GDPR vs. UK-GDPR; the laws Post Brexit

The General Data Protection Regulation (GDPR) is a regulation in EU law that was implemented on the 25th of May 2018 and concentrates on data protection and confidentiality in the European Union and the European Economic Area; alongside this, the GDPR is also used to address the transmission of personal data outside the EU and EEA areas. The EU Commission announced on 28 June 2021 that adequacy judgments for the UK have been passed, so what does that mean for the GDPR rules?

The Brexit transition phase concluded on the 31st of December 2020 and as a component of the new trade agreement, the EU has come to an agreement to postpone the transmission limitations for at least four months, which can then be stretched out to six months (recognised as the bridge). The European Commission published its draft decisions on the 19th of February 2021  regarding the UK’s adequacy under the EU’s General Data Protection Regulation (EU GDPR) and Law Enforcement Directive (LED). In both cases, the European Commission has found the UK to be adequate which implies that much of the data can resume the stream from the EU and the EEA devoid of the need for supplementary precautions. Nevertheless, it is vital to take note of the fundamental reality that the adequacy decisions do not cover data conveyed to the UK for the principles of immigration control, or where the UK immigration immunity is appropriate. For this nature of data, distinct regulations are employed, and the EEA dispatcher wants to set other transfer safeguards in place. September 2021 saw WhatsApp being handed the second highest fine under EU GDPR (General Data Protection Regulation) rules and the biggest fine ever from the Irish Data Protection Commission due to their lack of understanding towards the new GDPR laws – had they done their due diligence, they may have been able to avert such a hefty fine. Our Due diligence 360° services provide the specialised intelligence needed by global financial institutions and multinational corporations to guarantee complete compliance with anti-money laundering (AML) regulations and legislations.

Find out more about compliance below or download our free brochure.

FIND OUT MORE or DOWNLOAD THE BROCHURE

The draft decisions will at this point be deemed by the European Data Protection Board (EDPB) and a committee of the 27 EU Member Governments.  If the committee accepts the draft decisions, then the European Commission can formally adopt them as legal adequacy decisions.  If adequacy decisions are not implemented at the end of the bridge and allocations from the European Economic Area (EEA) to the UK will require compliance with EU GDPR transfer constraints.

What is the UK-GDPR?

The United Kingdom General Data Protection Regulation (UK-GDPR) is the UK’s national data privacy law that is the proxy for the EU’s GDPR after Brexit; it is fundamentally the equivalent to the EU’s GDPR but altered to accommodate national regions of regulation. The UK-GDPR will regulate personal data and demand the same legal grounds for managing personal data.

The GDPR is indeed still retained in domestic law as the UK GDPR, although the UK has the freedom to maintain the framework under evaluation. The ‘UK GDPR’ as it’s known as, rests adjacent to a revised edition of the DPA 2018. It is also essential to note that the fundamental ethics, constitutional rights, and responsibilities remain as they were but that there are connotations for the regulations on transmissions of individual data between the UK and the EEA.

The UK GDPR also pertains to regulators and processors established out of the UK if their managing pursuits correlate to:

  • presenting commodities or services to persons in the UK; or
  • supervising the conduct of persons taking place in the UK.

Similarly, there are also outcomes for UK regulators who have an institution in the EEA, have consumers in the EEA, or observe individuals in the EEA. The EU GDPR still pertains to this handling as data can still flow freely from the EEA because the EU have adopted adequacy decisions about the UK, but the European data protection mandates has altered the way you can interact. CRI® Group’s own exclusive, expert-developed 3PRM™ services help you proactively mitigate risks from third-party affiliations, protecting your organisation from liability, brand damage, and harm to the business. Whether your organisation has a large, well-established third-party program, is in the early stages of development, or is anywhere in between, the 3PRM™ solution can improve the health of your program and future-proof your entire business in many forms.

Find out more about 3PRM™ below or download our free brochure.

FIND OUT MORE or DOWNLOAD THE BROCHURE

Which rules apply?

Whilst the adequacy judgments stay in order, the UK GDPR is still valid and is expected to remain so until the 27th of June 2025. The EU Commission will be supervising advancements in the UK on a constant basis to guarantee that the UK will continue to deliver a comparable degree of data protection. The Commission is still able to revise, postpone, or rescind the decisions if concerns cannot be settled. EU data subjects or an EU data protection authority can also instigate a lawful dispute regarding the decisions in which the Court of Justice of the European union would then have to determine whether the UK did essentially deliver comparable security.

In the absenteeism of an EU GDPR adequacy decision, the Frozen GDPR would be valid to subjective data of the basis of if:

  • it was administered in the UK under the EU GDPR before 01 January 2021; or
  • it’s being administered in the UK on the basis of the Withdrawal Agreement

Conversely, the UK-GDPR does increase on -and diverge from- the EU GDPR in noteworthy approaches that will make modifications to the legal environment of data protection in the UK.

UK-GDPR expands and changes the European GDPR

The areas increased on by the UK-GDPR are:

  • National security
  • Intelligence services
  • Immigration

These regions, are per definition, are outside the scope of the European GDPR the three of them are deemed to be extra-national regulation from the EU devoid of powers to govern affairs of national confidence in constituent nations. Nevertheless, the UK-GDPR sets out specific concessions by which the customary welfare of personal data can be circumvented, e.g., when in matters of national security or in matters of immigration. It also applies the same requirements for collection and processing of personal data to the intelligence services. A further significant change is that the Information Commissioner, who was the leading data protection authority in the UK today, became the primary director, monitor and enforcer of the UK-GDPR.

Are you post-Brexit GDPR compliant? 

The UK-GDR would now entail your organisation’s site or application to request for the user’s approval prior to accumulating and managing data via cookies. It involves that your organisation not amassing more data than is truly mandatory and to also make it as straightforward for your users to rescind authority to the application of data as it is to give it. Transparency is key in the UK-GDPR and requires clarification of how long data is stored and how you will be processing users’ personal data.

Let’s Talk!

It’s always great to have a helping hand when it comes to compliance and risk management – especially with all the new changes expected to take place ahead of securing the integrity and morality across corporate culture. Take a proactive stance with the highest level of expertise as a part of your essential corporate strategy. Contact us today to learn more about our full range of services to help your organisation stay protected.

GET IN TOUCH

What is Business Intelligence? Investigative operations vs Intelligence operations

What is Business Intelligence?

What is Business Intelligence? How are Investigative operations are compared to Intelligence operations? Business Intelligence (BI) is a phrase coined for the analytical procedures an organisation commences. Business Intelligence is known to be a successful method of conducting market research as it merges data derivative from the peripheral environment (i.e., market and industry) in which an organisation operates with data from the core environment of the organisation as fiscal and controls data. When combined, this data can deliver a complete image of any business decisions a firm can make as a means of benefit to themselves; this ranges from operational decisions such as product positioning to strategic decisions such as pricing.

What is counted as Business Intelligence Solutions?

Business Intelligence (BI) Solutions can take on numerous forms and structures in today’s complex corporate environment. BI solution investigates everything from assets to the exterior disputes facing an organisation. It can also appraise an organisation’s employees to ensure that the organisation’s integrity, reputation, and bottom-line profits are safeguarded from any malice and illicit activities.

CRI® Group takes two approaches to BI solutions:

  • Intelligence operations (via market research and analysis): we focus on researching the future and potential growth of your business – i.e. determine the commercial viability and potential for success in the market, analyse consumer behaviour and business trends in that market, etc.
  • Investigative operations (via commercial investigations): we focus on the status of your business – i.e. location of assets, financial information, identification of unmet needs of any market, gauge brand awareness and identity in the market, etc.)

Why not check out our BI solutions brochure to know more about our approach.

What are intelligence operations?

Investigation and Evaluation facilities are constructed to aid clients during the business intelligence procedure. Intelligence operations are highly acclaimed for organisations of all industries as the service aids the preliminary phases of detecting the necessary components for a suitable corporate policy to the closing phases of execution. At CRI® Group we know that data is your greatest advantage when performing enterprise on several degrees.

Our market research will collect the statistics mandatory to make significant corporate decisions; everything varying from registering into other markets or industries to associating or partnering with other organisations (i.e., Mergers and Acquisitions) is covered in our BI Solutions. CRI® Group is proficient in understanding and transmitting this data in a way that allows you to implement it into your corporate development; our experts are trained to the highest degree and understand how to get the proper data promptly.

CRI’s methodology is to assist the organisation in tracing corporate movements and market changes which in turn, will aid in steering them through the practice of successfully conveying their brand in the larger market to then be able to market their goods and services accordingly. With representatives in nations across the globe, CRI® Group is distinctively situated to assist you in traversing cultural and regulatory environments to maximise your market potential in the regions you seek to trade.

Gaining insight into how your brand reputation affects potential buyers and understanding what motivates the market to purchase will enable you to establish effective marketing programs that impact your audiences and build brand loyalty among buyers.

What are investigative operations?

It is no secret that every industry has its issues. Some matters, however, such as Employee Theft, Company Fraud, rivalry, continuous malingering, or Industrial Espionage, can start on a moderately trivial scale but as time advances, the culprit becomes brasher in their endeavours (typically due to an absence of discovery) instigating the situation to develop out of control and start being detrimental your commerce.

As an organisation, you have every right to be involved with the internal activities of your firm hence, carrying out commercial investigations on your employees as a means of curtailing threats is not out of the question. Our team of experts can support you to do this in a manner that is equally as ethical as it is providing as it delivers you the data you so greatly pursue.

Commercial investigations can be achieved for any form of an enterprise including commercial, industrial, legal, and public sector corporations. Our team hail from a range of diverse backgrounds, including military and fraud investigators which is why CRI® Group is so adaptable in its approach to help you with intelligence and investigative operations.

A little bit overwhelmed and wanting to learn more? Get in touch and let us know how we can help!

GET IN TOUCH

 

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background Screening, Business Intelligence, Due Diligence and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

How is COVID-19 Radically Transforming the New-Hire Experience

The COVID-19 pandemic has been a challenging time for industries, organisations and their teams on every level. HR leaders had to adapt to a new normal quickly. Along with coping with the closing of workplaces and adjusting to working from home, many organisations had significant recruitment, vetting and onboarding activities. With two-thirds of employers reporting increased productivity for remote workers than in-office workers, businesses also discovered the benefits of a remote and flexible workforce. With the human element of HR almost vanishing overnight, HR leaders had to learn how to leverage the “digital” aspect of their jobs, ramp it up and implement it across their processes to deliver a new-hire experience and an overall good employee experience. And these changes are very likely to stay for the long haul.

This article explores how COVID-19 radically transformed the new-hire experience from recruitment to background screening, onboarding, and retention. We also explore some of the advantages of these changes and how you can leverage the new normal into your employee experience and increase retention.

The new normal

When COVID-19 struck, companies were faced with the difficult task of hiring quickly and economically, continuing effective onboarding processes, and changing the overall new-hire experience whilst managing the day-to-day risks and ever-changing challenges. COVID posed a lot of challenges when it comes to recruitment, such as:

  1. Navigating the new realm of virtual recruitment.
  2. High demand for recruitment in specific sectors (e.g., pharmaceuticals, retail supermarkets, delivery companies, transportation, retail banks, healthcare).
  3. The need to hire employees with a specific skill set (e.g., digital marketing, IT teams, customer service).
  4. Accommodating for existing staff working from home.
  5. Considering the long-term and short-term economic impact of hiring during the uncertainty of the pandemic.

There was also the onboarding process. Before the pandemic, some would say the process of onboarding an employee begins when the candidate is offered the position and continues until the new employee is considered productive – which could be anytime from the end of a probation period, for example, to a full year and the first appraisal. However, according to a recent survey by CareerBuilder, 25% of employers reported that their onboarding process took a day or less. In comparison, 26% spent a week, 21% over a month, and 11% said their onboarding process extends over three months or longer.

Furthermore, during the pandemic, the number of cases of employee fraud and misconduct grew substantially. In a survey conducted last year by CRI Group, an overwhelming number of respondents said the COVID-19 pandemic is affecting human resources at their company. There are also concerns about fraud, and the protection of confidential information, as much of the workforce has gone virtual in work-from-home (WFH) arrangements. CRI Group’s survey measures the pulse of human resources during a challenging time in business worldwide. The largest number (38%) of survey participants were human resources professionals, but respondents also included managers (19%); executives, directors and administrators (27%); and other roles.

Being digital in a COVID world, where face-to-face interaction is no longer possible, is mostly about optimising the end-to-end employee experience and leveraging data to deliver a somewhat personal employee onboarding experience. Outlined below are ten fundamental tips that support it:

1. Integrate employee information from screening to onboarding and deployment

Managing data is a challenge, but it is essential to ensure that the monitoring and engagement of the new hire remain consistent throughout the onboarding lifecycle. Integrate a system that includes Applicant Tracking System (ATS), recruitment, background screening, onboarding, and performance management, and learning/development systems.

2. There are no shortcuts in recruitment; background screening is more critical than ever

Many companies are hiring at an accelerated rate – especially in the medical profession and industries dealing with infectious diseases, medical supply, pharmaceutical companies and research facilities. A need for quick and effective pre-employment screening has arisen, but that is precisely why proper background screening is critical during COVID. Take the revised BS7858:2019 standard: When establishing policies and practices around the standard and vetting new hires against the standard, organisations can show that they place a high value on hiring individuals who possess integrity. Organisations can then task their new hires with responsibilities designed to keep their co-workers, customers and information safe from the negative forces that have become more prevalent in today’s ever-changing COVID-19 world.

3. Reduce insider fraud or misconduct risk and increase employee integration success rate from the get-go

Unfortunately, during the COVID-19 crisis, employee fraud has increased. According to a 2020 report from the Association of Certified Fraud Examiners, 5% of all revenue generated by organisations – some three and a half trillion pounds globally – is lost every year through fraud committed by employees. Effective background screening for candidates and employees is an essential and effective countermeasure.

4. Leverage HR technology, social media and remote working to elevate the employee experience

Remote working is very much a given in this era, so you must leverage technology to not only facilitate your new hire now but their job as a future permanent employee. It will also reduce the need for face-to-face support while at the same time encouraging proactivity and self-service. In today’s reality, employee experience is not just about boosting employee engagement but more about employee support effectiveness as a whole – while reducing dependencies on HR at the same time.

5. Engage new-hire from the get-go

Employee onboarding starts not just when the employee joins the organisation. Your very first email is the first experience the candidate has with your organisation. In the fast world of recruitment, too many sure candidates drop your process or reject your offers for a better one. It is essential to keep the candidate engaged while at the same time initiating a slow process of integrating her/him into the organisation asap — by doing so, you will improve the offer-to-join ratio.

6. Accelerate the time-to-competency for new hires by reducing the learning curve

It is important to establish expectations, set clear goals for the new hire, and monitor them consistently. Investing in employees’ professional development has always been an attractive “benefit” of any luring organisation. With COVID and the inability to learn on the job, this is more important. Why? Employees at all levels worldwide have been flung into a different and new way of working, which requires a very different skill set. According to Gallup, organisations that invest in employee development report 11% greater profitability. Every individual has his/ her learning style and ways of retaining information, so leverage all the digital tools available such as on-demand videos, live chats, virtual assistants, and other forms of interactive self-paced learning options.

7. Up-skilling your people by providing learning and knowledge retention tools on demand

Learning is key to making an employee productive. Training new and current employees to cope with the ongoing changes from the COVID-19 pandemic will help them remain productive. Employee retention like this is invaluable, especially as recruitment has become that bit trickier in a remote world. Do not lose top talent, knowledge and experience, for lacking that extra level of support.

8. Mental health is critical; it is time to acknowledge and practice it

The turbulence of today’s dual health and economic crises is unprecedented and is affecting employees. PwC’s 2020 Global Consumer Insights survey shows a shift in the consumer’s priority, with 69% saying they are caring more about their mental health and physical fitness, and 63% saying they want to eat healthier as a direct result of the COVID-19 pandemic. A study from Tilburg University in the Netherlands (commissioned by the IOSH – Institution of Occupational Safety and Health) estimated around 12.8 billion working days are lost due to anxiety and depression. The study concluded that organisations could help prevent mental health problems from becoming more severe and achieve a more sustainable workplace by paying attention to each individual’s situation and conditions. Employers must emphasise meeting individual needs and finding a more tailored approach where the new reality can safely “cohabit” with a desired new future. Leveraging social media to provide a robust peer support system is equally helpful – these will aid the onboarding process.

9. The employee continuously due diligence

Conduct a periodic review of existing employees. Investing in due diligence is vital to mitigate the risks and identify fraud. Periodically screening and vetting existing employees can protect and enhance the overall security of your organisation.

10. Cut costs drastically

Leveraging these new changes and integrating them into your onboarding cycle can help reduce expenses drastically across your business. It eliminates the cost that comes when placing the wrong candidate.

EmploySmart – take the first step towards transforming your employee background screening!

Businesses have to adapt quickly to survive, which can mean cutting steps in their hiring process, and no one knows how this will play out. Using a vendor to conduct your background screening effectively will invaluably make your onboarding process more scalable. It will allow you to focus on delivering consistently superior services to new hires across the board and, more importantly, focus on the fun stuff like supporting the new hire on their continued improvement.

We understand how important it is to monitor all stages from recruitment to onboarding and from onboarding to learning and development; that’s why our employee screening reports are easy to “transcribe” to whatever HR ecosystem you use. Our reports will essentially complement the effectiveness of any employee onboarding process and, therefore, your HR department.

Mitigate the employee risk impact! Learn how with this FREE ebook. Taken as a whole, this ebook is the perfect primer for any HR professional, business leader and company looking to avoid employee background screening risks. It provides the tools and knowledge needed to stay ahead of COVID-19 effectively. Read more or DOWNLOAD now!

EmploySmart | Most Robust Employee Background Check Service

How do you know the candidate you just offered a role to is the ideal candidate? Are you 100% sure you know that everything they’re telling you is the truth? 90%? They showed you a diploma, how do you know it’s not photoshopped? Did you follow the correct laws during your background checks process? Employee background checks and necessary screenings are vital to avoid horror stories and taboo tales that occur within HR, your business, or even your brand – simply investing in a sufficient screening can save you time, money and heartbreak.

CRI Group has developed EmploySmart™, a robust new pre-employment background screening service, certified for BS7858,  to avoid negligent hiring liabilities. Ensure a safe work environment for all – EmploySmart™ can be tailored into specific screening packages to meet the requirements of each specific position within your company. We are a leading worldwide provider, specialised in local and international employee background checks, including pre-employment and post-employment background checks.

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

CRI® proud Official Supporter of International Fraud Awareness Week 2021

International Fraud Awareness Week, November 14-20 – and CRI® Group is once again a proud Official Supporter of this global movement. Fraud Week was created to reduce the impact of fraud and corruption by promoting anti-fraud awareness and education.

Fraud statistics

Fraud is still increasingly common. Even when it comes to hiring employees, companies must be vigilant. CRI® Group’s investigative team found that providing incorrect employment details is the most common red flag, as it was uncovered in about 4.5 per cent of background screenings. This is followed by providing incorrect education degree details as well as having adverse media (unfavourable news or online mentions), both at 2.33 per cent. Most employers would probably say that when it comes to educational background, the only thing worse than providing incorrect degree information would be outright claiming a fake degree – which occurred in nearly 2 per cent of cases.

Read more in our article “Background Screening Red flags: Numbers Don’t Lie”.

In another survey conducted by CRI® Group, which analysed how COVID-19 has impacted human resources and its functions, it was revealed that companies understand the fraud risk factor during the pandemic: nearly 77 per cent of HR professionals accept that there is a risk that employees can initiate fraudulent activity because of the work-from-home arrangement.

Also, the shocking number of survey participants highlighted that they have encountered employee fraud in their career. Luckily, most companies do conduct background screening of some type. In fact, 85 per cent do so, which is important because many companies have learned that trust can be misplaced. While an overwhelming 92 per cent said they trust their employees with confidential data, background screening can help verify that your employees aren’t hiding anything in their backgrounds that might put your company at risk.

Read more about the survey, as it provides valuable information for companies, employees, and human resources professionals and teams who serve them. It also sheds light on the critical need for increased employee background screening and data protection during a tumultuous time.

Some other stats to note (the following come from the ACFE):

  • The average fraud lasts 18 months before it is discovered. The longer a fraud lasts, the greater the financial damage (schemes that last for several years can cause hundreds of thousands of dollars).
  • The most common detection method for fraud is tips. And organisations that have reporting hotlines are much more likely to detect fraud through tips than organisations without hotlines.

All of the above indicates that the fraud issue is real and organisations must take actions to prevent the fraud risks for their organisations and even careers. For CRI® Group, the goal is to help business leaders think about fraud and corruption this week and take steps to minimise it year-round. So, what is your organisation doing for Fraud Week?

Get involved in the Internal Fraud Awareness Week

Join CRI® Group and ACFE in the fight against fraud. ACFE provides a great set of the following tools to go a step further in your role and to start discussions amongst peers, co-workers, executives and stakeholders in your community about how important fraud prevention is to society as a whole:

  • Post on social media using new badges and informative images with the tag #fraudweek
  • Add the new Official Fraud Week Supporter badge to your email signature.
  • Invite a ACFE to talk to your employees and co-workers virtually on how to avoid common mistakes when preventing fraud.
  • Download the free Fraud Week logo to share on materials or websites.
  • Involve your local chamber of commerce or city council to spread tips on fraud prevention for small businesses.
  • Host a talk or seminar for your co-workers or community on regularly staying aware of fraud prevention best practices.
  • Perform a fraud check-up for your organisation and present your findings to executives, as well as a proactive plan for how to remedy weak spots in your current controls.

How does CRI® Group fight fraud?

CRI® proudly celebrates International Fraud awareness week and highlights that this occasion (called Fraud Week, for short) is an important effort to put a spotlight on fraud, help educate people about its perils and build a fraud-free future.

“Fraud Week reminds us that awareness is any organisation’s first line of defence against fraud and corruption, as properly trained employees will have a better opportunity to recognise the red flags of fraud, and a better understanding of their organisation’s zero-tolerance policy toward such behaviour”, Zafar Anjum, founder and CEO of CRI® Group says.

“Fraud is everybody’s problem, and it cannot be prevented and detected if employees aren’t provided with the information they need to combat it. Providing a robust anti-fraud training program increases your company’s protection from risks of fraud and unethical behaviour. An ounce of prevention is worth more than a pound of cure.”

For CRI®, though, helping organisations prevent and detect fraud is a year-round commitment. That’s why Fraud Week is a great time to reflect on CRI® Group’s recent efforts in the fight against fraud, and to also look ahead to activities on the near horizon. Below are just a few of the highlights.

Does your organisation have a training program in place that addresses fraud, bribery and corruption? And, if so, how robust is your training? How often is it administered? And how do you know it’s working?

These are important questions, especially considering the fact that we know most fraud is discovered internally through employee tips. A recent case study is a perfect illustration of that.

Case study: Conflicts of interest

A major pharmaceutical company’s security department received conflict of interest complaints that reportedly involved a range of employees, from sales personnel on up to the chief financial officer (CFO).  The company engaged CRI® Group to conduct an integrity due diligence and conflict of interest investigation in order to uncover unethical practices, including bribery and corruption, by senior employees.

CRI® Group’s investigators quickly launched a risk assessment of the company’s third-party relationships, which included several interviews with identified vendors and suppliers to help ascertain the engagement process and associated risks.

Investigators found one of the vendors used letterhead that lacked a physical address, and the only contact information listed was a single cell phone number. Site visits, background checks and interviews helped determine that the suspicious vendor was not a company at all – but a single person, and he was none other than the brother-in-law of the client company’s CFO. Worse still was the fact that this obvious fraud was being conducted right under the noses of the company’s procurement and finance professionals.

CRI® Group investigators discovered that the individual’s residence was being utilised as a warehouse to help facilitate the fraud. Comprehensive litigation records check with local and regional courts found that the subject was previously convicted in federal court and spent three years in prison for the charges of selling counterfeit products, physician samples and expired medicines; further regulatory checks found that his pharmacist license had been cancelled.

The fraud had continued for five years. However, the one thing that saved the company from further financial harm was the fact that employees had stepped forward to report unethical behaviour. If not for their action, the fraud could have continued indefinitely.

Fraud Week reminds us that awareness is any organisation’s first line of defence against fraud and corruption, as properly trained employees will have a better opportunity to recognise the red flags of fraud, and a better understanding of their organisation’s zero-tolerance policy toward such behaviour.

CRI® Group’s Certification body, ABAC® Center of Excellence provides employee training as part of the curriculum for a participating organisation. In fact, ISO 37001:2016 certifies that your organisation has implemented reasonable and proportionate measures to prevent bribery, and these measures involve training, top-level leadership, bribery risk assessment, due diligence adequacy, financial and commercial controls, reporting, audit and investigation.

Some key things to remember:

  • Anti-fraud training should be mandatory. This includes managers and executives, who should also receive special training regarding their position of responsibility.
  • Anti-fraud training should be an element of new employee orientation. After that, it should be provided to all employees on an annual basis, if not more frequently.
  • Training might be presented live (in-class), on video or online in an interactive format. The live class is preferred, as it allows questions and personal engagement. However, in today’s business world, some employees work remotely and an online format may be more feasible.

Fraud is everybody’s problem, and it cannot be prevented and detected if employees aren’t provided with the information they need to combat it. Providing a robust anti-fraud training program increases your company’s protection from risks of fraud and unethical behaviour. An ounce of prevention is worth more than a pound of cure.

Learn more about how CRI® Group and the ABAC® Center of Excellence can help you have a well-trained workforce serving as your front line of defence against fraud, bribery and corruption.

CRI® Group is here to help and create a fraud-free future. Contact us today to learn more about our ABAC® training and certification opportunities, our EmploySmart background checking process, our investigative services and other offerings.

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

#InTheNews: Bribery and Corruption

As a result of COVID-19, countries all over the world are facing significant economic disruption, insecurity and suffering, which has created an increased risk of bribery and corruption.  News in the first two quarters of 2020 showed that many governments began to implement measures to combat these implications from the global pandemic.

Kenyan Anti-bribery and Anti-Corruption laws

“On 27 June 2020, it was reported [by GlobalComplianceNews] that the Kenyan Government is in the process of implementing harsher corruption and bribery laws, in an attempt to curb the current statistics within the country. A proposed amendment to the Bribery Act, which is currently being tabled in Parliament, seeks to allow for the imposition of a fine amounting to KSh 5 million (circa USD 46,939) or for a period of imprisonment not exceeding ten years, where an individual is aware of, or suspects bribery taking place and fails to report it.” It is clear that the Kenyan Government is concerned with the prevention of bribery and corruption, perhaps to ensure the appropriate allocation of resources in these unprecedented times.

US Abuse of Power Prevention Act

On July 23 2020, the House Judiciary Committee held a mark-up of a new bill, the Abuse of the Pardon Prevention Act as US congress aims to eliminate the tolerance of alleged corruption and bribery undertaken by the current or former presidents. “Section Three of the bill amends the federal bribery statute to make clear that a (former) president can be prosecuted for accepting a bribe in exchange for a pardon… The House also introduced a related bill, the No President is Above the Law Act.”

French Compliance Legislation

The French government has also been working on implementing anti-bribery and anti-corruption legislation as they have in 2020 for the first time since 2016 adapted and improved their white-collar crime standards. As stated in a Global Investigations Review by Lexology  “in anti-bribery compliance in particular, the recently created French Anticorruption Agency (AFA) keeps building on Sapin II by providing guidance on specific topics, auditing compliance programmes and for the first time… bringing cases in front of its sanctions board.”[/vc_column_text][/vc_column][/vc_row][vc_hoverbox image=”8369″ primary_title=”Stay updated on the go” hover_title=”Subscribe for our newsletter” hover_btn_title=”Keep me updated” hover_add_button=”true” hover_btn_link=”url:https%3A%2F%2Fwww.crigroup.com%2Fnewsletter-subscription%2F||target:%20_blank|”]Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence related news, solutions, events and publications.[/vc_hoverbox][/vc_column][/vc_row]

Let’s talk

Follow us on LinkedIn, Facebook or Twitter for more industry news and insights.

CRI Group, based in London, works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementBackground Screening and Due Diligence solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. CRI Group also holds BS 102000:2013 and BS 7858:2019 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.[/vc_column_text][/vc_column][/vc_row]

5 Tips for Preventing & Detecting Expense Fraud

It’s one of the most common forms of occupational fraud: employees fudging on their expense accounts. Earlier this month (June, 2020), Lookers (London-listed company) warned investors they might be unable to buy and sell its shares from the beginning of July because of potential fraud on its books – confirming £19m charge to correct books after fraud inquiry. Whether through fictitious charges, fake receipts or invoices, or other improper use of expense funds, an expense account is sometimes seen as a low-risk, high-reward area for committing fraud. It shouldn’t be. If your company takes the proper steps to review expense activity and protect itself from fraud, expense accounts will no longer be a vulnerable area of your finances.

The experts at CRI® Group offer the following tips for bolstering your protection against expense account fraud:

1. Provide strict guidelines for credit card use

Often, expense account fraud is committed with the use of a credit card, with the employee seeking illegitimate reimbursement for various expenses. Detail how personal cards are allowed to be used, and require and review all receipts for claimed expenses. Also require supporting documentation (such as an airline boarding pass, for example) to ensure the purchase was used as intended.

2. Check company credit card statements carefully

In some cases, employees will use a company credit card to make a purchase, but then claim similar or duplicate expenses for reimbursement on their expense report. This is easy to catch if you carefully review company card statements and check them against reimbursements.

3. Ask questions

If a purchase seems odd or unrelated to business use, catching it early is the best way to resolve the issue. After too much time has passed, an employee might claim to have a difficult time remembering exactly what the questionable expense was for. If in doubt about a claim, ask for supporting documentation and a clear explanation of how the expense was used for a business purpose.

4. Implement a Code of Ethics for all employees

By including anti-fraud language in your Code of Ethics, which should communicate a strong anti-fraud stance and be signed by all employees, it will be clear that expense account fraud is not tolerated. Reinforce this with regular communications to employees reminding them that the company does not tolerate fraud in any form and offenders will be prosecuted.

5. Set a Tone at the Top

If the company has rules in place but senior staff aren’t following them, lower-level employees will follow by example and flout the rules, as well. All staff should follow the rules to the letter. Especially while on business trips with lower level employees, senior staff should set a positive example and make a point to follow the rules for business expenses.

Expense account fraud is a persistent problem in business, but it doesn’t have to be a crisis at your company. By using a common sense approach and some key prevention strategies, you can help ensure that your employees know the rules and are less likely to try to take advantage of company expense funds. For assistance in developing and implementing a fraud prevention strategy, contact us today or get a FREE QUOTE now!

 

Let’s Talk!

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Wal-Mart: a professional TPRM implementation would have avoided this situation.

Lack of TPRM strategy can be an expensive reminder of how important is it to balance the risks and benefits of using third parties to deliver business services.

On June 20, 2019, Walmart Inc global retail corporation, settled a long-running corruption investigation by the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) to resolve a long-running U.S. bribery investigation into allegations of bribery by its employees. 

According to the agreed-upon statement of facts in the DOJ settlement documents, as well as allegations in the SEC administrative order, from 2000 until 2011, despite the fact that certain Walmart personnel responsible for implementing and maintaining the Company’s internal accounting controls related to anti-corruption were aware of certain controls failures, including failures related to potentially improper payments to government officials by certain Walmart foreign subsidiaries, Walmart failed to implement appropriate internal controls to prevent such improper payments.

The DOJ alleged that Walmart failed to do the following:

  1. Conduct sufficient anti-corruption due diligence on third-party intermediaries (“TPIs”) who interacted with foreign officials;
  2. Implement appropriate controls related to payments to TPIs; 
  3. Require proof of services before paying TPIs; 
  4. Require that TPIs had written contracts with anti-corruption compliance provisions; 
  5. Ensure that donations ostensibly made to foreign government agencies were not converted to personal use by foreign officials; and
  6. Implement appropriate policies covering gifts, travel and entertainment for foreign officials.

With a total of $282 million in penalties and disgorgement and its Brazilian subsidiary pleading guilty to criminal charges, the deal could have easily been avoided with a professional due diligence implementation.

The Arkansas-based global retail corporation settled a long-running corruption investigation by the U.S. Department of Justice (the “DOJ”) and the Securities and Exchange Commission (the “SEC”) (collectively the “Government”), with the Company paying a total of $282 million in penalties and disgorgement and its Brazilian subsidiary pleading guilty to criminal charges.

Expensive Reminder About the Importance of Due diligence

What is due diligence?

Due diligence is understood as the reasonable steps taken to satisfy legal requirements in the conduct of business relations. An Integrity Due Diligence allows you to reduce risks arising from the FCPA (Foreign Corrupt Practices Act) and the UKBA (U.K. Bribery Act), make informed decisions, and pursue takeovers or mergers confidently. In the business world, due diligence refers to the organisation’s investigation and steps to satisfy all legal requirements before buying or selling products and services or entering into a contract or a financial arrangement with another party.

Unlike other kinds of control (audits, market analysis, etc.), it must be independent and rely as little as possible upon information provided by the researched subject. The other significant difference lies in the methodology: commercial or financial due diligence analyses available information, Investigative Due Diligence provides reliable and pertinent, but raw, information.

When conducting investigative due diligence, you can identify key risks; it can enhance your knowledge and understanding of the customer, supplier, employee and third-party risk, helping you avoid any compliance. 

Protect your reputation and the risk of financial damage and regulator action using our detailed reports. 

Types of transactions

Professionals can be hired to conduct investigations or audits of business deals involving a variety of transactions, such as:

  • merger & acquisition;
  • potential investment in securities;
  • real estate transaction;
  • business purchase or sale; and
  • investment in a new product or technology, and so on.

Types of investigations

The standard types of investigations that are conducted include:

  • Conflict of interest investigation;
  • Review of financial records;
  • Confirmation of financials with a bank or other financial institution;
  • Credit checks from credit reporting companies (such as Equifax);
  • Property title checks obtained from a trusted source (e.g. land titles office or your lawyer); and
  • Confirmation of corporate status, directors, officers, and shareholders (if applicable).

How can a professional fraud investigator help?

  • review client documentation and information to identify red flags of fraud;
  • conduct standard public record searches on the people or issues identified;
  • conduct covert and overt interviews and gather intelligence utilising other covert and overt methods; and
  • after an initial investigation is completed, request that their clients meet with the proposed parties to the transaction to gauge their credibility against the information that the investigator has found about them.

How CRI® can help

We enable businesses to make better decisions about the third parties they choose to work with. We help you make better decisions faster. We examine risk from every angle so you can make better-informed decisions. And we provide you with the insights you need to identify the partners who will create better long-term value for your business.

Third-party risk management services brochure

10 top business risks

Sometimes business owners or management have an outsized sense of business risks for a particular threat. For example, some companies place extreme emphasis on guarding their intellectual property (IP), when in actuality the incidence of IP theft for their industry might be low. Other times, however, their priorities are firmly in line with the threat posed by the risk. According to a recent study, this is exactly the case when it comes to leaks of internal information, data theft, and reputational damage due to third-party relationships (Global Fraud Risk Report 2019/20).

This report is based on a survey of 588 senior executives from 13 countries and regions and 10 industries. It provides valuable insight into what types of threats are keeping business leaders awake at night. “The broadening of the risk landscape is visible in the types of significant incidents our survey respondents report experiencing in the last 12 months and in the priority levels they assign to various risk mitigations,” the report states. “The most frequently cited incident is leaks of internal information, reported by 39 percent. But this perennial challenge now coexists with risks from relatively recent threats, such as data theft, and even newer threats, such as adversarial social media activity.”

business risks

Business information leaks occur when confidential information is revealed to unauthorized persons or parties. This happens with alarming frequency, as recent news stories illustrate. Headlines include “Stunning iPhone 12 video shows Apple’s leaked prototype design with no notch” (BGR, 2020); “New Leaks Show Business and Politics Behind Tiktok Content Management” (China Digital Times, 2020); “DOJ charges Defense Intelligence Agency employee for leaking highly classified information to the media” (Business Insider, 2019). There can be direct and/or indirect negative repercussions from an information leak at your business. It can affect product rollouts, or give you a disadvantage in a competitive market; among other effects. At CRI Group, our experts work with companies to develop policies that provide zero-tolerance for information leaks, and put controls in place (such as secure communications and data systems) to prevent such leaks from occurring in the first place.

Data theft

Perhaps the fastest-growing scourge of businesses since the beginning of this century. Massive data breaches have cause major distrust among consumers worldwide, and have led directly to identity theft and financial crimes such as theft of credit, illegitimate loans and other schemes. Data theft involves stealing computer-based information from an unknowing victim, usually a company with a large customer or client base. This usually results in the sale or sharing or private information. Most recently, a data breach reportedly exposed more than 200 million Americans: “Data Breach Exposes 200 million Americans: What You Need To Know” (Screen Rant, 2020). In another case, a major cruise operator saw its customers’ information exposed: “Norwegian Cruise Line Suffers Data Breach” (infosecurity, 2020).

For any company that is entrusted with customers’ or members’ private information, especially personally identifying information (PII), data theft can be a devastating crime. Beyond lawsuits and financial damage caused by such a disaster, rebuilding the company’s reputation (and earning back customers’ trust) is an uphill battle that might take years or more. That’s why CRI Group recommends that every business, regardless of size or industry, make protecting customer data one of its highest priorities. Today, leading technology can help make data more secure. But even the most secure system is dependent upon a properly trained workforce that follows all of the protocols to achieve effective data protection.

Reputational damage due to third-party relationship

Another serious business risk to any organisation that partners with other companies, suppliers or contractors. Even worse, they can be completely outside of your control. Here are examples of some of the risks: A business partner is embroiled in behind-the-scenes legal battles; a supplier makes procurement decisions involving the inappropriate influence of government officials who receive kickbacks; a partner falsely claims to have experience in an industry, and cannot deliver on its contractual promises. CRI Group’s integrity due diligence experts have helped clients avoid those very scenarios. Our investigators employ a proven, multi-faceted research approach which involves a global array of databases, courts and public record searches, local contacts, industry and media resources, and in-depth web-based research.

As the report states, “The last decade has seen cybercrime evolve from an IT issue to a boardroom concern, mirroring the digital transformation of the global economy on the macro level and of business operations on the micro level. The more the business world integrates digital elements, the more likely it is that computer systems have or will become a pathway for crime.” Now, more than ever, it is important for business leaders to be proactive in managing these modern business risks. Fraudsters and those who steal information are evolving their methods every day. Depend on the experts to help you stay one step ahead.

Lets Talk!

If you have any further questions or interest in implementing compliance solutions, please contact us.

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

10 Ways to Maintain GDPR Compliance

In 2018, the European Union’s (EU) General Data Protection Regulation (GDPR) came into force. The GDPR was a response to massive worldwide data breaches that were undermining the trust and security of private citizens whose personal information was at stake. As this data was exposed by both hackers and, in some cases, simply through poor security measures, governments of the EU felt it was time to create a strong piece of governance to bolster protection. While the initial rollout of GDPR held some uncertainty and unknowns for organisations subject to its guidelines, there is now a much clearer picture of how its standards apply. The punishments for being caught out of compliance can be severe: Violators of the GDPR may be fined up to €20 million or up to 4 percent of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater (European Commission, 2020, GDPR.eu, 2020). At CRI Group, our integrity due diligence experts are trained at helping organisatons achieve and maintain compliance with GDPR. Our leading risk management and compliance agents provide the following top 10 GDPR best practices for any business or entity that deals with collecting, storing or using personal information:

 

1. Employ a Data Protection Officer (DPO)

It is a GDPR requirement that entities who carry out regular and systematic monitoring of individuals on a large scale, or large-scale processing of certain special categories of data, have an assigned DPO. It is also recommended, however, for all other entities to help ensure data security. While the GDPR does not specifically list the necessary training or qualifications of a DPO, the regulation does require the DPO to have “expert knowledge of data protection law and practices” (Digital Guardian, 2019). Implement thorough background screening processes and make sure they are trained and qualified to be your DPO.

2. Train your employees

Ensure that all personnel are aware of the GDPR and your organisation’s commitment to compliance. Make sure that all leaders, and especially key personnel charged with collecting, handling or storing data, understand their responsibilities under GDPR. Make date protection training a regular part of your employee curriculum.

3. Confirm the legality of your data collection

GDPR requires that you have a legal basis to collect personal data. For most businesses, the following are the most likely to be applicable:

  • The information is necessary to perform a contract between the organisation and the individual;
  • You have a legal obligation to process the data (such as a court order);
  • The organisation has a legitimate interest in collecting and processing the data – in other words, there needs to be a relationship and business reason to collect the date (it cannot be random);
  • The individual has provided direct consent to the processing of the data.

4. Maintain thorough records

For larger organisations (more than 250 employees), GDPR requires that records of data collection and processing be maintained. Again, this is also a best practice for smaller organisations, as well. It can help establish that the organisation is dutifully complying with the data protection principles in GDPR. Take inventory and make a record of the data you have collected and are storing to date. Create a detailed matrix to understand what types of data you are holding, where/how it as collected, how and where it is held, and whether it is still needed. Based on this information, you can also develop a data-retention policy to govern how long personal data is kept and stored. Keeping data on file longer than needed is a liability, and serves no business purpose.

5. Establish consent policies for data

For some of your records, consent is your lawful basis for holding it. Under GDPR, it is no longer acceptable to assume consent in your collected data, or treat silence as consent. Create clear and unambiguous consent forms for your data collection that demonstrate adherence to GDPR principles. And remember, under GDPR, you must make it a simple process for an individual to withdraw their consent at any time.

6. Perform due diligence on third-parties

Under GDPR, your organisation is responsible if third-party partners collect, store or manage data for your organisation. You must ensure their compliance with GDPR as if it is your own, since they are responsible for your data. This is the time to update your contracts with them to include compliance measures, as needed. It is also important that you review their control systems and their data handling processes. They must be comprehensive and meet all of the GDPR requirements to keep data secure. CRI Group’s third-party risk management experts can help you conduct effective reviews of your partners and their processes.

7. Be responsive

Under GDPR, your organisation must respond to requests from individuals whose data you have collected and/or are storing. These requests are spelled out as individuals rights in regards to their personal data and they include the following:

  • Right to be informed about what data is collected and why;
  • Right of access to data that has been collected;
  • Right to rectification/correction of inaccurate data;
  • Right to erasure of data (“right to be forgotten”);
  • Right to restrict processing of personal data;
  • Right to data portability;
  • Right to object to use of data; and
  • Right not to be subject to automated decision making, including profiling.

Have a process in place to timely respond to requests and provide data when requested in order to stay in compliance.

8. Have written policies in place

Develop your internal policies in regards to GDPR and how you protect personal data, and communicate them across your organisation. Take special note to spell out policies on data retention, cross-border processing of date, and how you collect and handle data for persons under the age of 16, as GDPR has special requirements in regards to children’s data.

9. Conduct risk assessments

GDPR requires Data Protection Impact Assessments in certain cases. These assessments measure your organisation’s ability to protect personal data, and risks associated with that protection. If your data processing is considered high-risk, uses new technology, or deals in large-scale processing of data in certain categories, the assessments are required – but in for any organisation, they are recommended. Data protection experts at an outside firm like CRI Group can help you prepare robust risk assessments and follow-up plans to address their results.

10. Be prepared for a breach

A worst-case scenario in data security is a breach that exposes personal information. Under the steps above, your organisation should be well-positioned to prevent or limit any breach to your data security. However, you should always have a contingency plan in place to immediately respond to a breach should it occur. Understand that GDPR requires that the applicable EU data protection supervisory authority be notified within 72 hours of a breach. Gone are the days where a company can announce it weeks or even months after the fact. Be ready to notify the affected individuals that their data has been compromised, so that they can take the appropriate steps to respond.

Organisations don’t like to think about the impact of a data breach – but major cases have pushed governments to act in the public’s interest. Perhaps nowhere is this more true than in the EU, where the GDPR is now the governing policy for organisations that deal with individuals’ personal data. By being proactive with the steps above, your organisation can be better prepared and maintain compliance with the GDPR. Most importantly, you will have the confidence and trust of your consumers through effective best practices in handling and protecting their data. CRI Group’s experts are here to help. Contact us today so that we can walk you through the steps of GDPR compliance.

 

Let’s Talk!

If you have any further questions or interest in implementing compliance solutions, please contact us.

CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligencethird-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

6 challenges for compliance officers in 2020

The job of a compliance officer can be a difficult one. Organisations from large corporations down to small government agencies rely on their compliance officers to keep them within ethical and legal boundaries. They also rely on them to maintain monitoring and reporting requirements, and stay abreast of any changes in the compliance landscape. For professionals in this field, the bad news is that challenges will continue to increase in the near future (as we’ll explain in this article). The good news is that there are trained experts available to work hand-in-hand with organisations’ compliance officers to minimise risk and help them remain in compliance.

The stakes are high, as organisations in both the public and private sectors face new laws and regulations in jurisdictions around the world, along with increasingly strict enforcement and punishments. Investigations of violations can, and often do, lead to heavy fines. In some cases, criminal charges may result – and these can be levied against the organisation, or individuals, or both. Here are some of the biggest challenges facing compliance officers today:

 1. Anti-money laundering (AML) regulations

The Panama Papers and other major scandals, including the illicit funding of certain terrorist actions, brought money laundering issues firmly into the spotlight. Many governments have been stirred to action to create stronger measures meant to prevent the illegal funding of criminal or terrorist enterprises. In the European Union, this resulted in the 5th Money Laundering Directive (5MLD), which takes effect in January 2020. 5MLD impacts organisations most directly in how they handle their know-your-customer (KYC) processes.

In the run-up to the 5MLD, there was increased attention on high-risk countries. Clients or transactions engaged in high-risk countries are now subject to enhanced due diligence when performing onboarding checks. Compliance teams need to ensure KYC is not a simple “tick box” exercise during the onboarding phase, and ongoing monitoring processes need to be implemented to manage changes throughout the customer lifecycle.

5MLD requires enhanced due diligence when dealing with high-risk countries. In addition to obtaining evidence of the source of funds and source of wealth, information on beneficial ownership and background to the intended transaction must also be recorded. The EU may also designate a ‘blacklist’ of high-risk countries for money laundering.

2. Conflicts of interest

Risks related to conflicts of interest are significant at every level of the company. Starting with the board of directors, an effective board must be transparent about potential conflict issues and address them on an ongoing basis. Board decisions that either suffer from actual conflicts can risk the board’s adherence to its duties and create real legal risks. Even the appearance of a conflict can raise real issues and transparency becomes even more important in these contexts.

This same level of risk can undermine the integrity of senior management. When senior executives fail to address real and significant conflicts, the integrity and overall leadership trust factor can deteriorate. A compliance executive must be willing to take on these issues, even when it is difficult to confront senior executives.

Within the private equity (PE) industry, conflicts and their adequate disclosure remain problematic. In recent years regulators have made examinations of PE firms and their complex structures top priorities. Most major organisations – and their compliance officers – see outside business activities as a risk.

3. Innovation driving new demands

New innovations are providing increased efficiency in compliance processes, which is a major plus for organisations. Always a double-edged sword, however, technology also creates more issues in data security, not to mention the training and expertise required to master it.

For many ‘non-tech’ professionals such as compliance officers, rapidly changing technology can be a concern, as the importance and integration of technology into the compliance suite continue to evolve. Compliance officers may not need to become technology experts, but they do need to ensure that tech-related risks are addressed within their firm’s framework. Compliance must be aware of rules and regulations from every jurisdiction with authority over the firm’s activities. This is another area where partnering with an outside firm that provides training and technology resources can be a major advantage.

4. Regulatory and political change

Recent years have seen a flurry of new regulations from various governmental bodies and jurisdictions, from the General Data Protection Regulation (GDPR) act to 5MLD. The GDPR, for example, has extraterritorial reach. It also serves as a model for future possible regulations in the critical area of data privacy and cybersecurity.

In Europe, Brexit creates real uncertainty for the UK’s regulators, and the industries that they regulate. But Brexit also impacts EU member states and any organisations doing business within or through the UK. The impact is far-reaching, and regulators face major challenges in responding to profound changes in policy, the legislative framework and the wider economic context.

Politics in the United States and other nations have also seen similar dramatic shifts in governmental control and resultant effects in policy, which can impact regulatory laws and how they are implemented and enforced worldwide. One thing is certain – investigations and legal actions based on violations of the Foreign Corrupt Practices Act (FCPA) continue to increase, and organisations must remain diligent in conducting risk assessments and implementing control measures to remain in compliance.

5. Personal liability

One area of concern sure to grab the attention of any compliance officer is the issue of personal liability. Recent news stories have reported criminal convictions, some leading to prison sentences, of executives, “middle men” and other individuals involved in various scandals. Compliance officers should take heed, as their responsibilities to their company can also extend to their own professional conduct being placed under a microscope. Many compliance professionals are aware of this, as a recent Thomson-Reuters survey found that 60% of them expect personal liability to increase.

New initiatives underline this reality, such as the Senior Managers and Certification Regime (SCMR) in Europe. It places a focus on firms’ senior managers and individual responsibility, and extends to all Financial Conduct Authority (FCA) solo-regulated financial services firms. The FCA itself has been increasing enforcement notices against individuals. We can expect an increase in these types of measures and they will apply to industries beyond those in the financial sector.

6. Ethics and integrity

Today’s business landscape brings an increased emphasis on the culture of an organisation, with an eye toward ethical practices and principles. With growing scrutiny from both regulators and stakeholders, the pressure is on for compliance professionals and their superiors to take broader responsibility for policies, procedures and controls to create a truly ethical business.

The Cambridge Analytica scandal is a notable example of how data misuse has serious brand and societal implications, on top of legal and compliance penalties. The public outrage was so intense that governments were forced to act, calling on Facebook and other involved parties to testify and explain themselves. The market’s reaction was also punishing, with more than $100 billion knocked off Facebook’s share price in days, while Cambridge Analytica went out of business.

In conclusion, AML regulations, conflicts of interest, innovation driving new demands, regulatory and political change, personal liability, and ethics and integrity issues are among the biggest challenges facing today’s compliance professional. This is the time to address solutions. There is expert help and a wealth of resources available, with no better time to leverage them than the present.

Let us know if you would like to learn more! Contact us today and get your FREE QUOTE now!

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.