Corporate Research & Investigations

COVID-19 Prompted Innovative Leadership

As of 3 September 2021, COVID-19 has affected more than million people globally, including 218,580,734 deaths, reported to WHO. The virus has also had severe economic implications, leaving organizations facing a unique set of new challenges that can only be summed up in one word: uncertainty. And the only way to navigate these uncertain times is through effective leadership. Good leaders can deliver on their mission in innovative ways while envisioning a new “normal”. This is critical right now, as COVID-19 has magnified not only societal vulnerabilities but vulnerabilities in business, as well.

Navigating the complexities of the unforeseen COVID-19 crisis has left many businesses struggling. Crisis often fuels innovation, however, and most organizations are stepping up with unique contributions and excellent leadership at a time when it is needed most. Leaders at the forefront of the COVID-19 pandemic – epidemiologists, data and behavioral scientists, academics, engineers, military logisticians and businesses – are collaborating (probably for the first time) to solve seemingly intractable problems.

These leaders are driving innovation with therapeutic, economic, and community-based solutions that are having a significant impact on the global pandemic. From the creation of multi-million global relief funds to shepherding vaccine development and treatments; from payment deferrals for people and businesses facing financial hardships to digital/telehealth solutions such as Beneficial Business Exchange (a self-service virtual community that matches urgent needs with critical resources); from solving supply chain challenges to creating innovative new products; leaders are adapting and making decisions to help their organizations weather the storm and survive the crisis.

For example, with ventilators in short supply (a critical need during the pandemic), Mercedes stepped up by collaborating with the University College London and clinicians at University College London Hospital to develop the Continuous Positive Airway Pressure (CPAP) ventilator. In South Korea, health authorities, vice-Health Minister Kim Gang-lip, businesses and students joined forces at an early stage of the COVID-19 pandemic. With their combined technological expertise and creative thinking skills, they produced a drive-through COVID-19 test; a body sterilizer that sprays people as they enter halls; and a health tracker app for overseas visitors. These and other innovative solutions have shown how collaboration between leaders is beneficial.

The COVID-19 pandemic has driven technological innovation. With more people working from home, internet and online services have been stretched to the limit. Behind strong leaders at Apple, Google, Amazon and other leading tech giants, companies have responded to fill needs in this new online framework. Web meetings, online shopping and other technological aspects driven by COVID-19 have forced quick adaptation and innovation to meet consumers’ needs and, in some cases, keep the economy going.

The reality is that leaders who push innovation during this crisis are setting their organizations up for better success once the crisis has passed. In fact, history suggests that companies that invest in innovation through a crisis outperform peers during the recovery. This finding came to light during the SARS outbreak and the 2009 financial crisis, among others. Statistics show that companies that maintained a focus on innovation during the 2009 crisis subsequently outperformed the market average by over 30 percent after the crisis resolved. This demonstrated a far-sighted approach with significant benefits beyond just a company’s survival.

Leaders and CEOs have creatively solved problems and inspired others by taking action and making decisions that might typically take months to emerge from the typical treacle of bureaucracy. However, good innovative leadership will continue to emerge, transform and discover new ways to tackle COVID-19 challenges. Resilient leaders can see a crisis as an opportunity to elevate and define their corporate culture; resilient leaders can find clarity by testing every decision against touchstones. Their companies, and the communities and people they serve, are counting on them.

Subscribe to our monthly newsletter now!

Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence related news, solutions, events and publications.

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: All Industries, COVID-19 Insights, Leadership Insights, Resources by admin
No Comments »

« Previous Page

CONTACT US

NEWSLETTER SUBSCRIPTION

Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence-related news, solutions, events and publications.

7 Traits of a Resilient Leader

Every successful leader has encountered a challenging scenario at some point in their career. The unprecedented COVID-19 pandemic, however, has forced leaders to face unforeseen new challenges. With the pandemic’s colossal impact on operations, workforces, profits and supply chains across the globe, all eyes are on leadership to guide their businesses through this crisis. Resilient Leader

Resilient leaders are generally seen as more effective, making them an asset to any business; but what is resilience and how can it be applied to your management skills?

What is Resilience?

Resilience is the capacity to recover quickly from difficulties; it is a further evolution of stress management. This makes it a “no brainer” as to why resilience is such a popular concept in today’s business environment. Many businesses are pushing the concept of resilience as a way of helping workers better cope with the stresses and strains of the modern-day office and unlock their performance potential.

In this article, we look at seven essential qualities that characterise resilient leaders, and how to increase your resilience. In general, resilient leaders:

Show empathy
Are adaptable and able to improvise
Are self-aware and open to feedback
Take calculated risks
Keep a positive attitude
Develop others
Communicate effectively

1. Resilient Leaders Show Empathy

COVID-19 has generated one of the greatest challenges and, simultaneously, one of the greatest opportunities for resilient leaders – at all levels. According to a Gallup U.S poll, six in 10 people are “very” or “somewhat worried” that they or a family member will be exposed to COVID-19 (Gallup, 2020). During this crisis, emotional management is even more crucial than ever. According to studies carried out by Development Dimensions International (DDI), empathy is the most critical leadership skill. Leaders who display compassion, authenticity and vulnerability – and are capable of apologising when they’re wrong and handle criticism without blame – create strong emotional bonds with their teams (DDI, 2020).

The most resilient (and effective) leaders can demonstrate empathy and a high level of emotional intelligence. When your team feels understood, they feel more motivated and more confident to contribute cultivating stronger conversations, ideas and debate. As Mark Cuban shared in a recent interview: “How you treat your employees today will have more impact on your brand in future years than any amount of advertising, any amount of anything you literally could do” (Just Capital, 2020).

2. Resilient Leaders Are Adaptable

With COVID-19 infecting approximately 311,641 people in the UK alone, health officials suggested using hand sanitiser as the easiest way to prevent the spread of the disease. Consequently, these announcements led to panic buying (Euronews, 2020). In this type of situation, a resilient leader should be able to visualise this action as an opportunity – for example, dozens of spirit manufacturers across the UK started to produce hand sanitisers (i.e. BrewDog and Leith Gin). This is a classic example of an instant attitude adjustment – looking at what they can do as opposed to what they can’t (Telegraph, 2020).

When faced with change, resilient leaders can focus on the things within their business that they can still control. Whether impacted by new technologies, environmental challenges or even ethical dilemmas, the modern business landscape is always changing. A resilient leader needs to be flexible and adaptable to succeed. Is flexibility part of your leadership style?

3. Resilient Leaders Are Self-Aware and Coachable

According to Health Care Business Today, self-awareness and coachability are “The Two Most Important Leadership Traits” (Health Care Business Today, 2019). We think so, too. Resilient leaders are self-aware, confident, and most of all, able to recognise their strengths and overcome their weaknesses. Resilient leaders are open to feedback, ask for feedback and are always demonstrating a real effort to improve.

4. Resilient Leaders Take Calculated Risks

Successful leaders earned their success through taking calculated risks. When Amazon CEO Jeff Bezos launched AmazonFresh, he was scrutinised by others because he didn’t choose a successful delivery or supermarket executive to run the venture. Instead, Bezos selected a team that had previously run a web-based food delivery service in the ‘90s (which collapsed after two years in business). Why? Bezos knew that the team had learned from their failure, which made them the perfect choice to succeed with a new project.

Resilient leaders like Bezos take calculated risks while accepting that failure is a by-product of innovation and success. They learn to become comfortable with being uncomfortable, and flourish as the world changes around them.

5. Resilient Leaders Can Keep a Positive Mindset

The impact of COVID-19 is tough to manage. It is vital to have a positive mindset that can influence fellow professionals and raise team morale while maintaining business momentum.

Under the challenging circumstances posed by the COVID-19 crisis, a resilient leader needs to be enthusiastic, offer praise for success, and give credit when it’s due. American psychologist Carol Dweck has stated in her book “Mindset: The New Psychology of Success” that “a change of mindset must happen before other positive transformation can occur.”

Resiliency is needed when we encounter failure. As a resilient leader, you shouldn’t view failure as final, but as a necessary step to move further along your journey.

6. Resilient Leaders Develop Others

The most resilient leaders are concerned about the development of their teams. Developing others helps everyone to learn from their mistakes. We continue to find that leaders who want and accept honest feedback for themselves are more likely to give productive feedback and coaching to others.

7. Resilient Leaders Communicate Effectively

Effective communication helps teams understand changes, expectations and new directions. This understanding is the key to the success of any team. The most resilient and best leaders always communicate their intentions effectively to others and are willing to help their teams understand a new strategy or direction.

The COVID-19 pandemic is proving to be the ultimate test for business leadership. In times of crisis, only certain individuals can adapt and stand tall amongst the crowd. When it comes to leaders, being able to implement resilience tools and strategies will not only make you a better leader but help the company overall.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Automotive, Aviation, Background Investigation, Compliance Solution, COVID-19 Insights, Due Diligence, Employee Background Check, Finance & Professional services Industry, Insurance, Investigative Solution, IT & Telecommunications, Leadership Insights, Oil, Gas & Energy, Pharmaceutical & Healthcare, Property, Resources, Third-Party Risk Management by admin
No Comments »

« Previous Page

COVID-19: Top risk management concerns

A global crisis calls for a fresh due diligence and risk management review of your company’s third-party partnerships

The worldwide coronavirus pandemic has disrupted life in just about every word, from personal health concerns and social distancing to shelter-in-place mandates and business closures. But in the corporate world, life plods on. Critical concerns about ongoing sales and revenue, keeping personnel employed, safety issues inside the workplace, and uncertainty about the future make business leaders lose a lot of sleep these days.

An added element that global organisations should genuinely be concerned about is the ongoing viability of the supply chain. The pandemic is affecting different parts of the world at varying levels, so it’s vitally important to be continually vigilant in how the crisis affects your third-party suppliers and how those supply chain partners behave and maintain legitimacy in these uncertain times.

The healthcare industry is on the front line of the global supply chain battle, as it feverishly addresses an unprecedented demand for personal protective equipment. The shortage of PPE (Personal Protective Equipment) has forced many organisations – out of sheer desperation – to seek and purchase supplies from just about any outside source that can produce what’s needed. This panic buying has led to unscrupulous manufacturers producing and flooding the market with sub-standard products that, aside from being grossly overpriced, are putting an untold number of lives in peril. Further, the global demand for PPE has fostered rising occurrences of bad actors who see lucrative opportunities for bribery, tax evasion and money laundering amid crisis and confusion.

The pandemic has thrown many other industries into complete disarray, which will naturally open the doors for opportunists to do what’s necessary to take advantage of the situation. And suppose your organisation happens to be affiliated with these bad actors. In that case, the long-term effects can be potentially devastating, affecting the organisation’s reputation, and resulting in untrusting customers, lost business, loss of market value, decreased share price, litigation, and any number of regulatory penalties.

Crisis Situations Require Enhanced Due Diligence

A Third-Party Risk Management Program is not a passive process. It requires time and effort, and, as we’ve witnessed during the present global crisis, the risks associated with Third-Party partnerships are continually evolving. Those outside risks can be found on many operational levels, from a supplier’s present working conditions and the protection of customer data to safeguarding the company’s intellectual property and suspicious changes in pricing and payment terms, among others. Here are several items to consider in re-evaluating the company’s relationship with Third-Party partners during this critical period:

Essential Workers – Is the company observing the latest guidance related to safety practices for that personnel still working on the production lines? Is the company providing PPE protection and following social distancing on the factory floor?
Remote Workers – Is the supplier’s staff working from home now? How do you know those staff members, working on your behalf, are behaving correctly and completing their work? Who is overseeing the production of at-home workers?
Customer Data – If staff is working remotely, how are they accessing vital company data? Is the at-home network protected? Can it be accessed and infiltrated by unaffiliated outside parties?
Information Sharing – Has the supplier addressed intellectual property protection concerning at-home workers? Are the various corporate (and at-home) communication channels safeguarded, including email accounts, online chats, direct messaging, video conferencing and phone calls?
Product Quality – Can the supplier still provide proof of product viability, including compliance with safety, quality, labelling and other standards?
Production, Component and Logistical Costs – Has the supplier altered its various costs in response to the crisis? Has it provided acceptable reasons for the changes? Are these additional costs verified and justified?
Relationships with Agents – Are the agents that assist in your global supply chain maintaining business integrity during the crisis? Are there unreasonable changes to pricing, terms and delivery dates?
Regulatory Compliance – Is the supplier complying with local, regional and national mandates recently enacted as a result of the pandemic?

Remember, your organisation is only as safe as the least protected component of your Third-Party supplier network. It’s vital to ensure adequate protection against the rising number of risks associated with the recent worldwide crisis.

The Need for Leadership in These Challenging Times

Desperate times call for desperate measures, and these are most undoubtedly desperate times. An organisation where leadership, management and workforce do not take the third-party risk seriously will eventually suffer the consequences brought on by lack of action. And to those organisations that practice effective risk management, passive engagement in times of crisis is not enough.

The key to effective risk management during these times is proactivity. Asking difficult questions now can save you from answering accusatory questions later. Questions company management might immediately consider include:

Are our suppliers equipped to protect our sensitive information against today’s risks?
How sophisticated are our cloud and social media security?
Are our suppliers capable of adapting to regulatory compliance changes?
Are proper redundancies in place to ensure our information is protected against disaster?
Will we be prepared if one of our suppliers unexpectedly shut down a line or closed its doors?
Do we have the adequate tools to vet new or replacement suppliers properly?
Who owns the risk management process internally? What additional resources do they need to succeed in the current situation?
Do we have a set methodology for addressing incidents involving our suppliers?
Do we maintain an accurate and complete interactive inventory of our suppliers?
Can we identify warning signs with suppliers?
Do we have a well-communicated reporting process?

The coronavirus pandemic has created crisis and uncertainty that we’ve never experienced. And crises are breeding grounds for bad actors who see opportunity in the midst of uncertainty. Ongoing due diligence of third-party partners in times of crisis is vital to safeguard the organisation’s long-term interests and protect it from an increasing number of outside risks.

Let’s Talk!

If you have any further questions or are interested in implementing compliance solutions, please contact us.

Who is CRI® Group?

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body that provides education and certification services for individuals and organisations on a wide range of disciplines and ISO standards, including ISO 31000:2018 Risk Management- Guidelines, ISO 37000:2021 Governance of Organisations, ISO 37002:2021 Whistleblowing Management System, ISO 37301:2021 (formerly ISO 19600) Compliance Management system, Anti-Money Laundering (AML) and ISO 37001:2016 Anti-Bribery Management Systems.

ABOUT THE AUTHOR

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group, a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.

t: +44 207 8681415 | m: +44 7588 454959 |e: zanjum@crigroup.com

Filed under: COVID-19 Insights, Due Diligence, Leadership Insights, Resources, Third-Party Risk Management by admin
No Comments »

« Previous Page

Beating bribery leadership and culture, in risk and anti-bribery management systems

Beating bribery leadership and culture

Beating bribery leadership and culture. Global corruption costs trillions in bribes. Samsung Group’s third-generation leader, Lee Jae-Yong, has been accused of bribing Choi Soon-Sil, a friend of former President Park Geun-Hye. Following Lee Kun-hee’s (Lee Jae-Yong’s father) heart attack in 2014, it has been calculated that Lee Jae-Yong would need to pay $6 billion in tax bills to be able to inherit his father’s shares and maintain control of Samsung. The Beating Bribery Leadership and culture in risk and anti-bribery management systems company’s leaders have a long-standing history of alleged tax evasion but, up to now, the white-collar crimes have been pardoned by Park Geun-Hye and other South Korean presidents. The easier option was for Lee Jae-Yong to pay a bribe to orchestrate the merger of two divisions: Samsung C&T Corp., which is dedicated to construction and trading and Cheil Industries Inc., which owned several entertainment properties. Upon completion, the merger would have given the Lee family more power over the entire Samsung Group.

Now that the plan was looking very promising, Jay Y. Lee used a bribe to execute it. According to Bloomberg in 2017: “The form of the alleged bribe was Vitana V, an $800,000 thoroughbred show horse, plus $17million in donations to foundations affiliated with the friend, whose daughter was hoping to qualify for the 2020 Olympics as an equestrienne.” (Bloomberg, 2017). Following the investigation, the situation took a significant downturn and Jay Y. Lee was sentenced to five years in prison. Chung Sun-sup, chief executive of research firm Chaebul.com said: “The five-year sentence was low given that he was found guilty of all the charges. I think the court gave him a lighter sentence, taking into account Samsung’s importance to the economy.” It is, however, one of the longest given to South Korean business leaders.

As for stock prices, they fell more than one per cent the day after Jay Y. Lee was arrested and then a similar amount after the verdict. Samsung Group’s profit was not hurt but South Korea’s new liberal president, Moon Jae-in, has pledged to rein in powerful, family-owned firms, like Samsung, which are known as chaebols in South Korea. He has promised to empower minority shareholders and end the practice of pardoning tycoons convicted of a white-collar crime. Another example of a company where corruption could be said to be part of company culture is (or was – more on that later) Rolls-Royce plc. Between 2000 and 2013, the company conspired to violate the Foreign Corrupt Practices Act (FCPA) by paying more than $35million in bribes through a third party to foreign officials to secure contracts. The US Department of Justice (DOJ) reported that in Thailand, Rolls-Royce admitted to using intermediaries to pay approximately $11 million in bribes to officials at Thai state-owned and state-controlled oil and gas companies that awarded seven contracts to Rolls-Royce during the same period. The way business was conducted in Kazakhstan, Azerbaijan, Angola and Iraq did not differ. The corrupt practices were spread globally.

In 2003, before the criminal activities came to light, the company’s chief executive, John Rose, who had been appointed in 1996, was honoured with a knighthood. After the engineering giant admitted in a deal with the US prosecutor that it had made corrupt payments, the UK’s Labour party called for him to be stripped of his title. Sir John Rose insists that he did not know of the corrupt practices. Let’s say that is the truth, but did he not fail as a leader simply because of that?

As a result of the scandal in 2016, Rolls-Royce has suffered the biggest financial loss in its history. Other factors include Brexit and the drop in the value of the pound, but the £671 million charges for the penalties the company paid to settle bribery and corruption charges with Serious Fraud Office (SFO), the DOJ and Brazilian authorities left a hole in the company’s accounts. Since then, the authorities have appointed new management and if its praised cooperation with SFO is an indication of the company’s culture shift, Rolls-Royce should no longer be in the news due to corruption scandals.

ISO standards

Failed leadership is the obvious reason for the above bribery cases. ISO 37001: 2016 Clause 5 Leadership outlines what is required from top management in order to obtain ISO 37001:2016 anti-bribery management system certification. Leadership is crucial for an anti-bribery management system to be effective and all points under Clause 5 Leadership are requirements.

As illustrated in the standard: “For a compliance management system to be effective, the governing body and top management need to lead by example, by adhering to and actively supporting compliance and the compliance management system.” Management has a number of other responsibilities, which are outlined in the standard. There are responsibilities that are more obvious than others, such as “ensuring that the anti-bribery management system, including policy and objectives, is established, implemented, maintained and reviewed to adequately address the organisation’s bribery risk” (5.1.2. a) and “deploying accurate and appropriate resources for the effective operation of the anti-bribery management system” (5.1.2. c). There are also requirements that are not so obvious but just as important; “promoting an appropriate anti-bribery culture within the organisation” (5.1.2. h) and “promoting continual improvement” (5.1.2. i). These requirements highlight that obtaining ISO 37001:2016 certification is not just a box-ticking exercise. In order to obtain the certificate, a company needs to illustrate that compliance with anti-bribery legislation is integrated within its business model and, crucially, its culture. In practical terms, that means that the tone at the top needs to align with the ISO’s anti-bribery management system (ABMS) and the message needs to be understood from the boardroom to the factory floor.

Adopting bespoke policies

ISO 37001:2016 is a strategic approach to bribery risk identification and subsequent risk mitigation. Risk knowledge is a necessary factor for effective management. The adoption of ISO anti-bribery management system-tested principles and practices allows an organisation to tailor recommendations to its contextual business environment. ISO 37001:2016 has had the impact of making companies adhere to the international anti-bribery management system standard. As an international standard of high repute, ISO 37001 has brought changes to market dealings and firm operations. Organisations have a guideline of rules and code of ethics to follow to mitigate the risk of being involved in corruption charges. The international nature of the ISO 37001 management system allows organisations to align their internal policies with national laws where the organisation is operating. It is important to note that state-nations are increasingly internalising globally recognised legal anti-corruption frameworks and actively prosecuting offenders.

The assurance that an organisation is operating within international standards and processes helps cultivate social legitimacy in the operation of that company which directly serves to boost investor confidence and attract investors. Also, some consumers base their purchasing decisions on the ethical operations of a company. As such, the ISO standard serves as a pull factor for new consumers. Bribery is a very serious issue with adverse macroeconomic and microeconomic effects. In particular, it not only distorts markets and competition but also erodes the profitability of private firms and individual enterprises throughout an economy. The ISO anti-bribery management system provides measures that help organisations to prevent, detect, eradicate and address bribery. This is done by adopting anti-bribery policies, hiring personnel to oversee compliance risk management and due diligence on projects and business associates, implementing commercial and financial controls and also reporting and investigation procedures. ISO 37001:2016 can be used in any organisation regardless of its size, type whether public or private or non-profit.

Enhanced transparency

Identification and resolution of bribery risks increase an organisation’s capacity to deliver consistent and improved services to consumers within the law and without engaging in bribery and corruption. In addition, the anti-bribery management system improves the way the organisation protects its people from fraud and ensures that there is a favourable working environment. Therefore, the ISO 37001:2016 anti-bribery management system enhances transparency in organisational culture, thus promoting the optimisation of resources. Protection of the organisation’s assets, shareholders and management from the adverse effects of bribery and corruption is another benefit associated with an ISO standard anti-bribery management system. Often, the negative effects of corruption are economic in nature. For instance, bribery affects the profit margins of a company to the extent that the management has to divert funds meant for either operating capital or assets capital to facilitating bribes.

Additionally, the public knowledge that an organisation is actively involved in bribery or any other form of peddling influence affects brand identity, which erodes the consumer base, thus reducing the overall profitability of an organisation. This system can operate as a standalone facility or function under another system through integration. One advantage that cuts across all organisations is the amplification of confidence in the eyes of external stakeholders. From another perspective, an organisation using this ISO format is assured of a good reputation as well as an excellent working environment. The risk factors are minimised and a solid credential pathway is realised. Indeed, many for-profit outfits have consistently applied anti-bribery systems as a measure of acquiring extensive market penetration goals. The ISO 37001 typically seeks to create an accountability culture around the globe that allows organisations to conduct activities in a clean and healthy environment.

Committed approach

An organisation with an ISO: 37001 2016 certification is open to public scrutiny since its management operates without fear. Further, such an entity displays fidelity and compliance to bribery legislation, such as acts of parliament or the congress. More importantly, subscribing to the system certification demonstrates a commitment to collaborate and work with like-minded organisations in managing bribery and corruption in the world. The chain of responsibility and accountability, additionally, ensures that the supply chain systems used by the organisations conduct clean and verifiable business. Closely related to that advantage is the growth of moral and legal business transactions between businesses and their contractors. Corruption can permeate every corner of an organisation and the anti-bribery certification blocks such realities.

The ultimate beneficiary of ISO: 37001 is the shareholder. When an organisation bribes its way into the business and has its licence taken away, the shareholder loses their investment. If credibility is lost and the activity schedule goes down, it is the shareholder who bears the heaviest burden. However, bribery in organisations practically affects everyone in the political, commercial or social jurisdiction of such a company. Disgrace can lead to the loss of jobs. And a fined or closed company implies lower tax revenues to the government. Therefore, businesses should integrate ISO: 37001 2016 in their management operations as well as in risk and compliance.

Curbing risks

The ISO certification embeds a culture of corporate social responsibility and willingness to collaborate with law enforcement agencies. Cognisant of the backlash and opprobrium associated with corporate obstruction of justice in the investigation of bribery and corruption, the ISO certification allows organisations to document their proactive involvement in reviewing their compliance with global standards of anti-bribery management as well as the concrete measures the management has initiated to show its willingness to prevent and curb bribery risks.

Finally, it is important to note that organisations have a distinct legal personality away from the management and other stakeholders. The separate legal personality of an organisation means that an organisation is liable for bribery activities committed by its employees or its management. Under domestic laws, culpable organisations are subject to legal sanctions, which include hefty pecuniary fines and, in some cases, dissolution of the organisation. Pecuniary fines affect the operations of a company by diverting either operating capital or assets to unintended activities. Overall, diversion of financial resources to foot fines affects the profitability of a company as well. In addition, such diversion of financial resources through fines affects growth strategies, such as expansion into new markets. In this case, the provision of documented evidence to the prosecution or the courts demonstrates that an organisation has taken reasonable measures to prevent bribery and corruption, thus helping the organisation to avoid fines and sanctions, such as winding up.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Industry Insights, Leadership Insights by admin
No Comments »

« Previous Page

Importance of leadership and culture for ABMS

There are many reasons why companies engage in corrupt practices; to win contracts, to speed up service delivery, to gain or retain political influence and so on. Nevertheless, all corrupt practices, in the end, are about gaining more money and more power. When justice is served the opposite happens. Share prices plunge, and leaders lose their power. Top 10 Bribery & Corruption Stories of 2020 (so far) or even last year’s Top 10 Bribery and Corruption 2019 Cases

Case Study: Samsung and laundering horses

Samsung Group’s third-generation leader, Jay Y. Lee has been accused of bribing Choi Soon-sil, a friend of former President Park Geun-Hye. Following Lee Kun-hee’s (Jay Y. Lee’s father), heart attack in 2014 it has been calculated that Jay Y. Lee would need to pay $6 billion in tax bills to be able to inherit his father’s shares and maintain control of Samsung. The company’s leaders have a standing history of tax aviation but up to now, the white-collar crimes have been pardoned by Park Geun-Hye and other South Korean’s Presidents. The easier option was to pay a bribe to orchestrate the merger of two divisions: Samsung C&T Corp., which is dedicated to construction and trading, and Cheil Industries Inc., which owned several entertainment properties. Upon completion, the merger would have given the Lee family more power over the entire Samsung Group.

Now that the plan was looking very promising, Jay Y. Lee used a living bribe to execute it. “The form of the alleged bribe was Vitana V, an $800,000 thoroughbred show horse, plus $17 million in donations to foundations affiliated with the friend, whose daughter was hoping to qualify for the 2020 Olympics as an equestrienne.” (Bloomberg, 2017).

Following the investigation, the situation took a significant downturn and Jay Y. Lee was sentenced to 5 years in prison. Chung Sun-sup, Chief Executive of research firm Chaebul.com said “The five-year sentence was low given that he was found guilty of all the charges. I think the court gave him a lighter sentence, taking into account Samsung’s importance to the economy.” It is, however, one of the longest given to South Korean business leaders. As for stock prices, they fell more than 1% the day after Jay Y. Lee was arrested and then a similar amount after the verdict. Samsung Group’s profit was not hurt but South Korea’s new liberal president, Moon Jae-in, has pledged to rein in the chaebols, empower minority shareholders and end the practice of pardoning tycoons convicted of a white-collar crime.

Case Study: Rolls-Royce and the $35 million in bribes

Another example of a company where corruption could equal to company culture is (or was – more on that later) Rolls-Royce plc. Between 2000 and 2013, the company conspired to violate the Foreign Corrupt Practices Act (FCPA) by paying more than $35 million in bribes through the third party to foreign officials to secure contracts. The Department of Justice (DOJ) reported that in Thailand, Rolls admitted to using intermediaries to pay approximately $11 million in bribes to officials at Thai state-owned and state-controlled oil and gas companies that awarded 7 contracts to Rolls-Royce during the same period. The way business was conducted in Kazakhstan, Azerbaijan, Angola, and Iraq did not differ. The corrupt practices were spread globally.

An event that coincides with the above is the appointment of Sir John Rose as Chief Executive of Rolls-Royce (1996 – 2011). In 2003 and before the company’s criminal activities came to the light, Rose was knighted. After the engineering giant admitted in a deal with US prosecutor that it had made corrupt payments, Labour is calling for Rose to lose his knighthood. Sir John Rose insists that he did not know of the corrupt practices. Let’s say that is the truth, did he not fail as a leader simply because of that?

> Learn more about the Rolls-Royce case study including how a full risk assessment would have mitigated the risk of corruption. Read more HERE or just DOWNLOAD NOW your FREE “Ethics, compliance & Rolls-Royce: Lessons Learned”

As a result of the scandal in 2016 Rolls-Royce has suffered the biggest financial loss in its history. Other factors include Brexit and drop of pound value, but the £671 charge for the penalties the company paid to settle bribery and corruption charges with Serious Fraud Office (SFO), the DOJ, and Brazilian authorities left a hole is Rolls’ accounts. Since then the company has a new management, and if their praised cooperation with SFO is an indication of the company’s culture shift, Rolls should not be in the news due to corruption scandals.

The answer to avoid failed leadership

Failed leadership is the obvious reason for the above bribery cases. ISO 37001:2016 Clause 5 Leadership outlines what is required from the top management in order be obtain ISO 37001:2016 Anti-Bribery Management System Certification. Information in ISO 37001:2016 standard is divided by verbal forms use; unsurprisingly shall indicate a requirement, should a recommendation, may a permission and can a possibility or capacity. Leadership is crucial for an anti-bribery management system to be effective and all points under Clause 5 Leadership are ‘shall’ requirements.

As illustrated in the standard: “For a compliance management system to be effective the governing body and top management need to lead by example, by adhering to and actively supporting compliance and the compliance management system.” Management has a number of other responsibilities which are outlined in the standard. There are responsibilities which are more obvious than others such as “ensuring that the anti-bribery management system, including policy and objectives, is established, implemented, maintained and reviewed to adequately address the organisation’s bribery risk” (5.1.2. a) and “deploying an accurate and appropriate resources for the effective operation of the anti-bribery management system” (5.1.2. c). There are also requirements which are not so obvious but just as important; “promoting an appropriate anti-bribery culture within the organisation” (5.1.2. h) and “promoting continual improvement” (5.1.2. i). These requirements highlight that obtaining ISO 37001:2016 certification is not just a box ticking exercise (contrary to what critics like to say). In order to obtain the certificate, a company needs to illustrate that compliance to anti-bribery is integrated within their business model and crucially, their culture. In practical terms that means that the tone at the top needs to align with ABMS and the message needs to be understood from the boardroom to the factory floor.

Leadership is one of the core seven elements of ISO 37001:2016. The remaining elements; the context of the organisation, planning, support, operation, performance evaluation and lastly improvement, will be discussed in the future. Watch this space.

ISO 37001:2016 Anti-Bribery Management System certification is offered under CRI Group’s ABAC® Centre of Excellence, an independent certification body established for Anti-Bribery Management System training and certification, ISO 37301 Compliance Management Systems and Risk Management System certification. The program will be tailored to your organisation’s needs and requirements. For assistance in developing and implementing a fraud prevention strategy, contact ABAC today or get a FREE QUOTE now!

Who is CRI Group?

We Welcome You To Have Free Gap Analysis of Highest Ethical Business Survey: prove that your business is ethical. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program.TAKE THE GAP ANALYSIS NOW!
Find out if your organisation’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Let ABAC® experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.

The HEBA survey is designed to evaluate your compliance with the adequate procedures to prevent bribery and corruption across the organisation. This survey is monitored and evaluated by qualified ABAC® professionals with Business Ethics, Legal and Compliance background. The questions are open-ended to encourage a qualitative analysis of your Compliance Program and to facilitate the gap analysis process.

TAKE THE GAP ANALYSIS NOW!

The survey takes around 10 minutes to complete. ABAC® is powered by CRI Group – this GAP analysis will be performed by ABAC®

[/accordion_son][accordion_son title=”Sources & Credits” clr=”#ffffff” bgclr=”#1e73be”]

Bloomberg (2017) https://www.bloomberg.com/news/features/2017-07-27/summer-of-samsung-a-corruption-scandal-a-political-firestorm-and-a-record-profit
Chaebul (2016) http://chaebul.com/chaebul/eng/engnews/eng_news_list.jsp?section=0000000106
Financial Times (2017) https://www.ft.com/content/1b62c007-e846-3feb-b23f-2eae5f180fd7
Reuters (2017) https://www.reuters.com/article/us-samsung-lee/samsung-leader-jay-y-lee-given-five-year-jail-sentence-for-bribery-idUSKCN1B41VC
Web archive (2016) https://web.archive.org/web/20091224225422/http://www.rolls-royce.com/about/who_are/management/board/rose.jsp
US Department of Justice (2017) https://www.justice.gov/opa/pr/rolls-royce-plc-agrees-pay-170-million-criminal-penalty-resolve-foreign-corrupt-practices-act

[/accordion_son][accordion_son title=”About CRI Group” clr=”#ffffff” bgclr=”#1e73be”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

[/accordion_son][/accordion_father][/vc_column][/vc_row]

Filed under: Anti-Bribery Anti-Corruption Solution, ISO 37001, Leadership Insights, Resources by admin
No Comments »

« Previous Page

Corruption won’t stop: is your organisation protected?

In one case, an enforcement agent for a Malaysian government department pleaded guilty for receiving a bribe from a business owner. In another, a U.S. district attorney from Philadelphia was accused of taking cash in return for helping people with their legal cases. He was accused of 28 counts of bribery, and in the end was given a deal to plead guilty on one count. Both cases show how easy it is for organisations to fall victim to bribery and corruption.Businesses, non-profits, government organisations both face a risk to their financial well-being and reputation.

In Malaysia, the case centred around an employee of the Domestic Trade, Cooperatives and Consumerism Ministry. According to the article “Domestic Trade enforcement staff fined RM1,200 for bribery” published in the New Straits Times, Muhammad Mat Sa’ad, 36, was charged with taking bribes from a fuel storage owner in 2014. His case was prosecuted by the Malaysian Anti-Corruption Commission (MACC).

In the U.S., Philadelphia’s top law enforcement officer, District Attorney R. Seth Williams, pleaded guilty to bribery in a more sweeping case with some very troubling details. According to the New York Times article “Philadelphia District Attorney Pleads Guilty to Bribery and Resigns,” Williams allegedly accepted bribes from business people in return for offers of legal help with their cases or those of their friends. But he may have also defrauded his own mother.

The article states:

“Mr. Williams accepted gifts including a trip to the Dominican Republic and checks for thousands of dollars from people who wanted favours, prosecutors said. According to an indictment by the United States attorney’s office for New Jersey, he promised one of the business people that he would “look into” a case that had been brought against a friend of that person.

He also faced charges including wire fraud and extortion for his alleged personal use of political action committee funds and government vehicles. Among the most damaging charges against Mr. Williams was that he defrauded a nursing home and family friends of money that was designated for the care of his mother.”

He faces a up to five years in prison and a fine of up to $250,000.

These types of troubling cases can likely be prevented with the right training, internal controls, and certification. The International Organization for Standardization (ISO) issued the ISO 37001:2016 Anti-Bribery Management System standard to help companies worldwide increase and measure their efforts against bribery and corruption.

CRI® Group is registered as a foremost ISO 37001:2016 Certification Body with the Dubai Accreditation Center (DAC) Government of Dubai, UAE, and has formally launched its ISO 37001:2016 Anti-Bribery Management Systems certification program. ISO 37001:2016 certifies that your organisation has implemented reasonable and proportionate measures to prevent bribery. These measures involve top-level leadership, training, bribery risk assessment, due diligence adequacy, financial and commercial controls, reporting, audit and investigation.

Through CRI® Group’s 3PRM-Certified™, the ISO 37001:2016 Anti-Bribery Management System Certification will help your company, organisation or department to reduce risk of bribery and corruption by establishing, implementing, maintaining and improving your management system. The certification empowers you with the ability to safeguard and maintain the integrity of your company by:

Guaranteeing that all workers and agents are devoted to the latest anti-bribery practice.
Regularly validating compliance to appropriate legislation like the FCPA and UK Bribery Act 2010.
Jointly cooperating with stakeholders to observe and reduce the risks throughout your supply chain.
Externally scrutinising your company, testing the effectiveness of your anti-bribery policies and processes.
Creating “Compliance in Action.”

ISO 37001:2016 Anti-Bribery Management System certification is offered under CRI® Group’s ABAC® Centre of Excellence, an independent certification body established for Anti-Bribery Management System training and certification, ISO 37301 Compliance Management Systems and Risk Management System certification. The program will be tailored to your organisation’s needs and requirements. For assistance in developing and implementing a fraud prevention strategy, contact ABAC® today or get a FREE QUOTE now!

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, Due Diligence, ISO 37001, Leadership Insights, Resources, Third-Party Risk Management by admin
No Comments »

« Previous Page

Any successful ethics and compliance strategy needs 5 key ingredients …

Once upon a time, the idea of business ethics was more of an abstract or philosophical notion that seemed more suited for discussion in a university lecture or at a business conference. Today, however, organisations of all sizes and industries must have concrete ways of addressing ethics and compliance issues as a principal component of their business processes and strategy.

According to a study by PwC, 98 per cent of senior leaders say they’re committed to compliance and ethics; however, only 67 per cent have a process in place to identify the owners of compliance and ethics-related risks, with only a third having an officer in place for the overall compliance and ethics. Fifty-six per cent of the companies don’t have a chief ethics officer at all, and only 20 per cent have a Board of Directors that formed separate compliance and ethics committees. The study reports that 82 per cent of leaders communicated with employees on ethics, but 46 per cent of this is done in business meetings or by email. You can read the result on the full PwC website.

Business leaders are usually quick to communicate their expectations to employees, especially when it comes to financial goals or tasks that they want to be accomplished. However, what is often lacking is a clear, concise explanation of what the organisation expects regarding ethical behaviour and a compliance framework in place to follow. Today citizens, media, politicians and international bodies across all regions actively condemn abuses of power. And past scandals and their consequences have created a demand for increased regulations, greater transparency, and other rigorous scrutiny measures to be taken. To maintain (or regain) public trust, the ethics and compliance function has been placed at the centre of the strategic core of organisations by effective leaders.

Empower your organisation to mitigate risk!

To ensure a robust compliance and ethics strategy, five critical elements need to be implemented; 1) tone at the top; 2) corporate culture; 3) risk management, 4) a Chief Compliance Officer; and 4) testing and monitoring.

1 – Building Tone at the Top

“Tone at the top” is a term used to describe the ethical atmosphere created at an organisation or workplace by their leaders and their attitudes and behaviours. Tone at the top is vital in determining whether fraud, bribery, or corruption are likely to occur. Because all levels of management set it, it has a trickle-down effect on all employees. If the top leaders show a robust and zero-tolerance approach to fraud, employees are likely to lead by example.

An organisation with a strong ethical culture is usually led by a board of directors and senior management personnel who actively promote a culture of compliance and zero tolerance for fraud and other unethical business behaviour. Effective tone at the top will communicate to the organisation at all levels the expected type of conduct, what is considered unacceptable, and what the consequences will be for transgressions. A zero-tolerance approach should be followed at all times; it is vital in maintaining the culture of ethics and compliance at the organisation; below are some examples of failed tone at the top:

For more scandals, check out our list of the “Top 10 Bribery & Corruption Stories of 2020“.

2 – Corporate culture

The prevailing norms, expectations, and recognised acceptable behaviour form the corporate culture of an organisation. By implementing an ethical code of conduct and compliance with all regulations a part of those norms, the organisation will help promote positive behaviour and integrity among its staff.

You might be making assumptions that your employees know how to conduct themselves ethically when, in fact, this expectation only exists in a grey area in their minds – if at all. Some employees who have engaged in fraud, corruption or other unethical situations have claimed that while they knew their behaviour was wrong, they thought it was implicitly accepted by their bosses and, in some cases, their company on the whole.

Similar to establishing an effective tone at the top, fostering a positive corporate culture hinges on effective communication, and it needs to permeate different layers of the organisation. In other words, sending occasional emails about ethical behaviour isn’t enough to influence the culture at a company. Develop videos, team-building exercises, new employee orientations, and employee appreciation events; these provide opportunities to recognise positive behaviour and reinforce the company’s values. When employees see their colleagues being recognised and rewarded for maintaining a compliant and ethical corporate culture, they are more likely to help cultivate an ethical workplace. When the tone at the top and corporate culture are tied together, everyone understands what is acceptable and expected in being a part of the organisation’s success.

3 – Risk management: perform risk assessments

Risk management is identifying, evaluating, and prioritising risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimise, monitor, and control the probability or impact of unfortunate events to maximise the realisation of opportunities. In other words, before you establish an ethics and compliance framework – first, a risk assessment should be conducted to uncover any vulnerabilities that need to be addressed with new processes.

> Risk assessment breakdown: Identification, Analysis, Evaluation

This means you need to assess how your business is conducted. So ask yourself:

Have the various roles at the company been appropriately allocated, and is there a proper separation of duties?
Are employees qualified for their responsibilities?
Is the workforce trained to recognise the red flags of unethical behaviour and fraud?

Once the risks are identified, they can be isolated and addressed as part of your organisation’s comprehensive approach to ethics and compliance. The risks should be prioritised:

Which ones pose an immediate threat?
Could they effectively shut down the business?
Do they pose a risk of financial, legal, or reputational risk – or all of the above?

Once prioritised, the identified risks should be assigned to critical members of the organisation. Whatever your reasons or motivations might be, if your organisation’s objective is to have an effective risk management strategy in place, then ISO 31000 can provide the principles, framework and a process for managing risk.

4 – A Chief Compliance Officer (CCO)

The implementation of a robust ethics and compliance strategy can give your organisation a competitive edge. A compliance officer or a CCO plays an essential and crucial role in the implementation. They are tasked with the day-to-day responsibility of overseeing the management of compliance and ethical risks whilst ensuring that the organisation is in compliance with the various regulatory requirements and that employees adhere to internal procedures and policies. Oversight should be provided by the board of directors (or ownership and executives) to ensure that problem areas have been adequately addressed and the organisation is taking a proactive approach to mitigating risk.

5 – Testing and monitoring

When all the new processes have been implemented (the anti-fraud policy and employee code-of-conduct, anti-bribery and anti-corruption training and policies, allocation of duties and responsibilities, an anonymous reporting -hotline- process for unethical behaviour), a thorough testing and monitoring regimen is critical to ensure the new process is working.

It is important to remember that having the best processes on paper won’t make a positive difference on its own. You need to monitor how they are being used and their success. A schedule should be in place that promotes frequent, regular check-ups of the ethics and compliance controls, with metrics that show results (i.e. surprise audits). A surprise audit is an effective way to test if any new controls have reduced the flagged irregularities. Before implementing ethics and compliance controls, the risk assessments should have identified risk areas with the new processes to mitigate that risk. Only by testing and testing frequently can the organisation determine if the new controls have the desired effect. If they are not, the company should develop new solutions that specifically robustly target these problem areas – and, in time, test them again.

Addressing ethics and compliance issues at an organisation can be a daunting task. However, with careful preparation, expert help, and a common-sense approach, any organisation can develop or enhance its corporate culture to be proactive in mitigating ethics and compliance risks. The benefits will be obvious – increased productivity, better security, and empowered employees who understand that their organisation values integrity and an ethical work environment.

Create a zero-tolerance approach to fraud with ISO 37001 ABMS

Creating a zero-tolerance approach to fraud doesn’t happen overnight. When your organisation enrols in ISO 37001:2016 ABMS training and certification, the program involves your entire team. The training helps establish an ethical culture by educating your employees on the following:

What constitutes fraud, corruption, and bribery, and why these are so damaging to business
How to identify red flags of fraud, corruption and bribery
The process for reporting fraudulent and unethical acts
The organisation’s zero-tolerance attitude toward unethical behaviour and willingness to terminate employees for breaches and prosecute unethical acts
The severe ramifications for committing fraud or bribery, the legal consequences, and the negative impact on one’s career

Employees shouldn’t be expected to follow a code of conduct that they aren’t aware exists. That’s why ISO 37001:2016 ABMS creates a communication plan through which organisation leaders regularly communicate their ethical behaviour expectations to the staff periodically. Read more on how to build trust in the workplace with ISO 37001 Certification.

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

Speak up – report any illegal, unethical, or improper behaviour

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal communication channels or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy. COMPLIANCE HOTLINE

Filed under: All Industries, All Solutions, Automotive, Aviation, Compliance Solution, Finance & Professional services Industry, Global, Insurance, ISO 37001, IT & Telecommunications, Leadership Insights, Oil, Gas & Energy, Property, Resources by admin
1 Comment »

« Previous Page

Components of ISO 31000:2018

ISO 31000:2018 Components

Managing risk is a critical part of the success of any organization. That’s why ISO (International Organization for Standardization) developed the 31000 Risk Management Standard. Issued in 2009, the standard helps address operational continuity, and also confidence and reassurance in your organization’s economic resilience, professional reputation and environmental and safety outcomes. Best of all, ISO 31000 can be tailored to your organization to help achieve the best results.

1. Principles

The purpose of risk management is the creation and protection of value. It improves performance, encourages innovation and supports the achievement of objectives. Principles include the requirement for the risk management initiative to be (1) customized; (2) inclusive; (3) structured and comprehensive; (4) integrated; and (5) dynamic.

2. Framework

The purpose of the risk management framework is to assist with integrating risk management into all activities and functions. The effectiveness of risk management will depend on integration into governance and all other activities of the organization, including decision-making.

> At CRI Group we are working on new ISO 31000 Awareness training course. Show your interest and sign up for more updates HERE!

2.1. Leadership and commitment, including:

Aligning risk management with the strategy, objectives and culture of the organization;
Issuing a statement or policy that establishes a RM approach, plan or course of action;
Making necessary resources available for managing risk; and
Establishing the amount and type of risk that may or may not be taken (risk appetite).

2.2. Integration, including:

Determining management accountability and oversight roles and responsibilities; and
Ensuring risk management is part of, and not separate from, all aspects of the organization.

2.3. Design, including:

Understanding the organization and its internal and external context;
Articulating risk management commitment and allocating resources; and
Establishing communication and consultation arrangements.

2.4. Implementation, including:

Developing an appropriate implementation plan including deadlines;
Identifying where, when and how different types of decisions are made, and by whom; and
Modifying the applicable decision-making processes where necessary.

2.5. Evaluation, including:

Measuring framework performance against its purpose, implementation and behaviors; and
Determining whether it remains suitable to support achievement of objectives.

2.6. Improvement, including:

Continually monitoring and adapting the framework to address external and internal changes;
Taking actions to improve the value of risk management; and
Improving the suitability, adequacy and effectiveness of the RM framework.

> Are you new to risk management? Our newly published “Risk Management & ABMS Playbook: A guide for prevention, detection and compliance” is available for download now. Read more here!

3. Process

The risk management process involves the systematic application of policies, procedures and practices to the activities of communicating and consulting, establishing the context and assessing, treating, monitoring, reviewing, recording and reporting risk.

3.1. Communication and consultation, including:

Bringing different areas of expertise together for each step of the RM process;
Ensuring different views are considered when defining risk criteria and evaluating risks;
Providing sufficient information to facilitate risk oversight and decision-making; and
Building a sense of inclusiveness and ownership among those affected by risk.

3.2. Scope, context and criteria, including:

Defining the purpose and scope of risk management activities;
Identifying the external and internal context for the organization;
Defining risk criteria by specifying the acceptable amount and type of risk; and
Defining criteria to evaluate the significance of risk and to support decision-making;

3.3. Risk assessment, including:

Risk identification to find, recognize and describe risks that might help or prevent achievement of objectives and the variety of tangible or intangible consequences;
Risk analysis of the nature and characteristics of risk, including the level of risk, risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness; and
Risk evaluation to support decisions by comparing the results of the risk analysis with the established risk criteria to determine the significance of risk.

4. Risk treatment, including:

Selecting the most appropriate risk treatment option(s); and
Designing risk treatment plans specifying how the treatment options will be implemented.

5. Monitoring and review, including:

Improving the quality and effectiveness of process design, implementation and outcomes;
Monitoring the RM process and its outcomes, with responsibilities clearly defined;
Planning, gathering and analyzing information, recording results and providing feedback; and
Incorporating the results in performance management, measurement and reporting activities.

6. Recording and reporting, including:

Communicating risk management activities and outcomes across the organization;
Providing information for decision-making;
Improving risk management activities; and
Providing risk information and interacting with stakeholders.

Getting Started with ISO 31000 Risk Management?

ISO 31000 is an international standard issued in 2009 by ISO (International Organization for Standardization). All types and sizes of organizations face internal and external factors that directly impact whether an organization can achieve their objectives or not. ISO 31000:2018 serves as a guide for the design, implementation and maintenance of risk management, ISO 31000:2018 describes a systematic and logical process, during which organizations manage risk by identifying it, analyzing it, and then make a determination as to mitigating the risk treatment in a way that is consistent with their risk appetite. An organization can implement risk management across the entire company, and it can do so at any time. Our newly published “ISO 31000 Risk Management: A guide to identify, analyse and mitigate risk” playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:

What is ISO 31000?
Why is this Standard a good idea?
What are the benefits for my business?
Principles of ISO 31000:2018
ISO 31000 framework
- Why was it revised?
- What are the main differences?
Key Clauses of 31000:2018
Who is the standard for?
The process
The link between 31000:20180 and other standards
Importance of risk management leadership
31000:2018 and continuous improvement
How do we get started?

> Risk management is a full-time, ongoing endeavor for organizations in today’s business world, and it poses constant challenges. The first part of reducing risk is having a strategy, and taking action. So DOWNLOAD your free playbook now!

Speak Up – Report Any Illegal, Unethical, or Improper Behavior

Ethics and Compliance Hotline is an anonymous reporting mechanism that facilitates reporting of possible illegal, unethical, or improper conduct when the normal channels of communication have proven ineffective, or are impractical under the circumstances. At CRI Group, we are committed to having an open dialogue on ethical dilemmas regardless.

REPORT HERE!

We would like to introduce a new Ethics & Compliance Hotline. This hotline is available to all employees, as well as clients, contractors, vendors and others in a business relationship with CRI Group and ABAC Group. If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline in below mentioned ways or provide us with your complaint online on the form below. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy.

READ MORE!

About CRI Group

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

TAKE A PART OF THIS SURVEY

Your opinion matters! Participate in the background screening survey now and let us know how COVID-19 and WFH have affected your business. ANSWER THE SURVEY

Filed under: All Industries, Leadership Insights, Resources by admin
1 Comment »

« Previous Page

Ethics and Compliance Hotline: your frequently asked questions answered…

Ethics hotlines are growing in popularity. In 2017 the South Africa Home Affairs Minister Malusi Gigaba announced over 3,000 officials were found guilty of misconduct related to cases reported via the National Anti-Corruption Hotline (NACH). “The closure rate underscores a commitment by government departments to investigate allegations of corruption as reported through the NACH.” Ethics and compliance hotlines work! Organizations must have an ethics and compliance hotline to help promote the organization’s code of conduct and nurture a culture of honesty and accountability.

Don’t opt out of an ethics hotline

The 2019 Global Business Ethics Survey found that more reports of misconduct were made to direct supervisors (a median of 51 per cent) compared to hotlines (6 per cent). However, it is still crucial to have an Ethics and Compliance Hotline. Why? Having an ethics and compliance hotline shows employees that the business leaders genuinely want to hear from them, making it a great employee relations tool.

The ethics and compliance hotline is an anonymous reporting mechanism. So when the normal channels of communication fail, a hotline can facilitate any flagging. They provide an accessible way for employees to report potential wrongdoing, possibly illegal, unethical, or improper. A company can better protect itself from fraud, learn of employee misconduct and proactively mitigate any corruption-related risk. Despite industry or size, any organisation should be 110% committed to having an open dialogue on ethical dilemmas regardless.

CRI® Group encourages everyone to report any wrongdoing. We believe that everyone should have a voice and protect themselves, colleagues and the organizations that they work for. Everyone must seek to maintain transparency to comply with the code of conduct and compliance regulations. If your organization considers an ethics and compliance hotline, here are some must-knows.

Who can report? And what can you report?

All individuals – employees, clients, contractors, vendors and others in a business relationship with you or your organization – have a duty and responsibility to report any known or suspected noncompliant behavior or violations of any regulatory mandates and/or local policies, including but not limited to:

Ethical standards violations;
Violation of laws and company policy and internal control;
Risk and safety;
Theft, embezzlement or misappropriate of assets and fraud;
Bribery and corruption;
Employee rights, employee relations, work environment;
Privacy laws or security of personal information;
Discrimination;
A dispute related to a supervisor, HR and other departments;
Physical and verbal harassment in the workplace;
Issues related to job responsibilities;
The report related to a suspicious activity being a witness; and/or
Unfair dismissals.

How to report?

You can report your concern using the Ethics and Compliance hotlines at any time, 24/7. And an effective Ethics & Compliance Hotline should allow reporting via phone, email, web-based compliant forms and even walk-ins.

How does it work?

This will depend on your organization structure; however, if you allow reporting directly by telephone, the caller should speak with the Compliance Department directly. The caller can remain anonymous or may want follow-up, in which case(s) he will give contact details. If the individual submits a report online, the system should guide the individual through the reporting process, and a PIN number will be generated automatically once they complete the report. The compliance department specialist who receives the tip is then in charge of validating it. This compliance officer typically receives special training on gathering enough information to ensure the complaint is credible. The tip is then routed to the right department within the organisation, such as audit, legal, or human resources.

What is the process of the investigation?

The Compliance Department or Committee should then review the report and conduct an investigation. The investigation may include an interview with relevant witnesses review of records, computers, telephones and other equipment per relevant personal data regulations. The reported individual will be able to follow the status of the case and communicate with the Compliance by giving their case number. However, no party can contact the individual directly if you have chosen to remain anonymous. The investigation conclusions and recommendations are reported to Management.

Can we generate anonymous reporting?

Yes, if the individual wishes to remain anonymous when reporting their concern, they can. However, you should encourage the individual to identify themselves where/when possible, enabling your organization to investigate the report more effectively. If they provide their names, your compliance department should protect their confidentiality to the greatest extent possible during the investigation. The organization should have a Non-Retaliation and Whistleblower Policy to help ease the process.

What is a Non-Retaliation Policy?

While on the surface, hotlines may seem a convenient option to receive employee complaints, tips or concerns, often, it’s the process that surrounds the hotline which can determine whether it ultimately succeeds or fails. Areas such as employee relations are particularly challenging for anonymous tips. An organisation needs to have a whistleblower process in place – this is a critical component of any compliance monitoring system. It enables companies to identify and mitigate potential risks early before they impact operations, reputation and ultimately, financial performance.

How can we make sure they deliver a credible report?

When reporting an issue, encourage individuals to ensure that they provide as much relevant information as possible, for example, the names of persons involved in the alleged conduct, potential witnesses, appropriate documentation or data, visual evidence etc. Provide them with forms that allow them to understand what they need to submit a credible report, with the appropriate questions and empty spaces for further feedback, including the ability to upload any initial profs. This will allow your Compliance to effectively follow up on the case.

What makes a successful implementation?

A strong and clear message is delivered to employees and stakeholders by a senior individual who champions the overall programme.
A clear understanding of how best to engage with your employees at all levels and in all countries. Remember to take into account country and cultural differences.
A robust internal process to deal with reported issues as laid out in your code of conduct policy or ethics programme.

Are you addressing corporate Compliance?

Prove that your business is ethical. Find out if your organisation’s compliance program aligns with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Let our experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under the UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.

Find out what’s a Gap Analysis and why do you need it?

Report with CRI® Group!

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use the reporting process in this Code of Conduct, including the Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by the CRI® Group Non-Retaliation Policy.

REPORT NOW!

CRI® will not accept any retaliation or discrimination against any employee or external stakeholder who uses our Compliance Hotline in good faith or participates in an investigation. Any employee who breaches the policy will be subject to disciplinary actions. If you wish to learn more just have a look at our article on Ethical code of conduct: What should be covered?

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications and is an HRO certified provider and partner with Oracle.

Meet the CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal Compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: All Industries, All Regions, All Solutions, Anti-Bribery Anti-Corruption Solution, Compliance Solution, CRI News, Global, ISO 37001, Leadership Insights, Resources by admin
No Comments »

« Previous Page

CONTACT US

NEWSLETTER SUBSCRIPTION

FOLLOW US