BS 7858:2019 | The new way to mitigate employee risk during COVID-19

Mitigate employee risk during COVID-19 with BS 7858:2019

The far-reaching impact of the COVID-19 outbreak has affected virtually every business and economic sector worldwide. Depending on the global region, the far-reaching implications have hampered (on various levels) the ability to conduct proper and thorough background screening investigations. In the United Kingdom and the United Arab Emirates, the countrywide lockdowns forced leaders to close sites and send their workforce home. Many have to learn how to manged people working from home (WFH) or remotely for the first time. The previous concerns about productivity, privacy and protecting sensitive information only grew more with the practice of WFH. They highlighted the vital importance of pre-employment background screening and background investigations. BS 7858:2019: the revised standard for screening individuals working in secure environments offers a complete solution.

Unfortunately, conducting such investigations in a reliable and timely manner has brought its struggles. The closure of public information sources has dramatically impacted accessing public records to verify previous employment, education and criminal charges. Drug screening tests have been delayed or postponed until such companies are permitted to reopen their doors for business. On the applicant side, it’s been widely reported that individuals are concerned (and rightly so) about participating in face-to-face interviews. Applicants are concerned with leaving their homes to do a drug test and, ultimately, returning to a work environment that may or may not appear healthy, protected and safe.

Recruitment fraud and how BS 7858:2019 provide the solutions

Investigators themselves have hesitations about venturing into the field to complete their assignments, which in many countries may require a high degree of boots-on-the-ground research and in-person interaction. Fortunately, the background screening industry is resilient. It is steadily working around these obstacles to ensure that workplaces are safeguarded, workers, customers and property are protected, and sensitive information doesn’t fall into rogue hands. This is particularly important in those sectors that rely heavily on vetting personnel working in secure environments responsible for people, property, data and critical systems. And it’s important for the mere fact that a trending increase in recruitment fraud is creating additional challenges for already over-burdened employers. Last year recruitment fraud cost £23 billion in the UK alone.

The recent update of the BS7858:2019 standard, “Screening of Individuals Working in a Secure Environment – Code of Practice,” emphasizes the risk assessment of secure environment workers. The code focuses on the need for tighter controls over the pre-employment screening – and periodic re-screening – of individuals, who in their positions could potentially benefit from illicit personal gain, become compromised, or take advantage of other opportunities for creating breaches of confidentiality, trust or safety.

Written by the British Standards Institute, which is recognised as the UK’s national standards body, BS7858:2019 lays out the scope of “obtaining personal background information to enable organisations to make an informed decision, based on risk, on employing an individual in a secure environment.” Those workers include business owners, directors, partners, silent partners and shareholders holding more than 10% of the business; managers, area managers, department managers, screening managers and staff; installers and service crew; security personnel; and office supervisors and staff with access to customer and system records.

The amended guidelines of the standard put the onus on the organisation’s top management to demonstrate that they are focused on the aspects of the business where the most risk lies and the particular personnel roles involved within those risks areas. This is particularly important because, as the standard states, the “organisation retains ultimate responsibility for an outsourced screening process and is required to review the completed screening file.” Risks assessment includes examining certain roles that involve financial tasks, data security, management of goods, property risks or any number of “people risks” such as roles with direct access to vulnerable adults and children.

To that end, management is charged with ensuring that the organisation has proper and adequate resources and infrastructure to manage the adequate vetting of high-risk personnel. Management is tasked with the response and that there is a firm commitment at the top level to manage and support the coordination required to execute the screening process. Finally, management is tasked with ensuring that such responsibilities are appropriately assigned and communicated throughout the organisation. The guideline also eliminates its original text in 2012, a requirement to produce character references as part of the screening process. This decision was based on the supposition that such references are now deemed potentially weak and difficult to verify. 

Price of a bad hire

The price of a bad hire has far-reaching consequences for any business, including productivity loss, decreased employee morale, risks to employee safety and increased exposure to costly negligent hiring claims and potentially devastating litigation. The premise behind the standard is to safeguard employers from harmful or fraudulent hires. Cases of organisations that forego conducting due diligence on a new hire – especially a hire with high-risk exposure – often end badly for those organisations.

The revised BS7858:2019 standard enables organisations to demonstrate a commitment to safeguarding their businesses, employees, customers and information utilising widely accepted methods that focus on risk assessment and top-down management involvement in the company’s employment policies and practices. In establishing policies and practices around the standard, organisations can show that they place a high value on hiring individuals who possess integrity. Organisations can then task them with responsibilities designed to keep their co-workers, customers and information safe from the negative forces that have become more prevalent in today’s ever-changing COVID-19 world.

Playbook | Everything About BS 7858:2019

The price of a bad hire has far-reaching consequences for any business, including productivity loss, decreased employee morale, risks to employee safety and increased exposure to costly negligent hiring claims and potentially devastating litigation. The premise behind the standard is to safeguard employers from bad or fraudulent hires. Cases of organisations that forego conducting due diligence on a new hire – especially a hire with high-risk exposure – often end badly for those organisations.

At CRI Group, we know how important is your background screening to your company’s success and to give you an idea of what is new, we have produced this playbook detailing the differences between the BS7858:2012 standard and the new BS7858:2019 standard.

E-Book | Employee Screening During COVID-19

Managing people through COVID-19

The COVID-19 pandemic is undeniable affecting the world. And the situation is changing at an hourly rate as we go into a second global lockdown. Businesses have to adapt quickly to survive, i.e. cutting steps in their hiring process, and no one knows how this will play out. However, there are ways you can mitigate the impact, learn how from this free ebook.

Taken as a whole, this ebook is the perfect primer for any HR professional, business leader and companies looking to avoid employee background screening risks. It provides the tools and knowledge needed to effectively stay ahead of COVID-19. Read the answers to the following questions:

  • Does a candidate have to give consent to process a background check/screening?

  • How long does it take to conduct a background check?

  • When should I conduct pre-employment checks?

  • How often should I screen employees?

  • How to collect references and what to ask?

  • How much does it cost to conduct background checks?

  • What is the difference between employment history verification and employment reference?

FAQ E-Book | All About Background Checks

The price of a bad hire has far-reaching consequences for any business, including productivity loss, Get answers to frequently asked questions about background checks/screening cost, guidelines, check references etc.

Taken as a whole, it is the perfect primer for any HR professional, business leader and companies looking to avoid employee background screening risks. It provides the tools and knowledge needed to make the right decisions. This eBook is a compilation of all of the background screening related questions you ever needed answers to:

  • Does a candidate have to give consent to process a background check/screening?

  • How long does it take to conduct a background check?

  • When should I conduct pre-employment checks?

  • How often should I screen employees?

  • How to collect references and what to ask?

  • How much does it cost to conduct background checks?

  • What is the difference between employment history verification and employment reference?

  • How do I check on entitlement to work?

  • How to conduct identity checks?

  • What will a financial regulatory check show?

  • Is it possible to identify conflict of interest during checks?

  • What is a bankruptcy check?

  • What about directorships and shareholding search?

  • Can I have access to a criminal watch list?

  • Anti-money laundering check?

  • Can we conduct FACIS (fraud and abuse control information system) searches?

CRI Group | BS7984:2008 Accredited Company

BS7984:2008 accredited companies, such as CRI Group highlight to their clients that their security personnel are staff that can be trusted and relied upon to complete a high-quality job as the screening process highlights the level of conduct that they have presented in the past. This reassures the safety of the people, goods and property that they have been hired to protect.

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

If you have any further questions or interest in implementing compliance solutions, please contact us. CRI Group has safeguarded businesses from any risks, providing investigations such as insurance fraudemployee background screeninginvestigative due diligencebusiness intelligencethird-party risk management, forensic accounting, compliance and other professional investigative research services.

In 2016, the CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

About the Author

Zafar I. Anjum is Group Chief Executive Officer of Corporate Research and Investigations Limited “CRI Group” (www.crigroup.com), a global supplier of investigative, forensic accounting, integrity due to diligence and employee background screening services for some of the world’s leading business organisations.

Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Zafar Anjum, MSc, MS, LLM, CFE, CII, MABI, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC)
CRI Group Chief Executive Officer

37th Floor, 1 Canada Square,
Canary Wharf, London, E14 5AA,
United Kingdom

t: +44 207 8681415
m: +44 7588 454959
e: zanjum@crigroup.com

Q&A: Corporate fraud & corruption in the UK 2021

The United Kingdom scores 77 out of 100 on Transparency International’s (TI)  2020 Corruption Perceptions Index (CPI), as is one of the 25 least corrupt countries across the globe. However, it all seems great on the surface as corporate fraud and corruption cases have been noticeable in various industries across the UK. TI reports that corrupt actors enjoy their illicit gains by “buying luxury property in the world’s most sought-after cities, like London”. Based on the article “CPI 2020: Trouble in the top 25 countries”, “While the UK (77) is the first G20 country to launch a public register of beneficial ownership, a loophole in the law allows foreign companies to purchase real estate anonymously. This is particularly problematic as research shows that over 75 per cent of properties subject to criminal investigations between 2004 and 2015 used offshore anonymous companies to hide their owners’ identities. The UK government committed to closing this loophole by introducing a register of beneficial ownership for property, but it has yet to be implemented. The necessary legislation has been subject to significant delays. In the meantime, rich businesspeople linked to autocratic regimes are allegedly purchasing property via shell companies, such as billionaire and daughter of former President of Angola, Isabel de Santos.”

To discuss the situation of corporate fraud and corruption, CRI Group and its ABAC® Center of Excellence were invited to share the expert views in the special InDepth Feature by Financier Worldwide “Corporate fraud and corruption 2021”. In this edition, CRI Group’s CEO Zafar Anjum and ABAC®’s Scheme Manager Huma Khalid talk about how corporate fraud and corruption affect businesses not only in the UK, but across the globe, and provide solutions and insights for businesses to become better protected from corporate fraud, bribery and corruption. Read on the answers to the below questions:

  • To what extent have you seen a notable rise in the level of corporate fraud, bribery and corruption uncovered in your country of focus?
  • Have there been any legal and regulatory changes implemented in your country of focus designed to combat fraud and corruption? What penalties do companies face for failure to comply?
  • In your opinion, do regulators in your region have sufficient resources to enforce the law in this area? Are they making inroads?
  • If a company finds itself subject to a government investigation or dawn raid, how should it respond?
  • What role are whistleblowers playing in the fight against corporate fraud and corruption? How important is it to train staff to identify and report potentially fraudulent activity?
  • What advice can you offer to companies on conducting an internal investigation to follow up on suspicions of fraud or corruption?
  • What general steps can companies take to proactively prevent corruption and fraud within their organisation?

Q: To what extent have you seen a notable rise in the level of corporate fraud, bribery and corruption uncovered in your country of focus?

A: The COVID-19 pandemic has created increased opportunities for fraud worldwide. The UK is not immune, unfortunately, and such a disruptive event as the pandemic increases the likelihood that normal safeguards and risk management controls can be bypassed and subverted. There has been an increase in reported fraud and corruption cases over the past year. A survey of fraud experts by the Association of Certified Fraud Examiners (ACFE) in August 2020 showed that 77 percent were seeing an increase in fraud. Perhaps not surprisingly, cyber fraud is the fastest-growing problem area, but there has also been an uptick in unemployment fraud. This is bad news in the UK, where fraud is our most common crime, costing the country £190bn annually, according to the Royal United Services Institute (RUSI).

Q: Have there been any legal and regulatory changes implemented in your country of focus designed to combat fraud and corruption? What penalties do companies face for failure to comply?

 A: There is proposed legislation, supported by the secretary of state of the UK’s Department of Business, Energy and Industrial Strategy, that would increase accountability for corporations that produce falsified financial statements. This includes a provision that would require company directors to personally sign off on their corporation’s financial statements, under penalty of fines and possible prison time. Under the Sarbanes-Oxley Act in the US, the penalty for falsely certifying such statements is steep: up to 20 years in prison and up to $5m in fines, and the UK is looking at similar measures to step up its fight against fraud and corruption. The UK also recently approved the formation of an audit, reporting and governance authority (ARGA) that should come into force within the next two or three years. Accordingly, the UK is taking a stronger stance against fraud going forward.

> STAY UPDATED: Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence related news, solutions, events and publications

 Q: In your opinion, do regulators in your region have sufficient resources to enforce the law in this area? Are they making inroads?

A: Combatting fraud is never straightforward. When looking at progress in detecting and preventing fraud, it sometimes feels like a question of whether the glass is half full or half empty. For example, the Serious Fraud Office (SFO) brought 13 fraud defendants to trial in 2019 and 2020, with a 95 percent four-year success rate by case. Many of these represent large frauds, and they are meaningful wins, but how many more fraudsters are out there undiscovered? Other bodies, including Her Majesty’s Revenue and Customs (HMRC), among others, also have key roles to play in investigating fraud, but a considerable amount of fraud is still investigated and prosecuted at the local level. It is important for leaders in the UK to know what resources law enforcement have and where they need training and support in the fight against fraud.

Q: If a company finds itself subject to a government investigation or dawn raid, how should it respond?

A: Any investigation, and especially a raid, can be an incredibly stressful time for a company and its employees. The important thing is to not panic – the investigators have a job to do, and the sooner they get to the truth of the situation, the better for everyone. Companies should direct their management and their employees to cooperate fully, while also engaging legal counsel to properly protect the corporation from future litigation. If fraud is detected, it is a criminal matter and the company should make a good faith effort to work with prosecutors and regulators, while making sure to document all control measures and prior steps taken to manage fraud risk. Having a track record of meeting compliance requirements and having proper internal controls in place at the time fraud occurs could have a mitigating effect in terms of potential prosecution and penalties down the road. View the reprint of the interview, covering not only the UK but also the United Arab Emirates.

Q: What role are whistleblowers playing in the fight against corporate fraud and corruption? How important is it to train staff to identify and report potentially fraudulent activity?

A: Employees are a company’s first line of defence against fraud and corruption. But training them to recognise the red flags of fraud is only half of the process. The company must also implement a reporting system that is anonymous and easy to use, so that employees are encouraged to report any suspicions. Then, the company must follow through and fully investigate any reports that do come in. If they do not, whistleblowers will believe that combatting fraud and corruption is not a corporate priority, and the tips will stop coming in. How important are those tips? According to the ACFE, they are by far the highest detection method for fraud, well above audits and other means. The company should communicate that a whistleblower hotline or online reporting system is available, and that there is a zero-tolerance policy for any type of retaliation against whistleblowers. Over time, the tips will come in.

Q: What advice can you offer to companies on conducting an internal investigation to follow up on suspicions of fraud or corruption? 

A: Investigations can be challenging, and they require expertise. For example, there are rules for collecting and handling evidence, including physical evidence and witness statements, that must be followed for such evidence to be admissible in court. There are also laws in the UK dealing with privacy and the rights of the accused. The bottom line is that a company already dealing with a potentially costly and damaging fraud scenario should not risk adding more legal trouble through a faulty investigation. Hire experts who deal with corporate crime and specialise in fraud and corruption cases. Like any other area of expertise, they will have the knowledge and resources to help proceed with an investigation and lead it to the most favourable outcome for your company. If you already have anti-fraud professionals on staff, let them take the lead, but provide outside resources as needed.

Q: What general steps can companies take to proactively prevent corruption and fraud within their organisation? 

A: A fraud prevention strategy has many different elements, and the sooner companies implement them, the sooner they can begin to work together in a proactive way to prevent fraud. Mandating employee training, such as ISO 37001 ABMS, having an ethical code of conduct signed by every member of staff, providing regular and surprise audits, and implementing a fraud reporting system are all effective ways to help prevent and detect fraud and corruption. None of these methods is strong enough on its own to properly protect organisations. But together, they can be very effective. It is also important to set a ‘tone at the top’, from ownership, directors and management on down, that fraud will not be tolerated. Anti-fraud controls only work if the company sees them through and thoroughly investigates every report. When fraud is confirmed, any perpetrators should be terminated and potentially prosecuted, sending a message of zero-tolerance.

> Find out more about the ISO 37001 training

About CRI Group

]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, the CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][accordion_son title=”Meet our CEO” clr=”#ffffff” bgclr=”#1e73be”]Zafar I. Anjum, is the Group Chief Executive Officer of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations.  Headquartered in London (with significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

 

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

 

Source & Credits

The original version of the Q&A was published on Financier Worldwide’s InDepth Feature: Corporate Fraud & Corruption 2021Download the reprint here.

 

The consequences of inadequate due diligence

Running worldwide businesses requires effectively recognising, analysing and managing risks and ensuring compliance. We have identified that many organisations having third-party relationships conduct inadequate due diligence that might posses significant risks. In this article, we look at the possible risks and the best practices for conducting adequate due diligence and third-party risk management effectively such as:

  1. Planning
  2. Documentation
  3. Culture

Continuous risk management

Operating a global business today requires efficiently managing a network of third-party partners that supply product components, run operations in foreign markets, operate call centres, or act as outside consultants or agents.

The vast array of capabilities and specialised skill sets of a well-maintained third-party network makes operations easier for both the organisation and its customers.  But many organisations, from small businesses to multi-national corporations, can rarely afford the time and effort required in-house to manage these often complex third-party relationships.

Because of this, the risk of unethical business practices, bribery and other business corruption potentially increases if inadequate due diligence is conducted on third-party partners. The ramifications of a scandal related to a third-party partner can easily take down an organisation, resulting in such risks as a damaged reputation and brand devaluation, regulatory violations, legal proceedings and possible fines and jail terms for directors. Therefore, the only way to fully protect the corporation’s assets is through a strong and viable third-party risk management program.

Building a third-party risk management program is not a passive process. It requires time and effort continually, as the risks associated with third-party partnerships constantly evolve.

> Explore Third-Party Risk Management Solutions

Consider the recent events, during which the legislators of three separate nations signed new compliance regulations and standards into law. Without a doubt, if your organisation’s third-party risk management program is unable to quickly adjust to these new regulations (or is not designed to anticipate future legislative movements) your organisation is truly at risk.

Cutting Corners Not Worth the Risk: Adequate Due Diligence

Still, far too many organisations are willing to tempt fate by cutting corners on developing and implementing their third-party risk management program. Certainly, building a strong risk management program requires a significant investment of time and resources (both internally and from the outside). Still, the consequences of not doing it right could be dramatically severe.

One way organisations attempt to cut corners is by relying on outdated or stagnant tools to monitor, detect and prevent risks. Almost always, hiring outside industry professionals with proven track records of successful due diligence experience is necessary.

Relying too heavily on “desktop” due diligence is another dangerous shortcut. Desktop due diligence is an important initial step of the investigative process, involving background checks, lien searches, regulatory filing investigations and environmental reports. And while it is a vital component of any effective due diligence program, it’s not nearly enough to thoroughly evaluate a third-party.

Truly understanding a potential partner’s business requires a considerable amount of time spent face-to-face with the outside organisation’s leadership, operations management and even current customers. This “boots on the ground” process will detect potential risks, which are often hidden from a distance, and undetectable via web-based discovery tools.

The “boots on the ground” approach also help to establish a relational dynamic required for ongoing negotiations and provides a clear insight into two of the fastest-growing issues in third-party risk management:  Bribery and Labor Management.

Bribery As a Compliance Issue

Anti-bribery and anti-corruption compliance is a fast-moving target. New anti-bribery laws and regulations are being decreed around the world at a relentless pace. Complicating matters further, many countries may have laws in place but lack the ability to enforce them adequately. When this is the case, the responsibility falls to your organisation’s adequate due diligence program to ensure detection and protection.

High profile investigations in recent years have contributed to the rapid emergence of bribery and corruption as a societal issue. Never before has such a contrast been drawn so dramatically on a global stage between those that engage in bribery and those that suffer as a result. Any organisation that finds itself mixed up in a scandal involving bribery has more than a legal mess to contend with. It has a long battle to win back the trust of its shareholders, employees, customers and the public.

Conducting sufficient and adequate due diligence surrounded by such varying factors is work that must be conducted in person. Gaining insight into a potential partner’s company culture requires a level of immersion with the organisation’s leadership, management and staff. When it comes to evaluating bribery risk, some warning signs can only be discovered on-site.

This e-book explores some critical questions being posed to business leaders today: Has your organisation implemented reasonable and proportionate measures to prevent bribery? How will you know if your anti-bribery and anti-corruption controls are effective? Are you aware of the latest best practices in preventing bribery? Download our eBook to find out! READ NOW

Labour Matters and Compliance

From overtime issues and under-age workers to unsafe working conditions and improperly documented accidents, labour compliance represents a major component of any strong third-party risk management program.

Once again, inadequate attention to risks related to labour compliance can bring on considerable penalties. Understanding which industries, geographic regions, and management structures elevate the organisation’s risk is key to operate an adequate due diligence program efficiently. This understanding is nearly impossible to guarantee via ‘desktop’ due diligence. Spending the necessary time in person is the only way to ensure a potential supplier is properly compensating and managing employees while providing a safe workplace environment.

Make no mistake, even if your agreement with a third-party partner places the responsibility of payroll issues firmly upon the vendor, your organisation — as a joint employer — can still be held accountable in many countries. After all, the labour being conducted at your partner’s facility benefits your organisation’s bottom line.

What are the best practices?

The demands of identifying and measuring third-party risk, monitoring those potential risks on an ongoing basis, and making recommendations based on empirical research are best met by a dedicated team of outside professionals.  And while no two organisations are alike in terms of risk profiles, several factors have become consistent in building a strong, effective and adequate due diligence program:

1. Planning: Without a well thought out plan outlining ongoing monitoring efforts with assigned roles and responsibilities, measures to mitigate risk will be haphazard at best and dormant at worst. With a thoroughly established, management-advocated program that identifies specific risk factors for each affiliation, a process for addressing red flags, and an established mechanism for continual revision, the organization will remain vigilant in its efforts to protect itself from liability.

2. Documentation: Due diligence efforts are only as good as the information and data gathered and secured. Meticulous documentation and reporting enable the organisation to recognise trends, communicate analyses, and sustain efforts during any future personnel changes. Effective risk management programs feature established guidelines for capturing data, contracts and research with uniformity.

3. Culture: An organisation where leadership, management and workforce do not take the third-party risk seriously will never be adequately protected from risk. Successful organisations in this respect dedicate themselves to building a culture in which every employee feels personally invested in the operation’s risk management. Employees must feel empowered and encouraged to report red flags. Passive engagement is simply not enough.

Done correctly, third-party risk management can effectively save the organisation from risk, liability, and other perils often associated with outside entities wanting to engage and transact with your business.

A TPRM customised solution that best suits your needs

CRI Group’s own exclusive, expert-developed 3PRM™ services help you proactively mitigate risks from third-party affiliations, protecting your organisation from liability, brand damage and harm to the business. Whether your organisation has a large, well-established third-party program, is in the early stages of development, or is anywhere in between, the 3PRM™ solution can improve the health of your program and future-proof your entire business in many forms.

Our 3PRM™ solution streamlines the third-party risk management process through scalability, and efficiencies – from third-party risk identification to assessment what sets us apart is that our 3PRM™ solution includes:

  • Due Diligence
  • Screening & Background Checks
  • Regulatory Compliance
  • Business Intelligence: Information Management
  • Investigations: i.e. IP, Fraud, Conflict of Interest, etc
  • Anti-bribery & Anti-Corruption (ABAC) Compliance
  • Employee auditing training & education
  • Monitoring & reporting

Where should TPRM sit within an organisation?

TPRM can sit within various business units depending on your organisation’s structure. Many organisations involve multiple departments such as procurement, information security, operational risk and compliance to provide input to manage the risks related to engaging third parties. Depending on your business’ internal structure, you may choose to apply a centralised, mixed or decentralised model when focus on TPRM. At CRI Group we observed a trend with many of our clients implementing a centralised model when managing their third-party relationships, given the required input from their multiple business lines. A centralised model allows you as an organisation to track common risks across departments and identify emerging trends that may require a response from more than one department.

Risk management goes beyond TPRM

CRI Group provides the knowledge required to navigate unfamiliar markets and mitigate third party risk by assessing the backgrounds, integrity and character of those with whom you do business. Our 3PRM-Certified™ program is therefore key for managing an organisation’s third party risk levels. However, this is only one of the several vital steps towards a robust risk management strategy implementation.

Risk management is the identification, evaluation, and prioritisation of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimise, monitor, and control the probability or impact of unfortunate events or to maximise the realisation of opportunities. Risks can come from various sources including your employees.

Getting Started with ISO 31000 Risk Management? Learn more with our “ISO 31000 Playbook”

 

At CRI Group, we understand that managing compliance and risk activities might be a daunting task. That’s why we present you with the insights library where you can dive deep into these topics to make your job easier. If you can’t find what you are looking for, just get in touch – we would love to have a chat!

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

Meet our CEO and Author

Zafar I. Anjum is Group Chief Executive Officer of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.

Contact us to learn more about the third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group Chief Executive Officer
t: +44 207 8681415 | m: +44 7588 454959
e: zanjum@crigroup.com

Risk assessment breakdown: Identification, Analysis, Evaluation

Whatever your reasons or motivations might be, if your organisation’s objective is to have an effective risk management strategy in place, then ISO 31000 can provide the principles, framework and a process for managing risk. ISO 31000 is not a certifiable standard; the standard is a set of guidelines which provide guidance for internal or external audit programmes. However we recommend taking ISO 31000 Awareness training, this will enable you to fully understand Risk Management activities and mitigate risk.  According to ISO 31000, there are two important building blocks that form the core of risk management:

  • Risk assessment
  • Risk treatment

Under ISO 31000, each of these stages has a whole section of its own – they go into detail about best practices for identifying risks, how to analyse them in terms of probability and severity, and how they can be evaluated in terms of the company’s risk appetite. This article discusses the importance of Risk Assessment.

Risk management is a full-time, ongoing endeavour for organisations in today’s business world, and it poses constant challenges. Unfortunately, fraud, bribery and corruption are major factors affecting businesses and agencies of all sizes and industries. Being proactive against these risks can mean the difference between success and ruin. Our “Risk Management & ABMS Playbook” provides tools, checklists, case studies, FAQs and other resources to help you lead your organisation into better preparedness and compliance. READ MORE NOW!

What is Risk Assessment?

Risk assessment is the overall process of identification, analysis and evaluation of any given risk. It can be a systematic examination of a task, job or process that a risk professional carries out at work for the purpose of identifying significant hazards. For example, the risk of someone being harmed and deciding what further control measures to take to reduce the risk to an acceptable level. The process will vary between organisations, but it should start with identification of hazards, analysis of who and what might be harmed, evaluation of the risk, documentation of the risks, taking action and review. Your organisation should conduct a risk assessment systematically, interactively and collaboratively, drawing on the knowledge and views of stakeholders. It should use the best available information, supplemented by a further inquiry as necessary.

Risk assessment breaks down into:

  • Step 1: Identification
  • Step 2: Analysis
  • Step 3: Evaluation

Risk Identification

The purpose of risk identification is to find, recognise and describe risks that might help or prevent an organisation achieving its objectives. Relevant, appropriate and up-to-date information is important in identifying risks. The organisation can use a range of techniques for identifying uncertainties that may affect one or more objectives. The following factors, and the relationship between these factors, should be considered:

  • Tangible and intangible sources of risk;
  • Causes and events;
  • Threats and opportunities;
  • Vulnerabilities and capabilities;
  • Changes in the external and internal context;
  • Indicators of emerging risks;
  • The nature and value of assets and resources;
  • Consequences and their impact on objectives;
  • Limitations of knowledge and reliability of information;
  • Time-related factors;
  • Biases, assumptions and beliefs of those involved.

Your organisation should identify risks, whether or not your sources are under your control. Consideration should be given that there may be more than one type of outcome, which may result in a variety of tangible or intangible consequences.

> At CRI Group we are working on new ISO 31000 Awareness training course. Show your interest and sign up for more updates HERE!

Risk analysis

Risk analysis allows you to understand the nature of risk, its characteristics and level. Because an event can have multiple causes and consequences and can affect multiple objectives a risk analysis should involve a detailed consideration of uncertainties such as risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness.

Risk analysis can be undertaken with varying degrees of detail and complexity, depending on the purpose of the analysis, the availability and reliability of the information, and the resources available. Analysis techniques can be qualitative, quantitative or a combination of both, depending on the circumstances and intended use. Risk analysis should consider factors such as:

  • The likelihood of events and consequences;
  • The nature and magnitude of consequences;
  • Complexity and connectivity;
  • Time-related factors and volatility;
  • The effectiveness of existing controls;
  • Sensitivity and confidence levels.

A risk analysis is likely to be influenced by a wide range of variables, from any divergence of opinions, biases to perceptions of risk, from judgements, quality of the information used to the assumptions and exclusions made and any limitations of the techniques and how they are executed. These influences should be considered any risk analysis, documented and communicated to any decision-makers involved in the process.

It is important to remember that any highly uncertain event can be difficult to quantify, and this is an issue. If you find yourself in such a situation, using a combination of techniques generally provides greater insight. Risk analysis provides input to risk evaluation, to decisions on whether risk needs to be treated and how, and on the most appropriate risk treatment strategy and methods. The results provide insight for decisions, where choices are being made, and the options involve different types and levels of risk.

Risk evaluation

Risk evaluation can support your decisions. Risk evaluation involves comparing the results of the risk analysis with the established risk criteria to determine where additional action is required. This can lead to a decision to:

  • Do nothing further;
  • Consider risk treatment options;
  • Undertake further analysis to better understand the risk;
  • Maintain existing controls;
  • Reconsider objectives.

Any decisions should take into account the wider context and the actual and perceived consequences to external and internal stakeholders. The outcome of risk evaluation should be recorded, communicated and then validated at appropriate levels of the organisation.

Who should do risk assessments?

Well, by law, every employer must conduct risk assessments. Risk assessments should always be carried out by a professional who is familiar to risk, a person who is experienced and competent to do so.  Competence can be expressed as a combination of knowledge, awareness, training, and experience. Remember competence does not mean you have to know everything about everything, competence also means knowing when you know enough or when you should call in further expert help. 

 

Risk Assessment and ISO 31000

ISO 31000 was developed by hundreds of experts in risk mitigation, from thirty countries. This international effort produced a standard that is worldwide and represents best practices and leading operations for risk management. Organisations can trust that they are following a tested, robust standard to increase success. The standard converts risk management into a set of “friendly” and actionable – and straightforward to implement – guidelines, regardless of the size, nature, or location of a business.

> Find out more about ISO 31000 Risk Management and other standards now!

[/vc_column_text][accordion_father][accordion_son title=”About CRI Group” clr=”#ffffff” bgclr=”#1e73be”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][/accordion_father][vc_empty_space][/vc_column][/vc_row]

Don’t let the dominoes fall (ever) with our new TPRM certification…

CRI Group is launching a third-party compliance verification and certification program – 3PRM-Certified™ – across the Middle East, Europe and Asian region. This Third-Party Risk Management (TPRM) program can help organisations establish the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with their business.

Third-party relationships are critical in business today, and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organisation, the consequences of inadequate due diligence cannot be overestimated. The risk of data breaches and supply chain disruptions continue to rise with COVID-19, so does the need for an effective TPRM programs. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organisation considering how to better equip your team with the best knowledge and skills, 3PRM-Certified™ program is a all  in solution.

> Read more on “How Risk Management and Due Diligence Interlock?”

CRI Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organisation from liability, brand damage and harm to business.

The 3PRM-Certified™ program includes a focus on the following:

  • Providing third-party risk assessments
  • Meeting contracting requirements
  • Conducting due diligence
  • Identifying potential fraud risks
  • Providing management oversight

Utilising a network of trained professionals positioned across five continents, CRI Group’s 3PRM services utilise one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy Anti-Money Laundering (AML) and anti-corruption compliance program.

> Learn more about TRM with our 3PRM-Certified™ brochure!

Your BUSINESS SUCCESS depends on assessing the ongoing behaviour, performance and risk that each  third-party relationship represents to your company. Being 3PRM-Certified™ is especially critical when your business:

  • Performs pre-merger & acquisition research
  • Conducts due diligence
  • Engages new clients
  • Employs, contracts or retains foreign business partners
  • Requires a consistent & audit-worthy anti money laundering & anti-corruption compliance program

When implementing 3PRM-Certified™ program you can focus on:

  • Providing third-party risk assessments
  • Meeting contracting requirements
  • Conducting integrity due diligence
  • Providing management oversight

And avoid:

  • Merging with an international business embroiled in behind-the-scenes legal battles
  • Getting caught up in making procurement decisions involving the inappropriate influence of government officials who were slated to receive kickbacks
  • Partnering with organisations that are potential credit risks, have claimed bankruptcy, have dissolved stated companies or are faced with debtor filings
  • Awarding work to an overseas contractor with absolutely no prior experience
  • Affiliating with a contracting company owned by a politician with significant influence on future awards

A TPRM customised solution that best suits your needs

CRI Group’s own exclusive, expert-developed 3PRM™ services help you proactively mitigate risks from third-party affiliations, protecting your organisation from liability, brand damage and harm to the business. Whether your organisation has a large, well-established third-party program, is in the early stages of development, or is anywhere in between, 3PRM™ solution can improve the health of your program and future-proof your entire business in many forms.

Our 3PRM™ solution streamlines the third-party risk management process through scalability, and efficiencies – from third-party risk identification to assessment what sets us apart is that our 3PRM™ solution includes:

  • Due Diligence
  • Screening & Background Checks
  • Regulatory Compliance
  • Business Intelligence: Information Management
  • Investigations: i.e. IP, Fraud, Conflict of Interest, etc
  • Anti-bribery & Anti-Corruption (ABAC) Compliance
  • Employee auditing training & education
  • Monitoring & reporting

Where should TPRM sit within an organisation?

TPRM can sit within various business units depending on your organisation’s structure. Many organisations involve multiple departments such as procurement, information security, operational risk and compliance to provide input to manage the risks related to engaging third parties. Depending on your business’ internal structure, you may choose to apply a centralised, mixed or decentralised model when focus on TPRM. At CRI Group we observed a trend with many of our clients implementing a centralised model when managing their third-party relationships, given the required input from their multiple business lines. A centralised model allows you as an organisation to track common risks across departments and identify emerging trends that may require a response from more than one department.

Risk management goes beyond TPRM

CRI Group provides the knowledge required to navigate unfamiliar markets and mitigate third party risk by assessing the backgrounds, integrity and character of those with whom you do business. Our 3PRM-Certified™ program is therefore key for managing an organisation’s third party risk levels. However this is only one of the several vital steps towards a robust risk management strategy implementation.

Risk management is the identification, evaluation, and prioritisation of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimise, monitor, and control the probability or impact of unfortunate events or to maximise the realisation of opportunities. Risks can come from various sources including your employees.

Getting Started with ISO 31000 Risk Management? Learn more with our “ISO 31000 Playbook”

 

[/vc_column_text][/vc_column][/vc_row][accordion_father][accordion_son title=”About CRI Group” clr=”#ffffff” bgclr=”#1e73be”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][accordion_son title=”Prove that your business is ethical with a Gap Analysis (FREE)” clr=”#ffffff” bgclr=”#1e73be”]

Prove that your business is ethical. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Find out if your organisation’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Let ABAC® experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.

The HEBA survey is designed to evaluate your compliance with the adequate procedures to prevent bribery and corruption across the organisation. This survey is monitored and evaluated by qualified ABAC® professionals with Business Ethics, Legal and Compliance background. The questions are open-ended to encourage a qualitative analysis of your Compliance Program and to facilitate the gap analysis process.

The survey takes around 10 minutes to complete. TAKE THE SURVEY NOW!

[/accordion_son][/accordion_father]

HAVE YOU READ…

[/vc_column_text][vc_basic_grid post_type=”post” max_items=”3″ style=”pagination” items_per_page=”3″ item=”234″ grid_id=”vc_gid:1603815149232-a4f495c8-ceab-6″ taxonomies=”43″][vc_basic_grid post_type=”case-study” max_items=”12″ style=”pagination” items_per_page=”3″ item=”234″ grid_id=”vc_gid:1603815149237-9fb9d64b-3313-0″][vc_empty_space][/vc_column][/vc_row]

#InTheNews: the role of Risk Management in Banking & AI

SEC’s Office of Compliance Inspections and Examinations Issues COVID-19 Risk Alert

Lexology reported that “On August 12, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE), issued a risk alert highlighting COVID-19 compliance risks and considerations for broker-dealers and investment advisers. The risk alert highlights six categories of compliance risk: Protection of investors’ assets, Supervision of personnel, Practices relating to fees, expenses, and financial transactions, Investment fraud, Business continuity, and Protection of investor and other sensitive information. Through its exams, operations and outreach efforts with SEC registrants, OCIE has observed the impacts of COVID-19 on registrants and their resulting operational resiliency challenges.” The US Securities and Exchange Commission reported that “market volatility related to COVID-19 may have heightened the risks of misconduct in various areas that the staff believe merit additional attention. This risk alert has been issued with an aim to inform firms and the public generally of these findings.

The Hong Kong Money Authority (HKMA)’s Guidance for banks on Climate Risk Practices

“The Hong Kong Money Authority (HKMA) has recently consulted selected Authorised institutions (AIs) about their approach to climate risk management in the four areas. Some of the key measures adopted by these AIs which are subsidiaries of international banks are noted and have been used as practical guidance in the White Paper”. The HKMA whitepaper explained that using risk management, “AIs are expected to incorporate climate risk considerations into their existing risk management framework.” The HKMA noted, “that advanced AIs aimed to develop a voluntary, consistent climate-related financial risk disclosure framework for firms to report information to stakeholders”[/vc_column_text][/vc_column][/vc_row][vc_hoverbox image=”8369″ primary_title=”Stay updated on the go” hover_title=”Subscribe for our newsletter” hover_btn_title=”Keep me updated” hover_add_button=”true” hover_btn_link=”url:https%3A%2F%2Fwww.crigroup.com%2Fnewsletter-subscription%2F||target:%20_blank|”]Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence related news, solutions, events and publications.[/vc_hoverbox][/vc_column][/vc_row]

Risk and Compliance Management

CRI Group’s ABAC® Center of Excellence helps businesses ensuring compliance and managing risks by offering to achieve certifications for internationally recognised standards such as ISO 31000 and ISO 19600.
ISO 31000:2018 Risk Management provides principles, framework and a process for managing risk. Public, private and community enterprises can all benefit from ISO 31000:2018 because it covers most business activities, including research, planning, management and communications. Implementing ISO 31000:2018 can help organisations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
ISO 19600 is a widely-accepted standard that provides guidance for establishing, developing, implementing, evaluating, maintaining and improving an organisation’s compliance management program. It covers all compliance-related issues including anti-trust, fraud, misconduct, export control, anti-money laundering, and other unexpected risks which might affect your business. The standard acts as a global benchmark for effective and responsive compliance management program, based on the good governance and transparency principles. The guidelines set forth by the standard are applicable to all types and sizes of organisations and aren’t restricted by industry, risk exposure or geographic reach.

Third-Party Risk Management

CRI Group’s own exclusive, expert-developed 3PRM™ services help you proactively mitigate risks from third-party affiliations, protecting your organisation from liability, brand damage and harm to the business. Whether your organisation has a large, well-established third-party program, is in the early stages of development, or is anywhere in between, 3PRM™ solution can improve the health of your program and future-proof your entire business in many forms. Our 3PRM™ solution streamlines the third-party risk management process through scalability, and efficiencies – from third-party risk identification to assessment what sets us apart is that our 3PRM™ solution includes:
From cybersecurity to anti-bribery, our solution is flexible and responsive to the various risk domains that are most important to your business. With a network of trained professionals positioned across five continents, CRI Group’s 3PRM™ services utilise one of the largest multi-national fraud investigation teams the industry has to offer.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

ICC launches an Anti-corruption Third Party Due Diligence guide for small and medium size entities

International Chamber of Commerce (ICC) has launched an Anti-corruption Third Party Due Diligence guide for small and medium size entities. SMEs are often on the receiving end of burdensome due diligence procedures of large multi-national companies. These requirements can be overwhelming and often companies feel they do not have sufficient resources to meet them. This Guide aims to address these concerns and inspire Small and Medium size Enterprises (SMEs) to engage in due diligence by creating achievable and manageable due diligence goals. Following the Guide a company can:

  • Know and have confidence in their counterparties;
  • Through such knowledge and confidence meet the conditions for responsible investment;
  • Avoid prosecution/reputational/financial damage from being implicated in an anti-corruption issue;
  • Develop an ethical brand;
  • Provide assurance to business partners, in particular larger organisations that they are an ethical
    company.

SMEs must also develop robust anti-corruption ethics and compliance procedures to ensure they minimise the risk of corruption and adhere to international anti-corruption standards. Understandably, many SMEs are overwhelmed by the extensive international anti-corruption legislation and the complex ethics and compliance procedures in place in larger, multi-national companies. However, ethics and compliance does not necessarily need to be on a grand scale and supported by a dedicated legal department. There are manageable ways in which smaller companies can protect themselves by better managing corruption risks. A key element to a simple but effective ethics and compliance programme is due diligence. This is the focus of this Guide which sets out what due diligence is, why it is necessary, when it is necessary and how it can be implemented to protect a company from the risk of corruption as much as possible.

It provides practical advice on how SMEs can cost-effectively conduct due diligence on third parties they engage to perform services on their behalf. It focuses on corruption risks associated with engaging third party suppliers, contractors and consultants in an international and domestic setting and how those risks can be managed. This tool will also assist SMEs create an effective due diligence procedure that fits into an overall ethics and compliance programme. For SMEs that do not have any ethics and compliance procedures in place, it can be considered a good starting point. The Guide can be used by any SME, of any size (even very small companies) or industry and it can be adapted so that the due diligence programme is tailored to the specifics needs and industry in which the company operates.

ICC is the institutional representative of more than 45 million companies in over 100 countries. Through a unique mix of advocacy, solutions and standard setting, ICC promotes international trade, responsible business conduct and a global approach to regulation, in addition to providing market-leading dispute resolution services. ICC members include many of the world’s leading companies, SMEs, business associations and local chambers of commerce. Read more about ICC here!

Adoption of this Guide by SMEs will provide reassurance to prospective customers and can be used as evidence of an overall compliance commitment; the commercial benefits of which should not be underestimated.

> GET THE DOCUMENT HERE

 

This guide is also available in:

[/vc_column_text][vc_empty_space][accordion_father][accordion_son title=”Speak up – report any illegal, unethical, or improper behaviour” clr=”#ffffff” bgclr=”#1e73be”]Ethics and Compliance Hotline is an anonymous reporting mechanism that facilitates reporting of possible illegal, unethical, or improper conduct when the normal channels of communication have proven ineffective, or are impractical under the circumstances. At CRI Group, we are committed to having an open dialogue on ethical dilemmas regardless.

REPORT HERE!

We would like to introduce a new Ethics & Compliance Hotline. This hotline is available to all employees, as well as clients, contractors, vendors and others in a business relationship with CRI Group and ABAC Group. If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline in below mentioned ways or provide us with your complaint online on the form below. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy.

READ MORE!

[/accordion_son][accordion_son title=”Prove that your business is ethical.” clr=”#ffffff” bgclr=”#1e73be”]Complete ABAC® FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Find out if your organisation’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Let ABAC® (powered by CRI Group) experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.

The HEBA survey is designed to evaluate your compliance with the adequate procedures to prevent bribery and corruption across the organisation. This survey is monitored and evaluated by qualified ABAC® professionals with Business Ethics, Legal and Compliance background. The questions are open-ended to encourage a qualitative analysis of your Compliance Program and to facilitate the gap analysis process.

The survey takes around 10 minutes to complete. TAKE THE SURVEY NOW!

[/accordion_son][accordion_son title=”About CRI Group” clr=”#ffffff” bgclr=”#1e73be”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][/accordion_father]

Have you read…

[/vc_column_text][vc_basic_grid post_type=”post” max_items=”12″ style=”pagination” items_per_page=”3″ item=”234″ initial_loading_animation=”none” grid_id=”vc_gid:1605689308060-9e4edd68-a073-0″ taxonomies=”41, 43″][/vc_column][/vc_row]

Third-party risk: how to survive in a brave new world?

The Current Business Climate Requires a Review and Reassessment of Your Organisation’s Third-Party Relationships.We won’t soon forget the year 2020 and the myriad ways worldwide business was derailed over a microscopic virus that caused a global pandemic. From layoffs and shutdowns to shortages and closures, the long-term effects of the pandemic have yet to be determined. But one thing is certain: The disruption to the global supply chain has wreaked havoc in virtually every business sector. third party risk management

Automobile manufacturing in Korea has been suspended due to a lack of parts from China. The fashion industry in the United States is struggling over sourcing as garment producers in Asia reduce output. U.K. aerospace manufacturer Rolls-Royce has announced it is cutting 9,000 jobs as a result of the coronavirus. And sharp declines in consumer demand have adversely affected global manufacturers who in turn are idling production to curb losses.

> Learn more! Find out how anti-bribery and anti-corruption management plays an important part in your third-party risk management strategy. This FREE ebook analyses the performance of Rolls-Royce in terms of ABAC policies within the scope of the ISO 37001 provisions.

Global sourcing has been greatly impacted as suppliers have ceased operations, and multinational organisations have had to scramble to locate replacement supply sources. This gloomy picture has been made all the more daunting as opportunists, bad actors and other sanctioned, restricted or unreputable parties have set up operations to take advantage of unsuspecting and desperate businesses by producing inferior goods, missing contractual deadlines, or operating in ways that could raise flags in the areas of ethical conduct, business integrity or jurisdictional compliance. As such, multinational companies need to be on high alert for such nefarious outside operations, lest they put their reputations, stakeholders, directors and bottom lines at risk.

Now is the time to identify alternative supply scenarios and re-evaluate contractual terms and performance metrics with those parties in the sourcing network. And to accomplish this, a risk-based approach to diligence, screening and vetting present and potential third-party suppliers is more important now than ever before.

> Risk Management and Anti-bribery Anti-corruption Playbook > Get your guide for risk prevention, detection and compliance

What are the risks?

Threats are increasing on several levels for organisations that rely on outside third parties, such as agents, brokers, vendors and suppliers.  While depleted inventories, idle production, inferior products and delayed delivery have greatly impacted the marketplace worldwide, multinational businesses are feeling the brunt of these pandemic-induced supply chain disruptions on a greater scale:

  • Organisations are suffering financial loss as the supply chain falters;
  • Companies are losing customers because of poor-quality products and services from third parties;
  • Organisations are opening the doors to litigation by working with third parties that may be engaging in bad labour practices or forcing workers to produce in unsafe work conditions;
  • Company data systems are being exposed and breached because of poor security practices by third parties;
  • Companies are experiencing a greater level of supply chain issues due to poor disaster recovery procedures enacted by third-parties;
  • Organisations and boards are increasingly being exposed to litigation because of relationships with outside providers that may have violated contractual terms, potentially resulting in regulatory exposure;
  • Such organisations are being targeted by story-hungry media sources determined to expose the company to a global audience.

The result of these increased risks can be highly problematic:

  • Business litigation has skyrocketed;
  • Corporate reputations are negatively impacted on a larger scale;
  • Organisations have had to continually review, reassess and adapt risk management frameworks to adjust and acclimate to an ever-changing global business environment;
  • Board members are becoming increasingly subjected to intense scrutiny from outside watchdogs and critics;
  • Unfortunately, a highly educated market responds to the above scenarios accordingly with their pocketbooks.

From supply and production disruptions to regional compliance issues and bad media exposure, multinational corporations are facing increased scrutiny working with unscrupulous third-party partners.  Thus, the intense need to remain vigilant in conducting due diligence and vetting those outside affiliations.

 

Don’t let the dominoes fall, ever, with our 3PRM certification…

CRI Group’s third-party compliance verification and certification program – 3PRM-Certified™ – can help organisations establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Third-party relationships are critical in business today, and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organisation, the consequences of inadequate due diligence cannot be overestimated. As the risk for data breaches and supply chain disruption continues to rise with COVID-19, so does the need for an effective third-party risk management (TPRM) programs. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organisation considering how to better equip your team with the best knowledge and skills, 3PRM-Certified™ program is a all-in solution.

> When is it time to conduct third-party screening?

CRI Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organisation from liability, brand damage and harm to business. The 3PRM-Certified™ program includes a focus on the following:

  • Providing third-party risk assessments
  • Meeting contracting requirements
  • Conducting due diligence
  • Identifying potential fraud risks
  • Providing management oversight

Utilising a network of trained professionals positioned across five continents, CRI Group’s 3PRM services utilise one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy AML and anti-corruption compliance program.

 

Subscribe to our monthly newsletter now!

Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence related news, solutions, events and publications.

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Prove that your business is ethical with a Gap Analysis (FREE) 

Evaluation of Corporate Compliance Programs – Highest Ethical Business Assessment: Evaluating Adequate Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Framework
Prove that your business is ethical. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Find out if your organisation’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Let ABAC® experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission. The HEBA survey is designed to evaluate your compliance with adequate procedures to prevent bribery and corruption across the organisation. This survey is monitored and evaluated by qualified ABAC® professionals with Business Ethics, Legal and Compliance background. The questions are open-ended to encourage a qualitative analysis of your Compliance Program and to facilitate the gap analysis process. The survey takes around 10 minutes to complete.

 

Meet our CEO and Author

Zafar I. Anjum is Group Chief Executive Officer of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations.  Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom. Contact us to learn more about the third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.CONTACT INFORMATIONZafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group Chief Executive Officer
t: +44 207 8681415 | m: +44 7588 454959
e: zanjum@crigroup.com

Stay updated 

Follow us on LinkedInFacebook or Twitter for more industry news and insights.

 

The Role of a Fraud Investigator

Fraud investigators are the front line of establishing the facts of suspected fraud or other unethical business behaviour. A fraud investigator’s skillset and wide knowledge of fraud laws, evidence gathering and interviewing make them the go-to expert for investigating insurance fraud, financial fraud, procurement fraud, asset recovery, cyber fraud, healthcare fraud, retail fraud and other areas.

A fraud investigator can either be part of a team of experienced investigators, or the leader of such a team. If part of a team, the fraud investigator generally works with the other team members to handle reports of suspicious activity. If in charge of a team, the fraud investigator would typically report to the head of a department, such as corporate security, compliance or audit. A fraud investigations manager at a typical retail business, for example, would be responsible for the day-to-day monitoring, investigation and resolution of fraudulent activity relating to delays in the repayment and refunds processes. They will take the lead on the implementation of strategies to prevent fraud and financial crime, thereby mitigating risk to the business.

Fraud Investigator Key Functions

Fraud investigators provide subject matter expertise on claims and associated fraud risks, helping to ensure effective resolution of investigations. The effective fraud investigator adheres to relevant security standards, internal and external procedures and legislative requirements. Their role often involves developing and maintaining close working relationships with relevant law enforcement agencies, ensuring that cases are developed and prosecuted to a criminal standard.

When working with an organisation in a preventative fashion, a fraud investigator will perform fraud risk assessments across the business relating to both external and internal threats; implementing mitigation measures as required. They also build appropriate fraud prevention and detection processes and implement them. Some fraud investigators manage the day-to-day operation of an expanding fraud team, ensuring that KPIs are met and regular reports produced for the management team. In this capacity, they will also work closely with the senior management team to ensure that operational capacity is correctly aligned to combat a variety of fraud types.

Here are some of the other key functions performed by fraud investigators:

  • Evaluate potential fraud indicators and the impact of current fraud trends and make recommendations as to appropriate mitigation.
  • Conducting investigations into allegations of fraud, waste or abuse committed by clients against our company
  • Reviewing and researching evidence/documents to analyse the overall fact pattern of a claim and synthesise data into a professional report with recommendations
  • Preparing and coordinating field assignments to obtain relevant evidence and information
  • Conduct objective, fair, thorough, unbiased and timely investigations into allegations of fraud, waste or abuse committed by clients against our company
  • Review and research evidence/documents to analyse the overall fact pattern of a claim and synthesise data into a professional report with recommendations
  • Prepare and coordinate field assignments to obtain relevant evidence and information
  • Coordinate with defence attorneys to provide deposition strategies and use law enforcement resources for assistance
  • Manage and prioritise a large and varied caseload effectively and efficiently to achieve positive results
  • Prepare prosecution packages and restitution proposals.

Responsibilities

As a fraud investigator often wears many different hats, they also have many ongoing responsibilities. These include monitoring transaction reports to identify any suspicious transactions and conducting detailed investigations as required. They must also proactively identify financial crime trends through data analysis and share findings with leadership as and when needed. A few other responsibilities of a fraud investigator include:

  • Working to a high standard, meeting strict time-frames whilst working under pressure.
  • Communicating directly with customers as part of ongoing fraud investigations through in-app messages or via telephony with potential victims of fraud to establish circumstances and additional information, before providing a fair and logical decision, with supporting rationale.
  • Work as part of a team and supporting colleagues as and when required to reduce workload(s).

Personality Traits of a Fraud Investigator

There are some common traits among the most successful fraud investigators. This includes being a self-starter who is results-driven with high levels of self-motivation, energy and initiative. An effective fraud investigator has a proven ability to work under pressure to and meet tight deadlines, without compromising the quality of output. One key trait that can’t be overlooked is the ability to be an effective communicator – a fraud investigator must have excellent written and verbal skills. Here are some other key traits among successful fraud investigators:

  • An ability to thrive under pressure amidst changing business priorities
  • Effective cost management and analytical integrity
  • Experience in leading and developing a team
  • Keen interest in stopping fraud whilst considering the impact of how an investigation can impact customers

Knowledge and Skills

A successful fraud investigator brings to the table a broad range of security/ fraud detection and prevention experience. A fraud investigator must be a subject matter expert on fraud for their related field, such as insurance fraud, financial fraud, procurement fraud, asset recovery, cyber fraud, healthcare fraud, retail fraud and other areas.

Many fraud investigators have specialised skills such as:

  • Experience of interviewing in accordance with the Police and Criminal Evidence Act following the PACE framework.
  • Strong knowledge of cyber risk and common fraud typologies, along with the emerging trends affecting fraud and financial crime.
  • Familiarity with key AML, TF, Financial Crime and Sanctions legislation and associated Regulatory Guidance.
  • Demonstrated experience working with customers on fraud prevention and detection strategies.
  • Sound understanding of the customer impact of a transaction monitoring system; able to balance fraud prevention with the need to provide an excellent customer experience.

As previously mentioned, an effective fraud investigator must have strong interpersonal and communication skills, including the ability to interact with clients, upper management and law enforcement. They also need to have an ingenuity and persistence to obtain case information not readily available with an eye for detail. Dealing with various different cases and different types of evidence requires strong organisational skills. For insurance fraud, investigators must be proficient with the insurance procedures, regulations and investigation methods

Perhaps most important, fraud investigators must set a positive example for their colleagues. They need to be honest and ethical, with high levels of integrity and confidentiality.

A fraud investigator has many different responsibilities, and the role requires an individual with some specific traits. CRI Group’s fraud investigators are experts at uncovering the facts and evidence of a case, but they also implement proactive anti-fraud measures to help an organisation be better protected against future incidence of fraud. Fraud investigators specialise in insurance fraud, financial fraud, procurement fraud, asset recovery, cyber fraud, healthcare fraud, retail fraud and other areas. It’s important that organisations hire trained, qualified fraud investigators who understand the laws, are effective at evidence collection and fact-finding, and are good communicators (since interviewing is one of the key processes of fraud investigation). A fraud investigator might work with a team, or they might lead their team and report to another division. Being able to work under pressure and meet deadlines is critically important. Properly evaluating and securing evidence is of equal importance. CRI Group has only the best expert fraud investigators to meet these challenges.

Are you a fraud investigator? Tell us about your day-to-day job, we would love to hear it.

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

 

 

Q&A session with our CEO: United Arab Emirates fighting Fraud and corruption

Middle east corruption is a threat to the world. The United Arab Emirates (UAE) is a land of complex extremes where fabulous wealth and supercars live right next to staggering poverty. This is generally a recipe for fraud and corruption. However UAE has been talking the right steps towards a fraud free future. This Financier Worldwide Q&A session with our CEO discusses United Arab Emirates role in fighting fraud and corruption. Read the answers to the following questions:

  • To what extent have you seen a notable rise in the level f corporate fraud, bribery and corruption uncovered in United Arab Emirates in recent years?
  • Have there been any legal and regulatory changes implemented in United Arab emirates  designed to combat fraud and corruption? What penalties do companies face for failure comply?
  • Do regulators in United Arab Emirates have sufficient resources to enforce the law in this area? Are they making inroads in this area?
  • If a company finds itself subject to a government investigation or dawn raid, how should it respond?
  • and much more…

Q. To what extent have you seen a notable rise in the level of corporate fraud, bribery and corruption uncovered in United Arab Emirates (UAE) in recent years?

ANJUM: Some recent, high profile cases have affected companies and countries in the Middle East. Embraer’s bribery scandal, involving sales of its aircraft, included officials in Saudi Arabia, among others. Further, there have been suspicions of corruption surrounding the awarding of the 2022 FIFA World Cup to Qatar, suspicious which have been worsened by allegations of human rights abuses involving migrant workers. In general, however, it is still issues like data theft, e-commerce fraud, information security and other high tech threats that pose serious risks to organisations in the Middle East. We live in an increasingly connected world, so while anti-fraud laws and controls in one country may be robust, a company might find itself doing business abroad in a location where laws and enforcement are more lax, and risk is heightened.

Q. Have there been any legal and regulatory changes implemented in UAE designed to combat fraud and corruption? What penalties do companies face for failure to comply?

ANJUM: the UAE has a strong reputation for being tough on corruption, and a new law enhances this stance. The recently approved, and highly anticipated, Anti-Commercial Fraud Law will strengthen protections of intellectual property rights (IPR) and will impose stricter penalties anon counterfeiters. For example, a fraud offence related to counterfeiting could now result in up to 2 years in prison, as well as a fine of up to Dh1m. Overall, corruption is still a low risk for companies operating in the UAE. Laws against corruption are enforced, and they cover bribery, facilitation payments, embezzlement and other types of fraud and abuse. However, when concerning the Middle East as a whole, there are indications that fraud and corruption are the rise, which means we must be ever vigilant in protecting investments throughout the region.

Q. In your opinion, do regulators in UAE have sufficient resources to enforce the law in this area and fight corruption? Are they making inroads in this area?

ANJUM: When considering the Middle East region, there can be no ignoring war-ravaged areas like Syria, Iraq, Libya and Yemen. It is an understatement to say that countries embroiled in conflicts and crisis usually do not have the resources or manpower to properly prevent and detect fraud. But according to Transparency international’s most recent  Corruption Perceptions Index, a few of the other more stable and affluent countries in the region are experiencing some difficulty preventing fraud, as well. Different factors can contribute to these struggles, be they politics, autocratic leadership, weak laws or judiciary bodies. However, the UAE still ranks as the least corrupt country in the Middle East, and other countries might take heed of the country’s Anti-Commercial Fraud Law and other existing laws, not to mention the UAE’s enforcement measures, as a possible model for future efforts.

Q. If a company finds itself subject to a government fraud and corruption investigation or dawn raid, how should it respond?

ANJUM: A company that finds itself in such as crisis should immediately cooperate with authorities and work quickly to gather the facts. What are the allegations? What is the scope of the investigation? Was the raid expected, or has the company been taken completely by surprise? In the early stages, it is crucial that the company engages in a good-faith effort to be transparent and cooperative. Of course, retaining legal counsel, is a must at this an every stage of an investigation, If an employee or employees have engaged in fraud, the company should support the fact-finding process and let justice run its course. Company leaders should also evaluate their internal controls and ensure that additional fraud or corruption is not occurring under the radar.

Q. What role are whistle-blowers playing in the fight against corporate fraud and corruption? How important is it to train staff to identify and report potentially fraudulent activity?

ANJUM: The statistics on fraud, such as in the Association of Certified Fraud Examiners Report to the Nation on Occupational Fraud & Abuse show that fraud is most often uncovered by tips, more so than audits, surveillance, account reconciliation, document examination and other methods. Accordingly, a company’s own employees are their first line of defence against fraud. But to encourage whistle blowing, two critical measures need to be in place. First, employee should be trained to identify the red flags of fraud, and to know what does, and what does not, constitute fraudulent behaviour. Second, a reporting mechanism should be in place; an anonymous system by which whistle-blowers can submit their tips without fear of retaliation or negative consequences.

Q. What advice can you offer to companies on conducting an internal investigation to follow up on suspicions of fraud or corruption?

ANJUM: In any situation where fraud is suspected, it is crucial that experts be brought in as quickly as possible to help unravel the facts of the case, if the company does not have anti-fraud professional among its staff, It is critical to remember that there are various laws, depending on your country or region, which govern the rules of gathering evidence and interviewing witnesses. Any evidence that is mishandled or collected improperly can negatively impact an investigation and hurt the chances of a resolution. If an investigation is bungled from the start, it is nearly impossible to then ‘wind it back’ and correct mistakes later. Also, if criminal behaviour is suspected, legal authorities should be quickly notified and provided with the company’s findings and reasons for the allegation.

Q. What general steps can companies take to proactively prevent corruption and fraud within their organisation?

ANJUM: Every organisation, large or small, should have a plan in place for preventing and detecting fraud. The first step is to communicate the organisation’s zero-tolerance stance against fraud. An ethical code of conduct, signed by every employee, can be effective in this regard. A fraud risk assessment should be conducted to find vulnerabilities. The company’s hiring policy should include pre- and post-employment background screening. Job responsibilities should include segregation of duties, so that no single employee has too much control over finances or assets. The company should conduct audits and encourage whistle-blowing with an anonymous reporting system. With a comprehensive fraud prevention system in place, business owners can sleep a little easier, knowing that their organisation has reduced risk and increased their ability to prevent and detect fraud.

Speak up – report any illegal, unethical, or improper behaviour

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy.[/vc_column_text][/vc_column][/vc_row][vc_section][accordion_father][accordion_son title=”About CRI Group” clr=”#ffffff” bgclr=”#1e73be”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][accordion_son title=”Meet our CEO” clr=”#ffffff” bgclr=”#1e73be”]Zafar I. Anjum, is Group Chief Executive Officer of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations.  Headquartered in London (with significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.

Contact CRI Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

 

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com[/accordion_son][accordion_son title=”Sources & Credits” clr=”#ffffff” bgclr=”#1e73be”]This Q&A article is based on a 2017 Financier Worldwide interview.

Since 2001, Financier Worldwide has provided valuable information on corporate finance and board-level business issues through its monthly magazine and exclusive website content. As a leading publisher of news and analysis on this dynamic global market, the organisation is recognised as a valued source of intelligence to the corporate, investment and advisory community. More from Financier Worldwide:

Download 2018 annual reviews by Mr. Zafar Anjum, CEO, and Ms. Fatima Farrukh, Compliance professional at CRI Group.

  • Click here to download the review of UAE (Mr. Zafar Anjum, CEO at CRI Group)
  • Click here to download the review of UK (Mr. Zafar Anjum, CEO at CRI Group)
  • Click here to download the review of Pakistan (Ms. Fatima Farrukh, 2018 Compliance professional at CRI Group)

[/accordion_son][/accordion_father][vc_empty_space]

HAVE YOU READ…

[/vc_column_text][vc_basic_grid post_type=”post” max_items=”10″ style=”pagination” items_per_page=”3″ item=”234″ initial_loading_animation=”none” grid_id=”vc_gid:1601283704013-1a6f16c0-52e9-3″ taxonomies=”146″][/vc_column][/vc_row][/vc_section]