Looking for a Service Provider Due Diligence Checklist?

There are many risks implicit in doing business, and CEO’s and risk management officers face many internal and external threats. Most organisations face preventable risks; however, the burden of identifying risks can be too much, especially when dealing with third-party providers.

Most service providers offerings are often part of organisations’ core functions (i.e. internet-related services or cloud services); they have access to sensitive information, including your clients’ client details (PII), their financial data such as credit cards (PCI), or trade secrets; that impacts your data security or privacy programs; a worrying source of risk and, often than not, they drive up your cost. 

According to Ponemon Institute’s Cost of a Data Breach Report 2020, organisations spend £2.9 million ($3.86 million) recovering from security incidents. And third-party breaches cost $370,000 more than in-house breaches. Third-party breaches do happen, and many organisations aren’t prepared. In fact, Protiviti’s 2019 Vendor Risk Management Benchmark Study found that only 4 in 10 organisations have a fully mature vendor risk management process in place. 

It’s critical to follow a well-defined and comprehensive due diligence process when it comes to service providers. Having a services provider due diligence checklist allows you to see what obligations, liabilities, or any types of risks you’re assuming. 

What Is a Due Diligence Checklist?

A due diligence checklist is an organised way to analyse a service provider you want to work with. Following this checklist, you can learn about the Service Provider liabilities, benefits, and potential problems. Due diligence checklists are usually arranged in a basic format. However, they can be changed to fit different industries and professional relationships. A due diligence checklist can also be used for:

  • Preparing an audited financial statement or annual report
  • A public or private financing transaction
  • Bank financing
  • A joint venture
  • An initial public offering (IPO)
  • General risk management.

However, we developed a complete due diligence checklist for you to use on your service providers for this article. There are six core areas to consider when doing your due diligence vetting a service provider:

  1. General company information
  2. Financial review
  3. Reputational Risk
  4. Insurance
  5. Information Security Technical Review
  6. Policy Review

The questions could change based on your requirements or the company, industry, size, or region. The more you know about potential vendors, the easier it is to assess their risk. Let’s take a look!

1. Build an inventory of your service providers:

  • List the providers of significant core functions
  • List any smaller providers who might be working with individual departments

2. Rank each service provider based on risk by asking the following questions:

  • What service does this organisation provide?
  • Who owns the relationship with this provider?
  • Is this provider tied to your organisation’s most critical business operations?
  • What data do they have access to?

3. Collect information on each service provider, including basic information:

  • A business charter or articles of incorporation (or similar corporate charter)
  • Business location, and proof of location.
  • Business license: confirm that the company is legitimate
  • Overview of company structure
  • Information about executives and board members
  • Financial information: is the service provider financially solvent? Would you want to partner with a company that may not be in business next year? 
  • Insurance: gather information on general liability insurance, cyber insurance, or insurance-specific capabilities.

4. General risk information:

  • Is the service provider on any watch lists?
  • Any Lawsuits?
  • Any negative news coverage?
  • Any significant complaints or negative reviews from consumers?
  • Is the site physically secure?
  • Policy Review

Cyber risk Information:

  • Security rating
  • Assessment questionnaire
  • Retrieve the IT system outline
  • Any assets exposed to the open Internet?
  • Any cases of data breaches?

Final risk analysis:

  • Calculate your risk: Risk = Likelihood of a Data Breach X Impact of a Data Breach/Cost
  • Set a risk rating of high, medium, or low
  • Compare the above information with your risk appetite and determine whether your organisation should pursue a relationship with the service provider

How can CRI Group help you manage and respond to risks?

Managing third-party risk can be difficult. The work isn’t done when you understand the risks associated with doing working with third-party providers. With CRI Group, organisations can make the process simpler and gain a window into their service providers’ risk. 

Due diligence on potential business partners when adding a new vendor or hiring a new employee is vital to confirm the legitimacy and reduce the risks associated with such professional relationships. 

Our global integrity DueDiligence360 investigations provide your business with the critical information it needs in making sound decisions regarding mergers and acquisitions, strategic partnerships, and the selection of vendors, suppliers, and employees. And we offer different levels of due diligence to fit your needs:

  • Level I Basic: Basic due diligence
  • Level I Essential: Essential due Diligence
  • Level II EDD Enhanced Integrity Due Diligence
  • Level II EDD Plus Enhanced Integrity Due Diligence

Our Enhanced Integrity Due Diligence services will ensure that working with an, i.e. potential trade partner will ultimately achieve your organisation’s strategic and financial goals. To find out more about each level of due diligence, contact CRI Group HERE!

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

How is COVID-19 Radically Transforming the New-Hire Experience

The COVID-19 pandemic has been a challenging time for industries, organisations and their teams on every level. HR leaders had to adapt to a new normal quickly. Along with coping with the closing of workplaces and adjusting to working from home, many organisations had significant recruitment, vetting and onboarding activities. With two-thirds of employers reporting increased productivity for remote workers than in-office workers, businesses also discovered the benefits of a remote and flexible workforce. With the human element of HR almost vanishing overnight, HR leaders had to learn how to leverage the “digital” aspect of their jobs, ramp it up and implement it across their processes to deliver a new-hire experience and an overall good employee experience. And these changes are very likely to stay for the long haul.

This article explores how COVID-19 radically transformed the new-hire experience from recruitment to background screening, onboarding, and retention. We also explore some of the advantages of these changes and how you can leverage the new normal into your employee experience and increase retention.

The new normal

When COVID-19 struck, companies were faced with the difficult task of hiring quickly and economically, continuing effective onboarding processes, and changing the overall new-hire experience whilst managing the day-to-day risks and ever-changing challenges. COVID posed a lot of challenges when it comes to recruitment, such as:

  1. Navigating the new realm of virtual recruitment.
  2. High demand for recruitment in specific sectors (e.g., pharmaceuticals, retail supermarkets, delivery companies, transportation, retail banks, healthcare).
  3. The need to hire employees with a specific skill set (e.g., digital marketing, IT teams, customer service).
  4. Accommodating for existing staff working from home.
  5. Considering the long-term and short-term economic impact of hiring during the uncertainty of the pandemic.

There was also the onboarding process. Before the pandemic, some would say the process of onboarding an employee begins when the candidate is offered the position and continues until the new employee is considered productive – which could be anytime from the end of a probation period, for example, to a full year and the first appraisal. However, according to a recent survey by CareerBuilder, 25% of employers reported that their onboarding process took a day or less. In comparison, 26% spent a week, 21% over a month, and 11% said their onboarding process extends over three months or longer.

Furthermore, during the pandemic, the number of cases of employee fraud and misconduct grew substantially. In a survey conducted last year by CRI Group, an overwhelming number of respondents said the COVID-19 pandemic is affecting human resources at their company. There are also concerns about fraud, and the protection of confidential information, as much of the workforce has gone virtual in work-from-home (WFH) arrangements. CRI Group’s survey measures the pulse of human resources during a challenging time in business worldwide. The largest number (38%) of survey participants were human resources professionals, but respondents also included managers (19%); executives, directors and administrators (27%); and other roles.

Being digital in a COVID world, where face-to-face interaction is no longer possible, is mostly about optimising the end-to-end employee experience and leveraging data to deliver a somewhat personal employee onboarding experience. Outlined below are ten fundamental tips that support it:

1. Integrate employee information from screening to onboarding and deployment

Managing data is a challenge, but it is essential to ensure that the monitoring and engagement of the new hire remain consistent throughout the onboarding lifecycle. Integrate a system that includes Applicant Tracking System (ATS), recruitment, background screening, onboarding, and performance management, and learning/development systems.

2. There are no shortcuts in recruitment; background screening is more critical than ever

Many companies are hiring at an accelerated rate – especially in the medical profession and industries dealing with infectious diseases, medical supply, pharmaceutical companies and research facilities. A need for quick and effective pre-employment screening has arisen, but that is precisely why proper background screening is critical during COVID. Take the revised BS7858:2019 standard: When establishing policies and practices around the standard and vetting new hires against the standard, organisations can show that they place a high value on hiring individuals who possess integrity. Organisations can then task their new hires with responsibilities designed to keep their co-workers, customers and information safe from the negative forces that have become more prevalent in today’s ever-changing COVID-19 world.

3. Reduce insider fraud or misconduct risk and increase employee integration success rate from the get-go

Unfortunately, during the COVID-19 crisis, employee fraud has increased. According to a 2020 report from the Association of Certified Fraud Examiners, 5% of all revenue generated by organisations – some three and a half trillion pounds globally – is lost every year through fraud committed by employees. Effective background screening for candidates and employees is an essential and effective countermeasure.

4. Leverage HR technology, social media and remote working to elevate the employee experience

Remote working is very much a given in this era, so you must leverage technology to not only facilitate your new hire now but their job as a future permanent employee. It will also reduce the need for face-to-face support while at the same time encouraging proactivity and self-service. In today’s reality, employee experience is not just about boosting employee engagement but more about employee support effectiveness as a whole – while reducing dependencies on HR at the same time.

5. Engage new-hire from the get-go

Employee onboarding starts not just when the employee joins the organisation. Your very first email is the first experience the candidate has with your organisation. In the fast world of recruitment, too many sure candidates drop your process or reject your offers for a better one. It is essential to keep the candidate engaged while at the same time initiating a slow process of integrating her/him into the organisation asap — by doing so, you will improve the offer-to-join ratio.

6. Accelerate the time-to-competency for new hires by reducing the learning curve

It is important to establish expectations, set clear goals for the new hire, and monitor them consistently. Investing in employees’ professional development has always been an attractive “benefit” of any luring organisation. With COVID and the inability to learn on the job, this is more important. Why? Employees at all levels worldwide have been flung into a different and new way of working, which requires a very different skill set. According to Gallup, organisations that invest in employee development report 11% greater profitability. Every individual has his/ her learning style and ways of retaining information, so leverage all the digital tools available such as on-demand videos, live chats, virtual assistants, and other forms of interactive self-paced learning options.

7. Up-skilling your people by providing learning and knowledge retention tools on demand

Learning is key to making an employee productive. Training new and current employees to cope with the ongoing changes from the COVID-19 pandemic will help them remain productive. Employee retention like this is invaluable, especially as recruitment has become that bit trickier in a remote world. Do not lose top talent, knowledge and experience, for lacking that extra level of support.

8. Mental health is critical; it is time to acknowledge and practice it

The turbulence of today’s dual health and economic crises is unprecedented and is affecting employees. PwC’s 2020 Global Consumer Insights survey shows a shift in the consumer’s priority, with 69% saying they are caring more about their mental health and physical fitness, and 63% saying they want to eat healthier as a direct result of the COVID-19 pandemic. A study from Tilburg University in the Netherlands (commissioned by the IOSH – Institution of Occupational Safety and Health) estimated around 12.8 billion working days are lost due to anxiety and depression. The study concluded that organisations could help prevent mental health problems from becoming more severe and achieve a more sustainable workplace by paying attention to each individual’s situation and conditions. Employers must emphasise meeting individual needs and finding a more tailored approach where the new reality can safely “cohabit” with a desired new future. Leveraging social media to provide a robust peer support system is equally helpful – these will aid the onboarding process.

9. The employee continuously due diligence

Conduct a periodic review of existing employees. Investing in due diligence is vital to mitigate the risks and identify fraud. Periodically screening and vetting existing employees can protect and enhance the overall security of your organisation.

10. Cut costs drastically

Leveraging these new changes and integrating them into your onboarding cycle can help reduce expenses drastically across your business. It eliminates the cost that comes when placing the wrong candidate.

EmploySmart – take the first step towards transforming your employee background screening!

Businesses have to adapt quickly to survive, which can mean cutting steps in their hiring process, and no one knows how this will play out. Using a vendor to conduct your background screening effectively will invaluably make your onboarding process more scalable. It will allow you to focus on delivering consistently superior services to new hires across the board and, more importantly, focus on the fun stuff like supporting the new hire on their continued improvement.

We understand how important it is to monitor all stages from recruitment to onboarding and from onboarding to learning and development; that’s why our employee screening reports are easy to “transcribe” to whatever HR ecosystem you use. Our reports will essentially complement the effectiveness of any employee onboarding process and, therefore, your HR department.

Mitigate the employee risk impact! Learn how with this FREE ebook. Taken as a whole, this ebook is the perfect primer for any HR professional, business leader and company looking to avoid employee background screening risks. It provides the tools and knowledge needed to stay ahead of COVID-19 effectively. Read more or DOWNLOAD now!

EmploySmart | Most Robust Employee Background Check Service

How do you know the candidate you just offered a role to is the ideal candidate? Are you 100% sure you know that everything they’re telling you is the truth? 90%? They showed you a diploma, how do you know it’s not photoshopped? Did you follow the correct laws during your background checks process? Employee background checks and necessary screenings are vital to avoid horror stories and taboo tales that occur within HR, your business, or even your brand – simply investing in a sufficient screening can save you time, money and heartbreak.

CRI Group has developed EmploySmart™, a robust new pre-employment background screening service, certified for BS7858,  to avoid negligent hiring liabilities. Ensure a safe work environment for all – EmploySmart™ can be tailored into specific screening packages to meet the requirements of each specific position within your company. We are a leading worldwide provider, specialised in local and international employee background checks, including pre-employment and post-employment background checks.

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

CRI supports Fraud Week 2020

International Fraud Awareness Week, 15-21 November 2020 – and CRI Group is once again a proud Official Supporter of this global movement. Fraud Week was created to reduce the impact of fraud and corruption by promoting anti-fraud awareness and education.

Fraud statistics

Fraud is still increasingly common. Even when it comes to hiring employees, companies must be vigilant. CRI Group’s investigative team found that providing incorrect employment details is the most common red flag, as it was uncovered in about 4.5 per cent of background screenings. This is followed by providing incorrect education degree details as well as having adverse media (unfavourable news or online mentions), both at 2.33 per cent. Most employers would probably say that when it comes to educational background, the only thing worse than providing incorrect degree information would be outright claiming a fake degree – which occurred in nearly 2 per cent of cases.

> Read more in our article “Background Screening Red flags: Numbers Don’t Lie”.

In another survey conducted by CRI Group, which analysed how COVID-19 has impacted human resources and its functions, it was revealed that companies understand the fraud risk factor during the pandemic: nearly 77 per cent of HR professionals accept that there is a risk that employees can initiate fraudulent activity because of the work-from-home arrangement. Also, the shocking number of survey participants highlighted that they have encountered employee fraud in their career. Luckily, most companies do conduct background screening of some type. In fact, 85 per cent do so, which is important because many companies have learned that trust can be misplaced. While an overwhelming 92 per cent said they trust their employees with confidential data, background screening can help verify that your employees aren’t hiding anything in their backgrounds that might put your company at risk.

> Read more about the survey, as it provides valuable information for companies, employees, and human resources professionals and teams who serve them. It also sheds light on the critical need for increased employee background screening and data protection during a tumultuous time.

Some other stats to note (the following come from the ACFE):

  • The average fraud lasts 18 months before it is discovered. The longer a fraud lasts, the greater the financial damage (schemes that last for several years can cause hundreds of thousands of dollars).
  • The most common detection method for fraud is tips. And organisations that have reporting hotlines are much more likely to detect fraud through tips than organisations without hotlines.

All of the above indicates that the fraud issue is real and organisations must take actions to prevent the fraud risks for their organisations and even careers. For CRI Group, the goal is to help business leaders think about fraud and corruption this week and take steps to minimise it year-round. So, what is your organisation doing for Fraud Week?

Get involved in the Internal Fraud Awareness Week

Join CRI Group and ACFE in the fight against fraud. ACFE provides a great set of the following tools to go a step further in your role and to start discussions amongst peers, co-workers, executives and stakeholders in your community about how important fraud prevention is to society as a whole:

  • Post on social media using new badges and informative images with the tag #fraudweek
  • Add the new Official Fraud Week Supporter badge to your email signature.
  • Invite a CFE to talk to your employees and co-workers virtually on how to avoid common mistakes when preventing fraud.
  • Download the free Fraud Week logo to share on materials or websites.
  • Involve your local chamber of commerce or city council to spread tips on fraud prevention for small businesses.
  • Encourage your governor to issue a proclamation (.doc) declaring that your state supports Fraud Week.
  • Host a talk or seminar for your co-workers or community on regularly staying aware of fraud prevention best practices. You can post that event to share what you are doing on our events page.
  • Perform a fraud check-up for your organisation and present your findings to executives, as well as a proactive plan for how to remedy weak spots in your current controls.

How does CRI Group fight fraud?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Fraud Week

[/vc_column_text][/vc_column][/vc_row][vc_section][accordion_father caption_url=””][accordion_son title=”2018 Fraud Week” clr=”#ffffff” bgclr=”#1e73be”]CRI Group proudly celebrates International Fraud awareness week and highlights that this occasion (called Fraud Week, for short) is an important effort to put a spotlight on fraud, help educate people about its perils and build a fraud-free future.

“Fraud Week reminds us that awareness is any organisation’s first line of defence against fraud and corruption, as properly trained employees will have a better opportunity to recognise the red flags of fraud, and a better understanding of their organisation’s zero-tolerance policy toward such behaviour”, Zafar Anjum, founder and CEO of CRI Group says.

“Fraud is everybody’s problem, and it cannot be prevented and detected if employees aren’t provided with the information they need to combat it. Providing a robust anti-fraud training program increases your company’s protection from risks of fraud and unethical behaviour. An ounce of prevention is worth more than a pound of cure.”

For CRI Group, though, helping organisations prevent and detect fraud is a year-round commitment. That’s why Fraud Week is a great time to reflect on CRI Group’s recent efforts in the fight against fraud, and to also look ahead to activities on the near horizon. Below are just a few of the highlights.

CRI Group is here to help and create a fraud-free future. Contact us today to learn more about our ABAC training and certification opportunities, our EmploySmart background checking process, our investigative services and other offerings.

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][accordion_son title=”2017 Fraud Week” clr=”#ffffff” bgclr=”#1e73be”]2017 International Fraud Awareness Week (also called “Fraud Week”) kicked off on Sunday and is in full swing. CRI Group is a proud supporter of this important initiative every year, and we encourage business leaders to take this time to consider all of their fraud prevention measures, including anti-fraud training for employees.

Does your organisation have a training program in place that addresses fraud, bribery and corruption? And, if so, how robust is your training? How often is it administered? And how do you know it’s working?

These are important questions, especially considering the fact that we know most fraud is discovered internally through employee tips. A recent case study is a perfect illustration of that.

Case study: Conflicts of interest

A major pharmaceutical company’s security department received conflict of interest complaints that reportedly involved a range of employees, from sales personnel on up to the chief financial officer (CFO).  The company engaged CRI Group to conduct an integrity due diligence and conflict of interest investigation in order to uncover unethical practices, including bribery and corruption, by senior employees.

CRI Group’s investigators quickly launched a risk assessment of the company’s third-party relationships, which included several interviews with identified vendors and suppliers to help ascertain the engagement process and associated risks.

Investigators found one of the vendors used letterhead that lacked a physical address, and the only contact information listed was a single cell phone number. Site visits, background checks and interviews helped determine that the suspicious vendor was not a company at all – but a single person, and he was none other than the brother-in-law of the client company’s CFO. Worse still was the fact that this obvious fraud was being conducted right under the noses of the company’s procurement and finance professionals.

CRI Group investigators discovered that the individual’s residence was being utilised as a warehouse to help facilitate the fraud. Comprehensive litigation records check with local and regional courts found that the subject was previously convicted in federal court and spent three years in prison for the charges of selling counterfeit products, physician samples and expired medicines; further regulatory checks found that his pharmacist license had been cancelled.

The fraud had continued for five years. However, the one thing that saved the company from further financial harm was the fact that employees had stepped forward to report unethical behaviour. If not for their action, the fraud could have continued indefinitely.

Fraud Week reminds us that awareness is any organisation’s first line of defence against fraud and corruption, as properly trained employees will have a better opportunity to recognise the red flags of fraud, and a better understanding of their organisation’s zero-tolerance policy toward such behaviour.

CRI’s Certification body, ABAC Center of Excellence provides employee training as part of the curriculum for a participating organisation. In fact, ISO 37001:2016 certifies that your organisation has implemented reasonable and proportionate measures to prevent bribery, and these measures involve training, top-level leadership, bribery risk assessment, due diligence adequacy, financial and commercial controls, reporting, audit and investigation.

Some key things to remember:

  • Anti-fraud training should be mandatory. This includes managers and executives, who should also receive special training regarding their position of responsibility.
  • Anti-fraud training should be an element of new employee orientation. After that, it should be provided to all employees on an annual basis, if not more frequently.
  • Training might be presented live (in-class), on video or online in an interactive format. The live class is preferred, as it allows questions and personal engagement. However, in today’s business world, some employees work remotely and an online format may be more feasible.

Fraud is everybody’s problem, and it cannot be prevented and detected if employees aren’t provided with the information they need to combat it. Providing a robust anti-fraud training program increases your company’s protection from risks of fraud and unethical behaviour. An ounce of prevention is worth more than a pound of cure.

Learn more about how CRI Group and the ABAC Center of Excellence can help you have a well-trained workforce serving as your front line of defence against fraud, bribery and corruption.

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][/accordion_father][/vc_column][/vc_row][/vc_section]

#InTheNews: Bribery and Corruption

As a result of COVID-19, countries all over the world are facing significant economic disruption, insecurity and suffering, which has created an increased risk of bribery and corruption.  News in the first two quarters of 2020 showed that many governments began to implement measures to combat these implications from the global pandemic.

Kenyan Anti-bribery and Anti-Corruption laws

“On 27 June 2020, it was reported [by GlobalComplianceNews] that the Kenyan Government is in the process of implementing harsher corruption and bribery laws, in an attempt to curb the current statistics within the country. A proposed amendment to the Bribery Act, which is currently being tabled in Parliament, seeks to allow for the imposition of a fine amounting to KSh 5 million (circa USD 46,939) or for a period of imprisonment not exceeding ten years, where an individual is aware of, or suspects bribery taking place and fails to report it.” It is clear that the Kenyan Government is concerned with the prevention of bribery and corruption, perhaps to ensure the appropriate allocation of resources in these unprecedented times.

US Abuse of Power Prevention Act

On July 23 2020, the House Judiciary Committee held a mark-up of a new bill, the Abuse of the Pardon Prevention Act as US congress aims to eliminate the tolerance of alleged corruption and bribery undertaken by the current or former presidents. “Section Three of the bill amends the federal bribery statute to make clear that a (former) president can be prosecuted for accepting a bribe in exchange for a pardon… The House also introduced a related bill, the No President is Above the Law Act.”

French Compliance Legislation

The French government has also been working on implementing anti-bribery and anti-corruption legislation as they have in 2020 for the first time since 2016 adapted and improved their white-collar crime standards. As stated in a Global Investigations Review by Lexology  “in anti-bribery compliance in particular, the recently created French Anticorruption Agency (AFA) keeps building on Sapin II by providing guidance on specific topics, auditing compliance programmes and for the first time… bringing cases in front of its sanctions board.”[/vc_column_text][/vc_column][/vc_row][vc_hoverbox image=”8369″ primary_title=”Stay updated on the go” hover_title=”Subscribe for our newsletter” hover_btn_title=”Keep me updated” hover_add_button=”true” hover_btn_link=”url:https%3A%2F%2Fwww.crigroup.com%2Fnewsletter-subscription%2F||target:%20_blank|”]Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence related news, solutions, events and publications.[/vc_hoverbox][/vc_column][/vc_row]

Let’s talk

Follow us on LinkedIn, Facebook or Twitter for more industry news and insights.

CRI Group, based in London, works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementBackground Screening and Due Diligence solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. CRI Group also holds BS 102000:2013 and BS 7858:2019 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.[/vc_column_text][/vc_column][/vc_row]

5 Tips for Preventing & Detecting Expense Fraud

It’s one of the most common forms of occupational fraud: employees fudging on their expense accounts. Earlier this month (June, 2020), Lookers (London-listed company) warned investors they might be unable to buy and sell its shares from the beginning of July because of potential fraud on its books – confirming £19m charge to correct books after fraud inquiry. Whether through fictitious charges, fake receipts or invoices, or other improper use of expense funds, an expense account is sometimes seen as a low-risk, high-reward area for committing fraud. It shouldn’t be. If your company takes the proper steps to review expense activity and protect itself from fraud, expense accounts will no longer be a vulnerable area of your finances.

The experts at CRI Group offer the following tips for bolstering your protection against expense account fraud:

1. Provide strict guidelines for credit card use

Often, expense account fraud is committed with the use of a credit card, with the employee seeking illegitimate reimbursement for various expenses. Detail how personal cards are allowed to be used, and require and review all receipts for claimed expenses. Also require supporting documentation (such as an airline boarding pass, for example) to ensure the purchase was used as intended.

2. Check company credit card statements carefully

In some cases, employees will use a company credit card to make a purchase, but then claim similar or duplicate expenses for reimbursement on their expense report. This is easy to catch if you carefully review company card statements and check them against reimbursements.

3. Ask questions

If a purchase seems odd or unrelated to business use, catching it early is the best way to resolve the issue. After too much time has passed, an employee might claim to have a difficult time remembering exactly what the questionable expense was for. If in doubt about a claim, ask for supporting documentation and a clear explanation of how the expense was used for a business purpose.

4. Implement a Code of Ethics for all employees

By including anti-fraud language in your Code of Ethics, which should communicate a strong anti-fraud stance and be signed by all employees, it will be clear that expense account fraud is not tolerated. Reinforce this with regular communications to employees reminding them that the company does not tolerate fraud in any form and offenders will be prosecuted.

5. Set a Tone at the Top

If the company has rules in place but senior staff aren’t following them, lower-level employees will follow by example and flout the rules, as well. All staff should follow the rules to the letter. Especially while on business trips with lower level employees, senior staff should set a positive example and make a point to follow the rules for business expenses.

Expense account fraud is a persistent problem in business, but it doesn’t have to be a crisis at your company. By using a common sense approach and some key prevention strategies, you can help ensure that your employees know the rules and are less likely to try to take advantage of company expense funds. For assistance in developing and implementing a fraud prevention strategy, contact us today or get a FREE QUOTE now!

 

About CRI Group

CRI Group, based in London, works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Background Screeningand Due Diligence solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations.

CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligencethird-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

10 top business risks

Sometimes business owners or management have an outsized sense of business risks for a particular threat. For example, some companies place extreme emphasis on guarding their intellectual property (IP), when in actuality the incidence of IP theft for their industry might be low. Other times, however, their priorities are firmly in line with the threat posed by the risk. According to a recent study, this is exactly the case when it comes to leaks of internal information, data theft, and reputational damage due to third-party relationships (Global Fraud Risk Report 2019/20).

This report is based on a survey of 588 senior executives from 13 countries and regions and 10 industries. It provides valuable insight into what types of threats are keeping business leaders awake at night. “The broadening of the risk landscape is visible in the types of significant incidents our survey respondents report experiencing in the last 12 months and in the priority levels they assign to various risk mitigations,” the report states. “The most frequently cited incident is leaks of internal information, reported by 39 percent. But this perennial challenge now coexists with risks from relatively recent threats, such as data theft, and even newer threats, such as adversarial social media activity.”

business risks

Business information leaks occur when confidential information is revealed to unauthorized persons or parties. This happens with alarming frequency, as recent news stories illustrate. Headlines include “Stunning iPhone 12 video shows Apple’s leaked prototype design with no notch” (BGR, 2020); “New Leaks Show Business and Politics Behind Tiktok Content Management” (China Digital Times, 2020); “DOJ charges Defense Intelligence Agency employee for leaking highly classified information to the media” (Business Insider, 2019). There can be direct and/or indirect negative repercussions from an information leak at your business. It can affect product rollouts, or give you a disadvantage in a competitive market; among other effects. At CRI Group, our experts work with companies to develop policies that provide zero-tolerance for information leaks, and put controls in place (such as secure communications and data systems) to prevent such leaks from occurring in the first place.

Data theft

Perhaps the fastest-growing scourge of businesses since the beginning of this century. Massive data breaches have cause major distrust among consumers worldwide, and have led directly to identity theft and financial crimes such as theft of credit, illegitimate loans and other schemes. Data theft involves stealing computer-based information from an unknowing victim, usually a company with a large customer or client base. This usually results in the sale or sharing or private information. Most recently, a data breach reportedly exposed more than 200 million Americans: “Data Breach Exposes 200 million Americans: What You Need To Know” (Screen Rant, 2020). In another case, a major cruise operator saw its customers’ information exposed: “Norwegian Cruise Line Suffers Data Breach” (infosecurity, 2020).

For any company that is entrusted with customers’ or members’ private information, especially personally identifying information (PII), data theft can be a devastating crime. Beyond lawsuits and financial damage caused by such a disaster, rebuilding the company’s reputation (and earning back customers’ trust) is an uphill battle that might take years or more. That’s why CRI Group recommends that every business, regardless of size or industry, make protecting customer data one of its highest priorities. Today, leading technology can help make data more secure. But even the most secure system is dependent upon a properly trained workforce that follows all of the protocols to achieve effective data protection.

Reputational damage due to third-party relationship

Another serious business risk to any organisation that partners with other companies, suppliers or contractors. Even worse, they can be completely outside of your control. Here are examples of some of the risks: A business partner is embroiled in behind-the-scenes legal battles; a supplier makes procurement decisions involving the inappropriate influence of government officials who receive kickbacks; a partner falsely claims to have experience in an industry, and cannot deliver on its contractual promises. CRI Group’s integrity due diligence experts have helped clients avoid those very scenarios. Our investigators employ a proven, multi-faceted research approach which involves a global array of databases, courts and public record searches, local contacts, industry and media resources, and in-depth web-based research.

As the report states, “The last decade has seen cybercrime evolve from an IT issue to a boardroom concern, mirroring the digital transformation of the global economy on the macro level and of business operations on the micro level. The more the business world integrates digital elements, the more likely it is that computer systems have or will become a pathway for crime.” Now, more than ever, it is important for business leaders to be proactive in managing these modern business risks. Fraudsters and those who steal information are evolving their methods every day. Depend on the experts to help you stay one step ahead.

Lets Talk!

If you have any further questions or interest in implementing compliance solutions, please contact us.

CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligencethird-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training

10 Ways to Maintain GDPR Compliance

In 2018, the European Union’s (EU) General Data Protection Regulation (GDPR) came into force. The GDPR was a response to massive worldwide data breaches that were undermining the trust and security of private citizens whose personal information was at stake. As this data was exposed by both hackers and, in some cases, simply through poor security measures, governments of the EU felt it was time to create a strong piece of governance to bolster protection. While the initial rollout of GDPR held some uncertainty and unknowns for organisations subject to its guidelines, there is now a much clearer picture of how its standards apply. The punishments for being caught out of compliance can be severe: Violators of the GDPR may be fined up to €20 million or up to 4 percent of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater (European Commission, 2020, GDPR.eu, 2020). At CRI Group, our integrity due diligence experts are trained at helping organisatons achieve and maintain compliance with GDPR. Our leading risk management and compliance agents provide the following top 10 GDPR best practices for any business or entity that deals with collecting, storing or using personal information:

 

1. Employ a Data Protection Officer (DPO)

It is a GDPR requirement that entities who carry out regular and systematic monitoring of individuals on a large scale, or large-scale processing of certain special categories of data, have an assigned DPO. It is also recommended, however, for all other entities to help ensure data security. While the GDPR does not specifically list the necessary training or qualifications of a DPO, the regulation does require the DPO to have “expert knowledge of data protection law and practices” (Digital Guardian, 2019). Implement thorough background screening processes and make sure they are trained and qualified to be your DPO.

2. Train your employees

Ensure that all personnel are aware of the GDPR and your organisation’s commitment to compliance. Make sure that all leaders, and especially key personnel charged with collecting, handling or storing data, understand their responsibilities under GDPR. Make date protection training a regular part of your employee curriculum.

3. Confirm the legality of your data collection

GDPR requires that you have a legal basis to collect personal data. For most businesses, the following are the most likely to be applicable:

  • The information is necessary to perform a contract between the organisation and the individual;
  • You have a legal obligation to process the data (such as a court order);
  • The organisation has a legitimate interest in collecting and processing the data – in other words, there needs to be a relationship and business reason to collect the date (it cannot be random);
  • The individual has provided direct consent to the processing of the data.

4. Maintain thorough records

For larger organisations (more than 250 employees), GDPR requires that records of data collection and processing be maintained. Again, this is also a best practice for smaller organisations, as well. It can help establish that the organisation is dutifully complying with the data protection principles in GDPR. Take inventory and make a record of the data you have collected and are storing to date. Create a detailed matrix to understand what types of data you are holding, where/how it as collected, how and where it is held, and whether it is still needed. Based on this information, you can also develop a data-retention policy to govern how long personal data is kept and stored. Keeping data on file longer than needed is a liability, and serves no business purpose.

5. Establish consent policies for data

For some of your records, consent is your lawful basis for holding it. Under GDPR, it is no longer acceptable to assume consent in your collected data, or treat silence as consent. Create clear and unambiguous consent forms for your data collection that demonstrate adherence to GDPR principles. And remember, under GDPR, you must make it a simple process for an individual to withdraw their consent at any time.

6. Perform due diligence on third-parties

Under GDPR, your organisation is responsible if third-party partners collect, store or manage data for your organisation. You must ensure their compliance with GDPR as if it is your own, since they are responsible for your data. This is the time to update your contracts with them to include compliance measures, as needed. It is also important that you review their control systems and their data handling processes. They must be comprehensive and meet all of the GDPR requirements to keep data secure. CRI Group’s third-party risk management experts can help you conduct effective reviews of your partners and their processes.

7. Be responsive

Under GDPR, your organisation must respond to requests from individuals whose data you have collected and/or are storing. These requests are spelled out as individuals rights in regards to their personal data and they include the following:

  • Right to be informed about what data is collected and why;
  • Right of access to data that has been collected;
  • Right to rectification/correction of inaccurate data;
  • Right to erasure of data (“right to be forgotten”);
  • Right to restrict processing of personal data;
  • Right to data portability;
  • Right to object to use of data; and
  • Right not to be subject to automated decision making, including profiling.

Have a process in place to timely respond to requests and provide data when requested in order to stay in compliance.

8. Have written policies in place

Develop your internal policies in regards to GDPR and how you protect personal data, and communicate them across your organisation. Take special note to spell out policies on data retention, cross-border processing of date, and how you collect and handle data for persons under the age of 16, as GDPR has special requirements in regards to children’s data.

9. Conduct risk assessments

GDPR requires Data Protection Impact Assessments in certain cases. These assessments measure your organisation’s ability to protect personal data, and risks associated with that protection. If your data processing is considered high-risk, uses new technology, or deals in large-scale processing of data in certain categories, the assessments are required – but in for any organisation, they are recommended. Data protection experts at an outside firm like CRI Group can help you prepare robust risk assessments and follow-up plans to address their results.

10. Be prepared for a breach

A worst-case scenario in data security is a breach that exposes personal information. Under the steps above, your organisation should be well-positioned to prevent or limit any breach to your data security. However, you should always have a contingency plan in place to immediately respond to a breach should it occur. Understand that GDPR requires that the applicable EU data protection supervisory authority be notified within 72 hours of a breach. Gone are the days where a company can announce it weeks or even months after the fact. Be ready to notify the affected individuals that their data has been compromised, so that they can take the appropriate steps to respond.

Organisations don’t like to think about the impact of a data breach – but major cases have pushed governments to act in the public’s interest. Perhaps nowhere is this more true than in the EU, where the GDPR is now the governing policy for organisations that deal with individuals’ personal data. By being proactive with the steps above, your organisation can be better prepared and maintain compliance with the GDPR. Most importantly, you will have the confidence and trust of your consumers through effective best practices in handling and protecting their data. CRI Group’s experts are here to help. Contact us today so that we can walk you through the steps of GDPR compliance.

 

Let’s Talk!

If you have any further questions or interest in implementing compliance solutions, please contact us.

CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligencethird-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

6 challenges for compliance officers in 2020

The job of a compliance officer can be a difficult one. Organisations from large corporations down to small government agencies rely on their compliance officers to keep them within ethical and legal boundaries. They also rely on them to maintain monitoring and reporting requirements, and stay abreast of any changes in the compliance landscape. For professionals in this field, the bad news is that challenges will continue to increase in the near future (as we’ll explain in this article). The good news is that there are trained experts available to work hand-in-hand with organisations’ compliance officers to minimise risk and help them remain in compliance.

The stakes are high, as organisations in both the public and private sectors face new laws and regulations in jurisdictions around the world, along with increasingly strict enforcement and punishments. Investigations of violations can, and often do, lead to heavy fines. In some cases, criminal charges may result – and these can be levied against the organisation, or individuals, or both. Here are some of the biggest challenges facing compliance officers today:

 1. Anti-money laundering (AML) regulations

The Panama Papers and other major scandals, including the illicit funding of certain terrorist actions, brought money laundering issues firmly into the spotlight. Many governments have been stirred to action to create stronger measures meant to prevent the illegal funding of criminal or terrorist enterprises. In the European Union, this resulted in the 5th Money Laundering Directive (5MLD), which takes effect in January 2020. 5MLD impacts organisations most directly in how they handle their know-your-customer (KYC) processes.

In the run-up to the 5MLD, there was increased attention on high-risk countries. Clients or transactions engaged in high-risk countries are now subject to enhanced due diligence when performing onboarding checks. Compliance teams need to ensure KYC is not a simple “tick box” exercise during the onboarding phase, and ongoing monitoring processes need to be implemented to manage changes throughout the customer lifecycle.

5MLD requires enhanced due diligence when dealing with high-risk countries. In addition to obtaining evidence of the source of funds and source of wealth, information on beneficial ownership and background to the intended transaction must also be recorded. The EU may also designate a ‘blacklist’ of high-risk countries for money laundering.

2. Conflicts of interest

Risks related to conflicts of interest are significant at every level of the company. Starting with the board of directors, an effective board must be transparent about potential conflict issues and address them on an ongoing basis. Board decisions that either suffer from actual conflicts can risk the board’s adherence to its duties and create real legal risks. Even the appearance of a conflict can raise real issues and transparency becomes even more important in these contexts.

This same level of risk can undermine the integrity of senior management. When senior executives fail to address real and significant conflicts, the integrity and overall leadership trust factor can deteriorate. A compliance executive must be willing to take on these issues, even when it is difficult to confront senior executives.

Within the private equity (PE) industry, conflicts and their adequate disclosure remain problematic. In recent years regulators have made examinations of PE firms and their complex structures top priorities. Most major organisations – and their compliance officers – see outside business activities as a risk.

3. Innovation driving new demands

New innovations are providing increased efficiency in compliance processes, which is a major plus for organisations. Always a double-edged sword, however, technology also creates more issues in data security, not to mention the training and expertise required to master it.

For many ‘non-tech’ professionals such as compliance officers, rapidly changing technology can be a concern, as the importance and integration of technology into the compliance suite continue to evolve. Compliance officers may not need to become technology experts, but they do need to ensure that tech-related risks are addressed within their firm’s framework. Compliance must be aware of rules and regulations from every jurisdiction with authority over the firm’s activities. This is another area where partnering with an outside firm that provides training and technology resources can be a major advantage.

4. Regulatory and political change

Recent years have seen a flurry of new regulations from various governmental bodies and jurisdictions, from the General Data Protection Regulation (GDPR) act to 5MLD. The GDPR, for example, has extraterritorial reach. It also serves as a model for future possible regulations in the critical area of data privacy and cybersecurity.

In Europe, Brexit creates real uncertainty for the UK’s regulators, and the industries that they regulate. But Brexit also impacts EU member states and any organisations doing business within or through the UK. The impact is far-reaching, and regulators face major challenges in responding to profound changes in policy, the legislative framework and the wider economic context.

Politics in the United States and other nations have also seen similar dramatic shifts in governmental control and resultant effects in policy, which can impact regulatory laws and how they are implemented and enforced worldwide. One thing is certain – investigations and legal actions based on violations of the Foreign Corrupt Practices Act (FCPA) continue to increase, and organisations must remain diligent in conducting risk assessments and implementing control measures to remain in compliance.

5. Personal liability

One area of concern sure to grab the attention of any compliance officer is the issue of personal liability. Recent news stories have reported criminal convictions, some leading to prison sentences, of executives, “middle men” and other individuals involved in various scandals. Compliance officers should take heed, as their responsibilities to their company can also extend to their own professional conduct being placed under a microscope. Many compliance professionals are aware of this, as a recent Thomson-Reuters survey found that 60% of them expect personal liability to increase.

New initiatives underline this reality, such as the Senior Managers and Certification Regime (SCMR) in Europe. It places a focus on firms’ senior managers and individual responsibility, and extends to all Financial Conduct Authority (FCA) solo-regulated financial services firms. The FCA itself has been increasing enforcement notices against individuals. We can expect an increase in these types of measures and they will apply to industries beyond those in the financial sector.

6. Ethics and integrity

Today’s business landscape brings an increased emphasis on the culture of an organisation, with an eye toward ethical practices and principles. With growing scrutiny from both regulators and stakeholders, the pressure is on for compliance professionals and their superiors to take broader responsibility for policies, procedures and controls to create a truly ethical business.

The Cambridge Analytica scandal is a notable example of how data misuse has serious brand and societal implications, on top of legal and compliance penalties. The public outrage was so intense that governments were forced to act, calling on Facebook and other involved parties to testify and explain themselves. The market’s reaction was also punishing, with more than $100 billion knocked off Facebook’s share price in days, while Cambridge Analytica went out of business.

In conclusion, AML regulations, conflicts of interest, innovation driving new demands, regulatory and political change, personal liability, and ethics and integrity issues are among the biggest challenges facing today’s compliance professional. This is the time to address solutions. There is expert help and a wealth of resources available, with no better time to leverage them than the present.

Let us know if you would like to learn more! Contact us today and get your FREE QUOTE now!

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

8 steps to prevent fraud

CRI Group offers some basic steps any organisation can take immediately to lessen their vulnerability to fraud from both inside and out. These measures should be followed year-round – but Fraud Week provides a great opportunity to get started. The following are 8 steps to prevent fraud:

1. Take a Proactive Approach to Fraud Prevention.

A code of ethics for management and employees will help set the culture and expectations. Conduct regular fraud risk assessments and implementing effective internal controls to help reduce fraud. Find out if your organisation’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks.

2. Conduct Proper Due Diligence.

Mergers, acquisitions and related major business transactions present plenty of fraud risks – some apparent, and some hidden. At such a critical juncture, conducting thorough, comprehensive due diligence is the key to reducing those risks.

3. Be Mindful of Cultural Differences.

International expansion is a key goal among many larger organisations. However, fraud and corruption laws, enforcement, and cultural norms can vary greatly from one region to the next. Make sure any move is a good fit, and that risk factors are addressed every step of the way. Also, anti-bribery, anti-corruption standards and best practices like ISO 37001 Anti-Bribery Management System standard will help your organisation stay in compliance across international borders.

4. Conduct Background Checks.

Your organisation’s hiring process should include thorough background investigations. Check educational, credit and employment history (as permitted by law), as well as references. Also, conduct post-employment screening to vet current staff.

5. Make Training a Priority.

Ensure that staff members know the warning signs of fraud, and basic fraud prevention techniques. Customised training programs like those offered by the ABAC® Center of Excellence provide comprehensive learning for employees in the prevention of fraud, bribery and corruption.

6. Provide a Fraud Hotline.

Statistics show that tips are the most common reporting method for fraud. Encourage them by providing an anonymous reporting system (a telephone hotline or online portal) for employees, customers, and contractors.

7. Don’t Tolerate Fraud.

Regular communication is key. Make sure your staff knows fraud and corruption aren’t tolerated and will be punished. When fraud is uncovered, make sure to follow through with consequences for the perpetrator.

8. Get Certified.

A world-recognised standard like ISO 37001 demonstrates an organisation’s commitment to developing effective frameworks to reduce risk. ABAC® Center of Excellence offers ISO 37001 and other training and certification programs to help organisations get an edge in preventing, detecting and reducing bribery and corruption.

 

 

CRI Group are supporters of the International Fraud Awareness Week, or “Fraud Week” – a global campaign to minimise the impact of fraud by promoting anti-fraud awareness and education.  CRI Group is proud to once again be an enthusiastic Official Supporter of this annual movement for awareness and prevention.

Let’s Talk!

If you have any further questions or interest in implementing compliance solutions, please contact us.

CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligencethird-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. ABAC Center of Excellence offers a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission. Prove that your business is ethical. Complete our Highest Ethical Business Assessment (HEBA) & evaluate your current Corporate Compliance Program. Contact ABAC® for more on ISO Certification and training.

Rent Checks Post-Brexit

Uncertainty around Brexit continues, and the possibility of a no-deal means it is still challenging to predict what will happen when the UK leaves the EU. The Government is yet to release official guidance on what letting agents and Landlords will need to do, should a no-deal Brexit be the outcome of the process. The lack of clarity from the Government has already caused problems. Many landlords are averse to letting their properties to non-UK nationals in case they are in breach of the Right to Rent rules, post-Brexit. The Government is under increased pressure to give clear guidance on post-Brexit Right to Work and Right to Rent checks.

What do we know so far?

Right to Rent is creating a hostile environment in the private rented sector with more landlords refusing to consider renting to non-British nationals, including EU citizens, due to concerns about Brexit. According to research from the Residential Landlords Association (RLA), 44% of private rented sector landlords are less likely to rent to those without a British passport.

The Right to Rent scheme – introduced in 2016 – has never been popular as it requires landlords to carry out immigration checks to make sure that they do not rent a property to someone who does not have the right to live in the UK. Furthermore, landlords face prosecution if they know or have ‘reasonable cause to believe’ that the property they are letting is occupied by someone who does not have the right to rent in the UK.

Potential changes post-Brexit

One change which may be implemented post-Brexit is the introduction of a digital checking service. A white paper in December last year* suggested this would enable prospective tenants to view and ‘verify’ their immigration status. Meaning landlords could confirm the applicant’s eligibility to rent far more quickly. Those renting to foreign nationals from the EU would no longer need to manually check the documents which are currently required under the right to rent legislation.

Summary

There’s no denying that both landlords and EU tenants have many unanswered questions when it comes to Brexit and right to rent legislation, mainly down to the fact that a deal has not yet been decided. The 31st October 2019 should hopefully bring a clearer picture and provide the answers both parties need.

Let us know if you would like to find out more. If you have any further questions or interest in implementing a digital checking service in advance, please do get in contact.

*”The UK’s future skills-based immigration system”, by HM Government

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue Diligence and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.