GDPR vs. UK-GDPR; the laws Post Brexit

The General Data Protection Regulation (GDPR) is a regulation in EU law that was implemented on the 25th of May 2018 and concentrates on data protection and confidentiality in the European Union and the European Economic Area; alongside this, the GDPR is also used to address the transmission of personal data outside the EU and EEA areas. The EU Commission announced on 28 June 2021 that adequacy judgments for the UK have been passed, so what does that mean for the GDPR rules?

The Brexit transition phase concluded on the 31st of December 2020 and as a component of the new trade agreement, the EU has come to an agreement to postpone the transmission limitations for at least four months, which can then be stretched out to six months (recognised as the bridge). The European Commission published its draft decisions on the 19th of February 2021  regarding the UK’s adequacy under the EU’s General Data Protection Regulation (EU GDPR) and Law Enforcement Directive (LED). In both cases, the European Commission has found the UK to be adequate which implies that much of the data can resume the stream from the EU and the EEA devoid of the need for supplementary precautions. Nevertheless, it is vital to take note of the fundamental reality that the adequacy decisions do not cover data conveyed to the UK for the principles of immigration control, or where the UK immigration immunity is appropriate. For this nature of data, distinct regulations are employed, and the EEA dispatcher wants to set other transfer safeguards in place. September 2021 saw WhatsApp being handed the second highest fine under EU GDPR (General Data Protection Regulation) rules and the biggest fine ever from the Irish Data Protection Commission due to their lack of understanding towards the new GDPR laws – had they done their due diligence, they may have been able to avert such a hefty fine. Our Due diligence 360° services provide the specialised intelligence needed by global financial institutions and multinational corporations to guarantee complete compliance with anti-money laundering (AML) regulations and legislations.

Find out more about compliance below or download our free brochure.

FIND OUT MORE or DOWNLOAD THE BROCHURE

The draft decisions will at this point be deemed by the European Data Protection Board (EDPB) and a committee of the 27 EU Member Governments.  If the committee accepts the draft decisions, then the European Commission can formally adopt them as legal adequacy decisions.  If adequacy decisions are not implemented at the end of the bridge and allocations from the European Economic Area (EEA) to the UK will require compliance with EU GDPR transfer constraints.

What is the UK-GDPR?

The United Kingdom General Data Protection Regulation (UK-GDPR) is the UK’s national data privacy law that is the proxy for the EU’s GDPR after Brexit; it is fundamentally the equivalent to the EU’s GDPR but altered to accommodate national regions of regulation. The UK-GDPR will regulate personal data and demand the same legal grounds for managing personal data.

The GDPR is indeed still retained in domestic law as the UK GDPR, although the UK has the freedom to maintain the framework under evaluation. The ‘UK GDPR’ as it’s known as, rests adjacent to a revised edition of the DPA 2018. It is also essential to note that the fundamental ethics, constitutional rights, and responsibilities remain as they were but that there are connotations for the regulations on transmissions of individual data between the UK and the EEA.

The UK GDPR also pertains to regulators and processors established out of the UK if their managing pursuits correlate to:

  • presenting commodities or services to persons in the UK; or
  • supervising the conduct of persons taking place in the UK.

Similarly, there are also outcomes for UK regulators who have an institution in the EEA, have consumers in the EEA, or observe individuals in the EEA. The EU GDPR still pertains to this handling as data can still flow freely from the EEA because the EU have adopted adequacy decisions about the UK, but the European data protection mandates has altered the way you can interact. CRI® Group’s own exclusive, expert-developed 3PRM™ services help you proactively mitigate risks from third-party affiliations, protecting your organisation from liability, brand damage, and harm to the business. Whether your organisation has a large, well-established third-party program, is in the early stages of development, or is anywhere in between, the 3PRM™ solution can improve the health of your program and future-proof your entire business in many forms.

Find out more about 3PRM™ below or download our free brochure.

FIND OUT MORE or DOWNLOAD THE BROCHURE

Which rules apply?

Whilst the adequacy judgments stay in order, the UK GDPR is still valid and is expected to remain so until the 27th of June 2025. The EU Commission will be supervising advancements in the UK on a constant basis to guarantee that the UK will continue to deliver a comparable degree of data protection. The Commission is still able to revise, postpone, or rescind the decisions if concerns cannot be settled. EU data subjects or an EU data protection authority can also instigate a lawful dispute regarding the decisions in which the Court of Justice of the European union would then have to determine whether the UK did essentially deliver comparable security.

In the absenteeism of an EU GDPR adequacy decision, the Frozen GDPR would be valid to subjective data of the basis of if:

  • it was administered in the UK under the EU GDPR before 01 January 2021; or
  • it’s being administered in the UK on the basis of the Withdrawal Agreement

Conversely, the UK-GDPR does increase on -and diverge from- the EU GDPR in noteworthy approaches that will make modifications to the legal environment of data protection in the UK.

UK-GDPR expands and changes the European GDPR

The areas increased on by the UK-GDPR are:

  • National security
  • Intelligence services
  • Immigration

These regions, are per definition, are outside the scope of the European GDPR the three of them are deemed to be extra-national regulation from the EU devoid of powers to govern affairs of national confidence in constituent nations. Nevertheless, the UK-GDPR sets out specific concessions by which the customary welfare of personal data can be circumvented, e.g., when in matters of national security or in matters of immigration. It also applies the same requirements for collection and processing of personal data to the intelligence services. A further significant change is that the Information Commissioner, who was the leading data protection authority in the UK today, became the primary director, monitor and enforcer of the UK-GDPR.

Are you post-Brexit GDPR compliant? 

The UK-GDR would now entail your organisation’s site or application to request for the user’s approval prior to accumulating and managing data via cookies. It involves that your organisation not amassing more data than is truly mandatory and to also make it as straightforward for your users to rescind authority to the application of data as it is to give it. Transparency is key in the UK-GDPR and requires clarification of how long data is stored and how you will be processing users’ personal data.

Let’s Talk!

It’s always great to have a helping hand when it comes to compliance and risk management – especially with all the new changes expected to take place ahead of securing the integrity and morality across corporate culture. Take a proactive stance with the highest level of expertise as a part of your essential corporate strategy. Contact us today to learn more about our full range of services to help your organisation stay protected.

GET IN TOUCH

Due Diligence and Compliance: Breakdown and Importance

DUE DILIGENCE VS COMPLIANCE

Due diligence is a vital part of tackling anti-bribery & corruption in the workplace. The Corporate Financial Institute has defined it as a process of verification, investigation, or audit of a potential deal or investment opportunity to confirm all relevant facts and financial information. Similarly, compliance means what it does in the word’s consensus: to follow the rules. IONOS further elaborates the phrase’s meaning in a business environment as conforming to the laws, regulations, rules, and policies is the part of business operations often referred to as “corporate compliance.” Due diligence and compliance aid in combating the issue of anti-bribery & corruption in the workplace.

When should these duties be fulfilled?

Due diligence and compliance start before an employee, vendor or supplier is even introduced to the business. They are implemented to reduce risks in professional relationships and satisfy the legalities of running a business; they are also beneficial to the purchaser and the vendor.

Due diligence provides purchasers with all the correct and accurate information to help them make an informative decision to acquire a property, good or service. This is based on the data found about the company. The information ranges from the company’s existing customer base and partner relationships to the areas in which they display irregularities – in the same vein, compliance ensures a set standard for the delivery of the good, service or process.

Vendors find due diligence providing business owners with the financial integrity of their business. It facilitates unearthing the fair market value of their company. A compliance audit on a vendor conducted by the buyers or their agents will validate and strengthen the professional relationship between the two entities.

Key Differences

Compliance is reactive and a legal obligation made mandatory by a government or a regulatory agency. On the other hand, due diligence is proactive and is unmandated, though many organisations like to implement due diligence as a part of their guidelines and procedures. Due diligence is a measure of best practice from industries ranging from Pharmaceutical & Healthcare to Oil, Gas & Energy.

Compliance is tactical, whilst due diligence is strategic. The end goal with compliance is short term but frequent; complete what is necessary for the required period. Alternatively, due diligence screens all information and evaluates it against your company’s objectives. It considers the pros and cons of the decision to help you shift towards a judgment or action.

A checklist drives compliance orientated views and searches for specific items. It checks them off a list, while due diligence creates a full profile searching for previous occurrences, factors leading up to the occasion, and actions taken after the incident.

Case Studies

One of the most infamous examples of this was in 1994 with BMW’s decision to acquire Rover. The decision was made when Rover’s owner, British Aerospace, was facing trying times. BMW had plentiful goals, including engendering trade and diversifying products with the brands’ icons such as the Mini and the Land Rover. However, the ten-day deal lacked due diligence and compliance, leading to a £790 million loss.

BMW overlooked financial data concerns as well as inaccurate sales data. BMW also failed to comply with Rover’s learning culture. They also failed to accept other manufacturing approaches. To top it all off, the frequent disputes between BMW’s directors resulted in poor leadership after the acquisition, followed by mass resignations. Had the company performed their duties to the highest capability, it could have avoided such a costly mistake.

2012 saw HP pay the price of $11.1 billion due to their failure to do accurate data checks concerning income statements, cash flow, balance sheets and footnotes, ultimately halting their plans to move from producing hardware to producing software and resulting in a $5 billion loss.

Our hand in making a difference

Due diligence and compliance are not the same. The consideration of the two components helps finalise a decision, but the difference between them lies within your reasons for investigating and what the end goal is. CRI® highlights the important distinction using Due Diligence DD360°™ and ISO 37301:2021. Why not download our free Due Diligence 360 brochure to find out more?

DUE DILIGENCE 360 BROCHURE

CRI® Group’s compliance and due diligence solutions are tailored with your organisation’s needs in mind. This is to keep you one step ahead of regulatory requirements. Our Due diligence DD360°™ services run specialised intelligence used by global financial institutions and multinational corporations. Complete compliance with anti-money laundering (AML) regulations and legislation is guaranteed. Manage your third-party risks confidently with customised 3PRM™ solutions for your organisation or get certified.

Why wait?

Get a free quote today 

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

Fraud Prevention Strategy: Build one in five simple steps

Fraud Prevention Strategy: The 5 Simple Steps

Fraud prevention strategy is one of the key policies that can aid an organisation in safeguarding itself against reprimands of the matter. One of the greatest encounters a fraud auditor can confront is the mission of persuading management that the peril of fraud is in existence across all aspects of corporate culture – regardless of whether it is from internal factors or external factors. Sadly, fraud cannot ever be eradicated from the corporation as collusion is adept in continually conquering routine organisational regulations.

What is the strategy?

The objective of a Fraud Prevention Strategy is to identify a high-level proposal on how an organisation should go about implementing its fraud prevention policy in the presence of its internal and external influences. The strategy forms the most important part of the fraud deterrence strategy thus the policy an organisation chooses to implement must be necessitated be straightforward and pragmatic.

Combatting fraud requires a distinct and refreshing methodology that entails including all three facets of the fraud cycle:

  • Fraud deterrence and prevention
  • Fraud detection
  • Fraud investigation

Preferably, with the fraud cycle in mind, every enterprise ought to put together a distinctly specified fraud prevention strategy that integrates the following:

  • Determine the proper culture with the proposed policy: having protocols and policies in place for dealing with fraud will help you establish a good grounding for identifying it.
  • Counteract and detect: To detect fraud, you need to have effective systems and processes in place covering all aspects of your business.
  • Investigation of any occurrences in which fraud occurs.
  • Review and monitor policies and occasions in which fraud has transpired regularly to make certain that fraud levels stay below the goal amount.
  • Learn from previous occurrences and update training procedures.
  • Risk management covers all types of risk from corporate and social responsibility compliance to performance measurement.

To learn more about third-party risk management, why not check out our 3PRM brochure.

What should be established in a fraud prevention strategy:

Whistleblowing policy:

  • Whistleblowing is the act of exposing information about misconduct in the workplace and is a crucial element in any prevention strategy. When whistle-blower hotlines are implemented and sustained correctly, they can aid in substantially decreasing an organisation’s exposure to fraud by permitting for prior detection and thus savings in the form of reduced fraud losses from the prior detection.

Identify the risks:

  • The risk of fraud is not solely based on an employee’s background but also a myriad of other factors. Most notably, it is important to be able to identify risks by nature of items (some examples include size and value, ease of resale and cash), nature of the control environment (including separation of duties, safeguards, complexity, turnover and related party transactions) and pressures ( i.e., level of dissatisfaction – if the workforce is unhappy with the company, they will be more inclined to engage in fraud, expectations and guarantees). Identifying these risks is the first step in being able to figure out how to counteract them thus preventing fraud.

Implement effective controls:

When it comes to implementation, organisations need to ensure that they complete the action plan and then refer it to an appropriate person – in most instances this is from HR and other figures in leadership to management of employees. It is then up to the subordinates to assist them with implementing the strategy, reviewing the strategy, or delegating it to the employees.

Most policies implement:

  • Making employees aware of emergency procedures
  • Making employees aware of the location of first aid stations
  • Educating employees on the location and obvious danger and workplace hazards
  • Examine health and safety workplace responsibilities; wear the necessary protective clothing or equipment participate and have input to management report incidents or mishaps as considered essential by management

Increase awareness of the risks:

It must not be presumed that staff members have an innate perception of the risks of fraud, or that they have any understanding of the scope of risks that encircle them. This means that it is incredibly important to stimulate a risk-conscious culture within an organisation.

Some examples of methods to increase such awareness include:

  • Performing risk audits and engaging as many individuals as possible in the organisation in the risk auditing procedure
  • Benchmarking – studying “best practices” from other organisations that have executed risk management.
  • Sending organisation personnel to attend industry seminars on fraud prevention as well as risk management

Plan for the worst:

  • It might sound pessimistic, but it is always best to prepare yourself and your employees for the worst-case scenario. As hard as we try to minimize fraud, it cannot unfortunately be fully eradicated. If it appears too good to be true, it most likely is. It is good practice to meticulously probe all, agreements, prospects, transactions, data and documents.

Want to know more about recruiting the right people for your organisation? Visit our page on Background Screening services or view our EmploySmart brochure.

Crucial components that a proper fraud prevention strategy accomplishes:

It is easy to infer that fraud can leak into all aspects of corporate culture and can destroy an organisation from within. Despite this issue, several organisations opt not to implement a fraud prevention strategy – it is primarily implied that this is ascribed to the absence of knowledge circulating on the benefits of such a strategy. However, the rewards reaped from this type of policy is beneficial to corporations eventually and can reap rewards such as:

  • Lower consequential loss pertaining to fraud
  • Lesser/no legal and investigative costs relating to fraud
  • Lesser/no regulatory fines paid in the occurrence of fraud
  • Better time management can be used to enrich employees’ knowledge and experience at the organisation.
  • Reduced insurance premiums
  • Lower turnover of key staff and customers
  • The lessened cost of/capability to increase new finance

Overall, the process of preventing fraud can be an extensive one but one that’s benefits outweighs the onerous course. If you still have any questions surrounding fraud prevention, why not contact CRI? Our experts have years of experience and have been trained to provide your business with bespoke advice fit for your organisations’ needs. Don’t hesitate, prevent fraud in your workplace today.

GET IN TOUCH

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue Diligence and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet, white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

Time to get ISO 37001:2016 certified… the process, part 2

Shifting a light on anti-Bribery and anti-corruption methods, our sister brand ABAC® Centre of Excellence tells us how key is ISO 37001:2016 Anti-Bribery Management System Certification is for public, private, and non-profit organisations across the globe and explains the process behind certification. At CRI®, we believe it is important as it provides a key layer against threats of bribery, corruption, fraud and other security concerns. It also sets an organisation apart from its peers as a model for ethical behaviour and compliance.

In a recent guest blog, ABAC® Centre of Excellence discussed the first part of getting ISO 37001:2016 certified. ABAC® covered the initial engagement and the first four steps, including the audit confirmation, pre-assessment, and stage one and two audit processes. Today our sister brand ABAC® will discuss the rest of the certification process and the path to getting your organisation better protected and fully compliant in addition to CRI® Group’s corporate due diligence services.

Step 5: Follow up Audit (optional)

If a major non-conformity is raised or remains outstanding from Stage 1, an additional visit will need to be booked. For major non-conformity raised during Stage 2, a revisit will be required within 30 days of submitting the CAP to confirm the implementation of an effective CAP.

Step 6: Awarding of Certificate

If the organisation is compliant with the standard conditions, a recommendation for certification will be made.

  • For minor non-conformities: This will not delay the certificate if an organisation has a CAP. The certificate is granted within 04 weeks from the time of CAP submission.
  • For major non-conformities, the organisation must submit and implement CAP within 180 days maximum. Once the auditor has verified the CAP, the certificate is granted within six weeks (from the time of CAP submission by the Client). However, all major non-conformities will need to be addressed before a certificate can be published.

Step 7: Continual improvement and surveillance audits

Surveillance is planned over three years and will ensure that the organisation complies with the standard.

Step 8: Re-certification Audit

The registration period is three years from the date on the certificate. After the initial registration period, renewing your Anti-Bribery Management System Certification is relatively seamless. Once the second surveillance visit has been completed, you will be sent a registration renewal/re-certification proposal detailing the process and associated costs and assessment days for the next three years. A re-certification audit will require Stage 1 and Stage 2 audit. The depth of the audit and time required would be determined as per your performance (during the certification period) and any planned changes to your system. It’s that easy. Now is the time to move forward with ISO 37001:2016 certification.

What comes next? 

For assistance in developing and implementing an Anti-Bribery Management System, go to www.ABACgroup.com, contact ABAC® today or get a FREE QUOTE!

In 2016, CRI® Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body that provides education and certification services for individuals and organisations on a wide range of disciplines and ISO standards, including ISO 31000:2018 Risk Management- GuidelinesISO 37000:2021 Governance of OrganisationsISO 37002:2021 Whistleblowing Management System, ISO 37301:2021 (formerly ISO 19600) Compliance Management systemAnti-Money Laundering (AML) and ISO 37001:2016 Anti-Bribery Management Systems

 

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

Time to get ISO 37001 certified… the process, part 1

Shifting a light on anti-Bribery and anti-corruption methods, our sister brand ABAC® Centre of Excellence tells us how key is ISO 37001:2016 Anti-Bribery Management System Certification is for public, private, and non-profit organisations across the globe and explains the process behind certification. At CRI®, we believe it is important as it provides a key layer against threats of bribery, corruption, fraud and other security concerns. It also sets an organisation apart from its peers as a model for ethical behaviour and compliance. After all, consider the benefits: Certification adds a distinct level of credibility to the organisation’s management systems and ensures that the organisation implements a viable anti-bribery management program utilising widely accepted controls and systems.

It assures management, investors, business associates, personnel and other stakeholders that the organisation is actively pursuing internationally recognised and accepted processes to prevent bribery and corruption. ISO 37001:2016 certification also protects the organisation, its assets, shareholders and directors from the effects of bribery. But what, exactly, is the process for getting ISO 37001:2016 certified by ABAC® Group? Once your organisation has submitted questionnaire information and completed the approval and contract stage, the certification cycle is ready to begin.

Step 1: Audit confirmation

An audit plan will be developed with your organisation and confirmed to the Certification’s Body Assessment Team at least three months before the organisation’s first audit.

Step 2: Pre-assessment audit (optional)

The organisation can opt to perform a pre-assessment audit to identify any possible gaps between its current management system and the standard requirements. This audit is optional and helps the organisation check its preparedness for the stage 1 and 2 assessments by identifying any major non-conformities that have not been addressed.

Step 3: Stage 1 audit

Review the results of the audit, including:

  • General observations
  • Non-conformities (major or minor, see below)

Minor non-conformities: These are not seen as serious. The organisation must complete an internal Corrective Action Plan (CAP) before Stage 2. CAP is not required to be sent to the Assessment Team at Stage 1.

Major non-conformities: These are more serious. The organisation will need to submit a CAP within ten days of receiving the audit report, with all actions scheduled to be completed before Stage 2. The CAP should be sent to the Assessment Team. The major non-conformities raised during Stage 1 will be re-assessed during Stage 2 Audit.

Step 4: Stage 2 audit

This is an on-site audit and takes place after the organisation has successfully completed Stage 1 and corrected any major non-conformities identified during the Stage 1 audit. Stage 2 confirms that the organisation’s management system is fully aligned to the standard. The evaluation is of management system implementation and its effectiveness.

Outcome: The audit report will detail the following:

  • Any positive observations
  • Opportunities for improvement – suggestions for improvement and any findings that could lead to potential non-conformities.
  • Non-conformities (Major or Minor)
  • Recommendation for Certification

Minor non-conformities: The organisation must complete an internal Corrective Action Plan (CAP) and submit this to the Assessment Team within 45 working days of receiving the audit report. The Assessment Team will review the CAP; it must detail the non-conformity, the cause, the proposed corrective action, who is responsible and the date the action will be implemented. Based on the evaluation of CAP, the recommendation for certification will be made.

For minor non-conformities, if an organisation has a corrective action procedure, this will not delay the certificate.

Major non-conformities: The organisation must complete an internal Corrective Action Plan (CAP) and submit it within 90 days (or 180 days depending on the number and risk of major non-conformities) of receiving the audit report be sent to the auditor.

What comes next?

Stay tuned for the second instalment in our two-part series about the ISO 37001:2016 certification process: sign up for our newsletter HERE!

In 2016, CRI® Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body that provides education and certification services for individuals and organisations on a wide range of disciplines and ISO standards, including ISO 31000:2018 Risk Management- GuidelinesISO 37000:2021 Governance of OrganisationsISO 37002:2021 Whistleblowing Management System, ISO 37301:2021 (formerly ISO 19600) Compliance Management systemAnti-Money Laundering (AML) and ISO 37001:2016 Anti-Bribery Management Systems

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

CRI® to attend 2022 Trade Winds Dubai, Gulf Region | March 6-8

Corporate Research and Investigations Limited (CRI® Group) is delighted to unveil our place at the 2022 Trade Winds As the largest annual U.S. government trade mission, the program would not be possible without the support of our sponsors. Truly, we thank you for your commitment and likewise look to help you achieve valuable exposure and connections through the program. Trade Winds will be held in Dubai, UAE at the InterContinental Festival City, at the same time as World Expo. Organized by the U.S. Commercial Service, Trade Winds features pre-scheduled meetings with U.S. Commercial Diplomats from over 20 countries in the Middle East, North Africa and Sub-Saharan Africa, exciting conference programming and plenty of networking! The meeting scheduling platform will open to all paid registrants in early February.

Dubai, UAE  |  March 6-8, 2022

Join us in Dubai, UAE for the largest U.S. government-led trade mission and business development forum. Organized by the U.S. Commercial Service, Trade Winds will feature meetings with U.S. commercial diplomats from over 20 countries in the Middle East, North Africa and Sub-Saharan Africa, exciting conference programming and plenty of networking. The registration fee for the forum is $750 per attendee.

Qualified U.S. businesses may customize their experience with optional business-to-business matchmaking meetings with pre-screened buyers, agents, distributors or joint-venture partners in the United Arab Emirates (March 8) as well as Algeria, Israel, Morocco and Qatar (March 2-3) and Saudi Arabia, Kuwait and Egypt (March 9-10). 

BOOK A MEETING NOW!

ABOUT TRADE WINDS

Trade Winds is a multifaceted program designed to help companies achieve growth and exposure in specific markets or regions around the world. All companies participate in the Trade Winds Forum which includes a business conference, meetings with U.S. commercial diplomats from the region, networking opportunities, two receptions, and a sponsor exhibition. The average Trade Winds Forum attracts over 300 attendees and is the main gathering for all registered individuals.

U.S. exporting companies may customize their experience with optional business-to-business matchmaking meetings with pre-screened buyers, agents, distributors or joint-venture partners in the host country as well as additional mission stop markets.

The Trade Winds Forum plus Business-to-Business Matchmaking at Mission Stop(s) option is now full. If you wish to register for this option, your registration will be placed on a wait list.   Please note. your company will not receive a market assessment unless space becomes available. The Business Forum Only option is still available, but only register for this option if you are not interested in being placed on a wait list for mission stop assessments.

Qualified U.S. businesses may customize their experience with optional business-to-business matchmaking meetings with pre-screened buyers, agents, distributors or joint-venture partners in the UAE as well as Algeria, Morocco, Egypt, Israel, Saudi Arabia, Kuwait and Qatar. For questions, please contact TradeWinds@trade.gov.

Event Agenda

  • Wednesday,  9:00 AM- 9 PM | Travel to optional Mission Stops
  • Thursday, 9:00 AM – 9:00 PM | Optional Mission Stops: Algeria, Morocco, Qatar or Israel: Pre-Arranged Business-to-Business Matchmaking Meetings
  • Friday, 9:00 AM – 10:00 AM | Travel Day
  • Saturday, 9:00 AM – 9:00 PM | Optional Visit to World Expo in Dubai
  • Sunday, 9:00 AM – 9:00 PM | Dubai Business Forum
    • 1:00 PM – 5:30 PM |One-on-One Meetings with U.S. Commercial Diplomats
    • 5:30 PM – 7:00 PM | Plenary Session
    • 7:00 PM – 9:00 PM | Welcome Reception

 

About CRI® Group

Corporate Research and Investigations Limited, or CRI® Group for short, has been safeguarding businesses from fraudbribery and corruption since 1990. Globally, we are a leading Compliance and Risk Management company licensed and incorporated entity of the Dubai International Financial Center (DIFC) and Qatar Financial Center (QFC). CRI® protects businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Based in London, United Kingdom, CRI® is a global company with experts and resources located in key regional marketplaces across the Asia Pacific, South Asia, the Middle East, North Africa, Europe, North and South America. Our global team can support your organisation anywhere in the world.

BOOK A MEETING NOW!

Corporate Research and Investigations Limited (CRI® Group) is delighted to unveil our place at the 2022 Trade Winds As the largest annual U.S. government trade mission, the program would not be possible without the support of our sponsors. Truly, we thank you for your commitment and likewise look to help you achieve valuable exposure and connections through the program. Trade Winds will be held in Dubai, UAE at the InterContinental Festival City, at the same time as World Expo. Organized by the U.S. Commercial Service, Trade Winds features pre-scheduled meetings with U.S. Commercial Diplomats from over 20 countries in the Middle East, North Africa and Sub-Saharan Africa, exciting conference programming and plenty of networking! The meeting scheduling platform will open to all paid registrants in early February.

Dubai, UAE  |  March 6-8, 2022

Join us in Dubai, UAE for the largest U.S. government-led trade mission and business development forum. Organized by the U.S. Commercial Service, Trade Winds will feature meetings with U.S. commercial diplomats from over 20 countries in the Middle East, North Africa and Sub-Saharan Africa, exciting conference programming and plenty of networking. The registration fee for the forum is $750 per attendee.

Qualified U.S. businesses may customize their experience with optional business-to-business matchmaking meetings with pre-screened buyers, agents, distributors or joint-venture partners in the United Arab Emirates (March 8) as well as Algeria, Israel, Morocco and Qatar (March 2-3) and Saudi Arabia, Kuwait and Egypt (March 9-10). 

BOOK A MEETING NOW!

ABOUT TRADE WINDS

Trade Winds is a multifaceted program designed to help companies achieve growth and exposure in specific markets or regions around the world. All companies participate in the Trade Winds Forum which includes a business conference, meetings with U.S. commercial diplomats from the region, networking opportunities, two receptions, and a sponsor exhibition. The average Trade Winds Forum attracts over 300 attendees and is the main gathering for all registered individuals.

U.S. exporting companies may customize their experience with optional business-to-business matchmaking meetings with pre-screened buyers, agents, distributors or joint-venture partners in the host country as well as additional mission stop markets.

The Trade Winds Forum plus Business-to-Business Matchmaking at Mission Stop(s) option is now full. If you wish to register for this option, your registration will be placed on a wait list.   Please note. your company will not receive a market assessment unless space becomes available. The Business Forum Only option is still available, but only register for this option if you are not interested in being placed on a wait list for mission stop assessments.

Qualified U.S. businesses may customize their experience with optional business-to-business matchmaking meetings with pre-screened buyers, agents, distributors or joint-venture partners in the UAE as well as Algeria, Morocco, Egypt, Israel, Saudi Arabia, Kuwait and Qatar. For questions, please contact TradeWinds@trade.gov.

Event Agenda

  • Wednesday,  9:00 AM- 9 PM | Travel to optional Mission Stops
  • Thursday, 9:00 AM – 9:00 PM | Optional Mission Stops: Algeria, Morocco, Qatar or Israel: Pre-Arranged Business-to-Business Matchmaking Meetings
  • Friday, 9:00 AM – 10:00 AM | Travel Day
  • Saturday, 9:00 AM – 9:00 PM | Optional Visit to World Expo in Dubai
  • Sunday, 9:00 AM – 9:00 PM | Dubai Business Forum
    • 1:00 PM – 5:30 PM |One-on-One Meetings with U.S. Commercial Diplomats
    • 5:30 PM – 7:00 PM | Plenary Session
    • 7:00 PM – 9:00 PM | Welcome Reception

 

About CRI® Group

Corporate Research and Investigations Limited, or CRI® Group for short, has been safeguarding businesses from fraudbribery and corruption since 1990. Globally, we are a leading Compliance and Risk Management company licensed and incorporated entity of the Dubai International Financial Center (DIFC) and Qatar Financial Center (QFC). CRI® protects businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Based in London, United Kingdom, CRI® is a global company with experts and resources located in key regional marketplaces across the Asia Pacific, South Asia, the Middle East, North Africa, Europe, North and South America. Our global team can support your organisation anywhere in the world.

BOOK A MEETING NOW!

Risk management new approach. All explained in this free playbook!

Risk management new approach. All explained in this free playbook.

Risk management new approach. How do you manage risk? Managing risk effectively is essential to ensure businesses succeed and thrive in an environment of constant uncertainty.  All types and sizes of organisations face internal and external factors that directly impact whether an organisation can achieve their objectives or not. CRI® Group can help you simplify risk management through a wide range of solutions that can be fully customised, regardless of the size, nature, or location of a business.

Risk management new approach. All explained in this free playbook.

An organisation can implement risk management across the entire company, and it can do so at any time. Risk management plans, such as ISO 37001 Audit Process, can offer several benefits that make them a worthwhile endeavour for every business. For example, risk management plans help companies to identify the potential risks they may face. Being aware of these risks allows businesses to make plans to avoid specific risks or deal with them when they arise. There are many benefits of implementing a risk management strategy:

  • Can be used by organisations to compare their risk management practices with an internationally recognised benchmark, providing sound principles for effective management and corporate governance.
  • Leads to more satisfied customers is a clear indicator to your customers and other stakeholders that as an organisation, you are committed to managing risks in every part of your business.
  • Increases public confidence in the organisation as it demonstrates your management capabilities in protecting your business from internal and external threats.
  • Gives you a healthier bottom line.
  • Makes for consistent and efficient operations.
  • In competitive bidding for commercial tenders, it will enhance your company’s reputation and give you a competitive advantage.

This playbook covers everything you need to know about Risk Management. Here’s a quick rundown of the playbook structure:

  • What is Risk?
  • What is Risk management?
  • How is risk management evolving to tackle modern challenges?
  • Business Risks Every Organisation Should Plan For
  • Principles of Risk Management
  • How Risk Management and Due Diligence Interlock?
  • and more

DOWNLOAD THE EBOOK FOR FREE

In a risk environment that continues to grow more hazardous and expensive, companies need to consider implementing strategic risk resources throughout their organisation as a means of developing buoyancy and gaining a competitive edge in the market.

If you’re still unsure, why not arrange a free consultation with one of our risk management experts today? CRI Group has worked with clients from all over the globe and ensures that each client receives personalised advice in accordance with their needs.

CRI® offers a wide variety of risk management solutions to meet the needs of different companies. Please contact us today to learn more about the importance of a risk management plan, general risk assessment or to know about our solutions.

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. In addition, CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37002:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

Risk assessment breakdown: Identification, Analysis, Evaluation

Risk management is a full-time, ongoing endeavour for organisations in today’s business world, and it poses constant challenges. Unfortunately, fraud, bribery and corruption are major factors affecting businesses and agencies of all sizes and industries. Being proactive against these risks can mean the difference between success and ruin. Whatever your reasons or motivations might be, if your organisation’s objective is to have an effective risk assessment management strategy in place. This article discusses the importance of Risk Assessment. There are two important building blocks that form the core of risk management:

  • Risk assessment
  • Risk treatment

Each of these stages can stand on their own – in this article we will go into detail about best practices for identifying risks, how to analyse them in terms of probability and severity, and how they can be evaluated in terms of the company’s risk appetite.

What is Risk Assessment?

Risk assessment is the overall process of identification, analysis and evaluation of any given risk. It can be a systematic examination of a task, job or process that a risk professional carries out at work for the purpose of identifying significant hazards. For example, the risk of someone being harmed and deciding what further control measures to take to reduce the risk to an acceptable level. The process will vary between organisations, but it should start with identification of hazards, analysis of who and what might be harmed, evaluation of the risk, documentation of the risks, taking action and review. Your organisation should conduct a risk assessment systematically, interactively and collaboratively, drawing on the knowledge and views of stakeholders. It should use the best available information, supplemented by a further inquiry as necessary.

Risk assessment breaks down into:

  • Step 1: Identification
  • Step 2: Analysis
  • Step 3: Evaluation

Business Intelligence (BI) Solutions can help during this stage. BI take many shapes and forms in today’s complex business environment. Budgets are stretched and the challenges facing a business and its employees can sometimes lead to issues that start off small, but then lead to wider spread problems which can affect the very fabric of your organisation and damage both your credibility, reputation and bottom line profits. CRI® Group takes two approaches to BI solutions:

  • Intelligence operations (via market research and analysis): we focus on researching the future and potential growth of your business – i.e. determine the commercial viability and potential for success in the market, analyse consumer behaviour and business trends in that market, etc.
  • Investigative operations (via commercial investigations): we focus on the current status of your business – i.e. location of assets, financial information, identification of unmet needs of any market, gauge brand awareness and identity in the market, etc.)

CHECK OUT OUR BI SOLUTIONS  or  DOWNLOAD BROCHURE

 

Risk Identification

The purpose of risk identification is to find, recognise and describe risks that might help or prevent an organisation achieving its objectives. Relevant, appropriate and up-to-date information is important in identifying risks. The organisation can use a range of techniques for identifying uncertainties that may affect one or more objectives. The following factors, and the relationship between these factors, should be considered:

  • Tangible and intangible sources of risk;
  • Causes and events;
  • Threats and opportunities;
  • Vulnerabilities and capabilities;
  • Changes in the external and internal context;
  • Indicators of emerging risks;
  • The nature and value of assets and resources;
  • Consequences and their impact on objectives;
  • Limitations of knowledge and reliability of information;
  • Time-related factors;
  • Biases, assumptions and beliefs of those involved.

Your organisation should identify risks, whether or not your sources are under your control. Consideration should be given that there may be more than one type of outcome, which may result in a variety of tangible or intangible consequences.

Risk analysis

Risk analysis allows you to understand the nature of risk, its characteristics and level. Because an event can have multiple causes and consequences and can affect multiple objectives a risk analysis should involve a detailed consideration of uncertainties such as risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness.

Risk analysis can be undertaken with varying degrees of detail and complexity, depending on the purpose of the analysis, the availability and reliability of the information, and the resources available. Analysis techniques can be qualitative, quantitative or a combination of both, depending on the circumstances and intended use. Risk analysis should consider factors such as:

  • The likelihood of events and consequences;
  • The nature and magnitude of consequences;
  • Complexity and connectivity;
  • Time-related factors and volatility;
  • The effectiveness of existing controls;
  • Sensitivity and confidence levels.

A risk analysis is likely to be influenced by a wide range of variables, from any divergence of opinions, biases to perceptions of risk, from judgements, quality of the information used to the assumptions and exclusions made and any limitations of the techniques and how they are executed. These influences should be considered any risk analysis, documented and communicated to any decision-makers involved in the process.

It is important to remember that any highly uncertain event can be difficult to quantify, and this is an issue. If you find yourself in such a situation, using a combination of techniques generally provides greater insight. Risk analysis provides input to risk evaluation, to decisions on whether risk needs to be treated and how, and on the most appropriate risk treatment strategy and methods. The results provide insight for decisions, where choices are being made, and the options involve different types and levels of risk.

Risk evaluation

Risk evaluation can support your decisions. Risk evaluation involves comparing the results of the risk analysis with the established risk criteria to determine where additional action is required. This can lead to a decision to:

  • Do nothing further;
  • Consider risk treatment options;
  • Undertake further analysis to better understand the risk;
  • Maintain existing controls;
  • Reconsider objectives.

Any decisions should take into account the wider context and the actual and perceived consequences to external and internal stakeholders. The outcome of risk evaluation should be recorded, communicated and then validated at appropriate levels of the organisation.

Who should do risk assessments?

Well, by law, every employer must conduct risk assessments. Risk assessments should always be carried out by a professional who is familiar to risk, a person who is experienced and competent to do so.  Competence can be expressed as a combination of knowledge, awareness, training, and experience. Remember competence does not mean you have to know everything about everything, competence also means knowing when you know enough or when you should call in further expert help.

But we all like to think that all of our employees will be trustworthy, but this is not always the case. There have been many instances in which an employee has been dishonest about their job history, qualifications or even criminal history. A dishonest employee could be unqualified for the position, possibly endangering others on the job. Or they might be a fraud risk, willing to bend the truth in other ways in order to enrich or advance themselves on your dime. No organisation can afford to have employees or staff who aren’t what they claim to be. Even a seemingly innocent embellishment can indicate more background problems under the surface, and the potential for future problems down the road so remember, trust your employees but, verify them too. 

CHECK OUT OUR EMPLOYEE BACKGROUND SCREENING SOLUTIONS  or  DOWNLOAD BROCHURE

Risk Assessment and ISO 31000 certification with ABAC®

While the team at CRI® do not deliver any training or certification on ISO 31000, our partner ABAC® Center of Excellence do. ISO 31000 can provide the principles, framework and a process for managing risk. ISO 31000 is not a certifiable standard; the standard is a set of guidelines which provide guidance for internal or external audit programmes. However we recommend taking ISO 31000 Awareness training, this will enable you to fully understand Risk Management activities and mitigate risk. 

ISO 31000 was developed by hundreds of experts in risk mitigation, from thirty countries. This international effort produced a standard that is worldwide and represents best practices and leading operations for risk management. Organisations can trust that they are following a tested, robust standard to increase success. The standard converts risk management into a set of “friendly” and actionable – and straightforward to implement – guidelines, regardless of the size, nature, or location of a business. 

The training helps establish an ethical culture by educating your personnel on the following:

  • What constitutes fraud, corruption, and bribery, and why these are so damaging to business
  • How to identify red flags of fraud, corruption, and bribery
  • The process for reporting fraudulent and unethical acts
  • The organization’s zero-tolerance attitude toward unethical behaviour and willingness to terminate employees for breaches, and prosecute unethical acts
  • The serious ramifications for committing fraud or bribery, the legal consequences, and the negative impact on one’s career

The ISO certifications helps us at ABAC® to provide appropriate anti-bribery training to personnel across various industries. This standard helps to assess bribery risks, perform the appropriate due diligence required for your business and to take reasonable and proportionate steps to ensure that controlled organizations and business associates have implemented appropriate anti-bribery controls.

> Find out more about ISO 31000 Risk Management and other standards now!

Other Solutions

While CRI® may not offer the ISO certification, we do offer other services. We specialise in solutions regarding compliance, working as trusted partners to businesses and institutions across the globe. Our experts work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates. CRI’s unique identity and vision evolved from our fundamental desire to support our clients and their candidates, thus creating the DueDiligence360™.

The DueDiligence360TM reports to help organisations comply with anti-money launderinganti-bribery, and anti-corruption regulations. This service also proves beneficial ahead of a merger, acquisition, or joint venture as it can be used for a third-party risk assessment, onboarding decision-making, and identifying beneficial ownership structures. Identifying key risk issues clearly and concisely helps enhance your knowledge and understanding of the customer, supplier, and third-party risk, helping you avoid those involved with financial crime.

Why not consider our background investigative solutions? Employee Background Checks can aid in reducing the risk of hiring an employee who does not live up to their supposed skill set and could cause irrevocable damage. Firms spend years, thousands, even millions to brand their products and services – it only takes one bad hire to cause loss of capital and reputation. It can go as far as bringing a business to fail – especially if the employee holds malice towards the organisation. EmploySmart™ is CRI’s own solution aiming to expose vulnerabilities and threats within your organisation. Much like the ISO certification, our EmploySmart™ is a risk management measure which can be used to significantly reduce business and financial crime, fraud and malpractice within your workplace.

Our solutions are also certified by the British Standard Institute BSI for the scope of BS 7858:2019 Screening of individuals working in a secure environment, Code of practice (the only BS 7858 certified background screening services provider in the UAE and across the Middle East); and BS 102000:2018 Code of practice for the provision of investigative services.

Another risk management solution to consider from CRI® is our Third-Party Risk Management solution (TPRM),  also known as 3PRM™. In wake of the global pandemic, the 3PRM™ was developed in a bid to aid organisations to accurately determine the legal compliance, financial viability, and integrity levels of external parties, vendors, and customers who seek to be affiliated with and represent the business.

The 3PRM-Certified™ program consists of gap analysis and investigative due diligence on the targeted above parties.  This highly thorough program reveals anti-corruption, compliance and risk management discrepancies associated with the international regulatory framework helping your business to flourish at any scale. Find out more about CRI Group’s Solutions here.

If you’re unsure of what solution may be best for you and your business, how about connecting with one of our experts for a free consultation? Receive tailored advice from the top analysts and investigators across the globe.

CONTACT US

About CRI® Group

Based in London, CRI® works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI® also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

WEBINAR | Breaking Down The ISO 37001 Audit Process

There is no “one-size-fits-all” method to the ISO 37001 Audit Process to achieve the anti-bribery management systems certification

There’s been much discussion surrounding ISO 37001:2016 Anti-Bribery Management Systems and the ways that attaining certification to the standard can enhance an organisation’s existing anti-corruption compliance program.

The ISO 37001:2016 standard specifies a series of measures and controls to help organisations prevent, detect and address bribery.  These measures include adopting an anti-bribery policy, appointing an individual to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates, implementing financial and commercial controls, and instituting reporting, investigation and monitoring procedures.

CRI Group’s ABAC will be hosting a paid webinar on the 30th of September exploring the Pitfalls Most Organisations Often Commit – the importance of implementing Anti-Bribery Management System (ABMS). Being a part of the solution means being able to share our expert knowledge on what would be best for your organisation.

Register Here

Our webinar will have a rundown of the following:

  • What are the core Bribery and Corruption Risks for Financial Institution?
  • How to protect financial institutions and corporations from bribery and corruption risk
  • Reparations from bribery that could affect the businesses, clients, and employees
  • Successful regulations to mitigate risk for bribery and corruption.
  • What can be done if bribery is detected?
  • Internationally recognised solutions laid forth by ISO 37001: Anti-Bribery Management System that gives businesses effective controls to mitigate risk
  • Components of risk management at a financial institution

Certification of compliance with the standard is based on an impartial, independent third-party review, assessment and audit of the organisation’s anti-bribery management system and the versatility, effectiveness and proactive nature of said system.

Register Here 

The compliance audit itself has too often been referred to as a “one-size-fits-all” or “check-the-box” subjective process, which couldn’t be further from the truth.  Proper certification to the standard requires a substantial amount of preparation and self-assessment beforehand; a highly involved review, interview and audit process (often involving a sampling of affiliated or regional offices); and an evaluation and monitoring phase which is annually conducted over the three-year certification cycle.

Let’s take a brief look at the audit process and examine why large multi-national companies such as Walmart, Microsoft, Alstom and a host of others have weighed the costs and benefits, and subsequently committed to attaining ISO 37001:2016 certification.

An Evidence-Based Review; A Risk-Based Approach

The ABMS audit is a diligent approach that links auditing activity to an organisation’s overall risk management framework, providing assurance to top management that risk management processes are effectively addressing all bribery risks throughout the organisation and its operations.

It should be noted that the certification audit isn’t solely structured on a review of paper-based controls.  As you’ll read below, the process assesses the organisation’s overarching stance on anti-bribery and how that stance is conveyed — tangibly and intangibly — from the board of directors right down to lower-level staff members.

Employing interviews, policy reviews, sampling, due diligence and testing of methods and techniques, the audit will produce sufficient evidence of a sound anti-bribery management system, while spotlighting specific areas of risk that demand attention and subsequent improvement to adhere to the standard.

Certified Auditors; ISO 37001 Anti-Bribery Experts

First and foremost, ISO 37001:2016 auditors must be specifically certified and credentialed in order to lead and conduct such audits.  Auditors are guided by the requirements of ISO 17021-9 to conduct an ABMS assessment.  To attain this status, auditors must undergo intensive training to fully comprehend the concepts and principles behind the various ISO management systems compliance, and the corresponding specifications and auditing techniques associated with those ISO guidelines.  From that training, auditors will gain the necessary knowledge and skills to effectively plan and perform related audits.

Further — and just as vital — auditing professionals must possess considerable experience in the areas of anti-bribery and anti-corruption, and have deep-seated knowledge of the industry sectors and the respective geographic regions (with a familiarity of the legal jurisdictions) served by the organisation being certified.

And finally, the ISO 37001:2016 auditor must be qualified to serve as a helpful, non-confrontational advocate during the entire audit process, expertly guiding the organisation through the process with the shared goal of achieving outcomes that will ultimately fortify the organisation’s commitment to battling instances of bribery in the global marketplace.

The ISO 37001 Audit Process

The process, which adheres closely to ISO 19011 requirements, begins well in advance of the on-site visit, with the auditor conducting a thorough analysis of news, social media and other public domain information pertaining to the organisation.  This outside review oftentimes helps the auditor determine the organisation’s perceived “culture of compliance” prior to initiating the audit.

The audit process itself is a critical assessment of a number of crucial elements that are required by the ISO 37001:2016 standard, and a determination of how the overall policy is represented by the various roles and responsibilities throughout the organisation.  The process entails:

  • A review of the organisation’s anti-bribery policies, procedures and controls;
  • An assessment of the organisation’s plan for communicating its polices to all employees worldwide;
  • In-depth interviews with compliance personnel, leadership, management, and legal, finance, procurement, human resource and communications staff members to assess familiarity with the policies and comprehension levels for identifying and responding to red flag events;
  • A review of all procedures and instructors involved with the organisation’s anti-bribery training;
  • Performing risk assessments specific to particular projects, industries, regions, jurisdictions and third-parties associated with the organisation;
  • Conducting due diligence on third-party partners (by region);
  • Assessment of monitoring, reporting and investigation procedures as related to anti-bribery events;
  • Bench-marking the organisation’s overall commitment to its anti-bribery policy and management systems;
  • Assessment of the organisation’s financial controls to detect and prevent incidences of bribery;
  • Review of all corrective actions to the policy following a bribery investigation;
  • Confirmation of the organisation’s attempt at continuous improvement of the anti-bribery management system.

And throughout the various processes of observation, document review, sampling, interviews, technical verification and evaluation, the audit team is constantly meeting and communicating through the proper channels to assist the organisation in identifying risks and improving its processes and procedures.

The audit process can take weeks or months to complete, and needless to say, this process varies widely between organisations, industry sectors and geographic regions.

 

Reporting & Documentation

Post-audit, the team convenes an oversight board comprised of anti-bribery experts to review the audit reports and findings, and makes recommendations to both the organisation and the certification committee.

The ensuing documentation covers a host of topics, including risk areas (by project, personnel group, and geographic region), training recommendations, investigative techniques, reporting processes, and other areas of improvement.

 

Follow-Up Surveillance Audits to Ensure Continuous Improvement

The certification process doesn’t end after the initial audit phase. Certification to the standard requires verification of continuous improvement and confirmation of how outcomes are implemented, documented, monitored and assessed over time.  To achieve this, the audit team will conduct annual surveillance audits of the organisation’s anti-bribery system over the three-year certification cycle.  Surveillance audits verify the organisation’s continued adherence to the standard, evaluate any prescribed corrective action plans, and review what the organisation is doing to improve its anti-bribery management systems.

Certification in ISO 37001:2016 symbolises an organisation’s unrelenting commitment to fight corruption and pursue best practices in an ongoing quest for compliance to the widely-accepted anti-bribery standards.  And the in-depth process involved in achieving certification to the standard — together with the counsel, risk assessment, and improvement recommendations that result from the audit — can make the certification process well worth the investment.

This paid webinar will be running from the following times on Thursday the 30th of September;

  • 08:00 to 10:00 GMT
  • 15:00 to 17:00 MYT
  • 12:00 to 14:00 GST

Your turnout with come with a certificate of Attendance (COA) as well as a complimentary webinar ABMS Awareness for 2 Pax per company. While you’re there, why not attain a Continuing Professional Development (CPD) certificate and stay on top of your industry?

Register your place for this webinar here and find out how to tackle the issue of bribery and corruption in your workplace before it has time to manifest itself into a greater issue. Finance is the greatest asset to the economy after all.

Complete Registration 


Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

ABOUT THE AUTHOR

Zafar I. Anjum, is Group Chief Executive Officer of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations.  Headquartered in London (with significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, Canada, Latin America and the United Kingdom.

 

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group Chief Executive Officer

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@CRIGroup.com

Why Financial Services Firms Need ISO 37001 ABMS?

When Société Générale, a global financial services institution based in France, agreed to pay a combined total penalty of more than $860 million for an alleged bribery and corruption scheme, it served as a warning shot to financial firms worldwide that a culture of enforcement has arrived. Société Générale was accused of paying bribes to officials in Libya and committing violations in manipulating the London InterBank Offered Rate (LIBOR), one of the world’s leading benchmark interest rates. Together with other regulatory penalties faced by the financial services giant, the total amount to be paid exceeds $1 billion. (The United States Department of Justice, 2018)

Bribery and corruption often go together with money laundering – and, as such, the financial sector faces new Anti-Money Laundering (AML) rules and legislation that is strict and increasingly enforced. Remaining in compliance through implementing proper prevention controls is a must. Failing to do so can mean a loss of business, trust and reputation: Banking giant Citibank was fined $70 million in the US for failing to address shortcomings in its anti-money laundering policies. We at CRI intend on being apart of the solution. Therefore, CRI Group’s ABAC will be hosting a webinar on the 30th of September exploring the Pitfalls Most Organisations Often Commit – the importance of implementing Anti-Bribery Management System (ABMS). Being a part of the solution means sharing our knowledge so society is one step closer to an ethical reality.

Register Here 

In the US alone, more than 100 bribery investigations were in progress at the end of last year, with the financial services industry facing the most investigations. (Wall Street Journal, 2019)

Having layers of safeguards in place is required both from a legal and compliance standpoint. One of the most critical layers is an effective anti-bribery management system (ABMS).

Prevent corruption and promote compliance

There is a solution that financial services organisations can implement to take a proactive stance against bribery and corruption: The ISO 37001:2016 Anti-Bribery Management System standard. ISO 37001 ABMS is designed to help global organisations implement an anti-bribery management system (ABMS), as the standard specifies a series of measures required by the organisation to prevent, detect and address bribery, and provides guidance relative to that implementation.

For financial services firms, this is a critical layer of protection that provides both anti-bribery controls and a system for compliance with various anti-corruption legislation, such as the FCPA and UK Bribery Act. The UK Bribery Act’s adequate procedures requirement dictates that all companies need to have ongoing monitoring, training, surveillance and risk assessments – ISO 37001 ABMS is designed to fulfil these criteria and more.

CRI Group’s ABAC Certification Services is accredited to offer independent ISO 37001 certification to ensure that an organisation is in compliance with the standard, which is recognised and practised in more than 160 countries worldwide. CRI Group’s auditors and analysts work with financial services organisations to develop measures that integrate with existing management processes and controls, and include:

  • Adopting an anti-bribery policy
  • Establishing buy-in and leadership from management
  • Training personnel in charge of overseeing compliance
  • Communicating the policy and program to all personnel and business associates
  • Providing bribery and corruption risk assessments
  • Conducting due diligence on projects, business associates and other third-party affiliations
  • Implementing financial and commercial controls
  • Developing reporting and investigation procedures

Our paid webinar will have a rundown of the following:

  • What are the core Bribery and Corruption Risks for Financial Institution?
  • How to protect financial institutions and corporations from bribery and corruption risk
  • Reparations from bribery that could affect the businesses, clients, and employees
  • Successful regulations to mitigate risk for bribery and corruption.
  • What can be done if bribery is detected?
  • Internationally recognised solutions laid forth by ISO 37001: Anti-Bribery Management System that gives businesses effective controls to mitigate risk
  • Components of risk management at a financial institution

We will also be exploring how the implementation of such a standard aids in examining and dealing fittingly with any actual or suspected bribery within the corporation and also how to implement appropriate financial, procurement and other commercial controls so as to help prevent the risk of bribery in financial services as these organisations face unique challenges.

Register Here 

Among them are maintaining proper internal procedures as they relate to bribery and AML regulations. These measures can be logistically challenging, especially in the auditing process – but keeping accurate books and records is a key provision of the UK Bribery Act. ISO 37001 ABMS standard makes this a key provision in cultivating proper due diligence and reporting procedures.

Another major challenge involves monitoring third-party risk. The due diligence practices and risk assessments implemented through ISO 37001 ABMS are critical in this area. Financial services firms, more than any other sector, must conduct effective vetting and ongoing monitoring of third-parties. This goes beyond “on-boarding” and relates to how companies continually assess risk from outside partners – including brokerage firms, introducers, agents, joint-venture relationships, even clients – as borrowers, for example, represent a major risk on the balance sheet.

Some financial services companies do not properly score or assign risk profiles to third-party partners, and this can represent a major weak point in efforts to prevent bribery, corruption and money laundering. Regulators understand this, too. That’s why ISO 37001 ABMS dictates thorough and comprehensive due diligence in regards to all third-parties and especially in the case of mergers and acquisitions.

Once certified, an organisation must continue surveillance and undergo a recertification audit over three years to ensure that the organisation still complies with the ISO 37001:2016 ABMS standard. During this time, any changes to processes, the addition of new partners and expansion/acquisition of new assets or energy contracts, etc. are carefully reviewed.

Long-lasting benefits of certification

ISO 37001 ABMS provides a strong framework for addressing and isolating risk factors, and the benefits of certification are far-reaching, impacting not just the primary organisation but also influencing contractors, clients, and raising the profile of the company as an ethical entity that is a good trading partner. By achieving ISO 37001:2016 ABMS certification, a financial services firm will:

  • Ensure that the organisation is implementing a viable anti-bribery management system utilising widely accepted controls and systems.
  • Assure management, investors, business associates, personnel and other stakeholders that the organisation is actively pursuing internationally recognised and accepted processes to prevent bribery and corruption.
  • If needed, provide acceptable evidence to prosecutors or courts that the organisation has taken reasonable steps to prevent bribery and corruption.

Cases like Société Générale are not isolated, but more and more, we are seeing companies punished for not taking proper preventative action with a robust anti-bribery management system (ABMS). Financial services firms need to be aware and stay in front of increased anti-bribery and corruption legislation given that such regulations have, in most cases, achieved a global reach. For ownership and management, the stakes are especially high – accountability now includes criminal liability for organisation personnel as individuals, beyond (and in addition to) liabilities faced by the organisation. This trend will only continue as governments, and their publics become increasingly intolerant of fraud, bribery and corruption. Significant media coverage and the real and perceived threat to governments’ economies contribute to this changing landscape of public opinion.

As the ISO 37001 International standard document states, “Conformity with (ISO 37001) cannot provide assurance that no bribery has occurred or will occur in relation to the organisation, as it is not possible to eliminate the risk of bribery. However, (the standard) can help the organisation implement reasonable and proportionate measures designed to prevent, detect and respond to bribery”. With this in mind, It’s important to note that ISO 37001 certification, on its own, is not a “safe harbour” from prosecution should bribery or corruption be discovered. Significantly, ISO certification is, as the above explains, a potential mitigating piece of evidence to regulators or even prosecutors and the courts that the entity has taken meaningful steps in its efforts to prevent bribery and corruption.

Financial Services Firms Need ISO 37001 ABMS

It is critical that any financial services organisation have a proper, comprehensive strategy to prevent and detect bribery and corruption, and remain in compliance with all regulations – on the local, regional, and international levels. The ISO 37001 ABMS standard is an established, tried and tested program to address those issues head-on through a comprehensive program of training and certification. The training process is tailored to the organisation while still following the developed curriculum and documented best practices. Due diligence procedures and risk assessments are applied in a thorough, comprehensive manner. Certification requires the demonstration that processes have been implemented effectively, with follow-up evaluations.

Worldwide developments in laws and regulations have demonstrated that there isn’t time to wait to implement controls and compliance procedures – the next investigation and/or prosecution may be too late. The harm caused by bribery and corruption to an entity’s reputation, investments and business can be far-reaching and long-lasting.

This paid webinar will be running from the following times on Thursday the 30th of September;

  • 08:00 to 10:00 GMT
  • 15:00 to 17:00 MYT
  • 12:00 to 14:00 GST

Your turnout with come with a certificate of Attendance (COA) as well as a complimentary webinar ABMS Awareness for 2 Pax per company. While you’re there, why not attain a Continuing Professional Development (CPD) certificate and stay on top of your industry?

Register your place for this webinar here and find out how to tackle the issue of bribery and corruption in your workplace before it has time to manifest itself into a greater issue. Finance is the greatest asset to the economy after all.

Complete Registration 

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.