TPRM: When is it time to conduct third-party screening?

When to conduct third-party screening?

Why do organisations screen their employees but not the companies they work with? Failing to screen third-party screening to the same level as permanent staff will increase your risks on many levels – from brand reputation to loss of money.

The nature of business today is largely shaped by our connected world. Many organisations conduct business across international borders and/or overseas and as part of various strategic and beneficial partnerships. In fact, the technology revolution and other factors that have removed barriers from business make it more essential than ever to have suppliers, vendors and other supporting companies helping to establish supply chains in various locations. And while they can be a great benefit to an organisation, these partnerships also represent an inherent security risk.

Third-party screening in compliance perspective

Vendors, suppliers and other third-party partners are entities largely outside of your control. While your organisation might have a high level of internal controls and stringent standards for ethical conduct, the entities that you partner with might not share those controls or values. Therefore, if something goes wrong, their failings can affect your organisation in terms of financial loss, liability, and damage to reputation.

Europe’s horse-meat scandal in 2013 or Quest Diagnostics data breach in 2019 is strong examples. Major organisations like Tesco were caught up in financial and PR disaster when they found that some of their suppliers were using horse meat in products sold as 100 per cent beef. Consumers were outraged, and many of the larger companies caught up in the scandal admitted that they had not performed proper due diligence or closely monitored their suppliers and their standards. And in the case of Diagnostics, the exposed records of 11.9 million patients.

When is the right time to conduct due diligence?

While third-party risk management should be an ongoing process, there are certain times when it is absolutely crucial for any organisation. At CRI® Group, we counsel our clients always to use third-party screening when doing any of the following:

• Performing pre-merger and acquisition research
• Conducting pre-IPO due diligence
• Engaging new clients
• Employing, contracting or retaining foreign business partners
• Implementing a consistent and audit-worthy AML and anti-corruption compliance program

Dodging trouble

Conducting 3PRM due diligence investigations at the right time has helped our clients avoid some major pitfalls, including the following:

• Merging with an international business embroiled in several behind-the-scenes legal battles
• Getting caught up in making procurement decisions involving the inappropriate influence of government officials who were slated to receive kickbacks
• Partnering with organisations that were potential credit risks, have claimed bankruptcy, have dissolved stated companies or were faced with debtor filings.
• Awarding work to an overseas contractor with absolutely no prior experience
• Affiliating with a contracting company owned by a politician with significant influence on future awards

With a network of trained professionals positioned across five continents, CRI® Group’s third-party risk management (3PRM™) services will provide your business with a comprehensive approach toward managing all third-party management risks. Contact us today and learn more about how we can help you address all of your third-party screening and due diligence needs – get a FREE QUOTE now!

VIEW OUR RISK MANAGEMENT SOLUTIONS BROCHURE

GET FREE QUOTE

About CRI® Group

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

اتصل بنا

Filed under: All Industries, All Regions,

Fraud Advisory Panel UK counter fraud 2019 report is out!

Fraud poses a major threat to the UK and the world. The slow progress in fighting fraud in 2019 was evident to all of us with the never-ending stream of news stories documenting bribery and corruption cases around the world in 2019. We documented each with our article on Top 10 Bribery and Corruption Cases of 2019  where we count down the stories:

• Juniper Networks
• Alstom
• Microsoft
• KPMG
• Samsung Heavy Industries
• Fresenius Medical
• Walmart
• TechnipFMC
• Ericsson
• Unaoil

But these cases helped some of the welcome signs that government and law enforcement were beginning to ratchet-up their interest in fraud with new regulatory updates. 2020 was looking promising to all fraud fighters around the world. Unfortunately COVID-19 pandemic has turned the tide in the fraudsters’ favour – creating the current environment of fear, confusion and economic uncertainty in which fraudsters thrive.

The latest Fraud Advisory Panel’s report, The calm before the storm UK counter fraud in 2019 highlights all of these and more. According to the report the SFO continued to conclude
successful deferred prosecution agreements (though still without converting any of them into individual prosecutions):

• 53% conviction rate (17 defendants out of 32)
• 11 criminal investigations opened
• 8 defendants charged (investigations closed without charge – 14)
• 16 defendants awaiting trial
• £3.9m funds recovered
• 11 new confiscation orders (combined value £4.1m)
• £1.5m for the first Account Forfeiture Order
• 70 total caseload

And all of the stories help illustrate the need for organisations to have proper controls in place to prevent bribery and corruption. A certification such as ISO 37001 – Anti-Bribery Management Systems standard can provide a comprehensive approach to mitigating bribery and corruption risk. Organisations of all sizes and industries should take steps now to ensure that they don’t end up on a future list of top bribery and corruption scandals. Only a well resourced, cross-sector, intelligence-led response can tackle fraud.

Staying one step ahead of any critical risk to your organisation is part of being an effective business leader. For assistance in developing and implementing a fraud prevention strategy, contact us today or get a FREE QUOTE now!

Who is CRI Group?

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, COVID-19 Insights,

Fraud Advisory Panel have set up a COVID-19 fraud watch group

The Fraud Advisory Panel have set up a COVID-19 fraud watch group.  A cross-sector and cross-industry coalition of trusted partners (including the Cabinet Office and City of London Police) who meet weekly to share information on emerging fraud threats and trends affecting business. The panel aims to act as a conduit to warn the public, private and third sectors about COVID-19 fraud risks. In addition to supply  preventative actions that can be taken.

Measures announced over recent months to deal with COVID-19 have seen our day-to-day life drastically changed forcing us to spend more time at home and online. Unfortunately, criminals are using every opportunity they can to scam innocent people and businesses. GOV.UK has also released advice and guidance on how to protect yourself and your business from fraud and cyber crime. This guidance explains simple steps you can take to protect yourself and your business against fraud and cyber crime and where to get help. The National Cyber Security Centre has also published advice on how to spot COVID-19 scams and keep remote working safe.

If you think you’ve been scammed or you’ve found something which looks like fraud or a scam, contact Action Fraud.

Staying one step ahead of any critical risk to your organisation is part of being an effective business leader. For assistance in developing and implementing a fraud prevention strategy, contact us today or get a FREE QUOTE now!

Have you read?

• Brexit poses new bribery challenges, ISO 37001 provides solutions
• Bribery and corruption plague Middle East, how can ISO 37001 help?
• As South Asia Grapples with anti-bribery compliance, ISO 37001 provides solutions
• Whitepaper: Organised catastrophe of international Pakistan airlines
• Rolls-Royce Case study: Ethics & Compliance
• ISO 37001 FAQ
• Are you ready for ISO 37001?
• Don’t have an ethical code of conduct? Your organisation needs one

Who is CRI Group?

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, COVID-19 Insights,

Ethical code of conduct: What should be covered?

Business leaders are usually quick to communicate their expectations to employees, especially when it comes to financial goals or tasks that they want to be accomplished. However, what is often lacking is a clear, concise explanation of what the organisation expects in terms of ethical behaviour. The recent article “Puffery or Not? Courts Examine Corporate Codes of Conduct” explains that although a number of federal courts have found code of conduct statements to be non-actionable puffery, given the uncertainty in the face of the novel CODIV19 pandemic, public companies are ought to review their codes of conduct and revise them if necessary to mitigate litigation risk. Ethical code of conduct:

Does your organisation have an ethical code of conduct? If not, you might be making assumptions that your employees know to conduct themselves in an ethical manner, when, in fact, this expectation only exists in a grey area in their minds – if at all. In fact, some employees who have engaged in fraud, corruption or other unethical situations have claimed that while they knew their behaviour was wrong, they thought it was implicitly accepted by their bosses and, in some cases, their company overall.

Rather than assume that ethical rules “go without saying,” every organisation should spell out what they expect of their employees when it comes to ethical behaviour. At CRI Group, we counsel business leaders on the principle that every organisation should have a written, carefully considered ethical code of conduct as part of their fraud prevention strategy. CRI’s Certification program through the ABAC Center of Excellence includes developing an ethical code of conduct as part of the training and development phase for clients.

What should be covered?

An ethical code of conduct should be tailored to your company and your organisation – no two will be the same. What are the risks inherent in your organisation? What about in your industry? A pharmaceutical company will have some different risk areas than a retail store, for example. A nonprofit organisation might have concerns that relate to fundraising, a government agency might be focused on preventing bribery or collusion.

The goal of an ethical code of conduct is to help all employees understand the expectation that they always behave in a legal and ethical manner, and that the organisation has zero tolerance for unethical behaviour. It should include the following focal points:

1. Business values

This can include your organisation’s mission and vision and should help set the tone for how the organisation relates to its clients, partners, its own employees and the public at large.

2. Guiding principles

The principles that guide your company include customer satisfaction, financial success and profitability, improvement and growth. Your company might also follow policies of corporate responsibility, such as respect for social and environmental issues, and support of the community and/or nonprofit efforts.

3. Role of leadership

This section of the code of conduct should state that management has clearly endorsed the code and that employees can approach any manager or executive with ethical concerns or complaints.

4. Regulatory and compliance

This section should communicate the organisation’s commitment to meeting all compliance requirements, from OSHA and EPA to Sarbanes-Oxley and Dodd-Frank. This reinforces leadership’s expectation that employees must act diligently and ethically to uphold those standards, as well.

5. Employee responsibility

Every employee, from top to bottom, shares the responsibility toward upholding the ethical standard defined in the code. Contractors and volunteers are also expected to follow the standard of behaviour.  Furthermore, the code should make clear that if the unethical behaviour is detected, turning a blind eye or deciding “it’s not my problem” is unacceptable. That is a breach of the ethical code.

CRI Group can help your organisation with the finer points of drafting and implementing an ethical code of conduct. ABAC Center of Excellence includes this critical piece as a part of any robust fraud, bribery and corruption prevention program.

After the ethical code of conduct is approved by company leadership, it should be read and signed by all employees (with the signed copies kept on file by the organisation). And it should be displayed prominently in the office. Unethical behaviour, including fraud and other corruption, is everyone’s problem, and it must be prevented, detected and reduced. Staying one step ahead of any critical risk to your organisation is part of being an effective business leader.

ISO 37001:2016 Anti-Bribery Management System certification is offered under CRI Group’s ABAC® Centre of Excellence, an independent certification body established for Anti-Bribery Management System training and certification, ISO 37301 Compliance Management Systems and Risk Management System certification. The program will be tailored to your organisation’s needs and requirements. For assistance in developing and implementing a fraud prevention strategy, contact ABAC today or get a FREE QUOTE now!

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Automotive, Aviation, Background Investigation, Compliance Solution, COVID-19 Insights,

You suspect employee fraud. Now what?

When any type of fraud, including employee fraud, is discovered, it’s usually by surprise. That’s because most of us aren’t used to looking for criminal behaviour inside our own organisation. We trust our employees and co-workers, and we keep our focus on succeeding as a team and accomplishing our goals for the business. Nobody wants to think that someone might be subverting the rules for their own personal gain.

Unfortunately, though, fraud does happen. The statistics tell us that on average, organisations lose about 5 percent of their total revenues to fraud. If that’s not bad enough, the average fraud lasts 18 months before being discovered – if it is discovered at all (ACFE, 2020).

One of the problems is that, since we aren’t looking for fraud, we sometimes don’t want to believe it when we do encounter its red flags. Though they may be unmistakable to some, when it involves our trusted co-workers (and even our superiors) sometimes we try to rationalize or ignore those signs altogether. Accounting discrepancies are one thing, but what about the more subtle things – like behavioural red flags? The following are a few examples:

• The subject appears to be living beyond their means
• They are having financial difficulties
• They have an unusually close association with a vendor or customer
• The subject shows excessive control issues or unwillingness to share duties
• They demonstrate unusual irritability, suspiciousness, or defensiveness
• The subject has what can be described as a “wheeler-dealer” attitude involving shrewd or unscrupulous behaviour
• They have recent divorce or family problems.

Now, these are just warning signs. None of them mean that fraud is definitely taking place. But it’s worth noting that, according to the ACFE, “at least one of these seven red flags had been identified before the perpetrator was caught in 76% of all cases.”

When such behaviours are put in the context of real discrepancies, such as accounting problems, missing cash or inventory, or other issues, a picture of fraud can begin to take shape. While most fraud is discovered by accident, having employees who are trained to recognise red flags is no accident and makes your organisation better protected in the long run.

So, now you’ve discovered fraud in your organisation. What happens next?

1. Report it

Depending on your company’s anti-fraud policy, you should follow the proper reporting channels. Many organisations have an anonymous reporting system, such as a hotline or online module, through which they can report suspected fraud without fear of retaliation. Such a system is highly recommended, as it directly results in more fraud tips and helps you uncover bad behaviour sooner, before it’s done the most damage.

2. Begin an investigation

Organisations that don’t have their own anti-fraud professionals on staff should engage an outside firm that specialises in financial investigations whenever fraud is suspected. These experts will review your fraud tip and lead your organisation through the next steps.

3. Gather evidence

Only seasoned experts should engage in an investigation because improper evidence collection can harm the potential to bring a case to court, should it rise to that level. Also, professional fraud investigators have an understanding of privacy laws and know what is and isn’t admissible in terms of gathering evidence in the workplace.

4. Interview witnesses

Part of the evidence-gathering phase, witnesses should be interviewed to draw a clear picture of what has taken place. They should be interviewed individually by anti-fraud professionals, who know how to elicit the information they need to uncover the truth.

5. Contact law enforcement

As the investigation proceeds, if fraud appears to be a proven concern, the employee should be terminated from employment and law enforcement should be informed. Without prosecution, the fraudster will just move on to their next victim.

6. Review and update your anti-fraud controls

How did this fraud happen? Were anti-fraud measures too weak, or were they not properly followed? Now is the time to evaluate risk management and control systems to learn from this case, and prevent the next fraud. Due diligence experts should be engaged to provide an objective, thorough examination of your control systems and make recommendations that will improve your level of protection.

CRI Group has experts who have conducted fraud investigations all around the world, for organisations of all sizes and industries. Our investigators work on-site at your company bringing a boots-on-the-ground approach to uncovering all the facts of the case. When you’ve uncovered fraud, that’s the time to let the experts take over. You owe it to yourself and the future of your business to make sure every investigation is done professionally and effectively. Contact CRI Group to learn more about our fraud investigations today. Get a FREE QUOTE

CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligence,  third-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

Filed under:

Managing Third-Party Risks: A Checklist

THIRD-PARTY RISK MANAGEMENT CHECKLIST

Third-party risk management checklist. Fraud doesn’t take a break in times of crisis – in fact, that’s often when it thrives. And the same is true for supplier fraud. Unethical business practices by third-party partners can directly impact your organization in all sorts of ways. This type of fraud can cause financial, logistical, and reputational harm.

Locked in the grips of the COVID-19 pandemic, New York City found itself desperately in need of medical supplies. In particular, the city hit hard by the pandemic required millions of 3M-brand N95 respirators, the type that keeps health care workers, police, paramedics and others safe. A supplier emerged to fill this need potentially.

Unfortunately, he had a scheme to defraud the city of $45 million through price-gouging and fraudulently posing as a 3M- dealer. The formerly used car dealer in New Jersey, the fraudster now faces wire fraud and wire fraud conspiracy charges in a three-count criminal complaint unsealed in the U.S. District Court in Manhattan (New York Times, 2020). Managing Third-Party Risks

The case is an unfortunate reminder of what type of fraud and corruption lurks in supply chains. While a crisis presents new vulnerabilities – often, safeguards are bypassed for urgency – companies must be always on guard for third-party fraud. Due diligence isn’t just a corporate buzzword, nor is it a concept to keep compliance officers happy. It must be an integral part of every organization’s core business model. Every organization can do the following key third-party due diligence measures to stay better protected from supplier or contractor fraud.

THIRD-PARTY RISK MANAGEMENT CHECKLIST EVERY ORGANISATION COULD USE:

1. Identify vulnerabilities

Before evaluating its third-party partners, an organization should look inward and measure its own risk management tools. These include the following:

• Audit and supervision functions
• Business continuity plans, supply chain alternatives (very critical would considering third-party contracts)
• Jurisdictional considerations
• Data and IP protection
• Whistleblower policies

2. Conduct due diligence

The organization should engage a risk management process on all current and potential suppliers and contractors. For each third party, the organisation should evaluate the following:

• Business and operations
• Financial condition and reputation
• Experience, culture, vision and business style
• References and government records (including any legal action, bankruptcies, structure changes)
• Background checks (including ownership and key personnel)
• Insurance and certifications

3. Maintain management oversight

Due diligence is only worthwhile if appropriate action is taken in response to its findings. Once third-party partnerships have been evaluated and approved, the organization should continue to manage, monitor and maintain these relationships. Risk management is not a one-time process. It should be scheduled regularly (yearly at minimum) to ensure the proper standards are maintained for the organization. Not every company or government organization is ordering emergency supplies due to COVID-19 or other crises. With proper third-party due diligence, third-party due diligence can protect organizations year-round from the risk of any of the following serious pitfalls:

• Merging with an international business embroiled in behind-the-scenes legal battles.
• Getting caught up in making procurement decisions involving the inappropriate influence of government officials who were slated to receive kickbacks.
• Partnering with organizations that are potential credit risks, have claimed bankruptcy, have dissolved stated companies or are faced with debtor filing.
• Awarding work to an overseas contractor with absolutely no prior experience
• Affiliating with a contracting company owned by a politician with significant influence on future awards

It is recommended and necessary for many organizations to have a team of professionals guide you through implementing a comprehensive program for third-party risk management. That’s where CRI® Group comes in. We have one of the largest, most experienced and best-trained integrity due to diligence teams globally. With multi-lingual teams that have conducted assignments on thousands of subjects in over 80 countries, CRI® Group’s due diligence experts are committed to maintaining and constantly evolving our global network.

Managing risk effectively is essential to ensure businesses succeed and thrive in an environment of constant uncertainty. This playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:

• What is ISO 31000? Why is this Standard a good idea?
• ISO 31000 framework, why was it revised? And What are the main differences?
• Key Clauses of 31000:2018 and Who is the standard for?
• The process and the link between 31000:20180 and other standards

Getting Started with ISO 31000 Risk Management?

DOWNLOAD ISO 31000 PLAYBOOK NOW

3PRM-Certified™ a third-party compliance verification and certification program

As the risk for data breaches and supply chain disruption continues to rise with COVID-19, so does the need for effective third-party risk management (TPRM) programs. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organization considering how to better equip your team with the best knowledge and skills, the 3PRM-Certified™ program is an all-in solution. Our 3PRM™ service is flexible, and we tailor our scope to address an organization’s specific concerns and risk areas. CRI® Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organization from liability, brand damage and harm to the business. The 3PRM-Certified™ program includes a focus on the following:

• Providing third-party risk assessments
• Meeting contracting requirements
• Conducting due diligence
• Identifying potential fraud risks
• Providing management oversight

Utilizing a network of trained professionals positioned across five continents, CRI® Group’s 3PRM services utilize one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy AML and anti-corruption compliance program.

This TPRM Strategy program will help organizations establish the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Third-party relationships are critical in business today and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organization, an organization cannot overestimate the consequences of inadequate due diligence.

VIEW 3PRM^TM BROCHURE

Let’s Talk!

Get ahead of any potential problems down the road with suppliers, contractors, and other third-party partners. Our extensive solutions include due diligence, employee pre- and post-background screening, business intelligence and compliance, facilitating any decision-making across your business no matter what area or department. Contact CRI® today and learn more about our third-party due diligence and risk management solutions. If you have any further questions or interest in implementing compliance solutions, please contact us.

GET A FREE QUOTE NOW

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under:

10 top business risks

Sometimes business owners or management have an outsized sense of business risks for a particular threat. For example, some companies place extreme emphasis on guarding their intellectual property (IP), when in actuality the incidence of IP theft for their industry might be low. Other times, however, their priorities are firmly in line with the threat posed by the risk. According to a recent study, this is exactly the case when it comes to leaks of internal information, data theft, and reputational damage due to third-party relationships (Global Fraud Risk Report 2019/20).

This report is based on a survey of 588 senior executives from 13 countries and regions and 10 industries. It provides valuable insight into what types of threats are keeping business leaders awake at night. “The broadening of the risk landscape is visible in the types of significant incidents our survey respondents report experiencing in the last 12 months and in the priority levels they assign to various risk mitigations,” the report states. “The most frequently cited incident is leaks of internal information, reported by 39 percent. But this perennial challenge now coexists with risks from relatively recent threats, such as data theft, and even newer threats, such as adversarial social media activity.”

Business information leaks occur when confidential information is revealed to unauthorized persons or parties. This happens with alarming frequency, as recent news stories illustrate. Headlines include “Stunning iPhone 12 video shows Apple’s leaked prototype design with no notch” (BGR, 2020); “New Leaks Show Business and Politics Behind Tiktok Content Management” (China Digital Times, 2020); “DOJ charges Defense Intelligence Agency employee for leaking highly classified information to the media” (Business Insider, 2019). There can be direct and/or indirect negative repercussions from an information leak at your business. It can affect product rollouts, or give you a disadvantage in a competitive market; among other effects. At CRI Group, our experts work with companies to develop policies that provide zero-tolerance for information leaks, and put controls in place (such as secure communications and data systems) to prevent such leaks from occurring in the first place.

Data theft

Perhaps the fastest-growing scourge of businesses since the beginning of this century. Massive data breaches have cause major distrust among consumers worldwide, and have led directly to identity theft and financial crimes such as theft of credit, illegitimate loans and other schemes. Data theft involves stealing computer-based information from an unknowing victim, usually a company with a large customer or client base. This usually results in the sale or sharing or private information. Most recently, a data breach reportedly exposed more than 200 million Americans: “Data Breach Exposes 200 million Americans: What You Need To Know” (Screen Rant, 2020). In another case, a major cruise operator saw its customers’ information exposed: “Norwegian Cruise Line Suffers Data Breach” (infosecurity, 2020).

For any company that is entrusted with customers’ or members’ private information, especially personally identifying information (PII), data theft can be a devastating crime. Beyond lawsuits and financial damage caused by such a disaster, rebuilding the company’s reputation (and earning back customers’ trust) is an uphill battle that might take years or more. That’s why CRI Group recommends that every business, regardless of size or industry, make protecting customer data one of its highest priorities. Today, leading technology can help make data more secure. But even the most secure system is dependent upon a properly trained workforce that follows all of the protocols to achieve effective data protection.

Reputational damage due to third-party relationship

Another serious business risk to any organisation that partners with other companies, suppliers or contractors. Even worse, they can be completely outside of your control. Here are examples of some of the risks: A business partner is embroiled in behind-the-scenes legal battles; a supplier makes procurement decisions involving the inappropriate influence of government officials who receive kickbacks; a partner falsely claims to have experience in an industry, and cannot deliver on its contractual promises. CRI Group’s integrity due diligence experts have helped clients avoid those very scenarios. Our investigators employ a proven, multi-faceted research approach which involves a global array of databases, courts and public record searches, local contacts, industry and media resources, and in-depth web-based research.

As the report states, “The last decade has seen cybercrime evolve from an IT issue to a boardroom concern, mirroring the digital transformation of the global economy on the macro level and of business operations on the micro level. The more the business world integrates digital elements, the more likely it is that computer systems have or will become a pathway for crime.” Now, more than ever, it is important for business leaders to be proactive in managing these modern business risks. Fraudsters and those who steal information are evolving their methods every day. Depend on the experts to help you stay one step ahead.

Lets Talk!

If you have any further questions or interest in implementing compliance solutions, please contact us.

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under:

MACCA’s Corporate Liability Provisions are in place

Malaysia is taking a further step against corruption with its new Corporate Liability Provisions of the Malaysian Anti-Corruption Commission (Amendment) Act 2018. The new provisions go into force this June. The measure has been compared to the UK Bribery Act 2010 and the U.S. Foreign Corrupt Practices Act (FCPA) 1977 (The Star, 2019). Section 17A of the MACC Act 2018 will enable the prosecution of individuals accused of corruption, not only organisations. Under the provisions, an organisation’s “directors, controllers, officers, partners, or managers are deemed to have committed the same offence, which carries a maximum penalty of a fine of not less than 10 times the value of the gratification or RM1 million, whichever is higher, and 20 years’ jail unless the firm is able to prove that it had in place procedures designed to prevent corrupt practices. The provision is modelled after the United Kingdom’s Section 7 of the Bribery Act 2010, which is widely regarded as ‘the toughest anti-corruption legislation in the world’” (New Straits Times, 2019). Perhaps it’s no coincidence that Malaysia improved by six points and jumped 10 places to 51 in Transparency International’s 2019 Corruption Perceptions Index (CPI). The CPI “measures public sector corruption including bribery, diversion of public funds, use of public office for private gain, and nepotism in the civil service” (Free Malaysia Today, 2020).

The change in law and perception meets popular demand in Malaysia, where the 1MDB case became the defining bribery scandal in the region. Malaysia’s state-owned investment fund, 1MDB, was supposed to attract foreign investment. Instead, it “spurred criminal and regulatory investigations around the world that have cast an unflattering spotlight on financial deal-making, election spending and political patronage under former Prime Minister Najib Razak. The figures are mind-boggling: a Malaysian parliamentary committee identified at least $4.2 billion in irregular transactions related to 1MDB. In May, Najib was ousted from power in a general election as the scandal fueled a voter backlash that ended his party’s 61 years of rule. As the investigations continue, Najib faces trial on corruption charges and U.S. prosecutors have implicated at least three senior Goldman Sachs Group Inc. bankers in a multiyear criminal enterprise” (Bloomberg, 2018).

The 1MDB scandal also demonstrated, however, that investigation and enforcement were stepping up in the face of public outrage. The MACC Act 2018 provided regulators with more teeth in the fight against corruption in the country. At ABAC Summit – Kuala Lumpur, organised by CRI Group, Mohd Nur Lokman bin Samingan, Assistant Commissioner at Malaysian Anti-Corruption Commission, said that some of the MACC Act’s provisions are meant “to encourage business and commercial activities being carried out in a corruption-free environment; to encourage all commercial organisations to take adequate measures in order to prevent corruption in their respective organisations; and to promote better corporate governance and legal compliance by requiring corporations to take proactive roles in preventing corruption.”

Demonstrating “adequate procedures” with ISO 37001 certification

Now more than ever it is critical that organisations undergo a program of compliance and demonstrate “adequate procedures” with ISO 37001:2016 Anti-Bribery Management standard certification. ISO 37001 is an established, tried and tested program that provides a comprehensive program for preventing bribery and corruption. It can be tailored to organisations of all sizes and industries, and certification requires the demonstration that processes have been implemented effectively – with follow-up evaluations. The new corporate liability provisions to the MACC Act are an important thing for safeguarding Malaysia’s economy and investments.

It is crucial to trust your anti-bribery and compliance strategies to accredited ISO 37001 certification providers. CRI Group’s ABAC® has recently announced that the United Kingdom Accreditation Service (UKAS) has accredited its ABAC Certification services for administering the ISO 37001:2016 Anti-Bribery Management Systems standard. ABAC® provides ISO 37001:2016 anti-bribery management systems certification for all types of organisations across the globe that implement prescribed measures to prevent, detect and address bribery. Pursuant to this, UKAS accredited ABAC Center of Excellence Limited in the UK, Malaysia and UAE for ISO 37001:2016 Anti-Bribery Management Systems (ABMS) certification in accordance with ISO/IEC 17021-1: 2015 conformity assessment requirements for bodies providing audit and certification of management systems.

Trust ABAC®, your accredited certification provider in Malaysia to comply with requirements of Section 17A of the Malaysian Anti-Corruption Commission Act (MACCA 2018) with confidence. To learn more about how the ABAC Center of Excellence can help tailor an ISO 37001 certification program to your organisation, contact ABAC Center of Excellence Limited today.[/vc_column_text][/vc_column][/vc_row][accordion_father][accordion_son title=”About CRI Group”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening,

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][/accordion_father][/vc_column][/vc_row]

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, ISO 37001, Resources by admin
No Comments »

Building a Resilient and Defensible Third-Party Risk Management Compliance Program

Third-Party Risk Management Compliance Program:

Does your business have a Third-Party Risk Management (TPRM) Compliance Program? Are you establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business?

It’s highly probable that, at some point, organizations that affiliate with outside providers will eventually have to deal with an operational interruption resulting from third-party related issues and inappropriate conduct. The risks involved in partnering with outsiders hasn’t changed over the centuries. It’s the potential liability that’s been ratcheted up several notches. International borders have been ripped down. Technology has improved the way businesses communicate.

Easy access to data and information enables the media to report on business news before a business can properly respond. And the markets are quick to form opinions based on a 24/7 on-demand news cycle. The result of this increased liability is problematic. Business litigation has skyrocketed. Corporate reputations are constantly being assaulted. Business strategies are forever shifting. Board members are increasingly subjected to intense scrutiny from outside critics, and a highly educated market responds immediately with their pocketbooks.

VIEW 3PRM^TM BROCHURE

Discover How to Demonstrate a Resilient and Defensible Third-party Risk Management Compliance (TPRM) Program with 3PRM™ Services

CRI® Group has a network of local subject specialist operatives across the Middle East, Europe, South American and Asian regions to extend a helping hand and offer enhanced integrity due diligence being pre-emptive measures against:

• Experiencing financial loss when a third-party provider failed.
• Losing customers because of poor-quality service from a third party.
• Exposing breaches to data systems because of poor information security practices by a third party.
• Experiencing supply chain issues due to poor disaster recovery procedures by the third party.
• Being exposed to litigation because of relationships with an outside provider significantly violated contractual terms, potentially resulting in regulatory exposure.

When Working with third-party providers, CRI® Group designed a solution: 3PRM-Certified™. This proactive approach includes Integrity Due Diligence, Enhanced Due Diligence, Anti-Bribery and Anti-Corruption Compliance Solutions (incorporating ISO 37001 Anti-Bribery Management System accredited certification and training) to mitigating the risks involved with third-party affiliations to protect the organization from liability, business interruption and brand damage.

You may also like this article:

WHEN TO CONDUCT THIRD-PARTY SCREENING?

3PRM-Certified™ A Third-party Compliance Verification and Certification Program

As the risk for data breaches and supply chain disruption continues to rise with COVID-19, so does the need for effective third-party risk management (TPRM) programs. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organization considering how to better equip your team with the best knowledge and skills, the 3PRM-Certified™ program is an all-in solution.

Our 3PRM™ service is flexible, and we tailor our scope to address an organization’s specific concerns and risk areas. Our extensive solutions include due diligence, employee pre- and post-background screening, business intelligence and compliance, facilitating any decision-making across your business no matter what area or department. Get ahead of any potential problems down the road with suppliers, contractors, and other third-party partners. Contact CRI® today and learn more about our third-party due diligence and risk management solutions.

CRI® Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organization from liability, brand damage and harm to the business. The 3PRM-Certified™ program includes a focus on the following:

• Providing third-party risk assessments
• Meeting contracting requirements
• Conducting due diligence
• Identifying potential fraud risks
• Providing management oversight

Utilizing a network of trained professionals positioned across five continents, CRI Group’s 3PRM services utilise one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy AML and anti-corruption compliance program.

This TRM Strategy program will help organizations establish the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Third-party relationships are critical in business today and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organization, the business cannot overestimate the consequences of inadequate due diligence.

VIEW 3PRM^TM BROCHURE

Inadequate Procedure 

December 2013: Over US$2.8 million for failing to have in place appropriate checks and controls to guard against the risk of bribery or corruption when making payments to overseas third parties, breaching the FCA’s principle on management and control. Between 19th February 2009 and 9th May 2012, the organisation received almost $33 million in gross commission from business provided by overseas introducers and paid them over $18 million in return.

Inadequate systems around these payments created an unacceptable risk that overseas introducers could use the payments made for corrupt purposes, including paying bribes to people connected with the insured clients and/or public officials.

Regulatory action is not a US or UK phenomenon alone but is increasingly becoming a global issue. Regulatory thinking around third-party risks in some other jurisdictions is highlighted below:

• Singapore: The Monetary Authority of Singapore (MAS) has stated that it “is particularly interested in material outsourcing which, if disrupted, has the potential to significantly impact an institution’s business operations, reputation or profitability and which may have systemic implications.”
• Australia: The Australian Prudential Regulatory Authority (APRA) aims to ensure that all outsourcing arrangements involving material business activities entered into by a regulated institution are subject to appropriate due diligence, approval, and ongoing monitoring.
• Hong Kong: The Hong Kong Monetary Authority (HKMA) states that institutions “should not enter into, or continue, any outsourcing arrangements [that] may result in their internal control systems or business conduct being compromised or weakened after the activity has been outsourced.” – Source: Deloitte Report

Let’s Talk! If you have any further questions or interest in implementing compliance solutions, please contact us.

About CRI®

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

Filed under: All Industries, All Regions, Compliance Solution, Resources,

Due Diligence: 4 Red Flags of Collusion

One of the many schemes that can cause serious legal and financial consequences is collusion in business. While some business leaders might wonder what separates collusion from other types of fraud and how to identify it, there is a key factor: secrecy. 

Collusion involves at least two parties (sometimes more) who collaborate to deceive others, usually for financial or market gain. Due to its secretive nature, collusion can be difficult to detect and weed out. This poses a serious problem because the consequences of noncompliance for an organisation are often severe.

According to the Wall Street Journal, the U.S. Department of Justice (DOJ) is “preparing to tackle competition issues in several important markets, including alleged price-fixing in the generic-drug industry, rules for music licensing and purported employer collusion that limits options for sought-after workers” (Wall Street Journal, 2020). Indeed, these are the types of schemes that are most often associated with collusion. Price fixing is a global problem found in many different industries, for example. However it’s important to note that collusion is just as common at the local level – for example, where contractors bid to provide goods or services regularly. Sometimes competitors will engage in collusion by making secret arrangements to rotate bids or share bid details to artificially deflate prices.

In one recent case, the branch manager for a U.S.-based insulation contractor pleaded guilty in a scheme to rig bids and commit other forms of fraud on insulation contracts. The DOJ had launched an investigation into the branch manager’s actions from 2011 to 2018, finding that he “conspired with other insulation installation contractors to rig bids and engage in fraud on insulation installation contracts in Connecticut, New York, and Massachusetts. Insulation installation contractors install insulation around pipes and ducts on renovation and new construction projects at universities, hospitals, and other public and private entities. In addition to his guilty plea, DeVoe has agreed to pay restitution” (DOJ, 2020). “Free and open markets are the foundation of a vibrant economy. For years, the defendant illegally coordinated bids on construction projects to enhance his profits, eliminate competition, and ultimately steal from public and private customers,” said Brian C. Turner, Special Agent in Charge of FBI’s New Haven Field Office.

The DOJ noted in its press release that this crime hurt the hospitals, universities and businesses that solicit and pay for the contractor’s services under the expectation that the bidding process is fair and above board, not rigged to benefit a contractor at their expense. The money lost in such schemes (through paying inflated contracts) often represents taxpayer dollars. The fact that collusion, in this case, lasted for at least seven years indicates that tens of thousands of dollars (or more) were likely lost through fraud.

So, what can organisations do to be better protected from collusion schemes – whether from inside their own company or perpetrated against them by outside partners/contractors? While collusion is secretive by its very nature and can be difficult to detect, red flags can indicate that something might be amiss. CRI® Group’s integrity due diligence experts are specially trained to uncover collusion in all its forms, and they describe the following as some of the signs to watch for when dealing with competitive bid contracts:

A high percentage of awards go to the same company

If a single bidder is winning most of the contracts for a particular set of goods or services, there might be something wrong despite several other contractors involved in the bidding. This is especially true if there are any issues or complaints around the bidder, such as poor quality products or services, they are late in delivering on their contracts, etc.

Lowest bidders are not winning awards

Suppose the contracts are consistently going to bidders other than the lowest bidder. In that case, this might warrant further investigation – as most contracts are considered “low bid” and would reasonably go to the lowest bidder. Also, if there is a higher-than-average range or spread between bidders, that could signal that something is off.

There is a high number of late bidders

Late bids can be a sign of collusion if bidders, or an agent at the organisation soliciting bids, are sharing bid information – such as the highest bid (so far) in an award process. This is especially true when the winning bidder is consistently the last one to submit bids. If late bidders are being approved regularly, you need to know why.

Bidders share (or have similar) names, addresses, or other information

This is an obvious red flag. In some cases, bids from two different contractors have been submitted from the same fax machine! This indicates that parties might be colluding in their bid submissions, and you need to look further.

Other countries’ DOJ and enforcement bodies have demonstrated their willingness to detect, investigate, and punish collusion. For the sake of your organisation, it is best to be proactive when it comes to your bidding and contract processes. CRI® Group’s integrity due diligence services can help you identify the above red flags. Our experts also conduct risk assessments to help find weaknesses in your business process and controls that might make your organisation vulnerable to collusion. This holds whether you need the goods or services or are a supplier or contractor submitting bids. The secret crime of collusion causes financial harm through inflated costs, representing a legal and financial liability to your organisation and/or clients. By being attuned to spot red flags, you’ll be more likely to notice the smoke …. before it turns into a fire.

Download our Brochure

Take a proactive stance with the highest integrity due diligence as a part of your essential business strategy. Contact us today to learn more about our full range of services to help your organisation stay protected. Get a FREE QUOTE

About Us

CRI® Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligence,  third-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

Filed under: Compliance Solution,