John Wood Group to Pay $177 Million to Settle Bribery Charges Inherited Through its Merger

John Wood Group Bribery Probe Trace Back to its Merger with Amec Foster Wheeler Plc.

The Importance of Due Diligence in Merger and Acquisition to Avoid a Similar Incident Happened like in John Wood Group.

Due diligence is understood as the reasonable steps taken to satisfy legal requirements in the conduct of business relations. That allows you to reduce risks – including risks arising from the FCPA (Foreign Corrupt Practices Act) and the UKBA (UK Bribery Act), to make informed decisions and to pursue takeovers or mergers with more confidence.

Unlike other kinds of control (audits, market analysis, etc.), it must be completely independent and rely as little on information provided by the researched subject. The other important difference lies in the methodology: commercial or financial due diligence analyses available information, investigative type provides reliable and pertinent, but raw, information.

Due diligence on potential business partners when adding a new vendor or hiring a new employee is vital to confirm the legitimacy and reduce the risks associated with such professional relationships. Global integrity due diligence investigations provides your business with the critical information it needs to make sound decisions regarding mergers and acquisitions, strategic partnerships, and the selection of vendors, suppliers, and employees.

It will ensure that working with an, i.e. potential trade partner will ultimately achieve your organisation’s strategic and financial goals. CRI Group investigators employ a proven, multi-faceted research approach that involves a global array of databases, courts and public record searches, local contacts, industry and media resources, and in-depth web-based research. Our resources include:

Filed under: Due Diligence, Global, Industry Insights, Oil, Gas & Energy, Resources, Third-Party Risk Management, United Kingdom, London, United States of America, New York by admin
Comments Off on John Wood Group to Pay $177 Million to Settle Bribery Charges Inherited Through its Merger

Procurement Risks: The 5 common Risks Every Organisation Needs to Know!

Procurement Risks: Your Lack of Due Diligence can Lead to Harm

Procurement risks: lack of due diligence can lead to harm. Procurement is one of the most critical areas of any organisation, large or small. Procurement officers secure the materials and goods that a business needs to be productive and successful. They ensure the best possible price, quality, delivery efficiency, and other important considerations.

Unfortunately, due to the very nature of dealing with third-party suppliers/vendors, procurement also requires an elevated level of risk management. As many high-profile cases have shown, supply-line problems can cause financial and reputational damage, sometimes on a grand scale.

The infamous horse meat scandal in the UK presents a classic scenario of the damage from risky third-party associations. Widely known international corporations, including Burger King and others, were forced to cut ties with a meat supplier after facing financial and reputational harm from the news that some of the supplier’s products were tainted with horseflesh.

The revelations of tainted meat resulted in international news headlines, waves of criticism from consumers and food products pulled from shelves and freezers in response to the uproar. As damaging as it was, the crisis helped illustrate why due diligence became more important as supply chains expanded and became more complex, especially among international organisations.

The procurement risks: How to minimise them?

The following are some priorities every organisation should have to minimise procurement risks in their procuring process:

Risk #1 – Know who your suppliers are

Due diligence is as vital in procurement as in any other business area, in some cases, more so. Third-Party Risk Management (3PRM™) services help organisations proactively mitigate risks from third-party affiliations, protecting organisations from liability, brand damage, and harm to the business. As part of this service, experts check supplier backgrounds to verify their financial viability, quality control, compliance standards and – most importantly – any prior legal or criminal action. Taking this step before you engage with a supplier or vendor can save some severe headaches down the road. Get our 3PRMTM and DueDiligence360TM brochures to learn more about our tailored investigative solutions.

Risk #2 – Consider your organisation’s reputation

The horsemeat scandal showed how quickly and drastically it can damage a well-respected organisation’s reputation and brand. Your procurement team should know that while the bottom line is essential, nothing is more critical than protecting the image and brand of the company. Cutting due diligence corners to secure the lowest price is not only unwise – it should be strictly against company policy.

Risk #3 – Find sustainable lines of supply

Seek out suppliers with long, successful backgrounds in their business. Find economically sound and socially conscious companies, using fair labour practices and promoting sustainable resources. It harmed the organisation when it discovered that a supplier was using child labour or other unethical or illegal methods to produce their goods. Implement a code of conduct with expectations for your contractors, suppliers and vendors, and review them regularly to ensure they follow your guidelines.

Risk #4 – Have backup suppliers in place

What happens when your primary vendor is suddenly out of compliance? Or folds up completely? If your production chain grinds to a halt, the damage can be severe and lasting to your organisation’s financial and reputational health. Ensure your procurement team has conducted due diligence on backup suppliers that you can turn to in a crisis. Spending a little more to keep the production lines open will be a small price to pay compared to seeing your business come to a standstill.

Risk #5 – Conduct a thorough risk assessment

Any organisation that hasn’t prepared a risk assessment of its procurement process should immediately do so. How else will you know what red flags or gaps make your organisation susceptible to fraud, waste, risk to reputation, or all of the above? Third-party risk management experts can help you develop and put in place an effective third-party risk assessment plan that keeps your organisation protected and minimises your exposure to unseen or unknown trouble spots.

Every organisation needs a successful and efficient procurement process. It also needs to be safe from the inherent risks with connections to third parties, including suppliers, vendors and contractors. When it comes to procurement, let CRI Group™ help you put proper risk management processes in place so you don’t have to worry about your supply chain putting you in tomorrow’s headlines.

Who is CRI Group™?

Based in London, CRI Group™ works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group™ also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

Filed under: Due Diligence, Industry Insights, Resources, Third-Party Risk Management by admin
No Comments »

5 Reasons To Run Employee Screening

Being HR professional, we have to deal with rigorous recruitment cycles, and for this, we must meet with several candidates before closing the vacancy. Every HR person has their style of evaluating the candidates, but one thing that needs to be kept in mind before making the final hiring decision is to “Never judge a book by its cover” (Stonehouse, 2017), since at times we might overlook some critical points, perhaps due to a fancy resume or qualification. Every HR professional should consider a crucial step before taking a candidate on board: run employee screening.

According to Business Week – 16% of executive resumes contain false academic claims and/or material omissions relating to educational experience. The U.S. Department of Labor estimates that the average cost of a bad hiring decision can equal 30% of the first year’s potential earnings. If you are an HR professional and reading this article, then I can assure you that other HR professionals must be thinking, “is it worth investing additional time and money in pre-employment background screening service?” Let me tell you the key benefits that you can gain from conducting pre-employment background screening services:

1. Better Compliance: It Keeps You Out of Legal Issues

Let’s suppose one of your employees commits fraud in your company, and after investigations, you came to know that the employee did the same with previous employers. At this point, you will regret not conducting their background check, as if you had conducted their employment and criminal check, then you wouldn’t have hired them in the first place.

2. Ensures Credibility When Performing Sensitive Tasks

In addition to legal issues, some background checks can verify a candidate’s creditability in performing their on-job duties. For instance, when a candidate is being hired for the accounts department where petty cash and the company’s account handling are their primary responsibilities, their employment check may come across that his previous employment has concluded due to mishandling of accounts.

3. Safer Work Environment: Keep Employees and Clients Safe

Conducting Background checks can also convey a message throughout the company’s stakeholders, especially its clients, that all employees hired in the company have gone through rigorous checks. Therefore, the data shared by the clients are in safe hands, thus increasing the overall integrity of the company and its staff.

4. Verifies Education and Certification

The increase in the number of fake degrees has amplified the importance of pre-employment check of educations. Therefore, all degrees and certificates of the applicant under consideration should be verified. The outcome of verification is not just about checking an applicant’s honesty but also verifying the legal status of the degrees and their issuing authorities.

5. Stronger Hires, More Savings: It Gives an Overall Picture of the Applicants

Apart from the interviews, pre-employment background checks can help the interviewer to make their hiring decision accordingly. For instance, candidates may have successfully cleared the interview process, but in their employment checks, the company found that they had resigned from their services after they were accused of sexual harassment by colleagues. Irrespective of how competent a candidate is for the vacancy, such red flags regarding the candidate’s behaviour can completely change the hiring decision and safeguard the company from future issues.

It is indeed worth spending extra time and money on pre-employment background screening because making a wrong hiring decision can not only increase recruitment cost and time but may also incur the cost of damage that employee has given to the company, whether in the form of litigation’s or damaging the company’s goodwill.

So, If Your Company is not Conducting Background Screening! Think Again!

Being in HR, you might be creating liability for the company by making the wrong hiring decision. It’s never too late to correct your actions, so contact us, and we can provide our employment background screening services. As it is rightly said, I quote, “better safe than sorry” (Bateson, 2008). 

CRI Group™, based in London, works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management and Due Diligence solutions provider. We have the largest proprietary network of background screening analysts and Investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

References

1. Bateson, J., 2008. Building Hope: Leadership in the Nonprofit World. United States Of America: Greenwood Publishing Group.
2. Stonehouse, R. A., 2017. You’re Hired! Job Search Strategies That Work. 1st ed. s.l.:eBookIt.com.

Filed under: Employee Background Check, Industry Insights by admin
No Comments »

Q&A on How Corporate Fraud and Corruption Affect Businesses in the UAE 2021

CRI Group™ and its ABAC™ Center of Excellence were featured in Financier Worldwide’s InDepth Feature: Corporate fraud and corruption 2021. In this edition, CRI Group’s CEO Zafar Anjum and ABAC Group’s Scheme Manager Huma Khalid talk about how corporate fraud and corruption affect businesses not only in the UK and UAE, but across the globe, and provide solutions and insights for businesses to become better protected from corporate fraud, bribery and corruption.

Q. To What Extent have you seen a Notable Rise in the Level of Corporate Fraud, Bribery and Corruption Uncovered in the UAE?

A. The United Arab Emirates (UAE) remains the least corrupt country in the Middle East and North Africa region. It was perhaps fitting that the United Nations (UN) held its anti-corruption conference in the UAE just over a year ago. At the conference, delegates drafted anti-corruption resolutions and discussed asset recovery, international cooperation, and other topics in preparation for an upcoming special session of the UN General Assembly against corruption. Of course, there is still much work to be done. Fraud, bribery and money laundering are still problems in the UAE that require a united focus to overcome. Of special concern is the real estate sector, which some have called a haven for stashing and laundering cash. In some cases, these funds are linked to terrorist financing, raising the alarm beyond just the balance sheet for typical financial or corporate fraud.

Q. Have there been any Legal and Regulatory Changes Implemented in the UAE Designed to Combat Fraud and Corruption? What Penalties do Companies Face for Failure to Comply?

A. The recent Anti-Commercial Fraud Law in the UAE strengthened rules around counterfeiting and intellectual property (IP) theft, among other areas. In addition, lawmakers and regulators are applying an anti-fraud focus to other laws. A perfect example is the UAE’s Insolvency Law 2020. The Ministry of Finance announced that penalties will be imposed on those who fraudulently abuse the law. This could include making a fake claim or a sham debt against a debtor or illegally increasing a debt amount. Such offences are punishable by jail time and fines. An awareness campaign by the UAE Banks Federation (UBF), the Central Bank of the UAE (CBUAE), Abu Dhabi Police, and Dubai Police was the first such collaboration in the UAE and it comes as both corporate and consumer fraud have increased. Companies are expected to protect their stakeholders’ investments, and failure to do so can lead to regulatory and legal punishments.

Q. In your Opinion, do Regulators in the UAE have Sufficient Resources to Enforce the law in this area? Are they Making Inroads?

A. There are at least two daunting tasks facing regulators in the UAE at present: detecting and preventing money laundering and stemming the growing threat of cyber crime. While these problems are not unique to the UAE, they do require significant investment and increased investigation and enforcement efforts. Recent reports allege that illicit funds flow through ‘free trade zones’ and into real estate deals, such as luxurious properties in Dubai and other locations. The laws are in place to punish such crimes, but more inroads will need to be made to bring this under control in a country that largely succeeds at fighting fraud in other areas. Cyber crime is also a constant challenge that has been exacerbated by the COVID-19 pandemic. Many fraudsters have sought to take advantage of companies having to transition to different employment models, such as remote working. Fraud fighters are working hard to stay ahead of the curve in this regard.

Q. If a Company Finds itself Subject to a Government Investigation or Dawn Raid, How Should it Respond?

A. If a company finds itself under investigation, one of the first things it must do is mandate down the chain of command that employees cooperate fully with investigators. Any efforts to the contrary may be considered obstruction, and lead to more punishments or a higher likelihood of penalties at the end. In contrast, engaging in a good-faith effort to assist an investigation may weigh in the company’s favour.

Questions will arise, such as: Was this a surprise? What are the facts of the case? How did this occur? Legal counsel must be engaged immediately, but it is also important to speak with compliance officers, risk management, executives and the board in a transparent way to help the company move forward. Communicate a zero-tolerance policy toward fraud, and if employees are proven to have engaged in such behaviour, they should be terminated and prosecuted.

Q. What Role are Whistleblowers Playing in the Fight Against Corporate Fraud and Corruption? How Important is it to Train Staff to Identify and Report Potentially Fraudulent Activity?

A. Some business leaders falsely believe that audits, account reconciliation and other procedures offer the best protection against fraud. They are important functions, but they are not the most effective detection method. Fraud is often uncovered by tips, according to the ACFE’s Report to the Nations on Occupational Fraud and Abuse. Employees are truly the front line of defence for companies, and the first to throw up warning flags about unethical behaviour. The question is whether companies listen to their employees. And is there an easy, anonymous way for employees to submit tips, without fear of retaliation? Companies should educate employees about the red flags of fraud, and then make sure they know they can and should report it.

Q. What Advice can you Offer to Companies on Conducting an Internal Investigation to Follow up on Suspicions of Fraud or Corruption?

A. If the company does not have an experienced team of anti-fraud professionals on staff, it is crucial to enlist the help of an outside firm with experts who specialise in this area. There are mistakes companies make at the beginning of an investigation that can haunt them later. For example, most countries, including the UAE, have laws that govern the proper collecting and handling of evidence. With most evidence in a digital format, following the right protocols is more important than ever. There are also important guidelines for interviewing witnesses and those suspected of fraud which, when disregarded, could lead to a failed investigation. The bottom line is: do not go it alone – get expert professional help. And if criminal conduct is discovered, contact the authorities.

Q. What General Steps can Companies take to Proactively Prevent Corruption and Fraud within their Organisation?

A. Preventing and detecting fraud starts with a company’s employees, so training and communication are key. First, employees must be trained on what constitutes fraud, bribery and corruption, how to recognise it, and how to report it. Second, the company must communicate that fraud will not be tolerated on any level, and those who commit fraud will be terminated and prosecuted if they are found to have broken the law. Companies should also have anti-corruption and anti-fraud controls in place, including an employee code of conduct, regular and surprise audits, and a fraud reporting system available to employees, contractors and even customers. Achieving certification in internationally recognised standards, such as ISO 37001 ABMS, is a good practice too. When it comes to fraud and corruption, an ounce of prevention is worth a pound of cure. Being proactive is truly the only practical option for protecting the business and its assets.

Meet HUMA KHALID,  Scheme Manager

Huma Khalid, as scheme manager, is responsible for leading ABAC. Ms Khalid’s responsibilities include planning and overseeing all aspects of the ABAC programme, which include certification and training. Additionally, she oversees the compliance department for the implementation, management and internal audit of CRI Group’s and ABAC compliance programmes

ABAC™ Center of Excellence Limited | t: +44 (0)777 652 4355 | e: huma.k@abacgroup.com

About CRI Group™

CRI GROUP™ works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international risk management, employee background screening, business intelligence, due diligence, compliance solutions and other professional investigative research solutions provider. CRI Group™ has the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Its global presence ensures that no matter how international your operations are, the company has the network needed to provide you with all you need, wherever you happen to be. For more on our Risk Management solutions just check out our brochure:

View Risk Management Solutions Brochure

Filed under: All Industries, All Solutions, Industry Insights, Middle East, Resources by admin
No Comments »

Corporate Fraud and Corruption: Affect on UK Businesses in the 2021

CRI Group™ and its ABAC Center of Excellence were featured in Financier Worldwide’s InDepth Feature: Corporate fraud and corruption 2021. In this edition, CRI Group’s CEO Zafar Anjum and ABAC’s Scheme Manager Huma Khalid talk about how corporate fraud and corruption affect businesses not only in the UK and UAE, but across the globe, and provide solutions and insights for businesses to become better protected from corporate fraud, bribery and corruption.

Q. To what extent have you seen a notable rise in the level of corporate fraud, bribery and corruption uncovered in the UK?

A. The COVID-19 pandemic has created increased opportunities for fraud worldwide. The UK is not immune, unfortunately, and such a disruptive event as the pandemic increases the likelihood that normal safeguards and risk management controls can be bypassed and subverted. There has been an increase in reported fraud and corruption cases over the past year. A survey of fraud experts by the Association of Certified Fraud Examiners (ACFE) in August 2020 showed that 77 percent were seeing an increase in fraud. Perhaps not surprisingly, cyber fraud is the fastest-growing problem area, but there has also been an uptick in unemployment fraud. This is bad news in the UK, where fraud is our most common crime, costing the country £190bn annually, according to the Royal United Services Institute (RUSI).

Q. Have there been any legal and regulatory changes implemented in the UK designed to combat fraud and corruption? What penalties do companies face for failure to comply?

A. There is proposed legislation, supported by the secretary of state of the UK’s Department of Business, Energy and Industrial Strategy, that would increase accountability for corporations that produce falsified financial statements. This includes a provision that would require company directors to personally sign off on their corporation’s financial statements, under penalty of fines and possible prison time. Under the Sarbanes-Oxley Act in the US, the penalty for falsely certifying such statements is steep: up to 20 years in prison and up to $5m in fines, and the UK is looking at similar measures to step up its fight against fraud and corruption. The UK also recently approved the formation of an audit, reporting and governance authority (ARGA) that should come into force within the next two or three years. Accordingly, the UK is taking a stronger stance against fraud going forward.

Q. In your opinion, do regulators in the UK have sufficient resources to enforce the law in this area? Are they making inroads?

A. Combatting fraud is never straightforward. When looking at progress in detecting and preventing fraud, it sometimes feels like a question of whether the glass is half full or half empty. For example, the Serious Fraud Office (SFO) brought 13 fraud defendants to trial in 2019 and 2020, with a 95 percent fouryear success rate by case. Many of these represent large frauds, and they are meaningful wins, but how many more fraudsters are out there undiscovered? Other bodies, including Her Majesty’s Revenue and Customs (HMRC), among others, also have key roles to play in investigating fraud, but a considerable amount of fraud is still investigated and prosecuted at the local level. It is important for leaders in the UK to know what resources law enforcement have and where they need training and support in the fight against fraud.

Q. If a company finds itself subject to a government investigation or dawn raid, how should it respond?

A. Any investigation, and especially a raid, can be an incredibly stressful time for a company and its employees. The important thing is to not panic – the investigators have a job to do, and the sooner they get to the truth of the situation, the better for everyone. Companies should direct their management and their employees to cooperate fully, while also engaging legal counsel to properly protect the corporation from future litigation. If fraud is detected, it is a criminal matter and the company should make a good faith effort to work with prosecutors and regulators, while making sure to document all control measures and prior steps taken to manage fraud risk. Having a track record of meeting compliance requirements and having proper internal controls in place at the time fraud occurs could have a mitigating effect in terms of potential prosecution and penalties down the road.

Q. What role are whistleblowers playing in the fight against corporate fraud and corruption? How important is it to train staff to identify and report potentially fraudulent activity?

A. Employees are a company’s first line of defence against fraud and corruption. But training them to recognise the red flags of fraud is only half of the process. The company must also implement a reporting system that is anonymous and easy to use, so that employees are encouraged to report any suspicions. Then, the company must follow through and fully investigate any reports that do come in. If it does not, whistleblowers will believe that combatting fraud and corruption is not a corporate priority, and the tips will stop coming in. How important are those tips? According to the ACFE, they are by far the highest detection method for fraud, well above audits and other means. The company should communicate that a whistleblower hotline or online reporting system is available, and that there is a zero-tolerance policy for any type of retaliation against whistleblowers. Over time, the tips will come in.

Q. What advice can you offer to companies on conducting an internal investigation to follow up on suspicions of fraud or corruption?

A. Investigations can be challenging, and they require expertise. For example, there are rules for collecting and handling evidence, including physical evidence and witness statements, that must be followed for such evidence to be admissible in court. There are also laws in the UK dealing with privacy and the rights of the accused. The bottom line is that a company already dealing with a potentially costly and damaging fraud scenario should not risk adding more legal trouble through a faulty investigation. Hire experts who deal with corporate crime and specialise in fraud and corruption cases. Like any other area of expertise, they will have the knowledge and resources to help proceed with an investigation and lead it to the most favourable outcome for your company. If you already have anti-fraud professionals on staff, let them take the lead, but provide outside resources as needed.

Q. What general steps can companies take to proactively prevent corruption and fraud within their organisation?

A. A fraud prevention strategy has many different elements, and the sooner companies implement them, the sooner they can begin to work together in a proactive way to prevent fraud. Mandating employee training, such as ISO 37001 ABMS, having an ethical code of conduct signed by every member of staff, providing regular and surprise audits, and implementing a fraud reporting system are all effective ways to help prevent and detect fraud and corruption. None of these methods is strong enough on its own to properly protect organisations. But together, they can be very effective. It is also important to set a ‘tone at the top’, from ownership, directors and management on down, that fraud will not be tolerated. Anti-fraud controls only work if the company sees them through and thoroughly investigates every report. When fraud is confirmed, any perpetrators should be terminated and potentially prosecuted, sending a message of zerotolerance.

Meet HUMA KHALID,  Scheme Manager

Huma Khalid, as scheme manager, is responsible for leading ABAC. Ms Khalid’s responsibilities include planning and overseeing all aspects of the ABAC programme, which include certification and training. Additionally, she oversees the compliance department for the implementation, management and internal audit of CRI Group’s and ABAC compliance programmes

ABAC™ Center of Excellence Limited | t: +44 (0)777 652 4355 | e: huma.k@abacgroup.com

About CRI Group™

Based in London, CRI Group™ works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group™ also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group™ launched Anti-Bribery Anti-Corruption (ABAC™) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC™ operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC™ for more on ISO Certification and training.

Filed under: All Industries, All Solutions, Industry Insights, Resources, United Kingdom, London by admin
No Comments »

Cyber Security: How to Maintain GDPR Compliance?

The European Union’s (EU) General Data Protection Regulation (GDPR) came into force in 2018. The GDPR was a response to massive worldwide data breaches that were undermining the trust and security of private citizens whose personal information was at stake. As this data was exposed by both hackers and, in some cases, simply through poor security measures, governments of the EU felt it was time to create a strong piece of governance to bolster protection. While the initial rollout of GDPR held some uncertainty and unknowns for organisations subject to its guidelines, there is now a much clearer picture of how its standards apply. The punishments for being caught out of compliance can be severe: Violators of the GDPR may be fined up to €20 million or up to 4 percent of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater.

Cybersecurity is a Priority for the Management

Even with extremely high fines and stringent requirements, GDPR violations and data breaches have been skyrocketing across the world. In 2020, the overall increase of fraudulent activities has been detected, based on ACFE’s “Fraud in the Wake of COVID-19: Benchmarking Report”: 77% of survey participants have seen an increase in the overall level of fraud as of August, compared to 68% who had observed an increase in May. Earlier we wrote how the COVID-19 crisis triggered fraudulent activities and what can businesses do to support anti-fraud movements in their organisations and to strengthen their immunity to fraud. However, cyber-attacks are on the rise – the survey by the gov.uk continues to show that cybersecurity breaches are a serious threat to all types of businesses and charities. 39% of businesses and 26% of charities reported having cybersecurity breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (65%), large businesses (64%) and high-income charities (51%).

The study suggests that the risk level is potentially higher than ever under COVID-19 and that businesses are finding it harder to administer cybersecurity measures during the pandemic: 35% of businesses compared to 40% last year are now deploying security monitoring tools. This reduction suggests that these organisations might simply be less aware than before of the breaches and attacks their staff are facing.

However, among those that have identified breaches or attacks, around 27% of businesses experience them at least once a week. The most common by far are phishing attacks (83%, and 79% in charities), followed by impersonation (for 27% and 23%). Based on a survey by the gov.uk, despite COVID-19 stretching many organisation’s cybersecurity teams to their limits, cybersecurity remains a priority for management boards. But it has not necessarily become a higher priority under the pandemic. Three-quarters (77%) of businesses say cybersecurity is a high priority for their directors or senior managers, while seven in ten charities (68%) say this of their trustees.

The Most Notable Data Breaches

In the climate where organisations are putting more emphasis on strengthening their online security systems, there is no shortage of data breaches or GDPR violations. Our experts have noticed and shortlisted a few most notable cases in any order for you to be aware:

1. Booking.com

The very recent case, when travel booking website Booking.com has been hit with a  €475,000 ($560,000) fine after failing to report a data breach within the time period mandated by the GDPR. It happened back in 2018 when telephone scammers targeted 40 employees at various hotels in the United Arab Emirates (UAE). The hackers were able to get login creations for the booking system and to access the personal details of more than 4000 customers who booked hotel rooms via booking.com. The scammers exposed the credit card details of 283 customers, and in 97 cases the CVV code was also compromised. Based on GDPR, the data breach must be reported within 72 hours. Booking.com was late for 22 days (!) to report the breach to the Dutch Data Protection Authority and was issued a fine in April 2021, as reported by Forbes.

2. Twitter

Another company that was late to report the security flaw is Twitter – it was discovered in December 2018 but the social media giant did not report it to Ireland’s Data Protection Commission (DPC) until the following month. As a result, Twitter has been told to pay a €450,000 GDPR fine by Ireland’s data regulator for failing to report a 2018 data breach in the legally required timeframe. The DPC also determined that Twitter failed to adequately document the breach, another requirement under GDPR.

3. Vodafone

The firm that has been warned or fined smaller amounts on at least 50 occasions between January 2018 and February 2020, is in the news again: the Spanish data protection authority has fined Vodafone €8.15 million (approximately £7 million) for aggressive telemarketing tactics and repeated data protection failures. The fine was issued as a result of an investigation that was prompted by hundreds of complaints, with the regulator discovering a system that held up to 4.5 million contact lists purchased from third parties without user consent.

4. Facebook

And another social media giant – Facebook. Ireland’s data protection watchdog is demanding answers from Facebook over the release of records on 533 million people that appeared to stem from the social media site. As reported in April 2021, a spokesman for the Data Protection Commission (DPC) – which regulates Facebook in the European Union – said “a dataset, appearing to be sourced from Facebook, has appeared on a hacking website this weekend for free and contains records of 533 million individuals.”

5. H&M

The Data Protection Authority of Hamburg, Germany, fined clothing retailer H&M €35,258,707.95 — the second-largest GDPR fine ever imposed. H&M’s GDPR violations involved the internal monitoring of employees. After employees took vacation or sick leave, they were required to attend a return-to-work meeting. Some of these meetings were recorded and accessible to over 50 H&M managers. It has violated the GDPR’s principle of data minimisation — don’t process personal information, particularly sensitive data about people’s health and beliefs, unless you need to for a specific purpose.

6. Google

The biggest penalty (€50 million) was issued to Google for its alleged failure to provide notice in an easily accessible form, using clear and plain language, when users configure their Android mobile devices and create Google accounts, and obtain users’ valid consent to process their personal data for ad personalisation purposes. 

COMPLIANCE & ETHICS HOTLINES, REPORT NOW

How to Maintain GDPR Compliance

What can we learn from these case studies? Maintaining GDPR compliance is a complex process, and requires a lot of diligent work. At CRI Group, we recommend looking at it as a part of your risk management strategies, together with your compliance policies and procedures.

To help you with maintaining compliance with GDPR, our integrity due diligence experts created the following top 10 GDPR best practices for any business or entity that deals with collecting, storing or using personal information:

1. Employ a Data Protection Officer (DPO)

It is a GDPR requirement that entities who carry out regular and systematic monitoring of individuals on a large scale, or large-scale processing of certain special categories of data, have an assigned DPO. It is also recommended, however, for all other entities to help ensure data security. While the GDPR does not specifically list the necessary training or qualifications of a DPO, the regulation does require the DPO to have “expert knowledge of data protection law and practices” (Digital Guardian, 2019). Implement thorough background screening processes and make sure they are trained and qualified to be your DPO.

2. Train Your Employees

Ensure that all personnel are aware of the GDPR and your organisation’s commitment to compliance. Make sure that all leaders, and especially key personnel charged with collecting, handling or storing data, understand their responsibilities under GDPR. Make date protection training a regular part of your employee curriculum.

3. Confirm the Legality of Your Data Collection

GDPR requires that you have a legal basis to collect personal data. For most businesses, the following are the most likely to be applicable:

• The information is necessary to perform a contract between the organisation and the individual;
• You have a legal obligation to process the data (such as a court order);
• The organisation has a legitimate interest in collecting and processing the data – in other words, there needs to be a relationship and business reason to collect the date (it cannot be random);
• The individual has provided direct consent to the processing of the data.

4. Maintain thorough Records

For larger organisations (more than 250 employees), GDPR requires that records of data collection and processing be maintained. Again, this is also a best practice for smaller organisations, as well. It can help establish that the organisation is dutifully complying with the data protection principles in GDPR. Take inventory and make a record of the data you have collected and are storing to date. Create a detailed matrix to understand what types of data you are holding, where/how it is collected, how and where it is held, and whether it is still needed. Based on this information, you can also develop a data-retention policy to govern how long personal data is kept and stored. Keeping data on file longer than needed is a liability, and serves no business purpose.

5. Establish Consent Policies for Data

For some of your records, consent is your lawful basis for holding it. Under GDPR, it is no longer acceptable to assume consent in your collected data, or treat silence as consent. Create clear and unambiguous consent forms for your data collection that demonstrate adherence to GDPR principles. And remember, under GDPR, you must make it a simple process for an individual to withdraw their consent at any time.

6. Perform Due Diligence on Third-Parties

Under GDPR, your organisation is responsible if third-party partners collect, store or manage data for your organisation. You must ensure their compliance with GDPR as if it is your own since they are responsible for your data. This is the time to update your contracts with them to include compliance measures, as needed. It is also important that you review their control systems and their data handling processes. They must be comprehensive and meet all of the GDPR requirements to keep data secure. CRI Group’s third-party risk management experts can help you conduct effective reviews of your partners and their processes.

7. Be Responsive

Under GDPR, your organisation must respond to requests from individuals whose data you have collected and/or are storing. These requests are spelt out as individuals rights in regards to their personal data and they include the following:

• Right to be informed about what data is collected and why;
• Right of access to data that has been collected;
• Right to rectification/correction of inaccurate data;
• Right to erasure of data (“right to be forgotten”);
• Right to restrict processing of personal data;
• Right to data portability;
• Right to object to use of data; and
• Right not to be subject to automated decision making, including profiling.

Have a process in place to timely respond to requests and provide data when requested in order to stay in compliance.

8. Have Written Policies in Place

Develop your internal policies in regards to GDPR and how you protect personal data, and communicate them across your organisation. Take special note to spell out policies on data retention, cross-border processing of data, and how you collect and handle data for persons under the age of 16, as GDPR has special requirements in regards to children’s data.

9. Conduct Risk Assessments

GDPR requires Data Protection Impact Assessments in certain cases. These assessments measure your organisation’s ability to protect personal data and risks associated with that protection. If your data processing is considered high-risk, uses new technology, or deals in large-scale processing of data in certain categories, the assessments are required – but for any organisation, they are recommended. Data protection experts at an outside firm like CRI Group™ can help you prepare robust risk assessments and follow-up plans to address their results.

10. Be Prepared for a Breach

A worst-case scenario in data security is a breach that exposes personal information. Under the steps above, your organisation should be well-positioned to prevent or limit any breach to your data security. However, you should always have a contingency plan in place to immediately respond to a breach should it occur. Understand that GDPR requires that the applicable EU data protection supervisory authority be notified within 72 hours of a breach. Gone are the days where a company can announce it weeks or even months after the fact. Be ready to notify the affected individuals that their data has been compromised, so that they can take the appropriate steps to respond.

Organisations don’t like to think about the impact of a data breach – but major cases have pushed governments to act in the public’s interest. Perhaps nowhere is this more true than in the EU, where the GDPR is now the governing policy for organisations that deal with individuals’ personal data. By being proactive with the steps above, your organisation can be better prepared and maintain compliance with the GDPR. Most importantly, you will have the confidence and trust of your consumers through effective best practices in handling and protecting their data. CRI Group’s experts are here to help. Contact us today so that we can walk you through the steps of GDPR compliance. If you have any further questions or interest in implementing compliance solutions, please contact us.

Stay Updated on the Go

Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence related news, solutions, events and publications.

Filed under: All Industries, Compliance Solution, Industry Insights, Resources, United Kingdom, London by admin
No Comments »

What are the Stages of ISO 37001 Certification?

The ISO 37001:2016 Certification is an Anti-Bribery Management System Certification critical for organisations in the public, private and non-profit sectors. After all, consider the benefits: Certification adds a distinct level of credibility to the organisation’s management systems and ensures that the organisation implements a viable anti-bribery management program utilising widely accepted controls and systems. It assures management, investors, business associates, personnel and other stakeholders that the organisation is actively pursuing internationally recognised and accepted processes to prevent bribery and corruption. ISO 37001:2016 certification also protects the organisation, its assets, shareholders and directors from the effects of bribery. But what, exactly, is the process for getting ISO 37001:2016 certified by CRI Group? Once your organisation has submitted questionnaire information and completed the approval and contract stage, the certification cycle is ready to begin.

A Breakdown of the Stages of ISO 37001:2016 Certification

Step 1: Audit Confirmation

An audit plan will be developed with your organisation and confirmed to the Certification’s Body Assessment Team at least three months before the organisation’s first audit.

Step 2: Pre-assessment Audit (optional)

The organisation can opt to perform a pre-assessment audit to identify any possible gaps between its current management system and the standard requirements. This audit is optional and helps the organisation check its preparedness for the stage 1 and 2 assessments by identifying any major non-conformities that have not been addressed.

Step 3: Stage 1 Audit

Review the results of the audit, including:

• General observations
• Non-conformities (major or minor, see below)

Minor Non-conformities: 

These are not seen as serious. The organisation must complete an internal Corrective Action Plan (CAP) before Stage 2. CAP is not required to be sent to the Assessment Team at Stage 1.

Major Non-conformities: 

These are more serious. The organisation will need to submit a CAP within ten days of receiving the audit report, with all actions scheduled to be completed before Stage 2. The CAP should be sent to the Assessment Team. The major non-conformities raised during Stage 1 will be re-assessed during Stage 2 Audit.

Step 4: Stage 2 Audit

This is an on-site audit and takes place after the organisation has successfully completed Stage 1 and corrected any major non-conformities identified during the Stage 1 audit. Stage 2 confirms that the organisation’s management system is fully aligned to the standard. The evaluation is of management system implementation and its effectiveness.

Outcome: The audit report will detail the following:

• Any positive observations
• Opportunities for improvement – suggestions for improvement and any findings that could lead to potential non-conformities.
• Non-conformities (Major or Minor)
• Recommendation for Certification

Minor non-conformities: The organisation must complete an internal Corrective Action Plan (CAP) and submit this to the Assessment Team within 45 working days of receiving the audit report. The Assessment Team will review the CAP; it must detail the non-conformity, the cause, the proposed corrective action, who is responsible and the date the action will be implemented. Based on the evaluation of CAP, the recommendation for certification will be made.

For minor non-conformities, if an organisation has a corrective action procedure, this will not delay the certificate.

Major non-conformities: The organisation must complete an internal Corrective Action Plan (CAP) and submit it within 90 days (or 180 days depending on the number and risk of major non-conformities) of receiving the audit report be sent to the auditor.

What Comes Next?

Stay tuned for more on ISO 37001:2016: sign up for our newsletter HERE! ISO 37001:2016 Anti-Bribery Management System certification is offered under CRI Group’s ABAC™ Centre of Excellence, an independent certification body established for Anti-Bribery Management System training and certification, ISO 37301 Compliance Management Systems and Risk Management System certification. The program will be tailored to your organisation’s needs and requirements. For assistance in developing and implementing a fraud prevention strategy, contact ABAC™ today or get a FREE QUOTE now!

Who is CRI Group™?

Based in London, CRI Group™ works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group™ also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

Filed under: Anti-Bribery Anti-Corruption Solution, Industry Insights, ISO 37001, Resources by admin
No Comments »

The Consequences of Inadequate Due Diligence

Adequate Due Diligence

Running worldwide businesses requires effectively recognizing, analyzing and managing risks and ensuring compliance. We have identified that many organizations with third-party relationships conduct inadequate due diligence that might pose significant risks. In this article, we look at the possible risks and the best practices for conducting adequate due diligence and third-party risk management effectively, such as:

1. Planning
2. Documentation
3. Culture

Continuous Risk Management

Today’s global business requires efficiently managing a network of third-party partners that supply product components, run operations in foreign markets, operate call centers, or act as outside consultants or agents.

A well-maintained third-party network’s vast array of capabilities and specialized skill sets make operations easier for the organization and its customers. But many organizations, from small businesses to multi-national corporations, can rarely afford the time and effort required in-house to manage these often-complex third-party relationships.

Because of this, the risk of unethical business practices, bribery and other business corruption potentially increases if inadequate due diligence is conducted on third-party partners. The ramifications of a scandal related to a third-party partner can easily take down an organization, resulting in such risks as a damaged reputation and brand devaluation, regulatory violations, legal proceedings and possible fines and jail terms for directors. Therefore, a solid and viable third-party risk management program is the only way to protect the corporation’s assets fully.

Building a third-party risk management program is not a passive process. It continually requires time and effort as the risks associated with third-party partnerships evolve.

Explore Third-Party Risk Management Solutions

Consider the recent events during which the legislators of three separate nations signed new compliance regulations and standards into law. Suppose your organization’s third-party risk management program cannot quickly adjust to these new regulations (or is not designed to anticipate future legislative movements). In that case, your organization is genuinely at risk.

Cutting Corners Not Worth the Risk: Adequate Due Diligence

Indeed, building a solid risk management program requires a significant investment of time and resources (internally and from the outside). Still, the consequences of not doing it right could be dramatically severe. Still, far too many organizations are willing to tempt fate by cutting corners on developing and implementing their third-party risk management program.

Organizations attempt to cut corners by relying on outdated or stagnant tools to monitor, detect, and prevent risks. Hiring outside industry professionals with proven track records of successful due diligence experience is necessary.

Relying too heavily on “desktop” due diligence is another dangerous shortcut. Desktop due diligence is an essential initial step of the investigative process, involving background checks, lien searches, regulatory filing investigations and environmental reports. And while it is a vital component of any effective due diligence program, it’s not nearly enough to evaluate the third party thoroughly.

Truly understanding a potential partner’s business requires a considerable amount of time spent face-to-face with the outside organization’s leadership, operations management and even current customers. This “boots on the ground” process will detect potential risks, often hidden from a distance and undetectable via web-based discovery tools.

The “boots on the ground” approach also help to establish a relational dynamic required for ongoing negotiations and provides a clear insight into two of the fastest-growing issues in third-party risk management: Bribery and Labor Management.

Bribery As a Compliance Issue

Anti-bribery and anti-corruption compliance is a fast-moving target. New anti-bribery laws and regulations are being decreed worldwide at a relentless pace. Complicating matters further, many countries may have laws in place but cannot enforce them adequately. The responsibility falls to your organization’s adequate due diligence program to ensure detection and protection when this happens.

High profile investigations in recent years have contributed to the rapid emergence of bribery and corruption as a societal issue. Never before has such a contrast been drawn so dramatically on a global stage between those who engage in corruption and those who suffer. Any organization that finds itself mixed up in a scandal involving bribery has more than a legal mess. It has a long battle to win back the trust of its shareholders, employees, customers and the public.

Conducting adequate due diligence surrounded such varying factors is work that must be completed in person. Gaining insight into a potential partner’s company culture requires immersion with the organization’s leadership, management and staff. When evaluating bribery risk, some warning signs can only be discovered on-site.

This e-book explores some critical questions posed to business leaders today: Has your organization implemented reasonable and proportionate measures to prevent bribery? How will you know if your anti-bribery and anti-corruption controls are effective? Are you aware of the latest best practices in avoiding bribery? Download our eBook to find out! READ NOW

Labor Matters and Compliance

From overtime issues and under-age workers to unsafe working conditions and improperly documented accidents, labor compliance represents a significant component of any solid third-party risk management program.

Once again, inadequate attention to risks related to labor compliance can bring on considerable penalties. Understanding which industries, geographic regions, and management structures elevate the organization’s risk is vital to efficiently operate an adequate due diligence program. This understanding is nearly impossible to guarantee via ‘desktop’ due diligence. Spending the necessary time in person is the only way to ensure a potential supplier properly compensates and manages employees while providing a safe workplace environment.

Even if your agreement with a third-party partner places the responsibility of payroll issues firmly upon the vendor, your organization — as a joint employer — can still be held accountable in many countries. After all, the labor conducted at your partner’s facility benefits your organization’s bottom line.

What are the Best Practices?

The demands of identifying and measuring third-party risk, monitoring those potential risks on an ongoing basis, and making recommendations based on empirical research are best met by a dedicated team of outside professionals. And while no two organizations are alike in terms of risk profiles, several factors have become consistent in building a strong, effective and adequate due diligence program:

1. Planning: Without a well thought out plan outlining ongoing monitoring efforts with assigned roles and responsibilities, measures to mitigate risk will be haphazard at best and dormant at worst. With a thoroughly established, management-advocated program that identifies specific risk factors for each affiliation, a process for addressing red flags, and an established mechanism for continual revision, the organization will remain vigilant in its efforts to protect itself from liability.

2. Documentation: Due diligence efforts are only as good as the information and data gathered and secured. Meticulous documentation and reporting enable the organization to recognize trends, communicate analyses, and sustain efforts during any future personnel changes. Effective risk management programs feature established guidelines for capturing data, contracts and research with uniformity.

3. Culture: An organization where leadership, management and workforce do not take the third-party risk seriously will never be adequately protected from risk. Successful organizations in this respect dedicate themselves to building a culture in which every employee feels personally invested in the operation’s risk management. Employees must feel empowered and encouraged to report red flags. Passive engagement is simply not enough.

Done correctly, third-party risk management can effectively save the organization from risk, liability, and other perils often associated with outside entities wanting to engage and transact with your business.

A TPRM Customized Solution that Best Suits Your Needs

CRI Group™’s own exclusive, expert-developed 3PRM™ services help you proactively mitigate risks from third-party affiliations, protecting your organization from liability, brand damage and harm to the business. Whether your organization has a large, well-established third-party program, is in the early stages of development, or is anywhere in between, the 3PRM™ solution can improve the health of your program and future-proof your entire business in many forms.

Our 3PRM™ solution streamlines the third-party risk management process through scalability, and efficiencies – from third-party risk identification to assessment what sets us apart is that our 3PRM™ solution includes:

• Due Diligence
• Screening & Background Checks
• Regulatory Compliance
• Business Intelligence: Information Management
• Investigations: i.e. IP, Fraud, Conflict of Interest, etc.
• Anti-bribery & Anti-Corruption (ABAC) Compliance
• Employee auditing training & education
• Monitoring & reporting

Where Should TPRM Sit within an Organization?

TPRM can sit within various business units depending on your organization’s structure. Many organizations involve multiple departments such as procurement, information security, operational risk and compliance to provide input to manage the risks related to engaging third parties. Depending on your business’ internal structure, you may choose to apply a centralized, mixed or decentralized model when focus on TPRM. At CRI Group™ we observed a trend with many of our clients implementing a centralized model when managing their third-party relationships, given the required input from their multiple business lines. A centralized model allows you as an organization to track common risks across departments and identify emerging trends that may require a response from more than one department.

Risk Management Goes Beyond TPRM

CRI Group™ provides the knowledge required to navigate unfamiliar markets and mitigate third party risk by assessing the backgrounds, integrity and character of those with whom you do business. Our 3PRM-Certified™ program is therefore key for managing an organization’s third party risk levels. However, this is only one of the several vital steps towards a robust risk management strategy implementation.

Risk management is the identification, evaluation, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities. Risks can come from various sources including your employees.

Getting Started with ISO 31000 Risk Management? Learn more with our “ISO 31000 Playbook”

At CRI Group™, we understand that managing compliance and risk activities might be a daunting task. That’s why we present you with the insights library where you can dive deep into these topics to make your job easier. If you can’t find what you are looking for, just get in touch – we would love to have a chat!

CONTACT INFORMATION

Zafar Anjum | CRI Group™ Chief Executive Officer
t: +44 207 8681415 | m: +44 7588 454959
e: zanjum@crigroup.com

Filed under: Due Diligence, Industry Insights, Resources, Third-Party Risk Management by admin
1 Comment »

ILO Monitor: COVID-19 and the world of work, 2nd update

ILO (International Labour Organization) has updated “ILO Monitor: COVID-19 and the world of work. Second edition”. Since the first edition, the COVID-19 pandemic has further accelerated in terms of intensity and expanded its global reach. According to ILO, full or partial lockdown measures are now affecting almost 2.7 billion workers, representing around 81% of the world’s workforce. Leaders and businesses across a range of economic sectors are facing difficult decisions, as COVID-19 is changing their business. There are many cases where COVID-19 has prompted innovative leadership in an attempt to avoid catastrophic losses, and a potential end to operations and or even solvency.

COVID-19 crisis is leaving millions of workers vulnerable to income loss and layoffs. According to ILO new edition, employment contraction has already begun on a large scale in many countries. Changes in working hours (which reflect both layoffs and other temporary reductions) reflect the new reality of the current labour market situation. As of 1 April 2020, the ILO’s estimates that global working hours will decline by 6.7% in the second quarter of 2020, which is equivalent to 195 million full-time workers. 

The ILO estimates that 1.25 billion workers, representing almost 38% of the global workforce, are employed in sectors such as retail trade, accommodation, food services, and manufacturing. Dues to Covid-19 crisis these are sectors that are now facing a severe decline in output and consequently a dramatic impact on the world’s workforce. The workforce in high risk of displacement will experience greater challenges in regaining their livelihoods during the recovery period. 

>Read the full report here!

ILO discusses how policy responses are critical now in order to provide immediate relief to workers and enterprises and protect livelihoods and economically viable businesses. According to the ILO report, the final tally of annual job losses will depend on how much longer will COVID-19 continue to impact the world and whatever measures taken to mitigate its impact. Stay updated, subscribe for more insights like these! 

Managing your people through COVID-19

The COVID-19 pandemic is undeniable affecting the world. And the situation is changing at an hourly rate as we go into a second global lockdown. Businesses are having to adapt quickly to survive, i.e. cutting steps in their hiring process, and no-one knows how this will play out. However, there are ways you can mitigate the impact, learn how with this FREE ebook. Taken as a whole, this ebook is the perfect primer for any HR professional, business leader and companies looking to avoid employee background screening risks. It provides the tools and knowledge needed to stay ahead of COVID-19 effectively. Read the answers to the following questions:

• How to turn the tide’ on coronavirus crisis?;
• COVID-19 Action point checklist;
• Background Screening: Essential Checks;
• Six steps for good practice in connection with COVID-19;
• 11 Steps to Reduce Personnel Costs;
• COVID-19 General advice;
• How to remove any danger to your business during COVID-19;
• … and more!

> Download your “Employee Screening during COVID-19: everything you need to know and more!“ FREE ebook here![/vc_column_text][accordion_father][accordion_son title=”Who is ILO?” clr=”#ffffff” bgclr=”#1e73be”]The ILO was founded in 1919, in the wake of a destructive war, to pursue a vision based on the premise that universal, lasting peace can be established only if it is based on social justice. The ILO became the first specialized agency of the UN in 1946.[/accordion_son][accordion_son title=”About CRI Group” clr=”#ffffff” bgclr=”#1e73be”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][/accordion_father]

Have you read…

[/vc_column_text][vc_basic_grid post_type=”case-study” max_items=”6″ style=”pagination” items_per_page=”3″ item=”234″ grid_id=”vc_gid:1605683277613-8a07ec62-1f1d-4″][/vc_column][/vc_row]

Filed under: All Industries, All Regions, COVID-19 Insights, Industry Insights, Resources by admin
No Comments »

Debugging fears that paralyse fraud prevention

Debug fears for fraud prevention

Even though companies understand the fraud risk factor – nearly 77 per cent of HR professionals accept that there is a risk that employees can initiate fraudulent activity because of the work-from-home arrangement during the pandemic – more often than not, companies do not take action to implement robust fraud prevention processes in place until the organisation is exposed to fraud or appear in the news due to an investigation, incident, or external and (or) internal violation. Based on the article by ACFE, we aim to answer why companies wouldn’t adopt fraud prevention and detection measures proactively. 

The answer is fear. It prevents business leaders from being proactive about fighting fraud. Business analytical tools and systems enable companies to identify red flags quickly, but they do not work as fraud prevention tools. 67 per cent of CRI® Group’s background screening survey respondents said they encountered one type of fraud – employee fraud – in their career. It’s alarming to imagine how others have encountered many other types of fraud. And still, companies pay lip service to efforts to fight fraud. So how the fear factor plays into the decision to fight fraud?

Fear of associated expenses

A fraud prevention tool is a cost you don’t always recognise an immediate return. Consider it like health or car insurance – when it comes to identifying and preventing risk and potential fraud, returns can be harder to quantify.

There are some concerns about spending money on a system that might or might not identify fraud. And if the system does identify fraudulent activity, companies are now obligated to spend more for the additional investigation and possible litigation. It might not be a significant expense for some large organisations, but the budget is better reinvested toward a company’s bottom line.

When trying to save their expenses, organisations forget that expense fraud is one of the most common forms of occupational fraud: employees fudging on their expense accounts. Earlier this year, Lookers (A London-listed company) warned investors they might be unable to buy and sell its shares from the beginning of July because of potential fraud on its books – confirming a £19m charge to correct books after fraud inquiry. Whether through fictitious charges, fake receipts or invoices, or other improper use of expense funds, an expense account is sometimes seen as a low-risk, high-reward area for fraud. It shouldn’t be. Follow these five tips for preventing and detecting expensive fraud.

Fear of technology

Based on ACFE, “companies are concerned that implementing new software technology might increase their exposure to fraud via data breaches. They’re also concerned that technology will replace internal auditors. While data encryption and similar tools can combat the risk of data breaches, addressing personnel concerns are trickier.” Technology is meant to assist but not to replace people. It helps identify the red flags, but human input and investigation are required to determine if fraud is occurring and check the facts. 

Appointing a fraud investigator is a good idea in this case. Fraud investigators are the front line of establishing the facts of suspected fraud or other unethical business behaviour. A fraud investigator’s skillset and wide knowledge of fraud laws, evidence gathering, and interviewing make them the go-to expert for investigating insurance fraud, financial fraud, procurement fraud, asset recovery, cyber fraud, healthcare fraud, retail fraud, etc. In this article about fraud investigators’ role, we explore their key functions, responsibilities and knowledge, and how their skillset helps organisations.

Fear of reputation loss

“Companies might fear their reputations will take a hit if they uncover ongoing fraud schemes. Social media has become a prevalent form of information sharing, so all it takes is the hint of a rumour, and the damage is done. Employees might post the information — or alleged information — that makes it appear as though a company is attempting to hide something”, based on ACFE. This comes as the company’s advantage to be open with employees to fight fraud. Employees are less likely to whistleblow in public when they are safe and have internal options to report fraud and discrepancies.

The key ways of managing the company’s reputation are being transparent, protecting data, and conducting due diligence. It may sometimes feel like your company’s reputation is out of your control. However, you can take steps to help manage your reputation and help steer the conversation. It becomes more difficult when you wait and try to undo later the damage that has already been done. That’s why being proactive in maintaining a positive reputation is the best strategy.

Fighting fraud on the front line is key

Companies must realise that the benefits of fighting fraud far outweigh the fears. Engagement in an early fraud education process acts as a buffer, leading to fewer fraudulent losses. Procurement and payables professionals must implement efficient processes that address red flags and track — early and upfront — non-adherence to mandates. Below is a quick overview of best practices for engaging analytic tools and front-line staff to identify and prevent fraud.

• Tone at the Top: Of course, top-level management must be committed to addressing fraud prevention. However, it’s just as important for middle managers to adopt a zero-tolerance policy toward fraud. A lack of integrity can be contagious. If workers see their supervisors’ rubberstamping processes, it gives them little incentive to raise concerns when they find inconsistencies.
• Segregation of duties: No one should be responsible for an entire accounting function. The individual who sets up a vendor or client shouldn’t be the same person who approves invoice payments. It’s vital to have multiple eyes on the process, especially in smaller organisations where segregation of accounting duties might be limited or non-existent.
• Create a fraud-fighting culture: The very perception of detection helps prevent fraud. A fraud-prevention overview should be part of new employee orientation. Companies also should sign off on internal codes of ethics that outline the steps and procedures employees can take if they suspect fraud. Tips are consistently, and by far, the most common detection method. According to the Report to the Nations, tips detected more than 40 per cent of all cases. Publicise a hotline number internally and externally for your vendors — one of your employees might even be seeking to collude with a client!
• Training and process audit: Perform anti-fraud training for employees annually, at a minimum. Increase your anti-fraud training if you have a substantial number of new employees coming on board. Annual fraud awareness and detection training sends a clear message to employees about your organisation’s high standards and could deter fraudulent activity. Vet suppliers and clients. If you want to avert various fraudulent schemes, you must understand the red flags to look for when onboarding a supplier or client. Vendor vetting in real-time can mitigate upfront risks and dictate those actions required to prevent fraud from slipping undetected through the system. Vendor portals prove invaluable for vetting suppliers using automated data validation.
• Take action: There’s no reason to identify or perform analysis if you’re unwilling to take action. Fraud prevention software can help you do more than detect fraud — it can highlight poor processes that might expose you to fraud. For example, you might have a legitimate vendor or client, but software can raise a red flag because of gaps in your setup process. Analyse results, make changes, monitor and constantly learn from your processes.

Don’t let fear take control

We must help diminish the fears that impede the fight against fraud. At CRI® Group, we know that we can effectively and together use the needed resources to combat them when you acknowledge those fears. We believe that analytics tools and proactive monitoring can turn idle threats into reality.

Your business is at far greater risk for losses due to fraud than organisations that take advantage of fraud prevention tools to leverage their resources: the larger the organisation, the more complex and multi-faceted the governance and responsibility matrix for fraud detection. Passive detection methods aren’t enough anymore. It’s been proven repeatedly that instilling proactive efforts to discover or reduce fraud will increase the bottom line and enhance a company’s reputation. Our fraud examiners can assist you, don’t allow fear to paralyse you into inaction.

Free E-Book | Risk Management & ABMS Playbook

The Risk Management & ABMS Playbook provides tools, checklists, case studies, FAQs and other resources to help you lead your organisation into better preparedness and compliance. Our experts share their plays to help you reduce risk, thereby preventing and detecting more fraud.

The first section addresses risk management directly: proper third-party due diligence and critical background screening take centre stage for this game plan. Section two tackles bribery and corruption, with tried-and-true measures you can implement to stay better protected and comply with strict laws and regulations.

DOWNLOAD FREE EBOOK

About CRI® Group

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

CONTACT CRI® GROUP

Speak up | Report Illegal, Unethical or Improper Behaviour

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal communication channels or wish to raise the issue anonymously, use CRI® Group’s Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI® Group’s Non-Retaliation Policy.

COMPLIANCE HOTLINE

Filed under: All Industries, Global, Industry Insights, Resources by admin
No Comments »