Mark Your Calendars for the GOV HR Summit this October 9th & 10th!
We are thrilled to announce …
Read MoreNewly published whitepapers examine corruption laws and fraud
Fraud and corruption are always evolving. Changes in methods, technology and other factors make it critically important those trying to prevent and detect it to evolve, as well. Part of that process is to analyse fraud, corruption, bribery, money laundering and other crimes through the lense of research and casework. When experts share their findings and their knowledge into the numerous laws and regulations that address fraud, everyone benefits – especially vulnerable businesses and other organisations. CRI Group has recently published three new whitepapers that provide insightful looks into issues at the forefront of fraud and corruption today. They range from deep dives into the U.S., U.K. and other anti-fraud and anti-corruption laws around the world, to close examinations of actual fraud cases that hold lessons for all of us. We invite you to download these whitepapers and increase your knowledge of fraud, corruption, proper compliance, risk assessments, due diligence and more.
1. “The Catalysts for Economic Crime: An Investigative Study Into Causal Factors of the Perpetration of Transnational Financial Crimes”
This whitepaper provides an in-depth study of transnational financial crimes and the national laws and regulations that govern them. Laws in the U.S. and the U.K, in particular, are compared and examined in terms of effectiveness in preventing financial crimes.
The comparative study focuses on corporate fraud. “The Catalysts for Economic Crime” pursues the question as to how weaknesses in national laws can be considered “a core causal factor in the perpetration of transnational financial crimes.” Readers will learn about the need to strengthen such laws or risk continued and increased criminal activity.
Different types of financial crimes are examined, including money laundering, due to its prominence as a form of transnational financial crime. The research provides a detailed discussion of the inadequacies in current national laws, and proposes solutions through increased accountability, compliance-focused on self-governance and heightened monitoring for violations, among other important considerations. Download the whitepaper for free.
2. “Countering Bribery & Corruption in the Public & Private Sectors: Anti-Corruption Culture, Risk Assessment, Auditing & Compliance”
This publication provides an insightful look at the responsibility of corporations to monitor and mitigate risks. This whitepaper examines two high profile corruption cases, Airbus and Rolls-Royce, to provide a deeper understanding of how bribery and other financial crimes can take root at organisations without proper prevention procedures and inadequate controls.
The global nature of the enterprise that makes corruption even more prevalent in modern times also makes prevention more difficult. When it comes to putting procedures in place to prevent bribery and corruption, “the concept of ‘adequate procedures’ is “vulnerable to interpretation depending upon national or industrial jurisdiction … and many enforcement agencies and government authorities have failed to provide guidance regarding the definition of ‘adequate procedures’ as it shapes both Anti-Corruption guidelines and legal defence.
Case studies often provide an extremely effective way of demonstrating the effect of inadequate controls and procedures when it comes to corruption. In the cases of Airbus and Rolls-Royce, the financial crimes and their ramifications were significant. Airbus committed to financial penalties of $4 billion; a system of “intermediary leverage” involved hundreds of its agents in 16 countries “to encourage national and airline purchase of the company’s civilian aircraft and satellites.” In the case of Rolls-Royce, a four-year investigation uncovered corruption, false accounting and failure to prevent bribery, leading to fines in excess of ?497.2 million – which accounted for approximately 3.4% of Rolls-Royce’s revenues for 2016. Find out what can be learned from these cases and how proper controls could have prevented them. Download the whitepaper for free.
3. “Organised Catastrophe of Pakistan International Airlines: Major Critical Risk Elements – Mismanagement – Corruption”
This whitepaper provides another case study, this one a close examination of Pakistan International Airlines (PIA) which has been embroiled in a scandal. The cases of professional fraud involve fake degrees and fraudulent licenses, and there have been cases of air accidents with loss of lives. This white paper investigates how the PIA case is not a coincidence, but rather an “organised failure of institutional management, state, and internal controls.”
In fact, the PIA investigation comes at a time when fraud and corruption among state-owned enterprises in Pakistan and elsewhere is rising at an alarming rate. This has links to fraud in governmental institutions, and PIA is just a high-profile example of what can result when such corruption goes unchecked.
This whitepaper analyses two major risk elements at PIA, in terms of mismanagement, and corruption in the form of kickbacks. This research paper also proposes solutions for dealing with such systemic, organizational crimes, the foundation of which is to implement a business-based risk management framework. Download the whitepaper for free.
Let’s talk!
If you have any further questions or interest anti-corruption solutions, please contact us.
CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligence, third-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.
Is your Third-Party Risk Management (TPRM) strategy efficient?
Third-Party Risk Management Strategy
A business owner knows that one cannot produce a complete set of products and services to offer to their customers. Still, the need exists for having as many complementary products, or services, besides the main thing your company provides, to keep a client satisfied. Today, people will look for that particular company that can provide them with as many services and products they need in one place and the one with the best price for all of these. Thus, to make that happen, a business manager must find business partners to collaborate with for enriching the offer and attracting more customers. But there is a serious risk of doing so. If your business partners use unreliable materials, they do not respect terms or are dishonest when doing business. Then it may cost your company a great deal of money and customers.
Yes, today’s business environment is tough, and you should always be on the lookout to avoid situations that might be detrimental to your company and reputation. The consequences of dealing with the wrong business partner can even be devastating in some cases. If you never had to deal with such partners until now, then you are in luck. But never go on the premise that this can’t happen to you. There are many out there looking to make money, but without offering or guaranteeing quality services and products. Here is what can happen if you are the victim of a failed partnership:
- You can lose large sums of money, in a concise period, in case your collaborator disrespects terms;
- Along with the money, you will also start losing customers, disappointed by delays, poor quality, and unreliability, making your reputation suffer as well;
- The entire supply chain will face severe unbalances if one of the third-party providers fails to respect his duty. And getting it back on track can consume a lot of time and resources because, in the absence of an emergency plan, things will not be solved rapidly;
- Data can leak from your network because the security that is intended to prevent these things from happening is poor and not managed correctly;
- And there are always the litigation risks, corruption, and malpractices that come up in poor business practices.
Now, as a business manager, are you ready to tackle these mentioned risks?
Can you imagine the sums of money that these risks will cost your company? And just like a game of domino, if any of the previous threats take place, other adjacent consequences, which will be impossible to manage or stop, like a drop in sales and profit, customer boycott, and others, will also occur. You should never disregard these risks and live by chance. An effective risk management program will determine the weak spots and prepare you upfront for managing an unwanted situation. You will know when and where intervention might be needed and, based on a risk assessment, the best solution will also be easy to find.
CRI® Group noticed the need to develop an effective risk management strategy, observing how the market changes from one year to another. Having extensive years of activity in the business environment, CRI® Group noticed many cases in which companies had to suffer a great deal because of making deals with unsuitable partners. Thus, from the desire to offer a method to keep your business safe, together with your employees, and maintain the number of your customers, won by hard work and dedication, CRI® Group managed to come up with a comprehensive risk management method. It covers the most sensitive aspects that may take place when collaborating with third parties.
Everything from the basics of service and delivery to financial processing and other crucial aspects when managing a business will be under close observation. The goal is to identify risks with an increased potential for causing damages to be controlled, and prevention methods have taken before they even occur. Thus, your business will always stay on the safe side and risks minimised to a level from where they cannot harm.
Read more on “How Risk Management and Due Diligence Interlock?”
Probably the highest risks may appear in the case where you decide to work with a partner outside your country. The offer may be the best available and suit your needs, perfectly understandable. But such a relationship is also the most difficult to handle, especially when things go wrong. Still, it doesn’t mean you should not collaborate with anyone you like if the conditions of the collaborations suit your requirements. In these situations, a risk assessment is more than necessary to ensure that you won’t spend more money than needed to cover losses.
With the help of CRI® Group’s team of skilled public record researchers, analysts, forensic services specialists and Certified Fraud Examiners, you will know, before signing any agreement, if your future partners are the right ones to do business with. The examiners have access to information covering five continents, going wherever it takes to make a detailed investigation. You will have all the data you need to know about the partners you intend to collaborate with and the risks involved in such a partnership. So, you will be able to make the best-informed decisions for your company.
Concerning risks, you probably would like to know what the cost-benefit aspects connected to a particular third-party collaboration are. Well, CRI® Group has everything included in its third-party risk assessment. Everything will be placed on the spot and verified to function as needed so that when a risk intends to occur, it can be seen and solved in an efficient and timely manner. Based on the evaluation results, we will also advise you what staff members are suitable to keep an eye on a certain aspect and will ensure a close-range control for mitigating key risks. Also, if any gaps are detected in the system, which may endanger the efficiency of managing risk, these shortcomings will be addressed during the assessment period, not allowing it to go any further.
A TPRM customised solution that best suits your needs
With the third party risk management offered by CRI® Group, you will benefit from external protection. The offer you will receive on the paper from a potential partner can differ very much in reality. With the ability to access international databases, courts, public records, and even contact local advisors, each foreign partner will be checked accordingly. To prevent any unwanted event from happening, it is best to do this assessment right from the start, so you will know with whom you are dealing.
Instead of spending your money useless by purchasing products without knowing for sure if they will respect the promised quality details and losing more money to cover the disaster in case you receive something else than you expected, it is wiser to invest just a little in a risk assessment. CRI® Group holds all the knowledge and experience needed to keep you safe from situations like this, keeping your money and reputation safe and helping you close reliable partnerships.
It is not worth gambling your company’s assets when effective TPRM is available. CRI® Group helped more than 3,800 corporate clients across the globe to keep their businesses and reputations safe and sound. It is time to join the group of companies that enjoy the protection and can unroll successful business activities because they are always aware and prepared to tackle any potential risks. You worked so hard and sacrificed so much time to get here; it is just not worth ignoring the reality, where risks lurk at each move and decision you make.
VIEW 3PRMTM BROCHURE
Business Interruption and Brand Damage. Enjoy great prices and products offered by providers from anywhere globally because CRI® Group’s TPRM 3PRM-Certified™ safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. You will be sure that whoever wishes to become your affiliate is a reliable and honest person, 3PRM™ is a solution, and a proactive risk-based approach to mitigating the risks involved with third-party affiliations protects the organisation from liability.
Your partnership will be efficient from a cost point of view, and a backup plan is made, just in case you need to take action when something does not work according to plan. Everything is taken care of, to the smallest detail. As a manager, you don’t even have to know or bother with what a risk assessment means because the CRI® Group professionals will do that for you.
You will need to know the final risks and how the situation presents itself. You will be briefed, and all aspects will be brought to your knowledge, together with pieces of advice on how you can manage a situation to diminish any potential losses for your company. Doing business has never been safer.
We have more than 30 years of experience in the field, so it has everything it takes to advise you in the best way possible. See your business thrive because all the partnerships you will conclude will be fruitful from now on. Staying one step ahead of any risk to your organisation is part of being an effective business leader. Contact us today to get started on implementing a robust program that will serve you well for years to come.
GET A FREE QUOTE NOW
Risk Management goes beyond TPRM.
CRI® Group provides the knowledge required to navigate unfamiliar markets and mitigate third-party risk by assessing the backgrounds, integrity, and character of those you do business with. Our 3PRM-Certified™ program is key for managing an organisation’s third party risk levels. However, this is only one of the several vital steps towards a robust risk management strategy implementation.
Risk management is the identification, evaluation, and prioritisation of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimise, monitor, and control the probability or impact of unfortunate events to maximise the realisation of opportunities. Risks can come from various sources, including your employees.
Getting Started with ISO 31000 Risk Management?
DOWNLOAD ISO 31000 PLAYBOOK NOW
About CRI® Group
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider.
We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.
ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
When is due diligence most critical?
Importance of due diligence
Importance of due diligence, when it is most critical? Due diligence means taking reasonable steps to satisfy legal requirements in the conduct of business relations. However, the reality of proper due diligence means so much more: it allows you to reduce risks, including risks arising from the Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act, to make informed decisions and pursue takeovers or mergers with more confidence.
Unlike other kinds of control (audits, market analysis, etc.), integrity due diligence should be completely independent and thereby rely as little as possible upon information provided by the researched subject. In short, due diligence is an essential function of any successful business model, and having the proper procedures in place will help protect your organisation from the threat of the unknown.
Due diligence on business partners: What you don’t know can hurt you.
The importance of due diligence regarding potential business partners is vital to confirm the legitimacy and reduce the risks associated with such professional relationships. Global integrity due diligence investigations provides the critical information you need to make sound decisions regarding mergers and acquisitions, strategic partnerships, and the selection of vendors and suppliers.
The level of investigation will ensure that working with a potential trade partner will ultimately achieve your organisation’s strategic and financial goals. Integrity due diligence includes essential types of checks that can help uncover such facts include the following:
- Vendor due diligence and M&A due diligence on new commercial relationships, JV partners, acquisition targets, agents & distributors
- Compliance due diligence – e.g., FCPA compliance, UK Bribery Act compliance and other international counter-bribery legislation
- Due diligence investigation on third-party suppliers, agents or distributors
- In-depth investigations ahead of mergers, acquisitions & joint venture formation
- Pre-IP background checks
- Research into recipients of proposed equity investments or loans
- Enhanced due diligence during the client on-boarding process
- Help with document review, risk rating, & programme audit
- Training for in-house due diligence staff
How it works
DueDiligence360™ services provide the specialised intelligence needed by any financial institution and multinational corporation to guarantee complete compliance with international regulations and legislation involving trans-national implications.
These types of reports help you comply with anti-money laundering, anti-bribery, and anti-corruption regulations or provide the information you need before a merger, acquisition, or joint venture.
You can also use them for third-party risk assessment, onboarding decision-making, and identifying beneficial ownership structures. The types of parties that your organisation should consider for integrity due to diligence checks could be found here.
Identify key risk issues clearly and concisely using accurate information in a well-structured and transparent report format. Our comprehensive range of reports includes specialised reports that support specific compliance requirements.
Protect your reputation and the risk of financial damage and regulator action using our detailed reports. They enhance your knowledge and understanding of the customer, supplier, and third-party risk, helping you avoid those involved with financial crime.
Global coverage that makes the difference
Within the global network, CRI Group works with companies across the Americas, Europe, Africa, and the Asia Pacific as one-stop international risk management, background screening and DueDiligence360™ solutions provider.
We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. CRI Group’s global team of assets have unrivalled experience across local geographies.
They can navigate the automated and transparent developed world systems and the mostly off-line processes required in many emerging markets. As a result, we work both directly for clients and as a discreet white-labelled supplier to some of the world’s largest risk management consultancies.
Wherever your candidates, employees, or suppliers are in the world, we’ve got them covered. Don’t leave risk management to chance. Take a proactive stance with the highest level of DueDiligence360™ as a part of your essential business strategy. Contact us today to learn more about our full range of services to help your organisation stay protected.
Who is CRI Group?
Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider.
We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be.
CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.
ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
ISO 37001: Applying Anti-Bribery Framework to Third Parties
In 2016, responding to the need for a global standard to help organisations prevent and detect bribery and corruption, the International Organization for Standardization (ISO) introduced ISO 37001: Anti-Bribery Management Systems. This certification provides the anti-bribery framework for organisations of any size or industry to implement practical solutions against bribery. Perhaps overlooked, however, is the fact that ISO 37001’s framework isn’t designed only for an organisation’s own internal systems. It can also be applied to existing or potential third-party partners. This adds a crucial layer of third-party due diligence and risk management in today’s world of international business.
The ISO 37001 Framework
Corporations, agencies, and even small companies don’t exist in a bubble. The reality of international trade and the interconnectedness of business make the potential for bribery and corruption a serious and continuous concern. While there are laws that govern business conduct along these lines, such as the Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act 2010, prior to 2016 organisations lacked a unified standard to help them implement proper controls for prevention and detection. This was a critical vulnerability, considering new laws in various jurisdictions were prescribing heavier penalties, and governments were, by and large, pursuing more enforcement actions.
Recognising this need, ISO unveiled 37001 with a twofold approach: Provide a practical, measurable system that organisations can implement to prevent and protect fraud; while keeping the system flexible and adaptable to fit any industry or jurisdiction. ISO was uniquely positioned to develop such anti-bribery framework with its reputation, having been in the standards business since 1947; and its global reach, which includes 164 member countries. Click here to read the full article.
Don’t let corruption thrive. Take a proactive stance with the highest level of compliance as a part of your essential business strategy. Contact us today to learn more about our full range of services to help your organisation stay protected. Get a FREE QUOTE
About CRI Group!
Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][/accordion_father][/vc_column][/vc_row]
You suspect employee fraud. Now what?
When any type of fraud, including employee fraud, is discovered, it’s usually by surprise. That’s because most of us aren’t used to looking for criminal behaviour inside our own organisation. We trust our employees and co-workers, and we keep our focus on succeeding as a team and accomplishing our goals for the business. Nobody wants to think that someone might be subverting the rules for their own personal gain.
Unfortunately, though, fraud does happen. The statistics tell us that on average, organisations lose about 5 percent of their total revenues to fraud. If that’s not bad enough, the average fraud lasts 18 months before being discovered – if it is discovered at all (ACFE, 2020).
One of the problems is that, since we aren’t looking for fraud, we sometimes don’t want to believe it when we do encounter its red flags. Though they may be unmistakable to some, when it involves our trusted co-workers (and even our superiors) sometimes we try to rationalize or ignore those signs altogether. Accounting discrepancies are one thing, but what about the more subtle things – like behavioural red flags? The following are a few examples:
- The subject appears to be living beyond their means
- They are having financial difficulties
- They have an unusually close association with a vendor or customer
- The subject shows excessive control issues or unwillingness to share duties
- They demonstrate unusual irritability, suspiciousness, or defensiveness
- The subject has what can be described as a “wheeler-dealer” attitude involving shrewd or unscrupulous behaviour
- They have recent divorce or family problems.
Now, these are just warning signs. None of them mean that fraud is definitely taking place. But it’s worth noting that, according to the ACFE, “at least one of these seven red flags had been identified before the perpetrator was caught in 76% of all cases.”
When such behaviours are put in the context of real discrepancies, such as accounting problems, missing cash or inventory, or other issues, a picture of fraud can begin to take shape. While most fraud is discovered by accident, having employees who are trained to recognise red flags is no accident and makes your organisation better protected in the long run.
So, now you’ve discovered fraud in your organisation. What happens next?
1. Report it
Depending on your company’s anti-fraud policy, you should follow the proper reporting channels. Many organisations have an anonymous reporting system, such as a hotline or online module, through which they can report suspected fraud without fear of retaliation. Such a system is highly recommended, as it directly results in more fraud tips and helps you uncover bad behaviour sooner, before it’s done the most damage.
2. Begin an investigation
Organisations that don’t have their own anti-fraud professionals on staff should engage an outside firm that specialises in financial investigations whenever fraud is suspected. These experts will review your fraud tip and lead your organisation through the next steps.
3. Gather evidence
Only seasoned experts should engage in an investigation because improper evidence collection can harm the potential to bring a case to court, should it rise to that level. Also, professional fraud investigators have an understanding of privacy laws and know what is and isn’t admissible in terms of gathering evidence in the workplace.
4. Interview witnesses
Part of the evidence-gathering phase, witnesses should be interviewed to draw a clear picture of what has taken place. They should be interviewed individually by anti-fraud professionals, who know how to elicit the information they need to uncover the truth.
5. Contact law enforcement
As the investigation proceeds, if fraud appears to be a proven concern, the employee should be terminated from employment and law enforcement should be informed. Without prosecution, the fraudster will just move on to their next victim.
6. Review and update your anti-fraud controls
How did this fraud happen? Were anti-fraud measures too weak, or were they not properly followed? Now is the time to evaluate risk management and control systems to learn from this case, and prevent the next fraud. Due diligence experts should be engaged to provide an objective, thorough examination of your control systems and make recommendations that will improve your level of protection.
CRI Group has experts who have conducted fraud investigations all around the world, for organisations of all sizes and industries. Our investigators work on-site at your company bringing a boots-on-the-ground approach to uncovering all the facts of the case. When you’ve uncovered fraud, that’s the time to let the experts take over. You owe it to yourself and the future of your business to make sure every investigation is done professionally and effectively. Contact CRI Group to learn more about our fraud investigations today. Get a FREE QUOTE
CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligence, third-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.
Managing Third-Party Risks: A Checklist
THIRD-PARTY RISK MANAGEMENT CHECKLIST
Third-party risk management checklist. Fraud doesn’t take a break in times of crisis – in fact, that’s often when it thrives. And the same is true for supplier fraud. Unethical business practices by third-party partners can directly impact your organization in all sorts of ways. This type of fraud can cause financial, logistical, and reputational harm.
Locked in the grips of the COVID-19 pandemic, New York City found itself desperately in need of medical supplies. In particular, the city hit hard by the pandemic required millions of 3M-brand N95 respirators, the type that keeps health care workers, police, paramedics and others safe. A supplier emerged to fill this need potentially.
Unfortunately, he had a scheme to defraud the city of $45 million through price-gouging and fraudulently posing as a 3M- dealer. The formerly used car dealer in New Jersey, the fraudster now faces wire fraud and wire fraud conspiracy charges in a three-count criminal complaint unsealed in the U.S. District Court in Manhattan (New York Times, 2020). Managing Third-Party Risks
The case is an unfortunate reminder of what type of fraud and corruption lurks in supply chains. While a crisis presents new vulnerabilities – often, safeguards are bypassed for urgency – companies must be always on guard for third-party fraud. Due diligence isn’t just a corporate buzzword, nor is it a concept to keep compliance officers happy. It must be an integral part of every organization’s core business model. Every organization can do the following key third-party due diligence measures to stay better protected from supplier or contractor fraud.
THIRD-PARTY RISK MANAGEMENT CHECKLIST EVERY ORGANISATION COULD USE:
1. Identify vulnerabilities
Before evaluating its third-party partners, an organization should look inward and measure its own risk management tools. These include the following:
- Audit and supervision functions
- Business continuity plans, supply chain alternatives (very critical would considering third-party contracts)
- Jurisdictional considerations
- Data and IP protection
- Whistleblower policies
2. Conduct due diligence
The organization should engage a risk management process on all current and potential suppliers and contractors. For each third party, the organisation should evaluate the following:
- Business and operations
- Financial condition and reputation
- Experience, culture, vision and business style
- References and government records (including any legal action, bankruptcies, structure changes)
- Background checks (including ownership and key personnel)
- Insurance and certifications
3. Maintain management oversight
Due diligence is only worthwhile if appropriate action is taken in response to its findings. Once third-party partnerships have been evaluated and approved, the organization should continue to manage, monitor and maintain these relationships. Risk management is not a one-time process. It should be scheduled regularly (yearly at minimum) to ensure the proper standards are maintained for the organization. Not every company or government organization is ordering emergency supplies due to COVID-19 or other crises. With proper third-party due diligence, third-party due diligence can protect organizations year-round from the risk of any of the following serious pitfalls:
- Merging with an international business embroiled in behind-the-scenes legal battles.
- Getting caught up in making procurement decisions involving the inappropriate influence of government officials who were slated to receive kickbacks.
- Partnering with organizations that are potential credit risks, have claimed bankruptcy, have dissolved stated companies or are faced with debtor filing.
- Awarding work to an overseas contractor with absolutely no prior experience
- Affiliating with a contracting company owned by a politician with significant influence on future awards
It is recommended and necessary for many organizations to have a team of professionals guide you through implementing a comprehensive program for third-party risk management. That’s where CRI® Group comes in. We have one of the largest, most experienced and best-trained integrity due to diligence teams globally. With multi-lingual teams that have conducted assignments on thousands of subjects in over 80 countries, CRI® Group’s due diligence experts are committed to maintaining and constantly evolving our global network.
Managing risk effectively is essential to ensure businesses succeed and thrive in an environment of constant uncertainty. This playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:
- What is ISO 31000? Why is this Standard a good idea?
- ISO 31000 framework, why was it revised? And What are the main differences?
- Key Clauses of 31000:2018 and Who is the standard for?
- The process and the link between 31000:20180 and other standards
Getting Started with ISO 31000 Risk Management?
DOWNLOAD ISO 31000 PLAYBOOK NOW
3PRM-Certified™ a third-party compliance verification and certification program
As the risk for data breaches and supply chain disruption continues to rise with COVID-19, so does the need for effective third-party risk management (TPRM) programs. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organization considering how to better equip your team with the best knowledge and skills, the 3PRM-Certified™ program is an all-in solution. Our 3PRM™ service is flexible, and we tailor our scope to address an organization’s specific concerns and risk areas. CRI® Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organization from liability, brand damage and harm to the business. The 3PRM-Certified™ program includes a focus on the following:
- Providing third-party risk assessments
- Meeting contracting requirements
- Conducting due diligence
- Identifying potential fraud risks
- Providing management oversight
Utilizing a network of trained professionals positioned across five continents, CRI® Group’s 3PRM services utilize one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy AML and anti-corruption compliance program.
This TPRM Strategy program will help organizations establish the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Third-party relationships are critical in business today and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organization, an organization cannot overestimate the consequences of inadequate due diligence.
VIEW 3PRMTM BROCHURE
Let’s Talk!
Get ahead of any potential problems down the road with suppliers, contractors, and other third-party partners. Our extensive solutions include due diligence, employee pre- and post-background screening, business intelligence and compliance, facilitating any decision-making across your business no matter what area or department. Contact CRI® Group today and learn more about our third-party due diligence and risk management solutions. If you have any further questions or interest in implementing compliance solutions, please contact us.
GET A FREE QUOTE NOW
About us…
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.
In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.
MEET THE CEO
Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.
Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.
CONTACT INFORMATION
Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com
Wal-Mart: a professional TPRM implementation would have avoided this situation.
Lack of TPRM strategy can be an expensive reminder of how important is it to balance the risks and benefits of using third parties to deliver business services.
On June 20, 2019, Walmart Inc global retail corporation, settled a long-running corruption investigation by the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) to resolve a long-running U.S. bribery investigation into allegations of bribery by its employees.
According to the agreed-upon statement of facts in the DOJ settlement documents, as well as allegations in the SEC administrative order, from 2000 until 2011, despite the fact that certain Walmart personnel responsible for implementing and maintaining the Company’s internal accounting controls related to anti-corruption were aware of certain controls failures, including failures related to potentially improper payments to government officials by certain Walmart foreign subsidiaries, Walmart failed to implement appropriate internal controls to prevent such improper payments.
The DOJ alleged that Walmart failed to do the following:
- Conduct sufficient anti-corruption due diligence on third-party intermediaries (“TPIs”) who interacted with foreign officials;
- Implement appropriate controls related to payments to TPIs;
- Require proof of services before paying TPIs;
- Require that TPIs had written contracts with anti-corruption compliance provisions;
- Ensure that donations ostensibly made to foreign government agencies were not converted to personal use by foreign officials; and
- Implement appropriate policies covering gifts, travel and entertainment for foreign officials.
With a total of $282 million in penalties and disgorgement and its Brazilian subsidiary pleading guilty to criminal charges, the deal could have easily been avoided with a professional due diligence implementation.
The Arkansas-based global retail corporation settled a long-running corruption investigation by the U.S. Department of Justice (the “DOJ”) and the Securities and Exchange Commission (the “SEC”) (collectively the “Government”), with the Company paying a total of $282 million in penalties and disgorgement and its Brazilian subsidiary pleading guilty to criminal charges.
Expensive Reminder About the Importance of Due diligence
What is due diligence?
Due diligence is understood as the reasonable steps taken to satisfy legal requirements in the conduct of business relations. An Integrity Due Diligence allows you to reduce risks arising from the FCPA (Foreign Corrupt Practices Act) and the UKBA (U.K. Bribery Act), make informed decisions, and pursue takeovers or mergers confidently. In the business world, due diligence refers to the organisation’s investigation and steps to satisfy all legal requirements before buying or selling products and services or entering into a contract or a financial arrangement with another party.
Unlike other kinds of control (audits, market analysis, etc.), it must be independent and rely as little as possible upon information provided by the researched subject. The other significant difference lies in the methodology: commercial or financial due diligence analyses available information, Investigative Due Diligence provides reliable and pertinent, but raw, information.
When conducting investigative due diligence, you can identify key risks; it can enhance your knowledge and understanding of the customer, supplier, employee and third-party risk, helping you avoid any compliance.
Protect your reputation and the risk of financial damage and regulator action using our detailed reports.
Types of transactions
Professionals can be hired to conduct investigations or audits of business deals involving a variety of transactions, such as:
- merger & acquisition;
- potential investment in securities;
- real estate transaction;
- business purchase or sale; and
- investment in a new product or technology, and so on.
Types of investigations
The standard types of investigations that are conducted include:
- Conflict of interest investigation;
- Review of financial records;
- Confirmation of financials with a bank or other financial institution;
- Credit checks from credit reporting companies (such as Equifax);
- Property title checks obtained from a trusted source (e.g. land titles office or your lawyer); and
- Confirmation of corporate status, directors, officers, and shareholders (if applicable).
How can a professional fraud investigator help?
- review client documentation and information to identify red flags of fraud;
- conduct standard public record searches on the people or issues identified;
- conduct covert and overt interviews and gather intelligence utilising other covert and overt methods; and
- after an initial investigation is completed, request that their clients meet with the proposed parties to the transaction to gauge their credibility against the information that the investigator has found about them.
How CRI® can help
We enable businesses to make better decisions about the third parties they choose to work with. We help you make better decisions faster. We examine risk from every angle so you can make better-informed decisions. And we provide you with the insights you need to identify the partners who will create better long-term value for your business.
COVID-19: Top risk management concerns
A global crisis calls for a fresh due diligence and risk management review of your company’s third-party partnerships
The worldwide coronavirus pandemic has disrupted life in just about every word, from personal health concerns and social distancing to shelter-in-place mandates and business closures. But in the corporate world, life plods on. Critical concerns about ongoing sales and revenue, keeping personnel employed, safety issues inside the workplace, and uncertainty about the future make business leaders lose a lot of sleep these days.
An added element that global organisations should genuinely be concerned about is the ongoing viability of the supply chain. The pandemic is affecting different parts of the world at varying levels, so it’s vitally important to be continually vigilant in how the crisis affects your third-party suppliers and how those supply chain partners behave and maintain legitimacy in these uncertain times.
The healthcare industry is on the front line of the global supply chain battle, as it feverishly addresses an unprecedented demand for personal protective equipment. The shortage of PPE (Personal Protective Equipment) has forced many organisations – out of sheer desperation – to seek and purchase supplies from just about any outside source that can produce what’s needed. This panic buying has led to unscrupulous manufacturers producing and flooding the market with sub-standard products that, aside from being grossly overpriced, are putting an untold number of lives in peril. Further, the global demand for PPE has fostered rising occurrences of bad actors who see lucrative opportunities for bribery, tax evasion and money laundering amid crisis and confusion.
The pandemic has thrown many other industries into complete disarray, which will naturally open the doors for opportunists to do what’s necessary to take advantage of the situation. And suppose your organisation happens to be affiliated with these bad actors. In that case, the long-term effects can be potentially devastating, affecting the organisation’s reputation, and resulting in untrusting customers, lost business, loss of market value, decreased share price, litigation, and any number of regulatory penalties.
Crisis Situations Require Enhanced Due Diligence
A Third-Party Risk Management Program is not a passive process. It requires time and effort, and, as we’ve witnessed during the present global crisis, the risks associated with Third-Party partnerships are continually evolving. Those outside risks can be found on many operational levels, from a supplier’s present working conditions and the protection of customer data to safeguarding the company’s intellectual property and suspicious changes in pricing and payment terms, among others. Here are several items to consider in re-evaluating the company’s relationship with Third-Party partners during this critical period:
- Essential Workers – Is the company observing the latest guidance related to safety practices for that personnel still working on the production lines? Is the company providing PPE protection and following social distancing on the factory floor?
- Remote Workers – Is the supplier’s staff working from home now? How do you know those staff members, working on your behalf, are behaving correctly and completing their work? Who is overseeing the production of at-home workers?
- Customer Data – If staff is working remotely, how are they accessing vital company data? Is the at-home network protected? Can it be accessed and infiltrated by unaffiliated outside parties?
- Information Sharing – Has the supplier addressed intellectual property protection concerning at-home workers? Are the various corporate (and at-home) communication channels safeguarded, including email accounts, online chats, direct messaging, video conferencing and phone calls?
- Product Quality – Can the supplier still provide proof of product viability, including compliance with safety, quality, labelling and other standards?
- Production, Component and Logistical Costs – Has the supplier altered its various costs in response to the crisis? Has it provided acceptable reasons for the changes? Are these additional costs verified and justified?
- Relationships with Agents – Are the agents that assist in your global supply chain maintaining business integrity during the crisis? Are there unreasonable changes to pricing, terms and delivery dates?
- Regulatory Compliance – Is the supplier complying with local, regional and national mandates recently enacted as a result of the pandemic?
Remember, your organisation is only as safe as the least protected component of your Third-Party supplier network. It’s vital to ensure adequate protection against the rising number of risks associated with the recent worldwide crisis.
The Need for Leadership in These Challenging Times
Desperate times call for desperate measures, and these are most undoubtedly desperate times. An organisation where leadership, management and workforce do not take the third-party risk seriously will eventually suffer the consequences brought on by lack of action. And to those organisations that practice effective risk management, passive engagement in times of crisis is not enough.
The key to effective risk management during these times is proactivity. Asking difficult questions now can save you from answering accusatory questions later. Questions company management might immediately consider include:
- Are our suppliers equipped to protect our sensitive information against today’s risks?
- How sophisticated are our cloud and social media security?
- Are our suppliers capable of adapting to regulatory compliance changes?
- Are proper redundancies in place to ensure our information is protected against disaster?
- Will we be prepared if one of our suppliers unexpectedly shut down a line or closed its doors?
- Do we have the adequate tools to vet new or replacement suppliers properly?
- Who owns the risk management process internally? What additional resources do they need to succeed in the current situation?
- Do we have a set methodology for addressing incidents involving our suppliers?
- Do we maintain an accurate and complete interactive inventory of our suppliers?
- Can we identify warning signs with suppliers?
- Do we have a well-communicated reporting process?
The coronavirus pandemic has created crisis and uncertainty that we’ve never experienced. And crises are breeding grounds for bad actors who see opportunity in the midst of uncertainty. Ongoing due diligence of third-party partners in times of crisis is vital to safeguard the organisation’s long-term interests and protect it from an increasing number of outside risks.
Let’s Talk!
If you have any further questions or are interested in implementing compliance solutions, please contact us.
Who is CRI® Group?
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider.
We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body that provides education and certification services for individuals and organisations on a wide range of disciplines and ISO standards, including ISO 31000:2018 Risk Management- Guidelines, ISO 37000:2021 Governance of Organisations, ISO 37002:2021 Whistleblowing Management System, ISO 37301:2021 (formerly ISO 19600) Compliance Management system, Anti-Money Laundering (AML) and ISO 37001:2016 Anti-Bribery Management Systems.
ABOUT THE AUTHOR
Zafar I. Anjum is Group Chief Executive Officer of CRI® Group, a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.
t: +44 207 8681415 | m: +44 7588 454959 |e: zanjum@crigroup.com
COVID-19: Fraudsters are preying on fear and confusion
In a time of crisis, we often see the best in people. Even before COVID-19 was officially classified by the World Health Organization (WHO) as a global pandemic, citizens and government leaders were praising the selfless sacrifice of doctors, nurses, first responders and others putting themselves in harm’s way to help treat and limit the spread of the disease. Unfortunately, a crisis can also bring out the worst in some people. Fraudsters who prey on people’s fear and confusion tend to waste no time when a global disaster strikes. COVID-19 is relatively new and still spreading, yet fraud schemes are multiplying like the virus itself as criminals look for vulnerabilities among a fearful population.
Interpol issued a warning on March 13 that fraudsters are “exploiting the fear and uncertainty” around COVID-19 through several different schemes utilizing different approaches. These include telephone fraud, through which “victims receive calls from criminals pretending to be medical officials, claiming a relative has fallen sick with the virus and then requesting payment for their treatment;” and phishing, in which “victims receive emails from criminals pretending to be from health authorities, or legitimate companies, using similar looking websites or email addresses” (Euronews, 2020).
While the public might be surprised to see an uptick in shameless fraud schemes during such a time, investigators are not. Disaster fraud is a common scourge of law enforcement and regulatory bodies everywhere. For example, in 2012, Hurricane Sandy devastated the Caribbean and eventually wreaked havoc upon the U.S. eastern seaboard. More than a hundred individuals in New Jersey alone were prosecuted for filing fraudulent applications for relief funding. Investigators in the southern U.S. launched similar actions after Hurricane Harvey in 2017.
Fraud that preys on the fearful or vulnerable is even more insidious. That’s what investigators are seeing right now as COVID-19 continues to spread. The Food and Drug Administration (FDA) and the Federal Trade Commission (FTC) recently issued warning letters to seven companies for selling fraudulent COVID-19 products. “These products are unapproved drugs that pose significant risks to patient health and violate federal law. The warning letters are the first to be issued by the FDA for unapproved products intended to prevent or treat “Novel Coronavirus Disease 2019″ (COVID-19)” (FDA, 2020). The FDA and FTC are taking this action as part of their response to protecting Americans during the global COVID-19 outbreak.
The FDA and FTC issued warning letters to Vital Silver, Quinessence Aromatherapy Ltd., Xephyr, LLC (doing business as N-Ergetics), GuruNanda, LLC Vivify Holistic Clinic, Herbal Amy LLC, and The Jim Bakker Show. In some cases, colloidal silver was being fraudulently peddled as a successful treatment for preventing and/or curing COVID-19.
An article in New York Magazine provides an insightful look at various herbal and homeopathic “cures” that become a hot commodity at times of widespread illness. As the article points out, useless treatments aren’t simply harmless. They can have a seriously detrimental effect when they replace actual science: “Even without the looming threat of a pandemic, pseudoscientific cures can pose a real threat to the public. No scientific evidence supports the claim that homeopathy has curative properties, for example, and relying on unproven treatments without the assistance of conventional medicine can put a person’s health at risk. Some popular treatments, like colloidal silver, can actually be dangerous if consumed in enough quantities. Nevertheless, alternative medicine is a big market in the U.S. Americans spent $30 billion on alternative medicine in 2012; by the time COVID-19 appeared, people were already primed to trust dubious cures” (New York Magazine, 2020).
So how can the general public avoid frauds and phishing schemes during a crisis? Here are some things to keep in mind:
- Be suspicious of emails that are peddling cures or medical devices. Don’t click links or open attachments.
- When searching for information online, be aware of fake websites impersonating legitimate organisations. Check the web address carefully and don’t provide any personal information.
- Follow the same rule for unsolicited phone calls – under no circumstances should you reveal any personal or financial information.
- If you believe you have fallen for a scheme, contact your bank or credit card provider immediately.
Remember, fraudsters take advantage of a sense of panic among their victims that they have to take action immediately. Anyone (other than a legitimate government or medical official) who tries to pressure you to make a decision, especially a financial one, may try to scam you. Keep a cool head, do your research, and don’t panic. Businesses are not immune to such frauds, either. If you think your business has fallen prey to a scam, contact CRI® Group immediately. Our investigators are standing by to help prevent and detect such schemes.
Let us know if you would like to learn more
If you have any further questions or are interested in implementing compliance solutions, please contact us.
About us…
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.
In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.
MEET THE CEO
Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.
Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.
CONTACT INFORMATION
Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com
Building a Resilient and Defensible Third-Party Risk Management Compliance Program
Third-Party Risk Management Compliance Program:
Does your business have a Third-Party Risk Management (TPRM) Compliance Program? Are you establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business?
It’s highly probable that, at some point, organizations that affiliate with outside providers will eventually have to deal with an operational interruption resulting from third-party related issues and inappropriate conduct. The risks involved in partnering with outsiders hasn’t changed over the centuries. It’s the potential liability that’s been ratcheted up several notches. International borders have been ripped down. Technology has improved the way businesses communicate.
Easy access to data and information enables the media to report on business news before a business can properly respond. And the markets are quick to form opinions based on a 24/7 on-demand news cycle. The result of this increased liability is problematic. Business litigation has skyrocketed. Corporate reputations are constantly being assaulted. Business strategies are forever shifting. Board members are increasingly subjected to intense scrutiny from outside critics, and a highly educated market responds immediately with their pocketbooks.
Discover How to Demonstrate a Resilient and Defensible Third-party Risk Management Compliance (TPRM) Program with 3PRM™ Services
CRI® Group has a network of local subject specialist operatives across the Middle East, Europe, South American and Asian regions to extend a helping hand and offer enhanced integrity due diligence being pre-emptive measures against:
- Experiencing financial loss when a third-party provider failed.
- Losing customers because of poor-quality service from a third party.
- Exposing breaches to data systems because of poor information security practices by a third party.
- Experiencing supply chain issues due to poor disaster recovery procedures by the third party.
- Being exposed to litigation because of relationships with an outside provider significantly violated contractual terms, potentially resulting in regulatory exposure.
When Working with third-party providers, CRI® Group designed a solution: 3PRM-Certified™. This proactive approach includes Integrity Due Diligence, Enhanced Due Diligence, Anti-Bribery and Anti-Corruption Compliance Solutions (incorporating ISO 37001 Anti-Bribery Management System accredited certification and training) to mitigating the risks involved with third-party affiliations to protect the organization from liability, business interruption and brand damage.
You may also like this article:
WHEN TO CONDUCT THIRD-PARTY SCREENING?
3PRM-Certified™ A Third-party Compliance Verification and Certification Program
As the risk for data breaches and supply chain disruption continues to rise with COVID-19, so does the need for effective third-party risk management (TPRM) programs. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organization considering how to better equip your team with the best knowledge and skills, the 3PRM-Certified™ program is an all-in solution.
Our 3PRM™ service is flexible, and we tailor our scope to address an organization’s specific concerns and risk areas. Our extensive solutions include due diligence, employee pre- and post-background screening, business intelligence and compliance, facilitating any decision-making across your business no matter what area or department. Get ahead of any potential problems down the road with suppliers, contractors, and other third-party partners. Contact CRI® Group today and learn more about our third-party due diligence and risk management solutions.
CRI® Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organization from liability, brand damage and harm to the business. The 3PRM-Certified™ program includes a focus on the following:
- Providing third-party risk assessments
- Meeting contracting requirements
- Conducting due diligence
- Identifying potential fraud risks
- Providing management oversight
Utilizing a network of trained professionals positioned across five continents, CRI Group’s 3PRM services utilise one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy AML and anti-corruption compliance program.
This TRM Strategy program will help organizations establish the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Third-party relationships are critical in business today and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organization, the business cannot overestimate the consequences of inadequate due diligence.
Inadequate Procedure
December 2013: Over US$2.8 million for failing to have in place appropriate checks and controls to guard against the risk of bribery or corruption when making payments to overseas third parties, breaching the FCA’s principle on management and control. Between 19th February 2009 and 9th May 2012, the organisation received almost $33 million in gross commission from business provided by overseas introducers and paid them over $18 million in return.
Inadequate systems around these payments created an unacceptable risk that overseas introducers could use the payments made for corrupt purposes, including paying bribes to people connected with the insured clients and/or public officials.
Regulatory action is not a US or UK phenomenon alone but is increasingly becoming a global issue. Regulatory thinking around third-party risks in some other jurisdictions is highlighted below:
- Singapore: The Monetary Authority of Singapore (MAS) has stated that it “is particularly interested in material outsourcing which, if disrupted, has the potential to significantly impact an institution’s business operations, reputation or profitability and which may have systemic implications.”
- Australia: The Australian Prudential Regulatory Authority (APRA) aims to ensure that all outsourcing arrangements involving material business activities entered into by a regulated institution are subject to appropriate due diligence, approval, and ongoing monitoring.
- Hong Kong: The Hong Kong Monetary Authority (HKMA) states that institutions “should not enter into, or continue, any outsourcing arrangements [that] may result in their internal control systems or business conduct being compromised or weakened after the activity has been outsourced.” – Source: Deloitte Report
Let’s Talk! If you have any further questions or interest in implementing compliance solutions, please contact us.
About CRI® Group
Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence and other professional Investigative Research solutions provider.
We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.
ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.
CONTACT US
Headquarter: +44 7588 454959
Local: +971 800 274552
Email: info@crigroup.com
Headquarter: 454959 7588 44
Local: 274552 800 971
Email: info@crigroup.com
NEWSLETTER SUBSCRIPTION