutions

While CRI® may not offer the ISO certification, we do offer other services. We specialise in solutions regarding compliance, working as trusted partners to businesses and institutions across the globe. Our experts work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates. CRI’s unique identity and vision evolved from our fundamental desire to support our clients and their candidates, thus creating the DueDiligence360™.

The DueDiligence360TM reports to help organisations comply with anti-money launderinganti-bribery, and anti-corruption regulations. This service also proves beneficial ahead of a merger, acquisition, or joint venture as it can be used for a third-party risk assessment, onboarding decision-making, and identifying beneficial ownership structures. Identifying key risk issues clearly and concisely helps enhance your knowledge and understanding of the customer, supplier, and third-party risk, helping you avoid those involved with financial crime.

Why not consider our background investigative solutions? Employee Background Checks can aid in reducing the risk of hiring an employee who does not live up to their supposed skill set and could cause irrevocable damage. Firms spend years, thousands, even millions to brand their products and services – it only takes one bad hire to cause loss of capital and reputation. It can go as far as bringing a business to fail – especially if the employee holds malice towards the organisation. EmploySmart™ is CRI’s own solution aiming to expose vulnerabilities and threats within your organisation. Much like the ISO certification, our EmploySmart™ is a risk management measure which can be used to significantly reduce business and financial crime, fraud and malpractice within your workplace.

Our solutions are also certified by the British Standard Institute BSI for the scope of BS 7858:2019 Screening of individuals working in a secure environment, Code of practice (the only BS 7858 certified background screening services provider in the UAE and across the Middle East); and BS 102000:2018 Code of practice for the provision of investigative services.

Another risk management solution to consider from CRI® is our Third-Party Risk Management solution (TPRM),  also known as 3PRM™. In wake of the global pandemic, the 3PRM™ was developed in a bid to aid organisations to accurately determine the legal compliance, financial viability, and integrity levels of external parties, vendors, and customers who seek to be affiliated with and represent the business.

The 3PRM-Certified™ program consists of gap analysis and investigative due diligence on the targeted above parties.  This highly thorough program reveals anti-corruption, compliance and risk management discrepancies associated with the international regulatory framework helping your business to flourish at any scale. Find out more about CRI Group’s Solutions here.

If you’re unsure of what solution may be best for you and your business, how about connecting with one of our experts for a free consultation? Receive tailored advice from the top analysts and investigators across the globe.

CONTACT US

About CRI® Group

Based in London, CRI® works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI® also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

What Is Corporate Compliance and Why It’s Important

Home | All Solutions | Background Investigations

The Importance of Corporate Compliance

Corporate compliance should be an essential part of your business operations, regardless of size or industry. How does your business manage compliance and mitigate risk? Taking preventative measures can feel like a hassle upfront, but it can save you untold organisational costs in the long run.

Corporate compliance violations can result in fines, penalties, lawsuits, loss of reputation, and more. Keep your business from learning the lesson the hard way. Start developing a compliance program today. This article will define compliance, what it means for your business, and how you can create a successful compliance program.

What is Compliance in Business?

The definition of compliance is “the action of complying with a command,” or “the state of meeting rules or standards.” In the corporate world, it’s defined as the process of making sure your company and employees follow all laws, regulations, standards, and ethical practices that apply to your organisation and industry.

Corporate compliance covers both internal policies and procedures, as well as federal and state laws. Enforcing compliance helps your company prevent and detect violations of rules, protecting your organisation from fines and lawsuits.

The compliance process should be ongoing. Many organisations  to consistently and accurately govern their compliance policies over time.

The Purpose of a Corporate Compliance Program

The purpose is to protect your business. It’s as simple as that. But the return on investment could be significant, helping you avoid waste, fraud, abuse, discrimination, and other practices that disrupt operations and put your company at risk.

Your corporate compliance program needs to be integrated with all compliance efforts enterprise-wide, from the management of external regulations and internal policies to comprehensive employee training. By making sure all departments and staff are working together to maintain standards, you can mitigate the risk of significant failures and violations.

An effective program improves communication between leadership and staff. It should include a process for creating, updating, distributing, and tracking compliance policies. After all, employees can’t be held responsible for rules and regulations they don’t know exists. But once they understand expectations, your staff can stay focused on your organisation’s broader goals and help operations run smoothly. What’s more, when employees are adequately trained on compliance requirements, they are more likely to recognise and report illegal or unethical activity.

Maintaining compliance equips your employees to do their jobs well, reach their career goals, and keep customers happy. In turn, your company can achieve its goals and grow faster.

In the unfortunate event that your organisation faces a lawsuit, your corporate compliance program will help in court.

As one report from Rutgers School of Law explained, “An organisation that has made a robust effort to prevent and detect violations of the law by its employees and others acting for it will be treated less harshly than one that was indifferent to complying with the law.”

How to Create a Successful Corporate Compliance Program

Very few businesses can afford to procrastinate on a corporate compliance program. Don’t let hindsight be 20/20 for your organisation. Have the foresight to take action today.

Your program should be carefully planned and implemented, with coinciding training programs to guarantee personnel are well-versed in all areas of compliance. Here are a few steps to establish or refine your corporate compliance program:

1. Get Your Leadership on Board

Your corporate compliance program won’t run itself. One person should be assigned the responsibility of managing the program day-to-day.

Depending on the size of your organisation, you could have one compliance officer or several. Regardless, those in charge of the compliance program must have the authority to enforce the rules and hold staff at all levels accountable.

They also need direct access to the company’s governing body, including senior management or the board of directors.

Access to senior management and authority to enforce rules is essential when potential compliance issues come up, empowering your officers to respond quickly. But communication goes both ways. The governing body needs to assess the effectiveness of the corporate compliance program regularly.

Corporate compliance is about fostering a workplace culture that values integrity and ethical conduct.

This starts at the top.

For the program to work, your leaders need to follow the rules first. They should encourage ethical behaviour and openly talk about the importance of compliance.

Company leaders should encourage employee input, emphasising that they won’t be punished for reporting unlawful or unethical behaviour.

The Department of Justice created a checklist for evaluating corporate compliance programs and suggest asking the following questions:

  • How have senior leaders encouraged or discouraged the type of misconduct in question through their words and actions?
  • What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts?
  • How does the company monitor its senior leadership’s behaviour? How has senior leadership modelled proper behaviour to subordinates?
2. Conduct Risk Assessments

Corporate compliance is about managing risk.

To build an effective program, you need to know what compliance areas pose the highest risks to your organisation. Once you have identified these areas, you can focus your resources on addressing them.

Federal and state regulations, as well as industry standards, are continually evolving. To avoid the risk of non-compliance, it’s essential to conduct regular assessments. The Association of Corporate Counsel (ACC) suggests conducting a risk assessment once a year.

A formal assessment process, like this one recommended by the ACC, can help your organisation be proactive about preventing corporate compliance violations:

  • Audit results
  • Recent litigation
  • Compliance complaints
  • Employee claims
  • Industry enforcement trends
  • Compliance policies in each risk area
3. Establish and Maintain Your Code of Conduct, Policies, and Standards

Your corporate compliance program needs a well-defined code of conduct. Why? Because it can help define your program’s purpose and set expectations for behaviour.

The code of conduct acts as a foundation and should explain the following key points:

  • Who is responsible for managing the program
  • How employees should report misconduct
  • Disciplinary measures for violating the code of conduct

Your corporate policies should build on top of that foundation by providing guidelines for specific areas of compliance. For example, they may address common corporate compliance violations:

  • Corporate corruption
  • Bribery
  • Tax practices
  • Conflicts of interest
  • Record retention

The list goes on. But the exact areas you need to address will depend on your industry.

Once risk areas have been identified and policies created, you should establish procedures to help employees carry out policies correctly. Creating step-by-step guidelines makes it easier to follow procedures and identify non-compliance.

Risk areas in specific industries may require additional standards. For example, the Foreign Corrupt Practices Act may require you to keep detailed protocols for screening third-party business partners.

4. Properly Train All Employees

Compliance policies and standards are useless if employees don’t follow them. 

After establishing the policies and procedures for your corporate compliance program, you need to disseminate them to every member of your staff.

Ensure company officers, employees, and third-party vendors read and sign off on all compliance policies and procedures.

All employees and relevant vendors should be trained on laws, regulations, corporate policies, and prohibited conduct. Depending on the size of your organisation, you may want to conduct training tailored to specific employees in high-risk areas.

The ACC recommends that you track, document, and follow up on training. By implementing a compliance policy and training management tool, you can accomplish this and automate many of your manual processes. The right software lets you distribute policies, conduct online training, create custom tests, and more.

5. Improve Your Compliance 

Creating or revising your compliance policies and training takes a lot of work. It’s an ongoing process requiring consistent monitoring and updates. But don’t wait until an incident has occurred to take action. If you and your compliance officers are already busy and time-constrained, finding the right time to implement a new program can be hard. The trick is finding a compliance management solution that fits your organisation.

If you’re ready to take control of compliance, and protect your business from risk, learn more about CRI Group compliance solutions and discover how we can help your corporate compliance program.

Compliance Solutions by CRI Group

Due Diligence 360° | Third-Party Risk Management 3PRM™ | Anti-Money Laundering Solutions 

CRI Group’s compliance solutions are tailored to your organisation’s needs, helping assure compliance in all areas and keeping you one step ahead of regulatory requirements.

Money laundering is a serious global issue and recent legislation is aimed at requiring organisations to follow strict anti-money laundering protocols.

Our Due diligence 360° services provide the specialised intelligence needed by global financial institutions and multinational corporations to guarantee complete compliance with anti-money laundering (AML) regulations and legislations.

Manage your third-party risks confidently with customised 3PRM™ solutions for your organisation or get certified. CRI Group’s own exclusive, expert-developed 3PRM™ services help you proactively mitigate risks from third-party affiliations, protecting your organisation from liability, brand damage and harm to the business.

Whether your organisation has a large, well-established third-party program, is in the early stages of development, or is anywhere in between, 3PRM™ solution can improve the health of your program and future-proof your entire business in many forms.

CONTACT US TODAY

WHO IS CRI GROUP

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be.

CRI Group also holds B.S. 102000:2013 and B.S. 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations.

Contact ABAC® for more on ISO Certification and training.

To check or not to check?

Background Checks: To check or not to check?

Background checks don’t tend to make international news. They are the low-key diligent step in most well-managed recruitment processes to comfort employers that the person they are hiring is everything they seem – and nothing more.

That’s why the background checks of Belle Gibson, a super influencer who lied about having cancer, and Brett Kavanaugh, a nominee to the US Supreme Court, tend to make news headlines for who can you trust if not those in direct line of the public eye?

The Story of Belle Gibson & Brett Kavanaugh

Belle Gibson was a Melbourne “wellness” who rose to fame after sharing her story on Instagram of her terminal brain cancer and how she controls it through the power of healthy eating. Gibson claimed to have kept her cancer under control by turning away conventional medicinal practices and instead of following what she termed a “wellness” diet, a diet consisting of avocados, berries, no alcohol and so on.

Sounds impressive, right? To rid yourself of an incurable disease simply through eating better? Think again – it is too good to be true. The influencers lie caused untold damage, including turning a 44-year-old mother away from her chemotherapy in hopes of attaining Ms Gibson’s lifestyle.

But the reason why this lie broke headlines is because of what followed; a book deal with Penguin Books publishing company and an Apple app titled ‘The Whole Pantry’. It was evident that neither the tech giants nor the publishers thought to verify her assertions, thus leading to a $320,000 fine and a lot more emotional damage for the individual’s that Ms Gibson had provided false hope.

Context is everything, of course, and this job-for-life is one of the more crucial public office positions in the United States. Mr Kavanaugh had undergone six separate background checks during his career before the latest, which the FBI recently completed on behalf of the White House. Each of these will have been meticulous and thorough, right down to interviews with neighbours and acquaintances.

But you don’t have to be entrusted with national security clearance to pose a real risk to your employer. All staff members are in a position of trust, and even the humblest labourers or office workers will have privileged access to property – whether physical or intellectual. And this is not a theoretical risk – it’s a truism that employees or contractors cause the vast majority of security breaches.

The compliance perspective

Interviewing the ex-wives and sports coaches of factory and desk clerks is overkill and not economic. And that is where professional background checking comes in. It allows low hassle, cost-effective and fast checking for all recruits and employees to ensure everyone is what they claim to be, from the CEO to the company mascot.

Such checks will cover everything required to give HR directors and governing boards peace of mind: from criminal record checks and right-to-work documentation to education and qualification verifications and employment records.

A properly systematised process, supported by local intelligence, is essential to keeping costs low without compromising quality or effectiveness.

CRI Group is one of the few providers with a truly global reach and more than thirty years of experience in the sector. Our proven process means that we have one of the fastest turnaround times in the industry – typically just 3-5 days. Meanwhile, our more than 175 investigatory experts on the ground across the US, Europe, the Middle East and Asia, ensure we can navigate local customs, processes and regulations, no matter where your employees are based.

 

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds B.S. 102000:2013 and B.S. 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s international team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

 

How to Identify and Prevent Employee Fraud?

In 2017 the major European ABB conglomerate admitted that an employee took advantage of serious management failings to disappear with $103 million of the firm’s cash. According to CNN business, ABB CEO Ulrich Spiesshofer and Chief Financial Officer Eric Elzvik admitted that the organisations managers had failed to maintain sufficient segregation of duties in the treasury unit of its subsidiary in South Korea and did not provide enough oversight of local treasury activities.

To top it all off, ABB also failed to keep the signature seals of the South Korean unit secure which as a result, has lead the company became “bound to unauthorised financial contracts, resulting in undetected financial obligations.” 

Organisations rely on the honesty and integrity of their employees, however employee fraud does unfortunately cost companies vast sums of money. Employee fraud is a reality across all sectors – no matter how credible a job applicant is and how stringent your hiring process is – your business is at risk.

Tips on Identifying and Preventing Employee Fraud

When you trust your employees, it is difficult to think the worst of them, even when there are red flags – circumstances or patterns that are out of the ordinary – alerting you to the contrary. If you have suspicions of employee fraud, it is recommended to hire a forensic accountant to help you detect fraud, understand your circumstances, and put together evidence to target and confront the employee without tipping them off.

The good news is that you can plan and train your team to prevent this from taking place; the best thing you can do for your business is to learn how to recognise the warning signs of employee fraud and have robust procedures in place to minimise the risks and opportunities for fraud. Employee fraud covers a wide range of fraudulent activities in the workplace and can vary in seriousness including embezzlement.

Embezzlement involves an employee who transfers company funds into their bank account. One example of an act of embezzlement is deliberately writing cheques in the employees’ name or diverting company assets without authorisation, e.g. customers unknowingly pay into an employee-controlled bank account, not the business’. This is serious fraudulent behaviour, but employees usually get away with it without raising any suspicion by creating non-existent suppliers and fake employees or using counterfeit credit notes to hide/disguise misappropriated monies.

An easy way to spot this type of financial fraud is to scour through the bank statements and financial records of your organisation and check for irregular activities or patterns of unusual and unauthorised transactions.

Another common sign of embezzlement is when either an employee or a manager/director begins to enjoy a lavish lifestyle that is obviously beyond their means, e.g. holidays, cars, clothes/jewellery. In the case that you suspect an employee or director might be embezzling funds from within your company, it is essential to be discreet in your employee fraud investigation to prevent the employee from covering their tracks and disposing of substantial evidence.

Other Common Types of Employee Fraud

  • Commission fraud – inflating sales figures to gain a more significant commission than deserved.
  • Petty fraud – for example, embellishing an expense claim or taking office supplies.
  • Money laundering – hiding the origin of illegally obtained money and washing it through your business.
  • Insider Trading – making a profit by using valuable information that is unavailable to the public to their advantage, for example, confidential information that could impact the prices of shares, securities, goods/commodities.
  • Manipulation of accounts – false information on sales, purchases or stock can be used to perpetrate fraud for personal financial gain, e.g. overstated trading profits to receive cash/share bonuses, or get a promotion, creating false trading accounts or stock/fixed asset write-offs to obtain goods.

What can you do (as an employer) to minimise employee fraud?

The most effective way to minimise employee fraud as an employer is to implement robust management procedures and employee background screening; the implementation of these preventative measures will ensure staff are adequately investigated and monitored and consider the possibilities for collusion between employees – including a conflict of interest. Paying attention to only the procedures within your accounts department is not sufficient. The same procedures can help you across your operations, including sales and procurement.

Minimise the chances of employee fraud with the following procedures:

  • Separation of employee responsibilities such as placing orders, recording invoices and collecting debts.
  • Requiring purchase or payment authorisation by more than one person.
  • Compare actual to budgeted expenditure for unexpected patterns.
  • Examine bank reconciliations thoroughly.
  • Scrutinise cancelled cheques and cheques made out to employees or unusual vendors.
  • Review supplier invoices for significant amounts, pricing or volumes.
  • Verify credit notes and write-offs with receiving records.
  • Install and monitor CCTV to deter theft of stock or equipment.

Fraud Triangle

An American criminologist, Donald R Cressey, devised a theory that involved three aspects that trigger fraud. Understanding these triggers will help you prevent fraud:

  • Opportunity – the lack of internal controls or reporting structure/oversight increase the chance of fraud.
  • Rationalisation – the fraudster will rationalise the continued deception, which increases slowly, perhaps over a few years, becoming an entitlement, i.e. I deserve this. This offers the chance to stop some employee fraud early if robust detection procedures are in place.
  • Pressure – overwhelming pressure, be it business factors such as company targets to meet or personal pressures, such as gambling or financial problems.

Implement Pre-employment and Post-employment employee screening now!

Preventing financial loss is crucial for your business’s survival and expansion, which is why it’s essential to know and understand its obvious signs. Use the list above as a guide to protecting your organisation.

To detect employee fraud professionally and thoroughly, it is recommended you seek the expertise of a skilled employee fraud accountant as early as possible. They can help you investigate your employees by reviewing your bank statements and financial documents and advise you whether an employee is committing fraud and to what extent. A forensic accountant’s report will also give you the evidence you need to take the necessary action against your employee and act as a deterrent to others.

For a free and confidential chat to discuss how we can help your business, contact us. 

 

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Risks of Cybercrime and Social Media: NEW PLAYBOOK

The risks of cybercrime claims many victims over many sectors. The PwC Global Economic Crime Survey 2020 found that a company falls victim to six frauds on average. The most common types are customer fraud, asset misappropriation as well as cybercrime. It also proved a roughly even split between frauds committed by internal and external perpetrators, at almost 40% each – with the rest being mostly collusion between the two. Few can deny the enormous technological advancements that are constantly taking place in the modern world. The internet, the computer, and other technological advancements have dramatically changed what it means to socialise, ‘chat’, and even read a book. Both the disadvantages and advantages of such developments are clear, and as technology gains pace, so have the unlawful activities of those who seek to take advantages of such developments.

According to a 2020 cybercrime report from Europol, COVID-19 sparked upward trend in cybercrime. In fact, since the beginning of the pandemic, the FBI has seen a fourfold increase in cybersecurity complaints, whereas the global losses from cybercrime exceeded $1 trillion in 2020. 

In other words, as technology evolves, the risks of cybercrime have become complex. The sense that one is safe from crime in the privacy of one’s own home has been lost. In fact, according to World Economic Forum’s “Global Risks Report 2020” the chances of catching and prosecuting a cybercriminal are almost nil (0.05%).

Take the first steps towards developing measures against the risks of cybercrime! 

This playbook critically examines the growth of cybercrime, evaluating the risks it poses in terms of the different forms of cybercrime that exist and the regulations that seek to detect, prevent and punish them.

The extension of an old legislation to include cybercrime is not entirely effective – especially not for crimes committed within the realm of social media and social networking. Therefore the need to develop an ‘anti-cybercrime culture emerges. It has to be implemented on an international scale that safeguards these crimes – the promotion of careful use would therefore be facilitated to hinder such crimes before they can materialise. Our playbook includes:

  • What is cybercrime and why is it important?
  • Top corporate cybersecurity risks and 10 types of high-tech crimes
  • How cybercrime impacts business and your company’s growth
  • Cybercrime and regulations in place
  • And how your response as a business matters – how to can you protect your business from cybercrime including advice and tips on how to telework safely

Download the full playbook today and learn step-by-step things your company can do to be better protected from cybercrime. Robust cyber-security, data protection, anti-fraud and risk management all come together to mitigate the dangers posed by hackers, phishers and other cybercriminals.

DOWNLOAD PLAYBOOK

With the playbook in your hands, you’ll learn about the most common cyber attacks. This includes viruses, phishing attacks and website hacks. You’ll also gain a better understanding of the consequences of different types of cybercrime.

To sum it up, the playbook provides best-practices and ways that companies are lessening their risk without spending prohibitive resources to do so. Above all, the right expert advice means that any company can be on the right track to protecting their customers, their assets, and their employees from the risks of cybercrime.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds B.S. 102000:2013 and B.S. 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

UK solicitor sentenced to four years in prison over £2.3m fraud

UK solicitor, Andrew Davies defrauding his firm £2.3m jailed

A former senior partner, the UK solicitor, has been jailed for four years after defrauding his firm out of a total of £2.3m. Andrew Davies, 59, paid personal invoices to himself from the business and under-declared £1.1m in stamp duty land tax to HM Revenue and Customs (HMRC) for over nine years.

Davies pleaded guilty to one count of fraud by false representation at Reading Crown Court in 2019 and was sentenced to four years imprisonment in January this year. As a senior partner at the firm, Andrew Davies managed to defraud it out of the money by paying personal invoices to himself from the business account.

The 59-year-old also under-declared £1.1m in Stamp Duty Land Tax to HMRC over nine years, over-declaring tax to clients and then taking money from the solicitor’s firms account for himself, both defrauding the company he worked for and HMRC at the same time.

Davies also raised invoices to pay over £1.6 million to his friend Stephen Allan, who worked as a property developer and was a firm client. The 62-year-old from Bishop’s Stortford was convicted at Reading Crown Court on one count of money laundering and jailed for three years.

In a statement, police mentioned the convictions and sentencing of a solicitor’s firm in Berkshire defrauded out of £2.3m between 2010 and 2017.

Allan then made smaller payments into Davies’ account and also pocketed around £400,000 himself. The solicitor extracted funds from the firm’s client account, paying it to Allan in transactions described as ‘fees’, but there was no known work for this.

Davies of The Street, West Clandon, Guildford, and Allan of Thornberry Road, Bishops Stortford, Hertfordshire, were charged by police officers in August 2019.

The statement did not name the firm, but a Solicitors Regulation Authority notice has previously stated that Davies worked for Reading firm Pitmans LLP, which has since become part of another practice. Davies has already been struck by the Solicitors’ Disciplinary Tribunal and ordered to pay £17,000 in costs.

Investigating officer Detective Constable Katie Taylor of Thames Valley Police’s Economic Crime Unit said: ‘In this case, a solicitor trusted to safeguard client funds abused this position and systematically defrauded his firm of large sums of money for his benefit.

‘He then used a corrupt relationship to launder the proceeds of his crime through a property developer. These professional enablers of organised crime represent a significant risk, and we hope that the conviction and sentence, in this case, will act as a deterrent to others.’

Source: Financial Crime News & The Law Society Gazette

 

Get exclusive insights curated for subscriber-only when you join our mailing list.

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, the CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations.

You suspect employee fraud. Now what?

When any type of fraud, including employee fraud, is discovered, it’s usually by surprise. That’s because most of us aren’t used to looking for criminal behaviour inside our own organisation. We trust…
Read More

Looking for a Service Provider Due Diligence Checklist?

There are many risks implicit in doing business, and CEO’s and risk management officers face many internal and external threats. Most organisations face preventable risks; however, the burden of identifying risks can be too much, especially when dealing with third-party providers.

Most service providers offerings are often part of organisations’ core functions (i.e. internet-related services or cloud services); they have access to sensitive information, including your clients’ client details (PII), their financial data such as credit cards (PCI), or trade secrets; that impacts your data security or privacy programs; a worrying source of risk and, often than not, they drive up your cost. 

According to Ponemon Institute’s Cost of a Data Breach Report 2020, organisations spend £2.9 million ($3.86 million) recovering from security incidents. And third-party breaches cost $370,000 more than in-house breaches. Third-party breaches do happen, and many organisations aren’t prepared. In fact, Protiviti’s 2019 Vendor Risk Management Benchmark Study found that only 4 in 10 organisations have a fully mature vendor risk management process in place. 

It’s critical to follow a well-defined and comprehensive due diligence process when it comes to service providers. Having a services provider due diligence checklist allows you to see what obligations, liabilities, or any types of risks you’re assuming. 

What Is a Due Diligence Checklist?

A due diligence checklist is an organised way to analyse a service provider you want to work with. Following this checklist, you can learn about the Service Provider liabilities, benefits, and potential problems. Due diligence checklists are usually arranged in a basic format. However, they can be changed to fit different industries and professional relationships. A due diligence checklist can also be used for:

  • Preparing an audited financial statement or annual report
  • A public or private financing transaction
  • Bank financing
  • A joint venture
  • An initial public offering (IPO)
  • General risk management.

However, we developed a complete due diligence checklist for you to use on your service providers for this article. There are six core areas to consider when doing your due diligence vetting a service provider:

  1. General company information
  2. Financial review
  3. Reputational Risk
  4. Insurance
  5. Information Security Technical Review
  6. Policy Review

The questions could change based on your requirements or the company, industry, size, or region. The more you know about potential vendors, the easier it is to assess their risk. Let’s take a look!

1. Build an inventory of your service providers:

  • List the providers of significant core functions
  • List any smaller providers who might be working with individual departments

2. Rank each service provider based on risk by asking the following questions:

  • What service does this organisation provide?
  • Who owns the relationship with this provider?
  • Is this provider tied to your organisation’s most critical business operations?
  • What data do they have access to?

3. Collect information on each service provider, including basic information:

  • A business charter or articles of incorporation (or similar corporate charter)
  • Business location, and proof of location.
  • Business license: confirm that the company is legitimate
  • Overview of company structure
  • Information about executives and board members
  • Financial information: is the service provider financially solvent? Would you want to partner with a company that may not be in business next year? 
  • Insurance: gather information on general liability insurance, cyber insurance, or insurance-specific capabilities.

4. General risk information:

  • Is the service provider on any watch lists?
  • Any Lawsuits?
  • Any negative news coverage?
  • Any significant complaints or negative reviews from consumers?
  • Is the site physically secure?
  • Policy Review

Cyber risk Information:

  • Security rating
  • Assessment questionnaire
  • Retrieve the IT system outline
  • Any assets exposed to the open Internet?
  • Any cases of data breaches?

Final risk analysis:

  • Calculate your risk: Risk = Likelihood of a Data Breach X Impact of a Data Breach/Cost
  • Set a risk rating of high, medium, or low
  • Compare the above information with your risk appetite and determine whether your organisation should pursue a relationship with the service provider

How can CRI Group help you manage and respond to risks?

Managing third-party risk can be difficult. The work isn’t done when you understand the risks associated with doing working with third-party providers. With CRI Group, organisations can make the process simpler and gain a window into their service providers’ risk. 

Due diligence on potential business partners when adding a new vendor or hiring a new employee is vital to confirm the legitimacy and reduce the risks associated with such professional relationships. 

Our global integrity DueDiligence360 investigations provide your business with the critical information it needs in making sound decisions regarding mergers and acquisitions, strategic partnerships, and the selection of vendors, suppliers, and employees. And we offer different levels of due diligence to fit your needs:

  • Level I Basic: Basic due diligence
  • Level I Essential: Essential due Diligence
  • Level II EDD Enhanced Integrity Due Diligence
  • Level II EDD Plus Enhanced Integrity Due Diligence

Our Enhanced Integrity Due Diligence services will ensure that working with an, i.e. potential trade partner will ultimately achieve your organisation’s strategic and financial goals. To find out more about each level of due diligence, contact CRI Group HERE!

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

5 Reasons To Run Employee Screening

Being HR professional, we have to deal with rigorous recruitment cycles, and for this, we must meet with several candidates before closing the vacancy. Every HR person has their style of evaluating the candidates, but one thing that needs to be kept in mind before making the final hiring decision is to “Never judge a book by its cover” (Stonehouse, 2017), since at times we might overlook some critical points, perhaps due to a fancy resume or qualification. Every HR professional should consider a crucial step before taking a candidate on board: run employee screening.

According to Business Week – 16% of executive resumes contain false academic claims and/or material omissions relating to educational experience. The U.S. Department of Labor estimates that the average cost of a bad hiring decision can equal 30% of the first year’s potential earnings.If you are an HR professional and reading this article, then I can assure you that other HR professionals must be thinking, “is it worth investing additional time and money in pre-employment background screening service?” Let me tell you the key benefits that you can gain from conducting pre-employment background screening services:

1. Better Compliance: it keeps you out of legal issues

Let’s suppose one of your employees commits fraud in your company, and after investigations, you came to know that the employee did the same with previous employers. At this point, you will regret not conducting their background check, as if you had conducted their employment and criminal check, then you wouldn’t have hired them in the first place.

2. Ensures credibility when performing sensitive tasks

In addition to legal issues, some background checks can verify a candidate’s creditability in performing their on-job duties. For instance, when a candidate is being hired for the accounts department where petty cash and the company’s account handling are their primary responsibilities, their employment check may come across that his previous employment has concluded due to mishandling of accounts.

3. Safer Work Environment: keep employees and clients safe

Conducting Background checks can also convey a message throughout the company’s stakeholders, especially its clients, that all employees hired in the company have gone through rigorous checks. Therefore, the data shared by the clients are in safe hands, thus increasing the overall integrity of the company and its staff.

4. Verifies education and certification

The increase in the number of fake degrees has amplified the importance of pre-employment check of educations. Therefore, all degrees and certificates of the applicant under consideration should be verified. The outcome of verification is not just about checking an applicant’s honesty but also verifying the legal status of the degrees and their issuing authorities.

5. Stronger hires, more savings: it gives an overall picture of the applicants

Apart from the interviews, pre-employment background checks can help the interviewer to make their hiring decision accordingly. For instance, candidates may have successfully cleared the interview process, but in their employment checks, the company found that they had resigned from their services after they were accused of sexual harassment by colleagues. Irrespective of how competent a candidate is for the vacancy, such red flags regarding the candidate’s behaviour can completely change the hiring decision and safeguard the company from future issues.

It is indeed worth spending extra time and money on pre-employment background screening because making a wrong hiring decision can not only increase recruitment cost and time but may also incur the cost of damage that employee has given to the company, whether in the form of litigation’s or damaging the company’s goodwill.

5 Reasons To Run Employee Screening
5 Reasons To Run Employee Screening
5 Reasons To Run Employee Screening
5 Reasons To Run Employee Screening
5 Reasons To Run Employee Screening

 

So, if your company is not conducting background screening! Think Again!

Being in HR, you might be creating liability for the company by making the wrong hiring decision. It’s never too late to correct your actions, so contact us, and we can provide our employment background screening services. As it is rightly said, I quote, “better safe than sorry” (Bateson, 2008). 

CRI Group, based in London, works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management and Due Diligence solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

References

  1. Bateson, J., 2008. Building Hope: Leadership in the Nonprofit World. United States Of America: Greenwood Publishing Group.
  2. Stonehouse, R. A., 2017. You’re Hired! Job Search Strategies That Work. 1st ed. s.l.:eBookIt.com.

 

 

How to conduct background screening in the Middle East?

Background screening is critically important for business worldwide. Providing such service is a complex process, and it is different for every country and region. In the United States, investigators have a web of databases at their disposal and a vast network of local resources that provide a wealth of information at the mere click of a mouse. It’s a different world in the Middle East. Technology is limited in many parts of the region.  Privacy legislation varies from country to country and from jurisdiction to jurisdiction. Cultural differences can impact the flow of information. Language barriers can contribute to inaccurate reporting.

Background Screening in the Middle East

Instead of database-driven investigations like those conducted in the U.S, professionals in the Middle East must conduct large parts of their investigations literally on foot, travelling to remote regions to scour records and interview sources. If you’re looking for accurate, reliable information in the Middle East you need to turn to qualified, professional sources that are familiar with the countries, cultures, terrain, languages, resources and – most of all – the laws that govern personal privacy. In this part of the world, your contacts and resources are your greatest assets.

Discovering Hard-to-Find Facts in Hard-to-Reach Locations

The biggest challenge in conducting background investigations in the Middle East is collecting reliable information most efficiently. This requires a well-trained and diverse group of professional investigators who are multilingual and multi-cultural, are familiar with those geographic regions and can easily traverse the obstacles that often impede international investigations. Those obstacles include:

  • Working with local customs offices.
  • Complying with data protection laws and mandates.
  • Knowledge level of local investigative researchers.
  • Lack of centralised information resources and databases; and
  • The proliferation of multicultural environments that are particularly influenced by locals who vastly differ in their approaches to investigative screening and public record searches, particularly with information collected via database sources.

The Obstacle of Background Investigators in the Middle East

To address these obstacles, successful background investigators in the Middle East are often required to work deep in the field, travelling to remote destinations to conduct interviews, develop resources and enlist local assistance to verify the information. Leading background screening firms will conduct investigations that regularly involve a thorough review of local press records, using online and proprietary databases augmented by manual field research to locate the appropriate public records.

This in-depth investigative approach is necessary to bring to light any instances of malfeasance or notable, publicly aired criticism. These professionals will also research all public records that are available within the respective government institutions such as a region’s trial courts, police and SEC sources, and global sanctions lists. The goal of providing this level of investigative legwork is to collect timely, well-documented and substantiated information which will measure up to the high standards often required by our U.S. partners.

Partner With Reputable Background Screening Firms in the Middle East

As the world economy shrinks and the pool of foreign job applicants expands, a partnership with a reputable international employee screening service provider to conduct investigations abroad is essential for maintaining a safe hiring program for your clients. To ensure you’re using the best providers available, a little investigating of your own will result in big benefits down the road.

Checklist on Securing Reputable Background Screening Service:

  • Research the listing of expatriate background screening firms provided by the Professional Background Screening Association https://thepbsa.org/.
  • Ask your provider how they comply with local and regional laws governing individual privacy protection; the methods they utilise in protecting information.
  • Make sure your service provider’s physical address is in the region they’re conducting investigations. If not, they could be simply outsourcing their cases to a third party.
  • Ask about the manner in which your service provider conducts investigations. Avoid firms that investigate exclusively through media searches.
  • Inquire about the internal policies and procedures the service provider uses to monitor the protection of data and if it conducts regular audits to ensure compliance with regional privacy mandates.
  • Specifically, the provider should be in compliance with GDPR and must maintain Information Security Management System ISMS (ISO27001).
  • Don’t settle for firms that say they specialise in providing checks of the International Terrorist Watch List and the OFAC watch list. Those lists are available online to anyone at no cost.
  • Avoid firms that won’t supply you with the source of the records they obtain, were available from public record resources. Also, be sure to ask how old the information collected is.
  • Reputable firms will combine in-depth field investigations with routine public records searches. Make sure your provider is doing both. Background checks involve investigative research and not just press clippings.
  • Service delivery is critical in foreign investigations. Ask about average turnaround times and get commitments for delivery in advance of the investigation.
  • Find out what other U.S. companies use as a service provider. Ask for references.
Employee Background Check

How do you know the candidate you just offered a role to is the ideal candidate? Are you 100% sure you know that everything they’re telling you is the truth? 90%? They showed you a diploma, how do you know it’s not photoshopped? Did you follow the correct laws during your background checks process? Employee background checks and necessary screenings are vital to avoid horror stories and taboo tales that occur within HR, your business, or even your brand – simply investing in a sufficient screening can save you time, money and heartbreak.

CRI Group has developed EmploySmart™, a robust new pre-employment background screening service, certified for BS7858,  to avoid negligent hiring liabilities. Ensure a safe work environment for all – EmploySmart™ can be tailored into specific screening packages to meet the requirements of each specific position within your company. We are a leading worldwide provider, specialised in local and international employee background checks, including pre-employment and post-employment background checks.

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, the CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.