Cyber security: how to maintain GDPR compliance?

The European Union’s (EU) General Data Protection Regulation (GDPR) came into force in 2018. The GDPR was a response to massive worldwide data breaches that were undermining the trust and security of private citizens whose personal information was at stake. As this data was exposed by both hackers and, in some cases, simply through poor security measures, governments of the EU felt it was time to create a strong piece of governance to bolster protection. While the initial rollout of GDPR held some uncertainty and unknowns for organisations subject to its guidelines, there is now a much clearer picture of how its standards apply. The punishments for being caught out of compliance can be severe: Violators of the GDPR may be fined up to €20 million or up to 4 percent of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater.

Cybersecurity is a priority for the management

Even with extremely high fines and stringent requirements, GDPR violations and data breaches have been skyrocketing across the world. In 2020, the overall increase of fraudulent activities has been detected, based on ACFE’s “Fraud in the Wake of COVID-19: Benchmarking Report”: 77% of survey participants have seen an increase in the overall level of fraud as of August, compared to 68% who had observed an increase in May. Earlier we wrote how the COVID-19 crisis triggered fraudulent activities and what can businesses do to support anti-fraud movements in their organisations and to strengthen their immunity to fraud. However, cyber-attacks are on the rise – the survey by the gov.uk continues to show that cybersecurity breaches are a serious threat to all types of businesses and charities. 39% of businesses and 26% of charities reported having cybersecurity breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (65%), large businesses (64%) and high-income charities (51%).

The study suggests that the risk level is potentially higher than ever under COVID-19 and that businesses are finding it harder to administer cybersecurity measures during the pandemic: 35% of businesses compared to 40% last year are now deploying security monitoring tools. This reduction suggests that these organisations might simply be less aware than before of the breaches and attacks their staff are facing.

However, among those that have identified breaches or attacks, around 27% of businesses experience them at least once a week. The most common by far are phishing attacks (83%, and 79% in charities), followed by impersonation (for 27% and 23%). Based on a survey by the gov.uk, despite COVID-19 stretching many organisation’s cybersecurity teams to their limits, cybersecurity remains a priority for management boards. But it has not necessarily become a higher priority under the pandemic. Three-quarters (77%) of businesses say cybersecurity is a high priority for their directors or senior managers, while seven in ten charities (68%) say this of their trustees.

The most notable data breaches

In the climate where organisations are putting more emphasis on strengthening their online security systems, there is no shortage of data breaches or GDPR violations. Our experts have noticed and shortlisted a few most notable cases in any order for you to be aware:

1. Booking.com

The very recent case, when travel booking website Booking.com has been hit with a  €475,000 ($560,000) fine after failing to report a data breach within the time period mandated by the GDPR. It happened back in 2018 when telephone scammers targeted 40 employees at various hotels in the United Arab Emirates (UAE). The hackers were able to get login creations for the booking system and to access the personal details of more than 4000 customers who booked hotel rooms via booking.com. The scammers exposed the credit card details of 283 customers, and in 97 cases the CVV code was also compromised. Based on GDPR, the data breach must be reported within 72 hours. Booking.com was late for 22 days (!) to report the breach to the Dutch Data Protection Authority and was issued a fine in April 2021, as reported by Forbes.

2. Twitter

Another company that was late to report the security flaw is Twitter – it was discovered in December 2018 but the social media giant did not report it to Ireland’s Data Protection Commission (DPC) until the following month. As a result, Twitter has been told to pay a €450,000 GDPR fine by Ireland’s data regulator for failing to report a 2018 data breach in the legally required timeframe. The DPC also determined that Twitter failed to adequately document the breach, another requirement under GDPR.

3. Vodafone

The firm that has been warned or fined smaller amounts on at least 50 occasions between January 2018 and February 2020, is in the news again: the Spanish data protection authority has fined Vodafone €8.15 million (approximately £7 million) for aggressive telemarketing tactics and repeated data protection failures. The fine was issued as a result of an investigation that was prompted by hundreds of complaints, with the regulator discovering a system that held up to 4.5 million contact lists purchased from third parties without user consent.

4. Facebook

And another social media giant – Facebook. Ireland’s data protection watchdog is demanding answers from Facebook over the release of records on 533 million people that appeared to stem from the social media site. As reported in April 2021, a spokesman for the Data Protection Commission (DPC) – which regulates Facebook in the European Union – said “a dataset, appearing to be sourced from Facebook, has appeared on a hacking website this weekend for free and contains records of 533 million individuals.”

5. H&M

The Data Protection Authority of Hamburg, Germany, fined clothing retailer H&M €35,258,707.95 — the second-largest GDPR fine ever imposed. H&M’s GDPR violations involved the internal monitoring of employees. After employees took vacation or sick leave, they were required to attend a return-to-work meeting. Some of these meetings were recorded and accessible to over 50 H&M managers. It has violated the GDPR’s principle of data minimisation — don’t process personal information, particularly sensitive data about people’s health and beliefs, unless you need to for a specific purpose.

6. Google

The biggest penalty (€50 million) was issued to Google for its alleged failure to provide notice in an easily accessible form, using clear and plain language, when users configure their Android mobile devices and create Google accounts, and obtain users’ valid consent to process their personal data for ad personalisation purposes. 

COMPLIANCE & ETHICS HOTLINES, REPORT NOW

How to maintain GDPR compliance

What can we learn from these case studies? Maintaining GDPR compliance is a complex process, and requires a lot of diligent work. At CRI Group, we recommend looking at it as a part of your risk management strategies, together with your compliance policies and procedures.

To help you with maintaining compliance with GDPR, our integrity due diligence experts created the following top 10 GDPR best practices for any business or entity that deals with collecting, storing or using personal information:

1. Employ a Data Protection Officer (DPO)

It is a GDPR requirement that entities who carry out regular and systematic monitoring of individuals on a large scale, or large-scale processing of certain special categories of data, have an assigned DPO. It is also recommended, however, for all other entities to help ensure data security. While the GDPR does not specifically list the necessary training or qualifications of a DPO, the regulation does require the DPO to have “expert knowledge of data protection law and practices” (Digital Guardian, 2019). Implement thorough background screening processes and make sure they are trained and qualified to be your DPO.

2. Train your employees

Ensure that all personnel are aware of the GDPR and your organisation’s commitment to compliance. Make sure that all leaders, and especially key personnel charged with collecting, handling or storing data, understand their responsibilities under GDPR. Make date protection training a regular part of your employee curriculum.

3. Confirm the legality of your data collection

GDPR requires that you have a legal basis to collect personal data. For most businesses, the following are the most likely to be applicable:

  • The information is necessary to perform a contract between the organisation and the individual;
  • You have a legal obligation to process the data (such as a court order);
  • The organisation has a legitimate interest in collecting and processing the data – in other words, there needs to be a relationship and business reason to collect the date (it cannot be random);
  • The individual has provided direct consent to the processing of the data.

4. Maintain thorough records

For larger organisations (more than 250 employees), GDPR requires that records of data collection and processing be maintained. Again, this is also a best practice for smaller organisations, as well. It can help establish that the organisation is dutifully complying with the data protection principles in GDPR. Take inventory and make a record of the data you have collected and are storing to date. Create a detailed matrix to understand what types of data you are holding, where/how it is collected, how and where it is held, and whether it is still needed. Based on this information, you can also develop a data-retention policy to govern how long personal data is kept and stored. Keeping data on file longer than needed is a liability, and serves no business purpose.

5. Establish consent policies for data

For some of your records, consent is your lawful basis for holding it. Under GDPR, it is no longer acceptable to assume consent in your collected data, or treat silence as consent. Create clear and unambiguous consent forms for your data collection that demonstrate adherence to GDPR principles. And remember, under GDPR, you must make it a simple process for an individual to withdraw their consent at any time.

6. Perform due diligence on third-parties

Under GDPR, your organisation is responsible if third-party partners collect, store or manage data for your organisation. You must ensure their compliance with GDPR as if it is your own since they are responsible for your data. This is the time to update your contracts with them to include compliance measures, as needed. It is also important that you review their control systems and their data handling processes. They must be comprehensive and meet all of the GDPR requirements to keep data secure. CRI Group’s third-party risk management experts can help you conduct effective reviews of your partners and their processes.

7. Be responsive

Under GDPR, your organisation must respond to requests from individuals whose data you have collected and/or are storing. These requests are spelt out as individuals rights in regards to their personal data and they include the following:

  • Right to be informed about what data is collected and why;
  • Right of access to data that has been collected;
  • Right to rectification/correction of inaccurate data;
  • Right to erasure of data (“right to be forgotten”);
  • Right to restrict processing of personal data;
  • Right to data portability;
  • Right to object to use of data; and
  • Right not to be subject to automated decision making, including profiling.

Have a process in place to timely respond to requests and provide data when requested in order to stay in compliance.

8. Have written policies in place

Develop your internal policies in regards to GDPR and how you protect personal data, and communicate them across your organisation. Take special note to spell out policies on data retention, cross-border processing of data, and how you collect and handle data for persons under the age of 16, as GDPR has special requirements in regards to children’s data.

9. Conduct risk assessments

GDPR requires Data Protection Impact Assessments in certain cases. These assessments measure your organisation’s ability to protect personal data and risks associated with that protection. If your data processing is considered high-risk, uses new technology, or deals in large-scale processing of data in certain categories, the assessments are required – but for any organisation, they are recommended. Data protection experts at an outside firm like CRI Group can help you prepare robust risk assessments and follow-up plans to address their results.

10. Be prepared for a breach

A worst-case scenario in data security is a breach that exposes personal information. Under the steps above, your organisation should be well-positioned to prevent or limit any breach to your data security. However, you should always have a contingency plan in place to immediately respond to a breach should it occur. Understand that GDPR requires that the applicable EU data protection supervisory authority be notified within 72 hours of a breach. Gone are the days where a company can announce it weeks or even months after the fact. Be ready to notify the affected individuals that their data has been compromised, so that they can take the appropriate steps to respond.

Organisations don’t like to think about the impact of a data breach – but major cases have pushed governments to act in the public’s interest. Perhaps nowhere is this more true than in the EU, where the GDPR is now the governing policy for organisations that deal with individuals’ personal data. By being proactive with the steps above, your organisation can be better prepared and maintain compliance with the GDPR. Most importantly, you will have the confidence and trust of your consumers through effective best practices in handling and protecting their data. CRI Group’s experts are here to help. Contact us today so that we can walk you through the steps of GDPR compliance. If you have any further questions or interest in implementing compliance solutions, please contact us.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Stay updated on the go

Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence related news, solutions, events and publications.

Q&A: Corporate fraud & corruption in the UK 2021

The United Kingdom scores 77 out of 100 on Transparency International’s (TI)  2020 Corruption Perceptions Index (CPI), as is one of the 25 least corrupt countries across the globe. However, it all seems great on the surface as corporate fraud and corruption cases have been noticeable in various industries across the UK. TI reports that corrupt actors enjoy their illicit gains by “buying luxury property in the world’s most sought-after cities, like London”. Based on the article “CPI 2020: Trouble in the top 25 countries”, “While the UK (77) is the first G20 country to launch a public register of beneficial ownership, a loophole in the law allows foreign companies to purchase real estate anonymously. This is particularly problematic as research shows that over 75 per cent of properties subject to criminal investigations between 2004 and 2015 used offshore anonymous companies to hide their owners’ identities. The UK government committed to closing this loophole by introducing a register of beneficial ownership for property, but it has yet to be implemented. The necessary legislation has been subject to significant delays. In the meantime, rich businesspeople linked to autocratic regimes are allegedly purchasing property via shell companies, such as billionaire and daughter of former President of Angola, Isabel de Santos.”

To discuss the situation of corporate fraud and corruption, CRI Group and its ABAC® Center of Excellence were invited to share the expert views in the special InDepth Feature by Financier Worldwide “Corporate fraud and corruption 2021”. In this edition, CRI Group’s CEO Zafar Anjum and ABAC®’s Scheme Manager Huma Khalid talk about how corporate fraud and corruption affect businesses not only in the UK, but across the globe, and provide solutions and insights for businesses to become better protected from corporate fraud, bribery and corruption. Read on the answers to the below questions:

  • To what extent have you seen a notable rise in the level of corporate fraud, bribery and corruption uncovered in your country of focus?
  • Have there been any legal and regulatory changes implemented in your country of focus designed to combat fraud and corruption? What penalties do companies face for failure to comply?
  • In your opinion, do regulators in your region have sufficient resources to enforce the law in this area? Are they making inroads?
  • If a company finds itself subject to a government investigation or dawn raid, how should it respond?
  • What role are whistleblowers playing in the fight against corporate fraud and corruption? How important is it to train staff to identify and report potentially fraudulent activity?
  • What advice can you offer to companies on conducting an internal investigation to follow up on suspicions of fraud or corruption?
  • What general steps can companies take to proactively prevent corruption and fraud within their organisation?

Q: To what extent have you seen a notable rise in the level of corporate fraud, bribery and corruption uncovered in your country of focus?

A: The COVID-19 pandemic has created increased opportunities for fraud worldwide. The UK is not immune, unfortunately, and such a disruptive event as the pandemic increases the likelihood that normal safeguards and risk management controls can be bypassed and subverted. There has been an increase in reported fraud and corruption cases over the past year. A survey of fraud experts by the Association of Certified Fraud Examiners (ACFE) in August 2020 showed that 77 percent were seeing an increase in fraud. Perhaps not surprisingly, cyber fraud is the fastest-growing problem area, but there has also been an uptick in unemployment fraud. This is bad news in the UK, where fraud is our most common crime, costing the country £190bn annually, according to the Royal United Services Institute (RUSI).

Q: Have there been any legal and regulatory changes implemented in your country of focus designed to combat fraud and corruption? What penalties do companies face for failure to comply?

 A: There is proposed legislation, supported by the secretary of state of the UK’s Department of Business, Energy and Industrial Strategy, that would increase accountability for corporations that produce falsified financial statements. This includes a provision that would require company directors to personally sign off on their corporation’s financial statements, under penalty of fines and possible prison time. Under the Sarbanes-Oxley Act in the US, the penalty for falsely certifying such statements is steep: up to 20 years in prison and up to $5m in fines, and the UK is looking at similar measures to step up its fight against fraud and corruption. The UK also recently approved the formation of an audit, reporting and governance authority (ARGA) that should come into force within the next two or three years. Accordingly, the UK is taking a stronger stance against fraud going forward.

> STAY UPDATED: Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence related news, solutions, events and publications

 Q: In your opinion, do regulators in your region have sufficient resources to enforce the law in this area? Are they making inroads?

A: Combatting fraud is never straightforward. When looking at progress in detecting and preventing fraud, it sometimes feels like a question of whether the glass is half full or half empty. For example, the Serious Fraud Office (SFO) brought 13 fraud defendants to trial in 2019 and 2020, with a 95 percent four-year success rate by case. Many of these represent large frauds, and they are meaningful wins, but how many more fraudsters are out there undiscovered? Other bodies, including Her Majesty’s Revenue and Customs (HMRC), among others, also have key roles to play in investigating fraud, but a considerable amount of fraud is still investigated and prosecuted at the local level. It is important for leaders in the UK to know what resources law enforcement have and where they need training and support in the fight against fraud.

Q: If a company finds itself subject to a government investigation or dawn raid, how should it respond?

A: Any investigation, and especially a raid, can be an incredibly stressful time for a company and its employees. The important thing is to not panic – the investigators have a job to do, and the sooner they get to the truth of the situation, the better for everyone. Companies should direct their management and their employees to cooperate fully, while also engaging legal counsel to properly protect the corporation from future litigation. If fraud is detected, it is a criminal matter and the company should make a good faith effort to work with prosecutors and regulators, while making sure to document all control measures and prior steps taken to manage fraud risk. Having a track record of meeting compliance requirements and having proper internal controls in place at the time fraud occurs could have a mitigating effect in terms of potential prosecution and penalties down the road. View the reprint of the interview, covering not only the UK but also the United Arab Emirates.

Q: What role are whistleblowers playing in the fight against corporate fraud and corruption? How important is it to train staff to identify and report potentially fraudulent activity?

A: Employees are a company’s first line of defence against fraud and corruption. But training them to recognise the red flags of fraud is only half of the process. The company must also implement a reporting system that is anonymous and easy to use, so that employees are encouraged to report any suspicions. Then, the company must follow through and fully investigate any reports that do come in. If they do not, whistleblowers will believe that combatting fraud and corruption is not a corporate priority, and the tips will stop coming in. How important are those tips? According to the ACFE, they are by far the highest detection method for fraud, well above audits and other means. The company should communicate that a whistleblower hotline or online reporting system is available, and that there is a zero-tolerance policy for any type of retaliation against whistleblowers. Over time, the tips will come in.

Q: What advice can you offer to companies on conducting an internal investigation to follow up on suspicions of fraud or corruption? 

A: Investigations can be challenging, and they require expertise. For example, there are rules for collecting and handling evidence, including physical evidence and witness statements, that must be followed for such evidence to be admissible in court. There are also laws in the UK dealing with privacy and the rights of the accused. The bottom line is that a company already dealing with a potentially costly and damaging fraud scenario should not risk adding more legal trouble through a faulty investigation. Hire experts who deal with corporate crime and specialise in fraud and corruption cases. Like any other area of expertise, they will have the knowledge and resources to help proceed with an investigation and lead it to the most favourable outcome for your company. If you already have anti-fraud professionals on staff, let them take the lead, but provide outside resources as needed.

Q: What general steps can companies take to proactively prevent corruption and fraud within their organisation? 

A: A fraud prevention strategy has many different elements, and the sooner companies implement them, the sooner they can begin to work together in a proactive way to prevent fraud. Mandating employee training, such as ISO 37001 ABMS, having an ethical code of conduct signed by every member of staff, providing regular and surprise audits, and implementing a fraud reporting system are all effective ways to help prevent and detect fraud and corruption. None of these methods is strong enough on its own to properly protect organisations. But together, they can be very effective. It is also important to set a ‘tone at the top’, from ownership, directors and management on down, that fraud will not be tolerated. Anti-fraud controls only work if the company sees them through and thoroughly investigates every report. When fraud is confirmed, any perpetrators should be terminated and potentially prosecuted, sending a message of zero-tolerance.

> Find out more about the ISO 37001 training

About CRI Group

]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, the CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][accordion_son title=”Meet our CEO” clr=”#ffffff” bgclr=”#1e73be”]Zafar I. Anjum, is the Group Chief Executive Officer of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations.  Headquartered in London (with significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

 

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

 

Source & Credits

The original version of the Q&A was published on Financier Worldwide’s InDepth Feature: Corporate Fraud & Corruption 2021Download the reprint here.

 

CPI 2020 overview: Middle East & Asia

The newly published Transparency International’s Corruption Perception Index (CPI 2020) has ranked 180 countries and territories by their perceived levels of public sector corruption. This index uses a scale of 0 to 100, where 0 is highly corrupt and 100 is very clean. CPI 2020 identified that despite progress, most countries still struggle to stop corruption effectively – more than 2/3 of countries score below 50 on CPI, with an average score of just 43. That proves the need to implement more stringent anti-bribery anti-corruption measures worldwide.

In this article, which was originally published on ABAC® Center’s of Excellence website, we will look at how the Asia Pacific, the Middle East and Pakistan scored in the CPI 2020 and discuss solutions to tackle bribery in these regions.

 

Asia Pacific

Transparency International identified that with an average score of 45, the Asia Pacific region is still struggling to combat corruption despite continuous efforts. Region’s top leader New Zealand (88) is followed by Singapore (85), Australia (77) and Hong Kong (77). Conversely, Cambodia (21), Afghanistan (19) and North Korea (18) ranked lowest in the region. Malaysia, the country which introduced more stringent measures to fight bribery and corruption, proves that it takes time to see improvements. The country has moved down to 51 points compared to 53 points in 2019. Accordingly, the ranking also moved down to 57 in comparison with 51 in 2019. “Although a drop in the score appears statistically insignificant, the government must be cognizant that our rank falling 6 steps means that compared to other countries we are not improving as well as other countries in our efforts to fight corruption” – said Transparency International Malaysia in a statement. TI-M added: “The Government after coming into power in early 2020 committed to continue with the agenda to fight corruption and among them were to gazette the enforcement date of 1 June 2020 for the Corporate Liability and continue with the National Anti-Corruption Plan (NACP) initiated by the previous Government which is commendable. The NACP (National Anti-Corruption Plan) is a comprehensive plan but the government must ensure the implementation is effective and the Chief Secretary to the government should be empowered to lead the implementation and be made accountable”.

In our published whitepaper “South Asia grapples with anti-bribery compliance”, which overviews anti-bribery, anti-corruption and ISO 37001 solutions in Malaysia and entire in South Asia, we wrote that South Asia has a troubled record when it comes to preventing bribery and corruption, as well as enforcing compliance. Recent cases and statistics show that the problem persists in most countries in the region. Both government officials and private sector business leaders are struggling to adopt policies, control methods and best practices to help reduce bribery and corruption on their watch. High profile cases such as the 1MDB scandal in Malaysia and, more recently, the alleged Meikarta township case in Indonesia underscore this point. The investigations that were triggered by these cases demonstrate, however, that regulators are serious about addressing the threat of bribery and corruption as more than just a legal issue, but as a societal one, as well. In response, organisations that are committed to being in compliance are adopting the ISO 37001 – Anti-Bribery Management Systems standard as a comprehensive approach to mitigating risk and demonstrating ‘adequate procedures’ taken to prevent bribery and corruption.[vc_hoverbox image=”10629″ primary_title=”What are the major bribery and corruption cases in Malaysia?” hover_title=”Find out the case studies “]READ ARTICLE[/vc_hoverbox]

Middle East

Transparency International identified that with an average score of 39, the Middle East and North Africa region is still perceived as highly corrupt, with little progress made towards controlling corruption. Even though the United Arab Emirates (71) and Qatar (63) are best performing in the region, UAE is still appearing in headlines with bribery and corruption scandals.

In the article “CPI 2020: Trouble in the top 25 countries” Transparency.org wrote: “The United Arab Emirates has been heavily criticised by the Financial Action Task Force (FATF) for its inadequate anti-money laundering framework. The country’s chaotic approach to registering companies makes it incredibly difficult for law enforcement to detect who is behind a suspicious company when thirty-nine different registries operate across the seven Emirates.

The UAE’s booming construction and real estate sector accounts for a fifth of the Emirates’ GDP, but remains vulnerable to money laundering because of complex and opaque ownership structures”.

Recently CRI Group was featured in Financier Worldwide’s InDepth Feature: Anti-Money Laundering 2021 publication and shared the view about the unfortunate situation of money laundering in this region: “When it comes to money laundering, a recent report from Carnegie Endowment found that there is a steady stream of illicit funds from corruption and crime flowing into the UAE. This should be alarming to organisations and regulators alike. The perpetrators take advantage of ‘free trade zones’ and often the money is funnelled through real estate deals, especially in luxurious properties in Dubai, for instance. This might be facilitated by foreign mobsters, gold smugglers, and even warlords. These are high-level criminal operations that can pose a risk to any legitimate organisation operating in the UAE and the Middle East as a whole”. In this edition, CRI Group’s CEO Zafar Anjum and ABAC®’s Scheme Manager Huma Khalid talked about the Anti-Money Laundering solutions and financial crime impact on businesses not only in UAE but across the globe: “Money laundering still represents a gap in enforcement, and organisations should not wait for government action to put their own AML frameworks in place. Like many countries around the world, the UAE is experiencing an uptick of fraud and financial crimes during the COVID-19 pandemic”. Read the full interview here.

 

Pakistan

As published in the press release, Pakistan’s CPI 2020 score “has lowered to 31/100 from 32/100 in 2019 and rank to 124/180 from 120/180 in 2019. This is despite NAB’s extraordinary efforts who claims to have recovered Rs 363 billion in the last two years, and Public Accounts Committee claims to have recovered Rs. 300 billion over the previous two years”.

TI Pakistan recently reported that “A total of 95 corrupt persons were convicted and fined worth billion of rupees by various accountability courts during the last three years due to the vigorous persuasion of National Accountability Bureau, Rawalpindi“. The comment was made by the Director General NAB, Irfan Naeem Mangi Monday. These efforts, of course, plays a significant role in fighting bribery and corruption, however, Pakistan is still appearing in the headlines. Recently, Transparency International Pakistan has found the Federal Board of Revenue (FBR) involved in prima facia violating procurement rules for IT-based solutions and causing Rs13.5 billion losses to exchequer.

As the expert in AML and risk management solutions, CRI Group was interviewed in the Annual Review (2018): Pakistan Corporate Fraud & Corruption, published by Financier Worldwide Magazine and highlighted that Corporate fraud and corruption in Pakistan are widespread (Rose-Ackerman, 1997, p. 4), particularly in the government and police forces. There is a need to reform accountability and anti-corruption policies in Pakistan. 

Rising fraud risks have driven companies to establish the right steps to prevent fraud and corruption from surfacing. Following through with a focused trajectory ultimately also ensures failsafe protections are put in place, which will guard against scandals or negative publicity, while minimising risk exposure. There is quite a notable empirical rise in the frequency of companies conducting background screenings to nip corruption in the bud. Though checks can vary in nature, enforcing internal controls by implementing ISO strategies can bring pivotal change to a company’s strategy. Risk management is an essential part of minimising the costs that can arise in the long term due to losses and falling prey to fraudulent practices in the corporate realm. This can be implemented through a resilient management system that has been designed to specifically target any loopholes and any roadblocks, the impact of which can often be greater than anticipated, rattling the company and causing harm that could lead to lawsuits, unanticipated monetary and financial losses and hefty fines imposed by regulatory authorities, from which the company may never recover.[/vc_column_text][vc_hoverbox image=”10628″ primary_title=”Q&A: Corporate Fraud and Corruption in Pakistan” hover_title=”Annual Review: Pakistan Corporate Fraud & Corruption (Financier Worldwide)”]READ THE Q&A NOW[/vc_hoverbox]

Demonstrating adequate procedures to prevent bribery and corruption 

ISO has developed a standard – ISO 37001:2016 ABMS – to help organisations promote an ethical business culture. “Designed to help your organisation implement an anti-bribery management system (ABMS), and/or enhance the controls you currently have. It helps to reduce the risk of bribery [and corruption] occurring and can demonstrate to your stakeholders that you have put in place internationally recognised good-practice anti-bribery [and anti-corruption] controls”.

“Adequate procedures” is a term made popular through the UK Bribery Act of 2010. It presents the potential of a company avoiding liability for failing to prevent bribery if that organisation can fully demonstrate clear, sound and established policies and procedures that deter individuals (inside and outside of the organisation) from partaking in questionable or corrupt conduct. Transparency International has written a checklist for countering bribery and assessing whether you have adequate procedures in place, do the  “Adequate Procedures” Checklist now, and find out!Provided by our ABAC®, ISO 37001 certifies that your organisation has implemented reasonable and proportionate measures to prevent bribery. These measures involve top-level leadership, training, bribery risk assessment, due diligence adequacy, financial and commercial controls, reporting, audit, and investigation.

Consider ISO 37001:2016 ABMS as one of the invaluable tools of your Third-Party Risk Management Strategy. Combined with due diligencebackground screeningbusiness intelligence and compliance solutions, ISO  37001 certification and training can lift your risk management process and help your business mitigate risks from third-party affiliations, protecting your organisation from liability, brand damage and harm to the business. Learn more about 3PRM™ program as a flexible and responsive tool to the various risk domains that are most important to your business.

ABAC® – aiming for a higher standard

At CRI Group’s ABAC® Center of Excellence Limited, we are affiliated with leading certification and accreditation bodies around the world. These affiliations and accreditations help demonstrate the high level of experience and knowledge we provide in anti-bribery, risk and compliance management to our clients on a daily basis.

That’s why ABAC® has achieved essential accreditations from the United Kingdom Accreditation Service (UKAS), Emirates International Accreditation Center (EIAC) and membership in the Association of British Certification Bodies (ABCB). ABAC® is also a member of the “Partner in Corporate Governance” programme with the Malaysian Institute of Corporate Governance (MICG) and a Corporate Member of Transparency International Malaysia (TI-M).

ABAC® was established in 2016 by CRI Group, a global leader in risk, compliance and anti-bribery management systems. ABAC® was launched to provide certification and online training in anti-bribery and anti-corruption risk management and compliance for organisations worldwide. CRI Group and ABAC® CEO Zafar I. Anjum, CFE, said that ABAC® is proud to be accredited by, and affiliated with, international accreditation bodies. “Our engagement with high-profile bodies like EIAC, ABCB and UKAS demonstrates the effectiveness of our ISO 37001:2016 Anti-Bribery Management System certification and training, along with our ISO 19600, ISO 31000 certifications and other programs,” Anjum said.

Visit ABACgroup.com to find out more about anti-bribery, anti-corruption, risk and compliance management solutions.[/vc_column_text][accordion_father][accordion_son title=”Who is CRI Group?” clr=”#ffffff” bgclr=”#1e73be”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][/accordion_father][/vc_column][/vc_row]

Protecting Your Company from the Global Corruption Pandemic

Organisations now, more than ever, become vulnerable and have to take actions now to protect themselves, reputation, employees and other stakeholders from bribery and corruption associated risks. The recently celebrated International Anti-Corruption Day drew attention to these sometimes hidden risks worldwide, and many organisation joined for this day to raise awareness of how to stop corruption inside and outside their organisations. That’s great news. But we at CRI Group and ABAC® believe that “saying NO TO CORRUPTION” is not enough and draw attention all-year-round on how organisations can take actions now to secure themselves and contribute towards businesses’ fight against bribery and corruption risks.

Even with the world under partial lockdown during the COVID-19 pandemic, there’s been no shortage of bribery and corruption cases. Did you know that £100 billion of dirty money passes through the UK systems and services every year? Or that £1.27 billion is lost annually to fraud, bribery and corruption in the NHS? Recently, the Airbus was fined £3.6 billion in February 2020 by courts in the UK, US and France for slush funds, “success payments” and lavish hospitality. Are you 100% sure what’s happening in your organisation or even department? Such risks could affect you any time and not only in healthcare or aviation industries – no industry, organisation or even country is immune to that. The above mentioned shocking figures indicate the need for organisations in public and private sectors and different industries to take more stringent actions to stop bribery and corruption. Learn more bribery and corruption-related facts by reading our ABAC®’s infographic here.

ANTI-CORRUPTION WEBINAR

As part of our continuous effort to educating businesses across the world of risk management, anti-bribery and anti-corruption solutions, we publish the library of insights and resources aimed to help you find the tools you and expand the knowledge.

This February, together with ABAC®, CRI Group presents the anti-corruption webinar, focused on helping businesses to stay protected from the global pandemic of corruption. This FREE “Protecting your company form the global pandemic of corruption” webinar (date TBA) will provide you with the knowledge to identify how to protect your organisation from global corruption and to critically assess the applicability of several recent legislative guidelines to the proactive mitigation of corruption and bribery in corporate administration across the world. Based on recent Airbus and Rolls-Royce cases of multinational, multi-party bribery, the webinar will dive into the consequences of systemic inadequacy, confirming a paradigm shift in corporate oversight and network risk management.

  • Discuss how to ensure compliance, compare and analyse the spectrum of regulatory instruments and corporate compliance standards and legislation in order to establish a comparative basis for Anti-Corruption policies and practices
  • Assess the Airbus and Rolls-Royce cases studies to outline rules-based violations and identify compliance instruments for mitigating future replication
  • Identify a combination of institutional solution for managing and monitoring corporate compliance to prevent bribery and corruption in a modern enterprise
  • Get the copy of webinar content supporting and complimentary eBook
  • Engage in a live Q&A session

[vc_btn title=”SIGN UP TODAY” link=”url:https%3A%2F%2Fabacgroup.com%2Fevent%2F2021-global-corruption-pandemic%2F||target:%20_blank|”][vc_column]Sign up today to hear directly from the industry expert Zafar Anjum, Group Chief Executive at CRI Group and ABAC® with more than 30 years experience in anti-bribery, anti-corruption and risk management. Explore case studies, discuss and compare local, regional and global corporate compliance standards and legislations and receive your copy of the whitepaper, titled “Countering bribery and corruption in the public and private sectors” with this complimentary anti-corruption webinar this February.

Explore our other resources, or sign up for risk management, compliance, anti-bribery and anti-corruption related news, solutions, events and publications in your inbox. We will be happy to hear from you if you have any questions at all – contact us today or get a quote for any anti-bribery, anti-corruption, risk or compliance management solutions.[/vc_column_text][/vc_column]Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/vc_column_text][/vc_column]

CRI Group celebrates International Anti-Corruption Day

Wednesday the 9th of December marks the International Anti-Corruption day since the passage of the United Nations Convention Against Corruption on 31st October 2003. Based on AntiCorruptionDay.org, as the world is recovering from COVID-19 pandemic, this year “the campaign for International Anti-Corruption Day will therefore focus on measures to reduce the risks of mismanagement and corruption without compromising the speed and flexibility demanded by the health crisis, while ensuring an inclusive recovery. This year’s motto “RECOVER with INTEGRITY” focuses on recovery through corruption mitigation and emphasizes that inclusive COVID-19 recovery can only be achieved with integrity.”

International Anti-Corruption Day

 

Bribery and corruption stories 2020

Even with much of the world under partial lockdown during the COVID-19 pandemic, there’s been no shortage of bribery and corruption cases. Each of these stories makes it clear that organisations must have proper controls in place to prevent bribery and corruption. ISO 37001 Anti-Bribery Management Systems standard provides a comprehensive approach to mitigating bribery and corruption risk. In no particular order, we collated some of the top bribery and corruption stories we’ve seen so far in 2020. Click here to read the full list. 

Airbus

In February, French-based Airbus agreed to pay a record $4 billion in fines for alleged bribery and corruption spanning at least 15 years. The company reached a plea bargain with prosecutors in Britain, France and the United States. According to prosecution documents, Airbus used a global network of agents or middlemen for corrupt transactions, included payouts disguised as commissions to push airplane sales.

“Fallout from the Airbus bribery scandal reverberated around the world on Monday as the head of one of its top buyers temporarily stood down and investigations were launched in countries aggrieved at being dragged into the increasingly political row.” (Reuters, 2020)

Novartis

While the investigation into suspected corruption at Novartis began seven years ago, it appears that 2020 is the year the company can finally close this damaging chapter in its history. The resolution comes at a steep cost. The Swiss-based pharmaceutical company will pay a staggering $1.3 billion in a settlement for kickbacks, bribery and price-fixing.

“The latest settlements cover two different cases. In the first, federal prosecutors claim Novartis used ‘tens of thousands of’ speaker programs and events — some entailing exorbitant meals — as disguise to provide bribes to doctors. The goal, according to prosecutors, was to encourage doctors to prescribe its drugs, including Lotrel, Valturna, Starlix, Tekturna, Tekamlo, Diovan and Exforge.” (Fierce Pharma, 2020)

Ohio House Speaker Larry Householder

While political corruption is nothing new, his constituents were nevertheless shocked when Ohio House Speaker Larry Householder was arrested, along with four alleged co-conspirators, as part of a $60 million racketeering and bribery investigation. The alleged scheme is being described as one of the biggest public corruption cases in Ohio, U.S. history.

“All the charges are tied to what federal prosecutors said was a criminal enterprise dedicated to securing a bailout for two nuclear power plants in northern Ohio owned by FirstEnergy Solutions of Akron. The bailout is expected to cost the state’s utility ratepayers $1 billion.” (Cincinnati Enquirer, 2020)

Alexion Pharmaceuticals

Charged by the SEC with violating the FCPA by bribing officials in Turkey and Russia, Alexion Pharmaceuticals will pay $21.4 million to resolve an investigation that began in 2015. The Connecticut, U.S.- based company was also accused of failing to keep accurate financial records at subsidiaries in Brazil and Colombia.

“In Turkey and Russia, Alexion paid government officials and doctors at state-connected hospitals to promote use of its blood-disease drug, Soliris. Alexion retained a consultant in Turkey from 2010 to 2015 with ties to health officials. Alexion Turkey paid the consultant over $1.3 million for ‘consulting fees and purported expense reimbursements,’ the SEC said. … In Russia, Alexion paid doctors at government hospitals over $1 million from 2011 to 2015 to increase Soliris prescriptions. … The bribery resulted in Alexion being ‘unjustly enriched’ by about $6.6 million in Turkey and $7.5 million in Russia, the SEC said.” (FCPA Blog, 2020)

> Read the full list of bribery and corruption cases in 2020

Prosecution of corruption is like a dose of painkillers. It can help with the symptoms, but it won’t solve the problem. On the other hand, the anti-bribery management system is comparable to a healthy diet. No one is excited about it but some of us are more determined to choose an apple instead of cake. International Anti-Corruption Day is the best time for organisations of all sizes and industries take steps now to ensure that they don’t end up on a future list of top bribery and corruption scandals. Earlier this year, we published a series of articles how ISO 37001 standard could be implemented into the different industries – the first part of the article focused on automotive, aviation, insurance industries, while the second edition examined how pharma and healthcare, property, IT and telecommunications, food and beverage industries might benefit from ISO 37001 certification too.

 

CRI Group’s continuous fight against bribery and corruption risks

At CRI Group we understand, that corruption and bribery affect any organisation, large or small, public or not-for-profit. It has the potential to cause severe harm to your business, including financial loss, dire legal consequences, damage to your brand, company’s reputation and sustainable development. Therefore anti-bribery needs to be managed correctly and effectively. ISO developed ISO 37001:2016 ABMS standard helps organisations promote an ethical business culture. “Designed to help your organisation implement an anti-bribery management system (ABMS), and/or enhance the controls you currently have. It helps to reduce the risk of bribery [and corruption] occurring and can demonstrate to your stakeholders that you have put in place internationally recognised good-practice anti-bribery [and anti-corruption] controls”.

The first step of demonstrating your organisation’s commitment to implementing an effective anti-bribery management system solutions is to commit to ISO 37001 solutions. In order to offer you ISO 37001 training and/or certification, CRI Group launched an Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence. ABAC® offers a complete suite of services and solutions designed to educate, equip & support the world’s leading business organisations with the latest best-in-practice risk & performance assessments, systems improvement & standards certification. ABAC® programs protect your organisation from damaging litigation & safeguard your business in the global marketplace by providing certification & training not only in ISO 37001 Anti-Bribery Management Systems but also in other internationally recognised ISO standards such as ISO 19600 Compliance Management Systems and ISO 31000 Risk Management Systems implementation.

ABAC® offers ISO 37001 Introductory, Internal Auditor and Lead Auditor training to upskill the teams and organisations who want to show a proactive way of demonstrating your organisation’s commitment to ethical sustainability. Your employees will be able to recognise any form of corruption, and report it. Our trainers are the best in the business. They’re passionate about sharing their knowledge with you and/or your employees. ABAC® trusted experts have years of hands-on and business experience – they bring the subject matter to life with relevant and contemporary examples.

Companies should take a zero-tolerance attitude towards corruption and put policies in place covering issues such as gifts, supply chains and whistle-blowers, in order to promote a fair and just environment. In business terms, integrity pays: the world’s most ethical companies prove a clear correlation between ethical business practices and improved financial performance.

Recently, ABAC® also launched ISO 31000 Risk management e-training – even though this course is for risk management in general, ISO 31000 implementation and training give businesses a broader view of all risks associated with their organisations and how to overcome them. ISO 31000 training is focused on improving your and/or your team’s skills in implementing ISO 31000 Risk Management which will help organisations see both the positive opportunities and negative consequences associated with all types of risk, and allow for more informed, and thus more effective, decision making, namely in the allocation of resources.

> Learn more about ISO 31000 training

Expand Your Third-Party Risk Management Strategies

CRI Group is launching a third-party compliance verification and certification program – 3PRM-Certified™ – across the Middle East, Europe and the Asian region. This Third-Party Risk Management (TPRM) program can help organisations establish the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with their business.

Third-party relationships are critical in business today and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organisation, the consequences of inadequate due diligence cannot be overestimated. The risk of data breaches and supply chain disruptions continue to rise with COVID-19, so does the need for an effective TPRM program. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organisation considering how to better equip your team with the best knowledge and skills, the 3PRM-Certified™ program is an all-in solution.

Support International Anti-Corruption Day – consider ISO 37001, ISO 31000 and ISO 19600 as invaluable tools of your Third-Party Risk Management Strategy. Combined with due diligencebackground screeningbusiness intelligence and compliance solutions, ISO standard certifications and training can lift your overall risk management process and help your business mitigate risks from third-party affiliations, protecting your organisation from liability, brand damage and harm to the business.

Read more about the 3PRM-Certified™ program

 

Supporting International Anti-Corruption Day 2020

Find below CRI Group’s resources helping you to know more about bribery and corruption risk. It does not wait and can happen anytime – we encourage you to think about anti-bribery and anti-corruption not only on International Anti-Corruption Day 2020 but all year round. Explore our other resources, or sign up for risk management, compliance, anti-bribery and anti-corruption related news, solutions, events and publications in your inbox. We will be happy to hear from you if you have any questions at all – contact us today or get a quote for any anti-bribery, anti-corruption, risk or compliance management solutions through our ABAC® Center of Excellence. Explore our recourses and expert insights in the Q&A sessions now:

Q&A: Corporate Fraud and Corruption in Pakistan

Q&A: Corporate Fraud and Corruption in the UK is growing, FAST!

Q&A session with our CEO: the United Arab Emirates fighting Fraud and corruption

Prove that your business is ethical
ABAC® published the free Highest Ethical Business Assessment (HEBA) to evaluate businesses’ current Corporate Compliance Programs. Find out if your organisation’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Let ABAC® experts prepare a complimentary gap analysis – the HEBA survey is designed to evaluate your compliance with adequate procedures to prevent bribery and corruption across the organisation. This survey is monitored and evaluated by qualified ABAC® professionals with Business Ethics, Legal and Compliance background. The questions are open-ended to encourage a qualitative analysis of your Compliance Program and to facilitate the gap analysis process.

TAKE THE SURVEY HERE!

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Q&A: Corporate Fraud and Corruption in UAE

The United Arab Emirates (UAE) is the 21 least corrupt nation out of 180 countries, according to the 2019 Corruption Perceptions Index reported by Transparency International.  However, UAE corporate fraud and corruption still prevails as UAE is just one of many enablers of global corruption, crime, and illicit financial flows. Addressing the emirate’s role presents anti-corruption practitioners, law enforcement agencies, and policymakers with incredibly complex challenges. Read the answers to the following questions:

  • To what extent are boards and senior executives in UAE taking proactive steps to reduce incidences of fraud and corruption from surfacing within their company?
  • Have there been any significant legal and regulatory developments relevant to corporate fraud and corruption in the UAE over the past 12-18 months?
  • When suspicions of fraud or corruption arise within a firm, what steps should be taken to evaluate and resolve the potential problem?
  • Do you believe companies are paying enough attention to employee awareness, such as training staff to identify and report potential fraud and misconduct?
  • How has the renewed focus on encouraging and protecting whistleblowers changed the way companies manage and respond to reports of potential wrongdoing?
  • And much more…

Q. To what extent are boards and senior executives in UAE taking proactive steps to reduce incidences of fraud and corruption from surfacing within their company?

Anjum: High-profile corruption scandals have driven home the seriousness of fraud and corruption, and the turmoil that can engulf a company because of it. Organisations in the United Arab Emirates (UAE), and in the Middle East region as a whole, understand that being proactive against risk can be a matter of survival, especially in a competitive environment, but it is more than that. Today, being forward-thinking and proactive when it comes to fraud and corruption can actually foster organisational growth. Business grows an average of 3 per cent faster where corruption is low, according to the World Bank. And more organisations are engaging in trusted certifications like ISO 37001 for anti-bribery management because having that certification tells customers, vendors, third parties and employees that the company places a high priority on fraud training and prevention.

Q. Have there been any significant legal and regulatory developments relevant to corporate fraud and corruption in the UAE over the past 12-18 months?

Anjum: In January 2017, UAE president Shaikh Khalifa Bin Zayed Al Nahyan approved the highly anticipated Anti-Commercial Fraud Law, which strengthens protections of intellectual property rights (IPR) and imposes stricter penalties on counterfeiters. Counterfeiting and adulterated goods, along with intellectual property (IP) theft, are severe problems in the Middle East, propagated by unscrupulous inland and free zone traders. And while fraud and corruption still plague the region, the UAE continues to lead the Middle East in Transparency International’s latest Corruption Perception Index for its strides in addressing fraud risk and areas of concern, including bribery and corruption. With that said, experts have noted that businesses and governments in the UAE, and the Middle East, on the whole, face increasing threats of cybercrime, with a need for continuously updated laws and regulations to keep pace with this ever-evolving fraud threat.

Q. When suspicions of fraud or corruption arise within a firm, what steps should be taken to evaluate and resolve the potential problem?

Anjum: Fraud allegations, from bribery to embezzlement, should be treated as a very serious issue. When suspicion arises at an organisation, business leaders and the board should bring in expert help. Professional investigators have years of training in evidence collection and interviewing, and their role is to establish the facts of the case. The key to a proper investigation is to not approach it with a preconceived notion of how it will conclude. It is critical to remember that companies do not get a second chance when conducting a fraud investigation. It has to be done right the first time to reach a successful conclusion.

Q. Do you believe companies are paying enough attention to employee awareness, such as training staff to identify and report potential fraud and misconduct?

Anjum: Employees are the eyes and ears of your company, and the first line of defence against fraud and corruption. Many organisations are getting the message and making employee training and awareness of key parts of their fraud prevention programme. One key way to do this is by engaging in ISO 37001, which certifies that an organisation has implemented reasonable and proportionate measures to prevent bribery. The certification process involves a training module for employees. It stresses the importance that such training should continue as mandatory for all staff, and be provided on an annual basis – if not more frequently. If employees do not know what constitutes fraud, or how to recognise it, organisations face a heightened risk of being victimised.

Q. How has the renewed focus on encouraging and protecting whistleblowers changed the way companies manage and respond to reports of potential wrongdoing?

Anjum: Statistics from the Association of Certified Fraud Examiners (ACFE) show that most fraud is discovered by tips, which often come from employees, vendors and others connected to the organisation in some way, and the only way to get those tips is to provide a culture that supports and encourages whistleblowers. That is why having an anonymous reporting system, and communicating it to employees is a critical part of any fraud and risk prevention strategy. But for it to work, employees have to know what type of behaviour should be reported. This is where a training protocol like ISO 37001 comes in. It provides a curriculum that helps employees recognise the red flags of fraud, and also communicates how they can report fraud when they see it.

Q. Could you outline the main fraud and corruption risks that can emerge from third-party relationships? In your opinion, do firms pay sufficient attention to due diligence at the outset of a new business relationship?

Anjum: Many companies pay lip service to due diligence, but when an opportunity arises to make a major move, such as a merger, acquisition or new partnership, the interest of growing the business trumps a more cautious approach. This may be changing, however, as more organisations in the UAE and elsewhere put established due diligence procedures in place that cannot be circumvented by overeager business leaders. This is important because the risks are great.

Q. What advice can you offer to companies on implementing and maintaining a robust fraud and corruption risk management process, with appropriate internal controls?

Anjum: Begin with a thorough fraud risk assessment that examines every area of your organisation. This should be conducted by experts and used to gauge your overall threat level, as well as help you create a plan for moving forward by exposing a weakness that could lead to fraud risk and compliance issues. When creating your fraud and corruption risk management process, be sure to include hiring procedures, including thorough background checks, due diligence for any new mergers, acquisitions and partnerships, regular schedule audits and implement an anonymous reporting system. Build-in review processes that track the effectiveness of your controls, including how tips were handled and ultimately resolved. Finally, try to think like a fraudster. Consider any way that an employee, vendor or even customer might try to take advantage of your organisation. You might be surprised at what you find.

 

Speak up – report any illegal, unethical, or improper behaviour

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy.[/vc_column_text][accordion_father][accordion_son title=”Meet our CEO” clr=”#ffffff” bgclr=”#1e73be”]Zafar I. Anjum, is Group Chief Executive Officer of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations.  Headquartered in London (with significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.

Contact CRI Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

 

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com[/accordion_son][accordion_son title=”About CRI Group” clr=”#ffffff” bgclr=”#1e73be”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][accordion_son title=”2018 annual reviews” clr=”#ffffff” bgclr=”#1e73be”]Download 2018 annual reviews by Mr. Zafar Anjum, CEO, and Ms. Fatima Farrukh, Compliance professional at CRI Group.

Click here to download the review of UAE (Mr. Zafar Anjum, CEO at CRI Group)
Click here to download the review of UK (Mr. Zafar Anjum, CEO at CRI Group)
Click here to download the review of Pakistan (Ms. Fatima Farrukh, Compliance professional at CRI Group)

CRI Group was included in the 2018 Annual Review: UAE Corporate Fraud & Corruption, published by Financier Worldwide Magazine. The above is an updated version of the Financier Worldwide reprint.

[/accordion_son][/accordion_father][vc_empty_space]

Have you read….

[/vc_column_text][vc_basic_grid post_type=”case-study” max_items=”3″ style=”pagination” items_per_page=”3″ item=”234″ grid_id=”vc_gid:1604991719329-f63e5646-0ec8-2″ taxonomies=”146, 48″][vc_basic_grid post_type=”post” max_items=”12″ style=”pagination” items_per_page=”3″ item=”234″ grid_id=”vc_gid:1604991719334-97047c19-3b4f-3″ taxonomies=”10, 3, 146, 149″][/vc_column][/vc_row]

Risk assessment breakdown: Identification, Analysis, Evaluation

Whatever your reasons or motivations might be, if your organisation’s objective is to have an effective risk management strategy in place, then ISO 31000 can provide the principles, framework and a process for managing risk. ISO 31000 is not a certifiable standard; the standard is a set of guidelines which provide guidance for internal or external audit programmes. However we recommend taking ISO 31000 Awareness training, this will enable you to fully understand Risk Management activities and mitigate risk.  According to ISO 31000, there are two important building blocks that form the core of risk management:

  • Risk assessment
  • Risk treatment

Under ISO 31000, each of these stages has a whole section of its own – they go into detail about best practices for identifying risks, how to analyse them in terms of probability and severity, and how they can be evaluated in terms of the company’s risk appetite. This article discusses the importance of Risk Assessment.

Risk management is a full-time, ongoing endeavour for organisations in today’s business world, and it poses constant challenges. Unfortunately, fraud, bribery and corruption are major factors affecting businesses and agencies of all sizes and industries. Being proactive against these risks can mean the difference between success and ruin. Our “Risk Management & ABMS Playbook” provides tools, checklists, case studies, FAQs and other resources to help you lead your organisation into better preparedness and compliance. READ MORE NOW!

What is Risk Assessment?

Risk assessment is the overall process of identification, analysis and evaluation of any given risk. It can be a systematic examination of a task, job or process that a risk professional carries out at work for the purpose of identifying significant hazards. For example, the risk of someone being harmed and deciding what further control measures to take to reduce the risk to an acceptable level. The process will vary between organisations, but it should start with identification of hazards, analysis of who and what might be harmed, evaluation of the risk, documentation of the risks, taking action and review. Your organisation should conduct a risk assessment systematically, interactively and collaboratively, drawing on the knowledge and views of stakeholders. It should use the best available information, supplemented by a further inquiry as necessary.

Risk assessment breaks down into:

  • Step 1: Identification
  • Step 2: Analysis
  • Step 3: Evaluation

Risk Identification

The purpose of risk identification is to find, recognise and describe risks that might help or prevent an organisation achieving its objectives. Relevant, appropriate and up-to-date information is important in identifying risks. The organisation can use a range of techniques for identifying uncertainties that may affect one or more objectives. The following factors, and the relationship between these factors, should be considered:

  • Tangible and intangible sources of risk;
  • Causes and events;
  • Threats and opportunities;
  • Vulnerabilities and capabilities;
  • Changes in the external and internal context;
  • Indicators of emerging risks;
  • The nature and value of assets and resources;
  • Consequences and their impact on objectives;
  • Limitations of knowledge and reliability of information;
  • Time-related factors;
  • Biases, assumptions and beliefs of those involved.

Your organisation should identify risks, whether or not your sources are under your control. Consideration should be given that there may be more than one type of outcome, which may result in a variety of tangible or intangible consequences.

> At CRI Group we are working on new ISO 31000 Awareness training course. Show your interest and sign up for more updates HERE!

Risk analysis

Risk analysis allows you to understand the nature of risk, its characteristics and level. Because an event can have multiple causes and consequences and can affect multiple objectives a risk analysis should involve a detailed consideration of uncertainties such as risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness.

Risk analysis can be undertaken with varying degrees of detail and complexity, depending on the purpose of the analysis, the availability and reliability of the information, and the resources available. Analysis techniques can be qualitative, quantitative or a combination of both, depending on the circumstances and intended use. Risk analysis should consider factors such as:

  • The likelihood of events and consequences;
  • The nature and magnitude of consequences;
  • Complexity and connectivity;
  • Time-related factors and volatility;
  • The effectiveness of existing controls;
  • Sensitivity and confidence levels.

A risk analysis is likely to be influenced by a wide range of variables, from any divergence of opinions, biases to perceptions of risk, from judgements, quality of the information used to the assumptions and exclusions made and any limitations of the techniques and how they are executed. These influences should be considered any risk analysis, documented and communicated to any decision-makers involved in the process.

It is important to remember that any highly uncertain event can be difficult to quantify, and this is an issue. If you find yourself in such a situation, using a combination of techniques generally provides greater insight. Risk analysis provides input to risk evaluation, to decisions on whether risk needs to be treated and how, and on the most appropriate risk treatment strategy and methods. The results provide insight for decisions, where choices are being made, and the options involve different types and levels of risk.

Risk evaluation

Risk evaluation can support your decisions. Risk evaluation involves comparing the results of the risk analysis with the established risk criteria to determine where additional action is required. This can lead to a decision to:

  • Do nothing further;
  • Consider risk treatment options;
  • Undertake further analysis to better understand the risk;
  • Maintain existing controls;
  • Reconsider objectives.

Any decisions should take into account the wider context and the actual and perceived consequences to external and internal stakeholders. The outcome of risk evaluation should be recorded, communicated and then validated at appropriate levels of the organisation.

Who should do risk assessments?

Well, by law, every employer must conduct risk assessments. Risk assessments should always be carried out by a professional who is familiar to risk, a person who is experienced and competent to do so.  Competence can be expressed as a combination of knowledge, awareness, training, and experience. Remember competence does not mean you have to know everything about everything, competence also means knowing when you know enough or when you should call in further expert help. 

 

Risk Assessment and ISO 31000

ISO 31000 was developed by hundreds of experts in risk mitigation, from thirty countries. This international effort produced a standard that is worldwide and represents best practices and leading operations for risk management. Organisations can trust that they are following a tested, robust standard to increase success. The standard converts risk management into a set of “friendly” and actionable – and straightforward to implement – guidelines, regardless of the size, nature, or location of a business.

> Find out more about ISO 31000 Risk Management and other standards now!

[/vc_column_text][accordion_father][accordion_son title=”About CRI Group” clr=”#ffffff” bgclr=”#1e73be”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][/accordion_father][vc_empty_space][/vc_column][/vc_row]

CRI supports Fraud Week 2020

International Fraud Awareness Week, 15-21 November 2020 – and CRI Group is once again a proud Official Supporter of this global movement. Fraud Week was created to reduce the impact of fraud and corruption by promoting anti-fraud awareness and education.

Fraud statistics

Fraud is still increasingly common. Even when it comes to hiring employees, companies must be vigilant. CRI Group’s investigative team found that providing incorrect employment details is the most common red flag, as it was uncovered in about 4.5 per cent of background screenings. This is followed by providing incorrect education degree details as well as having adverse media (unfavourable news or online mentions), both at 2.33 per cent. Most employers would probably say that when it comes to educational background, the only thing worse than providing incorrect degree information would be outright claiming a fake degree – which occurred in nearly 2 per cent of cases.

> Read more in our article “Background Screening Red flags: Numbers Don’t Lie”.

In another survey conducted by CRI Group, which analysed how COVID-19 has impacted human resources and its functions, it was revealed that companies understand the fraud risk factor during the pandemic: nearly 77 per cent of HR professionals accept that there is a risk that employees can initiate fraudulent activity because of the work-from-home arrangement. Also, the shocking number of survey participants highlighted that they have encountered employee fraud in their career. Luckily, most companies do conduct background screening of some type. In fact, 85 per cent do so, which is important because many companies have learned that trust can be misplaced. While an overwhelming 92 per cent said they trust their employees with confidential data, background screening can help verify that your employees aren’t hiding anything in their backgrounds that might put your company at risk.

> Read more about the survey, as it provides valuable information for companies, employees, and human resources professionals and teams who serve them. It also sheds light on the critical need for increased employee background screening and data protection during a tumultuous time.

Some other stats to note (the following come from the ACFE):

  • The average fraud lasts 18 months before it is discovered. The longer a fraud lasts, the greater the financial damage (schemes that last for several years can cause hundreds of thousands of dollars).
  • The most common detection method for fraud is tips. And organisations that have reporting hotlines are much more likely to detect fraud through tips than organisations without hotlines.

All of the above indicates that the fraud issue is real and organisations must take actions to prevent the fraud risks for their organisations and even careers. For CRI Group, the goal is to help business leaders think about fraud and corruption this week and take steps to minimise it year-round. So, what is your organisation doing for Fraud Week?

Get involved in the Internal Fraud Awareness Week

Join CRI Group and ACFE in the fight against fraud. ACFE provides a great set of the following tools to go a step further in your role and to start discussions amongst peers, co-workers, executives and stakeholders in your community about how important fraud prevention is to society as a whole:

  • Post on social media using new badges and informative images with the tag #fraudweek
  • Add the new Official Fraud Week Supporter badge to your email signature.
  • Invite a CFE to talk to your employees and co-workers virtually on how to avoid common mistakes when preventing fraud.
  • Download the free Fraud Week logo to share on materials or websites.
  • Involve your local chamber of commerce or city council to spread tips on fraud prevention for small businesses.
  • Encourage your governor to issue a proclamation (.doc) declaring that your state supports Fraud Week.
  • Host a talk or seminar for your co-workers or community on regularly staying aware of fraud prevention best practices. You can post that event to share what you are doing on our events page.
  • Perform a fraud check-up for your organisation and present your findings to executives, as well as a proactive plan for how to remedy weak spots in your current controls.

How does CRI Group fight fraud?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Fraud Week

[/vc_column_text][/vc_column][/vc_row][vc_section][accordion_father caption_url=””][accordion_son title=”2018 Fraud Week” clr=”#ffffff” bgclr=”#1e73be”]CRI Group proudly celebrates International Fraud awareness week and highlights that this occasion (called Fraud Week, for short) is an important effort to put a spotlight on fraud, help educate people about its perils and build a fraud-free future.

“Fraud Week reminds us that awareness is any organisation’s first line of defence against fraud and corruption, as properly trained employees will have a better opportunity to recognise the red flags of fraud, and a better understanding of their organisation’s zero-tolerance policy toward such behaviour”, Zafar Anjum, founder and CEO of CRI Group says.

“Fraud is everybody’s problem, and it cannot be prevented and detected if employees aren’t provided with the information they need to combat it. Providing a robust anti-fraud training program increases your company’s protection from risks of fraud and unethical behaviour. An ounce of prevention is worth more than a pound of cure.”

For CRI Group, though, helping organisations prevent and detect fraud is a year-round commitment. That’s why Fraud Week is a great time to reflect on CRI Group’s recent efforts in the fight against fraud, and to also look ahead to activities on the near horizon. Below are just a few of the highlights.

CRI Group is here to help and create a fraud-free future. Contact us today to learn more about our ABAC training and certification opportunities, our EmploySmart background checking process, our investigative services and other offerings.

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][accordion_son title=”2017 Fraud Week” clr=”#ffffff” bgclr=”#1e73be”]2017 International Fraud Awareness Week (also called “Fraud Week”) kicked off on Sunday and is in full swing. CRI Group is a proud supporter of this important initiative every year, and we encourage business leaders to take this time to consider all of their fraud prevention measures, including anti-fraud training for employees.

Does your organisation have a training program in place that addresses fraud, bribery and corruption? And, if so, how robust is your training? How often is it administered? And how do you know it’s working?

These are important questions, especially considering the fact that we know most fraud is discovered internally through employee tips. A recent case study is a perfect illustration of that.

Case study: Conflicts of interest

A major pharmaceutical company’s security department received conflict of interest complaints that reportedly involved a range of employees, from sales personnel on up to the chief financial officer (CFO).  The company engaged CRI Group to conduct an integrity due diligence and conflict of interest investigation in order to uncover unethical practices, including bribery and corruption, by senior employees.

CRI Group’s investigators quickly launched a risk assessment of the company’s third-party relationships, which included several interviews with identified vendors and suppliers to help ascertain the engagement process and associated risks.

Investigators found one of the vendors used letterhead that lacked a physical address, and the only contact information listed was a single cell phone number. Site visits, background checks and interviews helped determine that the suspicious vendor was not a company at all – but a single person, and he was none other than the brother-in-law of the client company’s CFO. Worse still was the fact that this obvious fraud was being conducted right under the noses of the company’s procurement and finance professionals.

CRI Group investigators discovered that the individual’s residence was being utilised as a warehouse to help facilitate the fraud. Comprehensive litigation records check with local and regional courts found that the subject was previously convicted in federal court and spent three years in prison for the charges of selling counterfeit products, physician samples and expired medicines; further regulatory checks found that his pharmacist license had been cancelled.

The fraud had continued for five years. However, the one thing that saved the company from further financial harm was the fact that employees had stepped forward to report unethical behaviour. If not for their action, the fraud could have continued indefinitely.

Fraud Week reminds us that awareness is any organisation’s first line of defence against fraud and corruption, as properly trained employees will have a better opportunity to recognise the red flags of fraud, and a better understanding of their organisation’s zero-tolerance policy toward such behaviour.

CRI’s Certification body, ABAC Center of Excellence provides employee training as part of the curriculum for a participating organisation. In fact, ISO 37001:2016 certifies that your organisation has implemented reasonable and proportionate measures to prevent bribery, and these measures involve training, top-level leadership, bribery risk assessment, due diligence adequacy, financial and commercial controls, reporting, audit and investigation.

Some key things to remember:

  • Anti-fraud training should be mandatory. This includes managers and executives, who should also receive special training regarding their position of responsibility.
  • Anti-fraud training should be an element of new employee orientation. After that, it should be provided to all employees on an annual basis, if not more frequently.
  • Training might be presented live (in-class), on video or online in an interactive format. The live class is preferred, as it allows questions and personal engagement. However, in today’s business world, some employees work remotely and an online format may be more feasible.

Fraud is everybody’s problem, and it cannot be prevented and detected if employees aren’t provided with the information they need to combat it. Providing a robust anti-fraud training program increases your company’s protection from risks of fraud and unethical behaviour. An ounce of prevention is worth more than a pound of cure.

Learn more about how CRI Group and the ABAC Center of Excellence can help you have a well-trained workforce serving as your front line of defence against fraud, bribery and corruption.

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][/accordion_father][/vc_column][/vc_row][/vc_section]

#InTheNews: the role of Risk Management in Banking & AI

SEC’s Office of Compliance Inspections and Examinations Issues COVID-19 Risk Alert

Lexology reported that “On August 12, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE), issued a risk alert highlighting COVID-19 compliance risks and considerations for broker-dealers and investment advisers. The risk alert highlights six categories of compliance risk: Protection of investors’ assets, Supervision of personnel, Practices relating to fees, expenses, and financial transactions, Investment fraud, Business continuity, and Protection of investor and other sensitive information. Through its exams, operations and outreach efforts with SEC registrants, OCIE has observed the impacts of COVID-19 on registrants and their resulting operational resiliency challenges.” The US Securities and Exchange Commission reported that “market volatility related to COVID-19 may have heightened the risks of misconduct in various areas that the staff believe merit additional attention. This risk alert has been issued with an aim to inform firms and the public generally of these findings.

The Hong Kong Money Authority (HKMA)’s Guidance for banks on Climate Risk Practices

“The Hong Kong Money Authority (HKMA) has recently consulted selected Authorised institutions (AIs) about their approach to climate risk management in the four areas. Some of the key measures adopted by these AIs which are subsidiaries of international banks are noted and have been used as practical guidance in the White Paper”. The HKMA whitepaper explained that using risk management, “AIs are expected to incorporate climate risk considerations into their existing risk management framework.” The HKMA noted, “that advanced AIs aimed to develop a voluntary, consistent climate-related financial risk disclosure framework for firms to report information to stakeholders”[/vc_column_text][/vc_column][/vc_row][vc_hoverbox image=”8369″ primary_title=”Stay updated on the go” hover_title=”Subscribe for our newsletter” hover_btn_title=”Keep me updated” hover_add_button=”true” hover_btn_link=”url:https%3A%2F%2Fwww.crigroup.com%2Fnewsletter-subscription%2F||target:%20_blank|”]Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence related news, solutions, events and publications.[/vc_hoverbox][/vc_column][/vc_row]

Risk and Compliance Management

CRI Group’s ABAC® Center of Excellence helps businesses ensuring compliance and managing risks by offering to achieve certifications for internationally recognised standards such as ISO 31000 and ISO 19600.
ISO 31000:2018 Risk Management provides principles, framework and a process for managing risk. Public, private and community enterprises can all benefit from ISO 31000:2018 because it covers most business activities, including research, planning, management and communications. Implementing ISO 31000:2018 can help organisations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
ISO 19600 is a widely-accepted standard that provides guidance for establishing, developing, implementing, evaluating, maintaining and improving an organisation’s compliance management program. It covers all compliance-related issues including anti-trust, fraud, misconduct, export control, anti-money laundering, and other unexpected risks which might affect your business. The standard acts as a global benchmark for effective and responsive compliance management program, based on the good governance and transparency principles. The guidelines set forth by the standard are applicable to all types and sizes of organisations and aren’t restricted by industry, risk exposure or geographic reach.

Third-Party Risk Management

CRI Group’s own exclusive, expert-developed 3PRM™ services help you proactively mitigate risks from third-party affiliations, protecting your organisation from liability, brand damage and harm to the business. Whether your organisation has a large, well-established third-party program, is in the early stages of development, or is anywhere in between, 3PRM™ solution can improve the health of your program and future-proof your entire business in many forms. Our 3PRM™ solution streamlines the third-party risk management process through scalability, and efficiencies – from third-party risk identification to assessment what sets us apart is that our 3PRM™ solution includes:
From cybersecurity to anti-bribery, our solution is flexible and responsive to the various risk domains that are most important to your business. With a network of trained professionals positioned across five continents, CRI Group’s 3PRM™ services utilise one of the largest multi-national fraud investigation teams the industry has to offer.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Top 10 Bribery & Corruption Stories of 2020

Even with much of the world under partial lockdown during the COVID-19 pandemic, there’s been no shortage of bribery and corruption cases through the first half of 2020. Each of these stories makes it clear that organisations must have proper controls in place to prevent bribery and corruption. ISO 37001 Anti-Bribery Management Systems standard provides a comprehensive approach to mitigating bribery and corruption risk.

Organisations of all sizes and industries should take steps now to ensure that they don’t end up on a future list of top bribery and corruption scandals. Due to last year’s “Top 10 Bribery and Corruption Cases of 2019” successful article we decided to compile a 2020 list too. In no particular order, ABAC® Center of Excellence collated the top bribery and corruption stories we’ve seen so far in 2020.

In no particular order, here are 10 of the top bribery and corruption stories we’ve seen so far in 2020.

#10. Airbus

In February, French-based Airbus agreed to pay a record $4 billion in fines for alleged bribery and corruption spanning at least 15 years. The company reached a plea bargain with prosecutors in Britain, France and the United States. According to prosecution documents, Airbus used a global network of agents or middlemen for corrupt transactions, included payouts disguised as commissions to push airplane sales.

“Fallout from the Airbus bribery scandal reverberated around the world on Monday as the head of one of its top buyers temporarily stood down and investigations were launched in countries aggrieved at being dragged into the increasingly political row.” (Reuters, 2020)

#9. Novartis

While the investigation into suspected corruption at Novartis began seven years ago, it appears that 2020 is the year the company can finally close this damaging chapter in its history. The resolution comes at a steep cost. The Swiss-based pharmaceutical company will pay a staggering $1.3 billion in a settlement for kickbacks, bribery and price-fixing.

“The latest settlements cover two different cases. In the first, federal prosecutors claim Novartis used ‘tens of thousands of’ speaker programs and events — some entailing exorbitant meals — as disguise to provide bribes to doctors. The goal, according to prosecutors, was to encourage doctors to prescribe its drugs, including Lotrel, Valturna, Starlix, Tekturna, Tekamlo, Diovan and Exforge.” (Fierce Pharma, 2020)

#8. Ohio House Speaker Larry Householder

While political corruption is nothing new, his constituents were nevertheless shocked when Ohio House Speaker Larry Householder was arrested, along with four alleged co-conspirators, as part of a $60 million racketeering and bribery investigation. The alleged scheme is being described as one of the biggest public corruption cases in Ohio, U.S. history.

“All the charges are tied to what federal prosecutors said was a criminal enterprise dedicated to securing a bailout for two nuclear power plants in northern Ohio owned by FirstEnergy Solutions of Akron. The bailout is expected to cost the state’s utility ratepayers $1 billion.” (Cincinnati Enquirer, 2020)

#7. Alexion Pharmaceuticals

Charged by the SEC with violating the FCPA by bribing officials in Turkey and Russia, Alexion Pharmaceuticals will pay $21.4 million to resolve an investigation that began in 2015. The Connecticut, U.S.- based company was also accused of failing to keep accurate financial records at subsidiaries in Brazil and Colombia.

“In Turkey and Russia, Alexion paid government officials and doctors at state-connected hospitals to promote use of its blood-disease drug, Soliris. Alexion retained a consultant in Turkey from 2010 to 2015 with ties to health officials. Alexion Turkey paid the consultant over $1.3 million for ‘consulting fees and purported expense reimbursements,’ the SEC said. … In Russia, Alexion paid doctors at government hospitals over $1 million from 2011 to 2015 to increase Soliris prescriptions. … The bribery resulted in Alexion being ‘unjustly enriched’ by about $6.6 million in Turkey and $7.5 million in Russia, the SEC said.” (FCPA Blog, 2020)

#6. Taiwan Presidential Office Secretary-General Su Jia-chyuan

In Taiwan, a scandal embroiling some top legislators prompted Presidential Office Secretary-General Su Jia-chyuan to resign from office. Su Jia-chyuan’s nephew, Democratic Progressive Party (DPP) Legislator Su Chen-ching, is reportedly under investigation in a bribery case related to the ownership of a department store. Su Jia-chyuan said he has “nothing to hide” and insisted he is stepping down to avoid letting the controversy continue to affect the president.

“Taipei prosecutors on Saturday filed a motion to detain Su Chen-ching, along with four other former and incumbent lawmakers as part of an investigation into bribery allegations against six current and former legislators and their aides. The court hearing on whether to grant the prosecutors’ request to detain them was ongoing as of press time last night. The DPP’s anti-corruption committee convened a meeting at 8 pm to discuss the penalties for Su Chen-ching and former legislator Mark Chen, who has also been implicated in the case and was released on NT$500,000 bail early on Saturday.” (Taipei Times, 2020)

#5. Former Malaysia Prime Minister Najib Razak

As part of the 1MDB corruption scandal, former Malaysian Prime Minister Najib Razak was convicted on seven counts for charges that include money laundering, abuse of power and criminal breach of trust. Investigators said he transferred about $10 million from a 1MDB affiliate to his own bank accounts, and the Malaysian High Court agreed. Razak was forced out of office in 2018 during the scandal.

“In 2015, the Wall Street Journal reported that Najib deposited about $700 million from 1MDB into his personal accounts. He has always denied the allegations. He faces more trials in Malaysia on at least 35 additional corruption charges. The judge Tuesday imposed a 12-year prison sentence on Najib, 67, but suspended it during any appeals.” (FCPA Blog, 2020)

#4. Alstom

A multi-year, multi-million-dollar bribery and money laundering investigation involving Alstom Indonesia resulted in more indictments this year. Reza Moenaf, former president, and Eko Sulianto, former director of sales, for Alstom Indonesia were charged along with a former deputy general manager of Marubeni Corporation’s overseas power project department. They are accused by the U.S. Justice Department of violating the Foreign Corrupt Practices Act (FCPA) and of conspiracy to commit money laundering.

“According to the Justice Department, Kusunoki, Moenaf, and Sulianto engaged in a conspiracy to pay bribes to officials in Indonesia — including a high-ranking member of the Indonesian Parliament and the president of Perusahaan Listrik Negara, the state-owned and state-controlled electricity company in Indonesia — in exchange for assistance in securing a $118 million contract, known as the Tarahan Project, for Alstom Power and its consortium partner, Marubeni, to provide power-related services for Indonesian citizens.” (Compliance Week, 2020)

#3. Los Angeles City Councilman Jose Huizar

Corruption in local politics is still a major issue, especially in a major city like Los Angeles, U.S.  That’s where City Councilman Jose Huizar is alleged to have engaged in a wide array of bribery and corruption acts to enrich himself and his associates. He now faces a laundry list of charges after a federal grand jury returned a 34-count indictment against Huizar.

“Huizar was charged last month with one count of conspiracy to violate the Racketeer Influenced and Corrupt Organizations (RICO) Act. Thursday’s indictment charges Huizar with the following criminal charges: 12 counts of honest services wire fraud; two counts of honest services mail fraud; four counts of traveling interstate in aid of racketeering; six counts of bribery; five counts of money laundering; one count of structuring cash deposits to conceal bribes; one count of making a false statement to a financial institution; one count of making false statements to federal law enforcement; and one count of tax evasion, according to prosecutors.” (CBS News, 2020)

#2. Asante Berko, Former Goldman Sachs Executive

Former Goldman Sachs executive Asante Berko was charged by the SEC as a result of their investigation into his alleged bribery plot. Berko is accused of FCPA violations in his effort to help an energy company based in Turkey secure a contract for a power plant in Ghana. He was charged in a civil complaint in New York, U.S., for “aiding and abetting violations of the FCPA anti-bribery provisions.”

“According to the SEC, Berko helped the Turkish energy company pay at least $2.5 million to a Ghana-based intermediary, ‘all or most of which was used to bribe Ghanaian government officials’ to secure approval of an electrical power plant project. … In 2015, Berko negotiated a contract for the Turkish energy company to pay the intermediary $2.5 million at first, and up to $42 million over five years, the complaint said.” (FCPA Blog, 2020)

#1. Cardinal Health

Ohio, U.S.-based Cardinal Health paid the SEC $8.8 million Friday to settle FCPA offenses related to a Chinese subsidiary that provided marketing services. Cardinal Health allegedly violated provisions for maintaining books and records, as well as internal accounting controls. Cardinal Health first began doing business in China after acquiring an existing company and rebranding it. It appears the company made voluntary disclosures and has been taking proactive steps to address the corruption issues in its ranks.

“In 2016, Cardinal China learned that the marketing employees and the dermocosmetic company had disguised some ‘marketing payments’ that were funneled to healthcare professionals who provided marketing services, as well as other employees of state-owned retail entities. The state-owned entities had influence over purchasing decisions related to the dermocosmetic company’s products. Cardinal took steps to stop the suspect payments in 2016 when it learned about the misconduct, the SEC said. In December 2016, Cardinal voluntarily disclosed the results of its internal investigation to the SEC.” (FCPA Blog, 2020)

Staying one step ahead of any critical risk to your organisation is part of being an effective business leader. Contact us today to get started on implementing a robust program that will serve you well for years to come. Get your FREE QUOTE now!

We Welcome You To Have Free Gap Analysis of Highest Ethical Business Survey: prove that your business is ethical. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program.

TAKE THE GAP ANALYSIS NOW!

Find out if your organisation’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Let ABAC® experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.

The HEBA survey is designed to evaluate your compliance with the adequate procedures to prevent bribery and corruption across the organisation. This survey is monitored and evaluated by qualified ABAC® professionals with Business Ethics, Legal and Compliance background. The questions are open-ended to encourage a qualitative analysis of your Compliance Program and to facilitate the gap analysis process.

TAKE THE GAP ANALYSIS NOW!

The survey takes around 10 minutes to complete. ABAC® is powered by CRI Group – this GAP analysis will be performed by ABAC®

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue Diligence and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Stay tuned for Part 2 or follow us on LinkedInFacebook or Twitter for more industry news and insights.