Corporate Research & Investigations

Appointment of Data Protection Officer under GDPR

There is the growing misconception surrounding the need for appointing a Data Protection Officer (DPO) under GDPR which is effective on 25th May 2018. The role of DPO is critical for correct implementation of the newly drafted regulation. Relating to this, the organisation needs to ask itself four main questions before appointing a DPO which are:

Do they even need to appoint a DPO?
Should they need a DPO anyway for safe measures of compliance?
Can the role of DPO be outsourced?
Will the DPO be personally liable?
When should a DPO be appointed?

I will start by answering the first question. According to article 37(1), GDPR requires data controllers and processors to designate a DPO in any case where:

The processing is carried out by a public authority or body;
The ‘core activities’ of the controller/ processor consist of processing operations which ‘require regular and systematic monitoring of data subjects on a large scale’; or
The core activities of the controller/ processor consist of processing on a large scale of ‘special categories of data’ or personal data relating to criminal convictions and offences.

As per the definition private sector companies will not need to appoint a DPO. Majority of the private companies do not engage in monitoring of personal data, therefore in their course of administration they will not need a DPO. For ready and seamless implementation of the three criteria stated above guidance of Article 29 of Working Party Guidelines on DPO’s issued in 2016 and then 2017 can be sought so that correct measures are taken.

The second question of whether DPO is needed anyway for safe measure of compliance can be answered by making use of Article 37(5) which basically lays down the requirements and puts an organisation under obligation to appoint someone which has adequate knowledge of data protection law and practices, in short, the qualification required for appointment of DPO. Generally, there may be someone who will be fulfilling the role of DPO to be required to meet the standard under GDPR for compliance under Article5(2). The Guidelines also suggest that the knowledge must commensurate with experience, complexity and sensitivity of data with expertise in European data protection laws and with in-depth GDPR knowledge.

It is important to note that the actual role of DPO will be different from that of a normal employee or a contractor in that case as DPO are independent species not bound by the administration and are to operate freely out of their will. This means that they cannot be assigned task or instructed to do tasks assigned by the CEO or the central administration. The level of impartiality needs to be maintained separately from the organisation so there is no corruption and bias in the process of compliance structure when adhering to the GDPR regulation. In line with this the DPO’s employment status is protected under Article 38(3) of the GDPR, which means they cannot be dismissed or be sanctioned by the organisation from performing or not performing tasks. Therefore, the appointment of a DPO will be a critical juncture in the implementation of GDPR as this will determine the future of compliance standards set and met in the organisation.

Can the role of DPO be outsourced? This is answered under the Article 37(6) of the GDPR which makes it simplistically clear that DPO can be an employee or a contractor. Giving the concerns and apprehensions raised in the above paragraph, many experts in the field of compliance are of the opinion such role needs to be outsourced, rather than being in-house. However, there is no straightforward answer and depends on the requirement and load of the organisation compliance setup. The DPO needs to be involved as per the regulation in a “proper and timely manner, in all issues which relate to the protection of personal data”. The Guidelines state that controllers and processors must develop data processing guidelines or programmes that set out when can the DPO be consulted. If this method is conducted, organisations can perform much productively and meet their compliance goals.

Is DPO personally liable? The Working Party Guidelines state that DPO will not be personally liable in case of noncompliance with GDPR. However, the GDPR text is silent on the issue of liability and the text does not say much and is in fact silent on this. DPO’s will need to be cautious regardless.

Organisations need to decide on the appointment of the DPO and who will be the best one for their need. For this they must conduct their background screening through tools such as EmploySmart™ and finalise candidate fit for this role so that it sits well with the newly identified governance structure of the organisation. Using appropriate background checks will ensure that Data Protection Officers skills are identified before the finalisation of the job. Ultimately what is a better fit for the business, will be determined by the decision-making heads of the organisation as the time is shrinking. Consensus on DPO is the need of the hour.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Compliance Solution, Industry Insights, Resources by admin
No Comments »

« Previous Page — Next Page »

CONTACT US

NEWSLETTER SUBSCRIPTION

Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence-related news, solutions, events and publications.

Mexico’s Government Is Blocking Anti-Corruption

While many countries and their leaders are making strides against fraud and corruption, some national governments can’t seem to get out of their own way. Such appears to be the case right now in Mexico, where the Mexican government is accused of blocking its own anti-corruption initiatives that were launched earlier this year.

According to an article in The New York Times, “Mexico’s Government Is Blocking Its Own Anti-Corruption Drive, Commissioners Say,” members of a commission put in charge of the anti-corruption effort allege that their efforts to investigate various scandals are being thwarted by the government. As the article reports:

Marred by scandals that have embroiled his administration, his allies and even his own family, Mr. Peña Nieto agreed to the creation of a broad anti-corruption system last year that was enshrined in the Constitution, a watershed moment in Mexico.

But after nine months of pushing to examine the kind of corruption that ignited public outrage and brought the new watchdog into existence, some of its most prominent members say they have been stymied every step of the way, unable to make the most basic headway. At least one of the commissioners quoted in the article is entirely frank as to why they think the government is throwing up road blocks. And it’s more insidious than run-of-the-mill bureaucratic stalling.

“They are panicked that maybe we will go too hard and unravel something, find individuals responsible for corrupt acts,” José Octavio López said. He worked in the administration the last time Mr. Peña Nieto’s party held the presidency, in the 1990s, and is now part of the new National Anti-Corruption System.

“They are used to appointing someone they control,” Mr. López said of the government. But when officials learned that he and others on the new commission wanted to act with impartial independence, he added, “they didn’t like that.”

The fact is that corruption ranks among the worst problems around the world, affecting business, governments, economies and populations. Despite Mexico’s current problems, countries in all corners of the globe are enacting more stringent laws and regulations to try and stem the tide of criminal behavior and financial loss.

CRI Group’s experts have worked with clients at all stages of the process – from conducting due diligence and putting controls in place to protect against fraud and meet compliance requirements, to being called in after-the-fact when fraud has already occurred. Any business leader will attest that the former is a much better situation than the latter. Trying to recover lost funds, repair a damaged reputation and rebuild a business that has been devastated by fraud is a long an uphill battle.

That’s why CRI Group is designed to help organisations be proactive in preventing and detecting fraud and corruption. In 2016, the company launched ABAC® Center of Excellence (ABACGroup.com) – an independent certification body established for ISO 37001:2016 ABMS. The Center provides ISO 37001 training, and its certification services are accredited by the Emirates International Accreditation Center (EIAC).

ABAC® Center of Excellence is made up of experienced experts that have tailored many of the world’s prominent standards, and our tutors will turn you into a professional in embedding it to boost your company to its peak in performance. At ABAC® CoE, we provide you training to constantly enhance your knowledge and task your agents to improve more with following subjects:

ABAC Certification

ISO 37001:2016 Anti-Bribery Management System Certification
ISO 31000:2009 Risk Management Standard
ISO 19600:2014 Compliance Management System (CMS) Standard

ABAC Training

ISO 37001:2016 Lead Auditor Training
ISO 37001:2016 Internal Auditor Training
ISO 37001:2016 Introductory Course

At ABAC Center od Excellence, we are immensely committed to the highest ethical standards. Our goal is to enact excellence a convention for companies worldwide. Corruption and fraud aren’t going to go away. And in spite of setbacks in Mexico and some other countries, new rules and regulations are being enforced every day around the world requiring that companies demonstrate integrity, ethical behavior and compliance.

ISO 37001:2016 Anti-Bribery Management System certification is offered under CRI Group’s ABAC® Centre of Excellence, an independent certification body established for Anti-Bribery Management System training and certification, ISO 37301 Compliance Management Systems and Risk Management System certification. The program will be tailored to your organisation’s needs and requirements. For assistance in developing and implementing a fraud prevention strategy, contact ABAC today or get a FREE QUOTE now!

Who is CRI Group?

Filed under: Anti-Bribery Anti-Corruption Solution, Industry Insights, Resources by admin
No Comments »

« Previous Page — Next Page »

Rio de Janeiro law demonstrates

The time is quickly coming to an end when companies could expect to be successful in business without having a strong emphasis on compliance and ethics. The latest evidence of that is the fact that in Brazil, which has been stricken with high-profile fraud scandals in recent years, a new rule requires any companies doing business with the state of Rio de Janeiro to implement an integrity program.

This goes a clear step further than more broad regulations that require compliance programs as a factor of consideration. The Rio de Janeiro law mandates that companies have such programs in place if they contract with the state, or face legal consequences.

According to an article at Global Compliance News, “Brazil: New mandatory compliance programs between companies and Rio de Janeiro State,” the new measure has the following aims:

The law sets forth that its goal is to protect the public administration from irregularities, guarantee that the contracts are executed in compliance with the applicable laws, minimise risks, bring more transparency to contracts and improve the quality of contractual relations.

The law follows the Brazilian Anti-Bribery Law, and “mandates the existence of a compliance program in companies which enter into contracts, partnerships, concessions, or public-private partnerships, with the public administration of the state of Rio de Janeiro, in amounts higher than the legal threshold for the public tender category of competitive tender …” It applies to the following:

Business organisations and sole proprietorships, incorporated or not, regardless of the type of organisation or the corporate model adopted.
Foundations, associations of entities or persons.
Foreign companies with headquarters, branch or representation in the Brazilian territory, incorporated legally or not, even if temporarily.

There is no reason to think that the State of Rio de Janeiro will be the last to institute a strict law of this nature. That is just one of the reasons why CRI Group is helping organisations around the world develop and enhance their own compliance and due diligence programs.

Our CRI Certification program provides certification and continuous training to constantly enhance your knowledge and expand your employees’ skills and understanding of third-party risk management, compliance, anti-bribery and anti-corruption methods and best practices, and helps you stay in compliance with international laws and regulations, as well as local rules such as Rio de Janeiro’s mandatory compliance requirement.

Accredited certification and training

CRI’s Certification body, ABAC Center of Excellence, provides certification and training to businesses seeking to validate or expand their existing compliance frameworks by implementing the latest in best practice due diligence processes and procedures necessary for pursuing and maintaining global third-party affiliations.

ISO 37001:2016 Anti-Bribery Management System Certification
ISO 31000:2009 Risk Management Standard
ISO 19600:2014 Compliance Management Standard

ISO 37001 Training options

The ABAC Center of Excellence is made up of experienced experts that have tailored many of the world’s prominent standards and our tutors will turn you into a professional in embedding it to boost your company to its peak in performance. At ABAC Center of Excellence, we provide you training to constantly enhance your knowledge and task your agents to improve more with following subjects:

ISO 37001:2016 Lead Auditor Training
ISO 37001:2016 Internal Auditor Training
ISO 37001:2016 Introductory Course
ISO 37001:2016 Impact on Business

ISO 37001 Benefits to You

Provides training with cutting-edge methods and best practices for your team
Curriculum is tailored to your organisation’s needs, and on your schedule
Increases your organisation’s reputation and transparency among stakeholders and partners

Be proactive in keeping your organisation ahead of the curve with new laws and regulations everywhere – and anywhere – you conduct business. Contact ABAC Center of Excellence today and learn how we can help.

Filed under: Anti-Bribery Anti-Corruption Solution, Industry Insights, Resources by admin
No Comments »

« Previous Page — Next Page »

GDPR: A 21st Century approach to Compliance

Ever since its conception, GDPR has caused a strong stir in the legal and compliance world. The new law builds on the previous data protection legislation but at the same time provides more resilient protections for consumers, and more privacy considerations for organisations involved in the processing of personal data. The new EU General Data Protection Regulation (GDPR) in Europe, adopted in 2016, will be applicable starting on May 25, 2018. GDPR comes with significant changes compared to the Data Protection Directive 95/46/EC involving operational changes in organisations.

To say that GDPR is an extension of the previous law will also not be true. It is an add on but a game changer as well in the field of legal and compliance. It has been dubbed as the most important change in data privacy laws in 20 years, leaving the compliance world in a bit of an abyss due to it ever evolving nuance and uncertain nature of applicability. Each country needs to have their own Data protection (outside EU) as stringent and controlled as the EU’s GDPR.

Personal data

So, what exactly does GDPR apply to? GDPR applies to personal data and personal sensitive data. If you are offering goods or services to EU citizens inside or outside the EU GDPR will apply. However, the GDPR’s definition is more detailed and makes it clear that information such as an online identifier, can include for e.g. an IP address which can amount to ‘personal data’. The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.

For most of the organisations, keeping HR records, employment checks, customer lists, or contact details etc, the change to the definition should make little practical difference. So one can assume that in case an individual or organisation hold information that falls within the scope of the Data Protection Act, it will also fall within the scope of the GDPR. The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This is wider than the DPA’s definition and could include chronologically ordered sets of manual records containing personal data.

Sensitive personal data

It is important to note that the GDPR refers to sensitive personal data as “special categories of personal data” as stated in Article 9. These categories are broadly the same as those in the DPA, but there are some minor changes. For example, the special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing. All kinds of background screening and due diligence fall under it.

Controller and Processor

Another main guide to get ready for GDPR includes first determining whether your organisation processes personal data as a “data controller” or “data processor” The GDPR applies to ‘controllers’ and ‘processors’(Article 19-23). A controller determines the purposes and means of processing personal data. A processor is responsible for processing personal data on behalf of a controller. Incase of a processor, the GDPR places specific legal obligations on you as a processor for example, the requirement to maintain records of personal data and processing activities. There is the result of bearing the onus legal liability if processor is found responsible for a breach.

However, controllers are not relieved of their obligations where a processor is involved as the GDPR places further obligations on controllers to ensure its contracts with processors comply with the GDPR. The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

Consent

In furtherance of understanding GDPR it is important to know the requirement of Consent under the GDPR (Article 32) must be a freely given, specific, informed and unambiguous indication of the individual’s wishes. There must be some form of clear affirmative action – or in other words, a positive opt-in consent cannot be inferred from silence, pre-ticked boxes or inactivity. Consent must be verifiable, and individuals generally have more rights where you as a person or organisation rely on consent to process their data.

For processing to be lawful under the GDPR, you need to identify a lawful basis before you can process personal data. These are often referred to as the “conditions for processing” under the DPA.It is important that you determine your lawful basis for processing personal data and document this.

Data protection officer

This becomes more of an issue under the GDPR because your lawful basis for processing influences individuals’ rights. For example, if you rely on someone’s consent to process their data, they will generally have stronger rights, for example to have their data deleted. Data protection officer (DPO) is the person responsible for GDPR compliance. As per article 35 the DPO will be required by an organisation to be hired depending on the size and processing of large volume of special category of data by an organisation. This person will operate independently of the organisation. The principles of accountability and transparency have previously been implicit requirements of data protection law, however the GDPR’s emphasis elevates their significance.

Ultimately, the aim of these measures should be to minimise the risk of breaches and uphold the protection of personal data. The background investigation companies such as CRI Group offering various screening services and conducting fraud examinations, pre- as well as post-employment screening through “EmploySmart”, “3PRM” due diligence investigation services and third-party checks will need to incorporate GDPR in their system for adequate accountability, transparency and governance in the organisation.

Who is CRI Group?

Filed under: Compliance Solution, Resources by admin
No Comments »

« Previous Page — Next Page »

FCPA Corporate Enforcement Policy is out

On November 29, 2017, Deputy Attorney General Rod Rosenstein revealed the implementation of the FCPA Corporate Enforcement Policy (“Enforcement Policy”), which endeavours to supplemental reassure voluntary disclosure of FCPA violations by companies. The Enforcement Policy attempts to elucidate certain viewpoints of the FCPA Pilot Program launched by the Fraud Section in April 2016 and removes its “pilot” status by incorporating the general framework for credit for voluntary disclosure of FCPA violations into the United States Attorney’s Manual (USAM). For more information, please read the USAM insert below:

9-47.120 – FCPA Corporate Enforcement Policy

I. Credit for Voluntary Self-Disclosure, Full Cooperation, and Timely and Appropriate Remediation in FCPA Matters

Due to the unique issues presented in FCPA matters, including their inherently international character and other factors, the FCPA Corporate Enforcement Policy is aimed at providing additional benefits to companies based on their corporate behaviour once they learn of misconduct. When a company has voluntarily self-disclosed misconduct in an FCPA matter, fully cooperated, and timely and appropriately remediated, all in accordance with the standards set forth below, there will be a presumption that the company will receive a declination absent aggravating circumstances involving the seriousness of the offence or the nature of the offender. Aggravating circumstances that may warrant a criminal resolution include, but are not limited to, involvement by executive management of the company in the misconduct; a significant profit to the company from the misconduct; pervasiveness of the misconduct within the company; and criminal recidivism.

If a criminal resolution is warranted for a company that has voluntarily self-disclosed, fully cooperated, and timely and appropriately remediated, the Fraud Section:

Will accord, or recommend to a sentencing court, a 50% reduction off of the low end of the U.S. Sentencing Guidelines (U.S.S.G.) fine range, except in the case of a criminal recidivist; and
Generally will not require appointment of a monitor if a company has, at the time of resolution, implemented an effective compliance program.

To qualify for the FCPA Corporate Enforcement Policy, the company is required to pay all disgorgement, forfeiture, and/or restitution resulting from the misconduct at issue.

II. Limited Credit for Full Cooperation and Timely and Appropriate Remediation in FCPA Matters Without Voluntary Self-Disclosure

If a company did not voluntarily disclose its misconduct to the Department of Justice (the Department) in accordance with the standards set forth above, but later fully cooperated and timely and appropriately remediated in accordance with the standards set forth above, the company will receive, or the Department will recommend to a sentencing court, up to a 25% reduction off of the low end of the U.S.S.G. fine range.

III. Definitions

a. Voluntary Self-Disclosure in FCPA Matters

In evaluating self-disclosure, the Department will make a careful assessment of the circumstances of the disclosure. The Department will require the following items for a company to receive credit for voluntary self-disclosure of wrongdoing:

The voluntary disclosure qualifies under U.S.S.G. § 8C2.5(g)(1) as occurring “prior to an imminent threat of disclosure or government investigation”;
The company discloses the conduct to the Department “within a reasonably prompt time after becoming aware of the offence,” with the burden being on the company to demonstrate timeliness; and
The company discloses all relevant facts known to it, including all relevant facts about all individuals involved in the violation of law.

b. Full Cooperation in FCPA Matters

In addition to the provisions contained in the Principles of Federal Prosecution of Business Organizations, see USAM 9-28.000, the following items will be required for a company to receive credit for full cooperation for purposes of USAM 9-47-120(1) (beyond the credit available under the U.S.S.G.):

As set forth in USAM § 9-28.720, disclosure on a timely basis of all facts relevant to the wrongdoing at issue, including: all relevant facts gathered during a company’s independent investigation; attribution of facts to specific sources where such attribution does not violate the attorney-client privilege, rather than a general narrative of the facts; timely updates on a company’s internal investigation, including but not limited to rolling disclosures of information; all facts related to involvement in the criminal activity by the company’s officers, employees, or agents; and all facts known or that become known to the company regarding potential criminal conduct by all third-party companies (including their officers, employees, or agents);
Proactive cooperation, rather than reactive; that is, the company must timely disclose facts that are relevant to the investigation, even when not specifically asked to do so, and, where the company is or should be aware of opportunities for the Department to obtain relevant evidence not in the company’s possession and not otherwise known to the Department, it must identify those opportunities to the Department;
Timely preservation, collection, and disclosure of relevant documents and information relating to their provenance, including (a) disclosure of overseas documents, the locations in which such documents were found, and who found the documents, (b) facilitation of third-party production of documents, and (c) where requested and appropriate, provision of translations of relevant documents in foreign languages;

Note: Where a company claims that disclosure of overseas documents is prohibited due to data privacy, blocking statutes, or other reasons related to foreign law, the company bears the burden of establishing the prohibition. Moreover, a company should work diligently to identify all available legal bases to provide such documents;

Where requested, de-confliction of witness interviews and other investigative steps that a company intends to take as part of its internal investigation with steps that the Department intends to take as part of its investigation; and
Where requested, making available for interviews by the Department those company officers and employees who possess relevant information; this includes, where appropriate and possible, officers, employees, and agents located overseas as well as former officers and employees (subject to the individuals’ Fifth Amendment rights), and, where possible, the facilitation of third-party production of witnesses.

c. Timely and Appropriate Remediation in FCPA Matters

The following items will be required for a company to receive full credit for timely and appropriate remediation for purposes of USAM 9-47-120(1) (beyond the credit available under the U.S.S.G.):

Demonstration of thorough analysis of causes of underlying conduct (i.e., a root cause analysis) and, where appropriate, remediation to address the root causes;
Implementation of an effective compliance and ethics program, the criteria for which will be periodically updated and which may vary based on the size and resources of the organisation, but may include:

The company’s culture of compliance, including awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated;
The resources the company has dedicated to compliance;
The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk;
The authority and independence of the compliance function and the availability of compliance expertise to the board;
The effectiveness of the company’s risk assessment and the manner in which the company’s compliance program has been tailored based on that risk assessment;
The compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors;
The auditing of the compliance program to assure its effectiveness; and
The reporting structure of any compliance personnel employed or contracted by the company.

Appropriate discipline of employees, including those identified by the company as responsible for the misconduct, either through direct participation or failure in oversight, as well as those with supervisory authority over the area in which the criminal conduct occurred;
Appropriate retention of business records, and prohibiting the improper destruction or deletion of business records, including prohibiting employees from using software that generates but does not appropriately retain business records or communications; and
Any additional steps that demonstrate recognition of the seriousness of the company’s misconduct, acceptance of responsibility for it, and the implementation of measures to reduce the risk of repetition of such misconduct, including measures to identify future risks.

IV. Comment

Cooperation Credit: Cooperation comes in many forms. Once the threshold requirements set out at USAM § 9-28.700 have been met, the Department will assess the scope, quantity, quality, and timing of cooperation based on the circumstances of each case when assessing how to evaluate a company’s cooperation under the FCPA Corporate Enforcement Policy.

“De-confliction” is one factor that the Department may consider in determining the credit that a company will receive for cooperation. The Department’s requests to defer investigative steps, such as the interview of company employees or third parties, will be made for a limited period of time and will be narrowly tailored to a legitimate investigative purpose (e.g., to prevent the impeding of a specified aspect of the Department’s investigation). Once the justification dissipates, the Department will notify the company that the Department is lifting its request.

Where a company asserts that its financial condition impairs its ability to cooperate more fully, the company will bear the burden to provide factual support for such an assertion. The Department will closely evaluate the validity of any such claim and will take the impediment into consideration in assessing whether the company has fully cooperated.

As set forth in USAM 9-28.720, eligibility for full cooperation credit is not predicated upon waiver of the attorney-client privilege or work product protection, and none of the requirements above require such waiver. Nothing herein alters that policy, which remains in full force and effect. Furthermore, not all companies will satisfy all the components of full cooperation for purposes of USAM 9-47.120(2) and (3)(b), either because they decide to cooperate only later in an investigation or they timely decide to cooperate but fail to meet all of the criteria listed above. In general, such companies will be eligible for some cooperation credit if they meet the criteria of USAM § 9-28.700, but the credit generally will be markedly less than for full cooperation, depending on the extent to which the cooperation was lacking.

Remediation: In order for a company to receive full credit for remediation and avail itself of the benefits of the FCPA Corporate Enforcement Policy, the company must have effectively remediated at the time of the resolution.

The requirement that a company pay all disgorgement, forfeiture, and/or restitution resulting from the misconduct at issue may be satisfied by a parallel resolution with a relevant regulator (e.g., the United States Securities and Exchange Commission).

Public Release: A declination pursuant to the FCPA Corporate Enforcement Policy is a case that would have been prosecuted or criminally resolved except for the company’s voluntary disclosure, full cooperation, remediation, and payment of disgorgement, forfeiture, and/or restitution. If a case would have been declined in the absence of such circumstances, it is not a declination pursuant to this Policy. Declinations awarded under the FCPA Corporate Enforcement Policy will be made public.

Source: https://www.justice.gov/

Filed under: Industry Insights, Resources by admin
No Comments »

« Previous Page — Next Page »

CRI® celebrates Fraud Week 2021

2021 International Fraud Awareness Week (also called “Fraud Week”) kicked off on Sunday and is in full swing. CRI® Group is a proud supporter of this critical initiative every year, and we encourage business leaders to take this time to consider all of their fraud prevention measures, including anti-fraud training for employees.

Does your organization have a training program addressing fraud, bribery and corruption? And, if so, how robust is your training? How often is it administered? And how do you know it’s working?

These are important questions, especially because we know most fraud is discovered internally through employee tips. A recent case study is a perfect illustration of that.

Case study: Conflicts of interest

A major pharmaceutical company’s security department received a conflict of interest complaints that reportedly involved a range of employees, from sales personnel to the chief financial officer (CFO). The company engaged CRI® Group to conduct an integrity due diligence and conflict of interest investigation to uncover senior employees’ unethical practices, including bribery and corruption.

CRI® Group’s investigators quickly launched a risk assessment of the company’s third-party relationships, including interviews with identified vendors and suppliers to help ascertain the engagement process and associated risks.

Investigators found one of the vendors used letterhead that lacked a physical address, and the only contact information listed was a single cell phone number. Site visits, background checks and interviews helped determine that the suspicious vendor was not a company at all – but a single person, and he was none other than the brother-in-law of the client company’s CFO. Worse still was that this obvious fraud was being conducted right under the noses of the company’s procurement and finance professionals.

CRI® Group investigators discovered that the individual’s residence was being utilized as a warehouse to help facilitate the fraud. Comprehensive litigation records check with local and regional courts found that the subject was previously convicted in federal court and spent three years in prison for the charges of selling counterfeit products, physician samples and expired medicines; further regulatory checks found that his pharmacist license had been cancelled.

The fraud had continued for five years. However, the one thing that saved the company from further financial harm was that employees had stepped forward to report unethical behavior. If not for their action, the fraud could have continued indefinitely.

Fraud Week reminds us that awareness is any organization’s first line of defense against fraud and corruption, as properly trained employees will have a better opportunity to recognize the red flags of fraud and better understand their organization’s zero-tolerance policy toward such behavior.

Some key things to remember:

Anti-fraud training should be mandatory: this includes managers and executives, who should also receive special training regarding their position of responsibility.
Anti-fraud training should be an element of new employee orientation: after that, it should be provided to all employees annually, if not more frequently.
Training might be presented live (in-class), on video or online in an interactive format: the live class is preferred, as it allows questions and personal engagement. However, some employees work remotely in today’s business world, and an online format may be more feasible.

Fraud is everybody’s problem, and it cannot be prevented and detected if employees aren’t provided with the information they need to combat it. Providing a robust anti-fraud training program increases your company’s protection from fraud and unethical behavior risks. An ounce of prevention is worth more than a pound of cure.

Anti-Bribery and Anti-corruption Training

Our sister brand ABAC® Center of Excellence, provides employee training. Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence is an independent certification body that provides education and certification services for individuals and organisations on a wide range of disciplines and ISO standards, including ISO 31000:2018 Risk Management- Guidelines, ISO 37000:2021 Governance of Organisations, ISO 37002:2021 Whistleblowing Management System, ISO 37301:2021 (formerly ISO 19600) Compliance Management system, Anti-Money Laundering (AML) and ISO 37001:2016 Anti-Bribery Management Systems.

Learn more about how CRI® Group and the ABAC Center of Excellence can help you have a well-trained workforce serving as your front line of defence against fraud, bribery and corruption.

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, TPRM, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds B.S. 102000:2013 and B.S. 7858:2012 Certifications is an HRO certified provider and partners with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body that provides education and certification services for individuals and organisations on a wide range of disciplines and ISO standards, including ISO 31000:2018 Risk Management- Guidelines; ISO 37000:2021 Governance of Organisations; ISO 37002:2021 Whistleblowing Management System; ISO 37301:2021 (formerly ISO 19600) Compliance Management system (CMS); Anti-Money Laundering (AML); and ISO 37001:2016 Anti-Bribery Management Systems ABMS. ABAC® offers a complete suite of solutions designed to help organisations mitigate the internal and external risks associated with operating in multi-jurisdiction and multi-cultural environments while assisting in developing frameworks for strategic compliance programs. Contact ABAC® for more on ISO Certification and training.

Filed under: CRI News by admin
No Comments »

« Previous Page — Next Page »

Saudi Arabia corruption sweep signals a major shift

The news broke across Saudi Arabia and the world like a bombshell: a wide-ranging corruption sweep across the country had netted 11 princes, four sitting cabinet members and a dozen former government ministers. Among those detained included billionaire Saudi Prince Alwaleed Bin Talal. Saudi Arabia corruption sweep signals a major shift

Within days, the surprise action was being hailed as a possible “sea change” in the Middle East and beyond, signalling that an entire country had grown fed up with fraud and unethical conduct and suggesting the possibility that others might do the same.

A cost of doing business?

In many countries, bribes, collusion, backdoor deals and other forms of corruption are still considered a part of “business-as-usual.” Many organisation leaders who condone or even play along with such conduct worry that the implementation of strong anti-corruption laws and reforms might have a chilling effect on business.

Saudi Arabia sees it the opposite. According to an article in the Middle East Monitor, “Saudi: Anti-corruption drive will help boost development”, the Saudi Cabinet says that cracking down on corruption “will boost sustainable development in the Kingdom.”

Anti-fraud experts agree. When laws are enforced as intended and corrupt behaviour is punished, business and competition is allowed to thrive in an economic system as intended. The only ones who lose are unethical business leaders who seek to bend the rules to gain an unfair advantage.

Paving the way for better business

According to a CNBC article, “Billionaire Saudi Prince Alwaleed Bin Talal arrested in corruption crackdown”, the crackdown was deemed necessary for the future of business in Saudi Arabia:

The anti-corruption sweep is taking place against a backdrop of reform in Saudi Arabia, and the impending launch of an initial public offering for state-owned oil giant Saudi Aramco next year. The IPO is expected to be the largest in history, and Aramco is widely expected to dual-list shares on an international exchange.

Saudi Arabia’s Finance Ministry, for its part, said Sunday that the kingdom’s decision to set up an anti-corruption committee and detain prominent figures enhanced confidence in the rule of law, Al Arabiya television reported.

The decisions preserve Saudi Arabia’s investment climate, the Saudi-owned television channel said.

The news from Saudi Arabia underscores how critical it is for any organisation to get its integrity due diligence and compliance measures in proper order and create a zero-tolerance environment for corruption and fraud. A proactive way to do that is to engage CRI Certification, a special program administered by CRI Group and its ABAC Center of Excellence.

ISO 37001:2016 for your organisation

CRI Certification’s ISO 37001:2016 certifies that your organisation has implemented reasonable and proportionate measures to prevent bribery. These measures involve top-level leadership, training, bribery risk assessment, third-party risk management, integrity due diligence, financial and commercial controls, reporting, audit and investigation.

The 3PRM-Qualified™ training and 3PRM-Certified™ certification process for ISO 37001:2016 helps your company address bribery in all its forms, including:

In the public, private and not-for-profit sectors
By the organisation
By the organisation’s personnel acting on the organisation’s behalf or for its benefit
By the organisation’s business associates acting on the organisation’s behalf or for its benefit
Of the organisation
Of the organisation’s personnel in relation to the organisation’s activities
Of the organisation’s business associates in relation to the organisation’s activities
Direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party)

ISO 37001:2016 takes into account a compendium of international best-practices, enabling your organisations to apply and implement uniform anti-bribery measures irrespective of the various countries in which they operate.

Contact CRI Group and learn more about how ABAC Certification can help your company today.

Who is CRI Group?

Filed under: Industry Insights, Resources by admin
No Comments »

« Previous Page — Next Page »

Pakistan’s 1st ever Anti-Bribery Summit is a success

Last Thursday, 26 October, the region’s leading anti-fraud professionals gathered in Karachi, Pakistan, for CRI® Group’s Pakistan’s 1st ever Anti-Bribery Summit. CRI® Group took the initiative to organise the first Anti-Bribery Summit in Pakistan with the goal to redefine the anti-bribery culture within organisations in the country.

The Anti-Bribery Summit couldn’t have come at a more critical time, or have been held in a more relevant location – Pakistan is on the front lines of a struggle between those who wilfully engage in bribery and corruption, and those who endeavour to put a stop to it. But the problem of corruption is worldwide, affecting government, military and public sector organisations.

“The international nature of business today means that many companies operating in Pakistan and nearby countries are doing business across foreign borders, and in such cases find themselves subject to laws and regulations that aim to limit corruption and bribery on a global scale,” said Zafar Anjum, Chief Group Executive, CRI® Group. “That is why our Anti-Bribery Summit 2017 included sessions on compliance for the most significant international laws and regulations.”

The Anti-Bribery Summit 2017 included sessions on compliance for the most significant international laws and regulations, including a Q&A session with an expert on the Foreign Corrupt Practices Act.

Attendees also learned about compliance pitfalls, and how to engage in proper third party due diligence to keep their organisations safe from unethical partners that could hurt the organisation’s reputation and bottom line.

“It was good to see international speakers from UN and OECD on the practices being used and available standards for comparing our policies and procedures,” said Riaz Nazarali Chunara, Director, State Bank Of Pakistan.

Experts share their message

The Anti-Bribery Summit brought together some of the greatest minds in the fight against corruption, with a lineup of expert speakers that shared their experiences, knowledge and best practices with an attentive audience .

Keynote speakers included Drago Kos, Chair of the OECD Working Group on Bribery in International Business Transactions and Co-Chair of the Defence Corruption Monitoring Committee in Ukraine and adviser to the Kosovo Anti-Corruption Agency (see an exclusive video interview with Drago Kos about the Summit); Jouhaida Hanano, Criminal Justice Advisor – Sub-Programme II, UNODC Pakistan; Shehzad Yousuf, Chief Internal Auditor at PTCL; Tariq Hussain, Former Director / HOD Securities & Exchange Commission of Pakistan (SECP) – Supervision and Enforcement and Company Law Division; Ali Anwer Adil, Head of Internal Audit, Fraud Management and Revenue Assurance at Zong; and Ghulam Farooq, Director at The National Accountability Bureau.

“(It was) a wonderful conference on anti-bribery held by CRI® Group,” said Muhammad Nauman Ahmed, Head of Compliance at PEL. Ahmed said the “most amazing part” was that “OECD Anti-Bribery chairman Mr. Drago Kos and Director NAB, Sindh attended the conference.”

“SECP representatives were also present,” Ahmed said, calling it a “great event” for learning about the most current practices to counter bribery in Pakistan.

Featuring keynote addresses, Q&A sessions, trainings and a panel discussion, the Anti-Bribery Summit addressed topics critical to any organisation leader or executive in the region including anti-bribery compliance issues, strategies, the FCPA and UK Bribery Act, the corporate culture in Pakistan, conducting proper risk management and due diligence.

“It was a really good event, very well organized and an excellent learning experience,” said Yousuf Ali, Executive Manager, Assurance, EY Ford Rhodes. “My team and I at Ernst & Young thoroughly enjoyed it. Especially the presentation from Mr Shehzad Yousuf.”

“We are looking forward to other such events,” Ali said.

CRI® Group thanks all of the attendees, speakers and everyone involved in making the Anti-Bribery 2017 an unmatched success!

ISO 37001:2016 Anti-Bribery Management System certification is offered under CRI® Group’s ABAC® Centre of Excellence, an independent certification body established for Anti-Bribery Management System training and certification, ISO 37301 Compliance Management Systems and Risk Management System certification. The program will be tailored to your organisation’s needs and requirements. For assistance in developing and implementing a fraud prevention strategy, contact ABAC® today or get a FREE QUOTE now!

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: CRI News by admin
No Comments »

« Previous Page — Next Page »

Employee Screening Process

How do you know the candidate you just offered a role to is ideal? Are you 100% sure you know that everything they’re telling you is the truth? 90%? They showed you a diploma; how do you know it’s not photoshopped? Did you follow the correct laws during your background check process? Background checks and necessary screenings are vital to avoid horror stories and taboo tales within HR, your business or even your brand – simply investing in proper employee screening can save you time, money and heartbreak. A complete employee screening process will result in fewer applications with serious discrepancies – it increases the quality of new hires due to an improved applicant pool and selection process. EmploySmart™ provides full in-depth background screening services for employees and candidates at all levels, from senior executives to shop-floor employees.

How Well Do You Know The People You Invest In?

CRI® Group has developed EmploySmart™, a robust new pre-employment background screening service to avoid negligent hiring liabilities. Ensure a safe work environment for all. EmploySmart™ can be tailored into specific screening packages to meet the requirements of each specific position within your company. We are a leading worldwide provider specialised in local and international employment background screening, including pre-employment and post-employment background checks.

Pre-employment checks/background checks/screening benefits:

Reduce turnover & training costs
Gain a competitive edge through the hiring of better people
Increase productivity – help your employees be more productive, knowing that everyone employed by your company has been screened.
Set your company apart & win more business
Reduce employee-related problems
Protect company reputation/brand & customer relations
Comply with mandates created by state or federal law for certain industries
Increase retention
Reduce negligent hiring claims
Avoid violence in the workplace (threats of violence & actual violence)
Reduce theft & espionage
Avoid lawsuits & the costs associated with the defence.
Avoid loss of goodwill.

Pre-employment checks/background checks, what are they?

These checks are essentially an investigation into a person’s character – inside and outside their professional lives. Some checks you probably already carry out in-house, such as candidate’s qualifications (documents provided), work history (with a reference check), right to work in the country and even a quick social media presence scan. However, we provide a full in-depth background screening service for candidates and employees at all levels – from senior executives through to shop-floor employees:

Address Verification (Physical Verification)
Identity Verification
Previous Employment Verification
Education & Credential Verification
Local Language Media Check
Credit Verification & Financial History (where publicly available)
Compliance & Regulatory Check
Civil Litigation Record Check
Bankruptcy Record Check
International Criminal Record Check
Integrity Due diligence… and more.

When should I conduct pre-employment checks?

Our pre-employment screening services will help you avoid adding potential fraudsters and other bad actors to your staff. These checks can be implemented before or after a job offer (with each having its pros and cons).

How to collect references, and what to ask?

Because it is impossible to know how your candidate will work daily from just one interview, you will need references. References are a great way to find out whether your candidates are suitable for the role or will fit with your company culture. A primary reference check asks for:

Employment dates
Employment main responsibilities
Attendance record
Any disciplinary actions against them
Any reasons why they shouldn’t be employed

These references will help you back up their CV – however, many candidates tend to exaggerate or misrepresent themselves. Our EmploySmart™ team goes beyond to get a fuller picture for you:

Greatest strengths?
Are they suitable for the role they’ve applied for?
Would they rehire the candidate?
Suitable management style?
Do they have any leadership skills?
Situations in which they have excelled at?

Some companies have policies of not giving references and just providing necessary employment details, while others direct you towards HR, but the EmploySmart™ team is persistent.

What specific legal requirement should I ask?

You will need to check if they have the right to work in the region you are recruiting for. You are subject to statutory penalties if you employ foreign nationals who don’t have the correct visas. You will need to request criminal records checks depending on the role you are recruiting. Such roles with children or vulnerable people are highly regulated – and all of these differ from country to country.

CRI Group™ carries the burden of knowing the laws, so we can assist you with staying compliant and helping you to make the best decisions for your company’s needs. We have established an interdisciplinary team of experts in employment law, best practices and data protection. We can manage your employment background screenings across borders for you! Country by country, we have documented the different approaches to employment screening, ensuring we operate in harmony with local culture and within the limitations of local legislation.

With extensive local language capabilities, flexible working patterns and time zone intelligent workflow, we provide a comprehensive and fully compliant global screening service.

At CRI Group™, we specialise in employment screening, working as trusted partners to HR and recruiting managers of corporations and institutions worldwide. Our people work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates.

CRI Group™’s unique identity and vision evolved from our fundamental desire to support our clients and candidates. We have a passion for Screening and a simple belief in setting new standards. These qualities fuel our commitment to excellence and drive our culture.

Our EmploySmart™ background screening services expose vulnerabilities and threats within your organisation and can significantly reduce business and financial crime, fraud and malpractice within your workplace. Our experienced EmploySmart™ Team can safeguard your data security and your business integrity while you can focus on human conversations and interactions. Together, your organisation can deliver outstanding screening experiences.

We provide a host of professional services to HR managers representing significant corporations worldwide. Employees should be screened regularly to reveal any new information relevant to the business. That’s why our background investigations services also include:

Employee monitoring and risk management
Data protection compliance
Employee testing and confidentiality
Employee risk management
Post-employment background checks

CRI Group™ is trusted by the world’s largest corporations and consultancies – outsource your employee due diligence to an experienced provider, and you will only ever have to look forward, never back.

BS 7858:2019 Screening: extra security level for your business and employees

Get answers to frequently asked questions about background checks/screening cost, guidelines, check references etc. This eBook of compiled list of background screening related questions taken as a whole is the perfect primer for any HR professional, business leader and company looking to avoid employee background screening risks. It provides the tools and knowledge needed to make the right decisions.

Extensive global coverage, with expertise in domestic and international Screening; one of the largest, most experienced and best-trained integrity due diligence teams in the world
Our team of more than 50 full-time analysts is spread across Europe, the Middle East, Asia, and North and South America and is fully equipped with the local knowledge to serve your needs globally.
The ability to manage multiple background checks online
Quick turnaround times
Our solutions are easily customisable and flexible, and we will tailor our scope to address your concerns and risk areas, saving you time and money.
High-quality searches, backed by numerous checks and quality controls
We have a flat structure which means that you will have direct access to senior staff members throughout the due diligence process.
Our multi-lingual teams have conducted assignments on thousands of subjects in over 80 countries, and we’re committed to maintaining and constantly evolving our global network.
Our extensive solutions include due diligence, employee pre and post background screening, business intelligence and compliance, and facilitating any decision-making across your business, no matter what area or department.

GET A QUOTE

Who is CRI Group™?

Based in London, CRI Group™ works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, and is an HRO certified provider and partner with Oracle.

LET’S TALK!

Filed under: All Industries, All Regions, Background Investigation, Employee Background Check, Resources by admin
1 Comment »

« Previous Page — Next Page »

Components of ISO 31000:2018

ISO 31000:2018 Components

Managing risk is a critical part of the success of any organization. That’s why ISO (International Organization for Standardization) developed the 31000 Risk Management Standard. Issued in 2009, the standard helps address operational continuity, and also confidence and reassurance in your organization’s economic resilience, professional reputation and environmental and safety outcomes. Best of all, ISO 31000 can be tailored to your organization to help achieve the best results.

1. Principles

The purpose of risk management is the creation and protection of value. It improves performance, encourages innovation and supports the achievement of objectives. Principles include the requirement for the risk management initiative to be (1) customized; (2) inclusive; (3) structured and comprehensive; (4) integrated; and (5) dynamic.

2. Framework

The purpose of the risk management framework is to assist with integrating risk management into all activities and functions. The effectiveness of risk management will depend on integration into governance and all other activities of the organization, including decision-making.

> At CRI Group we are working on new ISO 31000 Awareness training course. Show your interest and sign up for more updates HERE!

2.1. Leadership and commitment, including:

Aligning risk management with the strategy, objectives and culture of the organization;
Issuing a statement or policy that establishes a RM approach, plan or course of action;
Making necessary resources available for managing risk; and
Establishing the amount and type of risk that may or may not be taken (risk appetite).

2.2. Integration, including:

Determining management accountability and oversight roles and responsibilities; and
Ensuring risk management is part of, and not separate from, all aspects of the organization.

2.3. Design, including:

Understanding the organization and its internal and external context;
Articulating risk management commitment and allocating resources; and
Establishing communication and consultation arrangements.

2.4. Implementation, including:

Developing an appropriate implementation plan including deadlines;
Identifying where, when and how different types of decisions are made, and by whom; and
Modifying the applicable decision-making processes where necessary.

2.5. Evaluation, including:

Measuring framework performance against its purpose, implementation and behaviors; and
Determining whether it remains suitable to support achievement of objectives.

2.6. Improvement, including:

Continually monitoring and adapting the framework to address external and internal changes;
Taking actions to improve the value of risk management; and
Improving the suitability, adequacy and effectiveness of the RM framework.

> Are you new to risk management? Our newly published “Risk Management & ABMS Playbook: A guide for prevention, detection and compliance” is available for download now. Read more here!

3. Process

The risk management process involves the systematic application of policies, procedures and practices to the activities of communicating and consulting, establishing the context and assessing, treating, monitoring, reviewing, recording and reporting risk.

3.1. Communication and consultation, including:

Bringing different areas of expertise together for each step of the RM process;
Ensuring different views are considered when defining risk criteria and evaluating risks;
Providing sufficient information to facilitate risk oversight and decision-making; and
Building a sense of inclusiveness and ownership among those affected by risk.

3.2. Scope, context and criteria, including:

Defining the purpose and scope of risk management activities;
Identifying the external and internal context for the organization;
Defining risk criteria by specifying the acceptable amount and type of risk; and
Defining criteria to evaluate the significance of risk and to support decision-making;

3.3. Risk assessment, including:

Risk identification to find, recognize and describe risks that might help or prevent achievement of objectives and the variety of tangible or intangible consequences;
Risk analysis of the nature and characteristics of risk, including the level of risk, risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness; and
Risk evaluation to support decisions by comparing the results of the risk analysis with the established risk criteria to determine the significance of risk.

4. Risk treatment, including:

Selecting the most appropriate risk treatment option(s); and
Designing risk treatment plans specifying how the treatment options will be implemented.

5. Monitoring and review, including:

Improving the quality and effectiveness of process design, implementation and outcomes;
Monitoring the RM process and its outcomes, with responsibilities clearly defined;
Planning, gathering and analyzing information, recording results and providing feedback; and
Incorporating the results in performance management, measurement and reporting activities.

6. Recording and reporting, including:

Communicating risk management activities and outcomes across the organization;
Providing information for decision-making;
Improving risk management activities; and
Providing risk information and interacting with stakeholders.

Getting Started with ISO 31000 Risk Management?

ISO 31000 is an international standard issued in 2009 by ISO (International Organization for Standardization). All types and sizes of organizations face internal and external factors that directly impact whether an organization can achieve their objectives or not. ISO 31000:2018 serves as a guide for the design, implementation and maintenance of risk management, ISO 31000:2018 describes a systematic and logical process, during which organizations manage risk by identifying it, analyzing it, and then make a determination as to mitigating the risk treatment in a way that is consistent with their risk appetite. An organization can implement risk management across the entire company, and it can do so at any time. Our newly published “ISO 31000 Risk Management: A guide to identify, analyse and mitigate risk” playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:

What is ISO 31000?
Why is this Standard a good idea?
What are the benefits for my business?
Principles of ISO 31000:2018
ISO 31000 framework
- Why was it revised?
- What are the main differences?
Key Clauses of 31000:2018
Who is the standard for?
The process
The link between 31000:20180 and other standards
Importance of risk management leadership
31000:2018 and continuous improvement
How do we get started?

> Risk management is a full-time, ongoing endeavor for organizations in today’s business world, and it poses constant challenges. The first part of reducing risk is having a strategy, and taking action. So DOWNLOAD your free playbook now!

Speak Up – Report Any Illegal, Unethical, or Improper Behavior

Ethics and Compliance Hotline is an anonymous reporting mechanism that facilitates reporting of possible illegal, unethical, or improper conduct when the normal channels of communication have proven ineffective, or are impractical under the circumstances. At CRI Group, we are committed to having an open dialogue on ethical dilemmas regardless.

REPORT HERE!

We would like to introduce a new Ethics & Compliance Hotline. This hotline is available to all employees, as well as clients, contractors, vendors and others in a business relationship with CRI Group and ABAC Group. If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline in below mentioned ways or provide us with your complaint online on the form below. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy.

READ MORE!

About CRI Group

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

TAKE A PART OF THIS SURVEY

Your opinion matters! Participate in the background screening survey now and let us know how COVID-19 and WFH have affected your business. ANSWER THE SURVEY

Filed under: All Industries, Leadership Insights, Resources by admin
3 Comments »

« Previous Page — Next Page »

CONTACT US

NEWSLETTER SUBSCRIPTION

FOLLOW US