Managing Third-Party Risks: A Checklist

THIRD-PARTY RISK MANAGEMENT CHECKLIST

Third-party risk management checklist. Fraud doesn’t take a break in times of crisis – in fact, that’s often when it thrives. And the same is true for supplier fraud. Unethical business practices by third-party partners can directly impact your organization in all sorts of ways. This type of fraud can cause financial, logistical, and reputational harm.

Locked in the grips of the COVID-19 pandemic, New York City found itself desperately in need of medical supplies. In particular, the city hit hard by the pandemic required millions of 3M-brand N95 respirators, the type that keeps health care workers, police, paramedics and others safe. A supplier emerged to fill this need potentially.

Unfortunately, he had a scheme to defraud the city of $45 million through price-gouging and fraudulently posing as a 3M- dealer. The formerly used car dealer in New Jersey, the fraudster now faces wire fraud and wire fraud conspiracy charges in a three-count criminal complaint unsealed in the U.S. District Court in Manhattan (New York Times, 2020). Managing Third-Party Risks

The case is an unfortunate reminder of what type of fraud and corruption lurks in supply chains. While a crisis presents new vulnerabilities – often, safeguards are bypassed for urgency – companies must be always on guard for third-party fraud. Due diligence isn’t just a corporate buzzword, nor is it a concept to keep compliance officers happy. It must be an integral part of every organization’s core business model. Every organization can do the following key third-party due diligence measures to stay better protected from supplier or contractor fraud.

THIRD-PARTY RISK MANAGEMENT CHECKLIST EVERY ORGANISATION COULD USE:

1. Identify vulnerabilities

Before evaluating its third-party partners, an organization should look inward and measure its own risk management tools. These include the following:

  • Audit and supervision functions
  • Business continuity plans, supply chain alternatives (very critical would considering third-party contracts)
  • Jurisdictional considerations
  • Data and IP protection
  • Whistleblower policies

2. Conduct due diligence

The organization should engage a risk management process on all current and potential suppliers and contractors. For each third party, the organisation should evaluate the following:

  • Business and operations
  • Financial condition and reputation
  • Experience, culture, vision and business style
  • References and government records (including any legal action, bankruptcies, structure changes)
  • Background checks (including ownership and key personnel)
  • Insurance and certifications

3. Maintain management oversight

Due diligence is only worthwhile if appropriate action is taken in response to its findings. Once third-party partnerships have been evaluated and approved, the organization should continue to manage, monitor and maintain these relationships. Risk management is not a one-time process. It should be scheduled regularly (yearly at minimum) to ensure the proper standards are maintained for the organization. Not every company or government organization is ordering emergency supplies due to COVID-19 or other crises. With proper third-party due diligence, third-party due diligence can protect organizations year-round from the risk of any of the following serious pitfalls:

  • Merging with an international business embroiled in behind-the-scenes legal battles.
  • Getting caught up in making procurement decisions involving the inappropriate influence of government officials who were slated to receive kickbacks.
  • Partnering with organizations that are potential credit risks, have claimed bankruptcy, have dissolved stated companies or are faced with debtor filing.
  • Awarding work to an overseas contractor with absolutely no prior experience
  • Affiliating with a contracting company owned by a politician with significant influence on future awards

It is recommended and necessary for many organizations to have a team of professionals guide you through implementing a comprehensive program for third-party risk management. That’s where CRI® Group comes in. We have one of the largest, most experienced and best-trained integrity due to diligence teams globally. With multi-lingual teams that have conducted assignments on thousands of subjects in over 80 countries, CRI® Group’s due diligence experts are committed to maintaining and constantly evolving our global network.

Managing risk effectively is essential to ensure businesses succeed and thrive in an environment of constant uncertainty. This playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:

  • What is ISO 31000? Why is this Standard a good idea?
  • ISO 31000 framework, why was it revised? And What are the main differences?
  • Key Clauses of 31000:2018 and Who is the standard for?
  • The process and the link between 31000:20180 and other standards

Getting Started with ISO 31000 Risk Management?

DOWNLOAD ISO 31000 PLAYBOOK NOW

3PRM-Certified™ a third-party compliance verification and certification program

As the risk for data breaches and supply chain disruption continues to rise with COVID-19, so does the need for effective third-party risk management (TPRM) programs. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organization considering how to better equip your team with the best knowledge and skills, the 3PRM-Certified™ program is an all-in solution. Our 3PRM™ service is flexible, and we tailor our scope to address an organization’s specific concerns and risk areas. CRI® Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organization from liability, brand damage and harm to the business. The 3PRM-Certified™ program includes a focus on the following:

  • Providing third-party risk assessments
  • Meeting contracting requirements
  • Conducting due diligence
  • Identifying potential fraud risks
  • Providing management oversight

Utilizing a network of trained professionals positioned across five continents, CRI® Group’s 3PRM services utilize one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy AML and anti-corruption compliance program.

This TPRM Strategy program will help organizations establish the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Third-party relationships are critical in business today and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organization, an organization cannot overestimate the consequences of inadequate due diligence.

VIEW 3PRMTM BROCHURE

 

Let’s Talk!

Get ahead of any potential problems down the road with suppliers, contractors, and other third-party partners. Our extensive solutions include due diligence, employee pre- and post-background screening, business intelligence and compliance, facilitating any decision-making across your business no matter what area or department. Contact CRI® Group today and learn more about our third-party due diligence and risk management solutions. If you have any further questions or interest in implementing compliance solutions, please contact us.

GET A FREE QUOTE NOW

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

 

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Can ISO 37001:2016 prevent bribery?

Since its launch in 2016, ISO 37001 Anti-Bribery Management Systems standard has had its supporters and critics. Some regulatory bodies and compliance communities initially expressed concern regarding the lack of a body of evidence supporting the effectiveness of ISO 37001:2016 from certain standpoints. Critics asserted that the new standard failed to address broad compliance concerns, and questioned whether ISO 37001:2016 certification alone can prevent prosecution. These observations should certainly be weighed and considered, as any new compliance standard must be properly evaluated on its merits. In the case of ISO 37001, however, the critics have made some misjudgments in regards to the key factors they feel are in question with the standard. Can ISO 37001:2016 prevent bribery?

One of the most important things to remember is that a standard like 37001 and all of its measures require a commitment and implementation by the organisation adopting them. ISO 37001 is a standard, administered by a certified body but ultimately implemented by employees of the organisation itself. The purpose of ISO 37001 standard is to provide a framework against which an organisation’s anti-bribery management can be assessed and certified, rather than a foolproof blueprint to prevent bribery.

The story behind ISO 37001:2016

First, some background: The International Organization for Standardization, or ISO, is the international standard-setting body composed of representatives from various national standards organisations. Founded on 23 Feb. 1947, ISO promotes worldwide proprietary, industrial, and commercial standards. Responding to an international need, ISO issued the 37001:2016 Anti-Bribery Management System standard to help businesses, nonprofits and governmental agencies reduce their risk of bribery and corruption by establishing, implementing, maintaining and improving an anti-bribery management system.

The ISO 37001 standard requirement, which references to ISO 19600 – Compliance Management System, specifies mandatory requirements for organisations when establishing/updating their anti-bribery management programs in a manner that is proportionate to the potential bribery risk. The reference to these requirements is referred to as “appropriate” and “reasonable”, hence directing organisations to undertake a subjective, diligent and rigorous review of current compliance framework, which will make ISO 37001 effective for them. According to Deloitte & Touche LLP, “[in ISO 37001:2016] it’s the substance, not the form, of a compliance program that determines its effectiveness”.

Anti-corruption versus broad compliance issues

Some of the concerns regarding the effectiveness of ISO 37001 are focused on whether it addresses broad compliance issues, like inequality, harassment, various types of fraud (outside of bribery and corruption), or similar offences. Seeing that it generally does not, as its focus is on anti-bribery and anti-corruption compliance, some take the view that ISO 37001 has adopted a simplistic approach. The scope of ISO 37001 addresses “establishing, implementing, maintaining, reviewing, and improving an anti-bribery management system,” whether as a stand-alone initiative or part of a broader anti-corruption. Therefore, implementing ISO 37001 standard requirements should be viewed as a way of enhancing, rather than replacing, an organisation’s existing anti-corruption compliance programs.

ISO 37001 is effective step-by-step guidance for those organisations which lack an anti-corruption framework and enables them to implement a compliance program without investing significant time in identifying the regulatory and non-regulatory requirements. In fact, ISO 37001 has incorporated Federal Sentencing Guidelines, U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) Resource Guide to the U.S. Foreign Corrupt Practices Act, the U.K. Ministry of Justice Bribery Act 2010 Guidance, and OECD’s Good Practice Guidance on Internal Controls, Ethics and Compliance. Former U.S. Deputy Attorney General Rod Rosenstein highlighted three hallmarks of a policy-effective compliance program, which are concurrent with ISO 37001 requirements and include: fostering a culture of compliance; dedicating sufficient resources to compliance activities; and ensuring that experienced compliance personnel has appropriate access to the board.

Prosecution of offences

Lastly, there is a widely held belief that obtaining ISO 37001 certification is an effective tool to avoid prosecution for bribery. These misconceptions have not been viewed favourably insofar as to Ms. Hui Chen, U.S. DOJ’s former compliance counsel, stating “Dan Kahn, the Chief of the FCPA Unit in the Fraud Section of DOJ’s Criminal Division, has been very consistent: prosecutors will not outsource their responsibilities”. Rightly so. ISO 37001 certification does not act as insurance to corporate liability for bribery, neither does it refute the need to perform due diligence, and it should be considered and implemented as per company’s risk profile. In practicality, implementing ISO 37001 can demonstrate to enforcement agencies and regulators that the organisation has taken reasonable steps to establish a compliance program to mitigate bribery risks, however, ISO 37001 certification will mitigate the consequences, if not a shield, an organisation from investigation or prosecution.

ISO 37001:2016 embraced by organisations and governments

It is important to note that organisations and governments alike are embracing ISO 37001 as the standard for prevention and detection. One example of this is in Malaysia, where the ISO 37001 standard was adopted across the government under Prime Minister Tun Dr Mahathir Mohamad. The new system has been received positively in both the public and private sectors, and Malaysia’s former anti-graft chief said “the people’s perception on the government’s seriousness to fight corruption had increased to 70.8 per cent last year from 59.8 per cent in 2016. He said that Malaysia has also shown improvement in its performance indicators in several important international studies and indexes” (New Straits Times, 2019). True to form, various heads of government in the country are following the directive. Defence Minister Mohamed Sabu recently “cautioned his officers to adhere to the Anti-Bribery Management System, which had attained the International Standards Organisation’s ISO 37001: 2016 certification” (New Straits Times, 2019).

Malaysia is not alone. In Peru, Singapore, and China (Shenzhen Institute of Standards and Technology [SIST]), the national standard bodies have adopted and localised the ISO 37001 standard. In Italy, the ISO 37001 accreditation scheme has been developed by Accredia; whereas in the UK, United Kingdom Accreditation Service (UKAS) has undertaken an ISO 37001 pilot program to develop an accreditation scheme. In the United Arab Emirates, Emirates International Accreditation Centre (EIAC) is undertaking the ISO 37001 accreditation scheme development with CRI® Group’s ABAC® Center of Excellence. ABAC® is an initiative launched by CRI® Group and offers ISO 37001 certification services. Hence, amid these positive developments, the outlook for ISO 37001 looks promising. ISO 37001 is not a “silver bullet” to foolproof an organisation from bribery or corruption, or avoid prosecution should those offences occur. It was never designed to be. Instead, it is a framework to implement the necessary controls and systems at the organisation level – across all levels – so as to be better equipped to prevent bribery and corruption moving forward.

CRI® Group has experts who have conducted fraud investigations all around the world, for organisations of all sizes and industries. Our investigators work on-site at your company bringing a boots-on-the-ground approach to uncovering all the facts of the case. When you’ve uncovered fraud, that’s the time to let the experts take over. You owe it to yourself and the future of your business to make sure every investigation is done professionally and effectively. Contact CRI® Group to learn more about our fraud investigations today. Get a FREE QUOTE

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Anti-Bribery Compliance Programs in EMEA Countries

Preventing bribery and corruption is a global effort that crosses international borders…

Preventing bribery and corruption is a global effort that crosses international borders. In just the past few years, many governments have enacted more laws and regulations to reflect that reality. European, Middle Eastern and African (EMEA) countries are no exception – in many ways, they are at the forefront of this new anti-bribery and anti-corruption landscape and compliance program development. This critical shift from bygone years of sweeping unethical business behaviour under the rug to creating strict enforcement measures is well overdue. The sometimes overlapping nature of these laws and varying rules based upon their jurisdictions can pose challenges to compliance officers, however. Not to mention that the “letter of the law” sometimes lends to different interpretations depending on the local politics of the day.

When organisations do uncover wrongdoing, their leadership must be careful to understand that the wrong approach to investigation might get them into trouble: employee privacy protections are higher in some European nations, for example, potentially affecting a company’s ability to monitor employee behaviour and investigate wrongdoing.

The article will discuss some of the new laws and regulations that have been enacted (or are still emerging) in various EMEA countries, and provide a perspective on managing compliance standards across varying jurisdictions. The new wave of anti-bribery and anti-corruption controls is a good thing for the economy and for protecting investments worldwide. Business leaders must just be sure not to get caught by the tide.

Europe: Leading the Charge

In most European countries today, it can be very costly to be caught breaking bribery laws. Most laws call for stiff fines. The UK largely ushered in this landscape with the introduction of the UK Bribery Act 2010. Under this groundbreaking law, individuals or businesses may face up to 10 years in prison or unlimited fines. “The UK Bribery Act imposes more severe penalties and is broader in scope than the FCPA, covering bribes to private parties as well to foreign officials. The UK Bribery Act also prohibits being bribed, not just giving bribes. Because of the close ties between the United States and the United Kingdom, US businesses should pay special attention to all forms of potential bribery abroad, regardless of jurisdictional technicalities.” (Everfi, 2020).

Click here to read the full article.

Other Anti-Bribery and Compliance resources from our independent certification body ABAC®:

  • Prove that your business is ethical. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Find out if your organization’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks.
  • Bribery and corruption plague Middle East, how can ISO 37001 help? Read more here or download the free e-book now to know more about ABAC solutions in the Middle East.
  • Are you ready for ISO 37001? Download our free e-book: The latest global anti-bribery standards redefine a framework for corporate compliance, and find out more!

Let’s Talk!

If you have any further questions or interest in implementing compliance solutions, please contact us.

Don’t leave hiring to chance. Take a proactive stance with the highest level of background screening as a part of your essential corporate strategy. Contact us today to learn more about our full range of services to help your organization stay protected.

Get a FREE QUOTE

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

 

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

How to demonstrate “Adequate Procedures” in Malaysia?

Adequate Procedures in Malaysia, how to demonstrate it?

Adequate procedures in Malaysia are the guidelines issued by the Malaysian Anti-Corruption Commission (MACC). It also is a term made popular through the UK Bribery Act of 2010. It presents a company’s potential to avoid liability for failing to prevent bribery if that organisation can fully demonstrate clear, sound and established policies and procedures that deter individuals (inside and outside of the organisation) from partaking in questionable or corrupt conduct.

Malaysian National Anti-Corruption Plan 2019-2023

Under Section 17A (3) of the Malaysian Anti-Corruption Commission, if the commercial organisation is found liable under the corporate liability provisions, a person who is the director, controller, officer or partner of the organisation, or a person who is concerned with the organisation’s management affairs at the time of the commission of an offence, is deemed to have committed that offence unless such person can prove that the corrupt act was committed without his consent or connivance and that he exercised due diligence to prevent that commission of the offence as he ought to have exercised with regard to the nature of his function in that capacity and the circumstances.

Hence, there is a need for the company to put in place “adequate procedures” as a defence in case there is proven corruption by the associated individual.  The Malaysian Anti-Corruption Commission MACC has issued guidelines that constitute “adequate procedures.” In the National Anti-Corruption Plan, Tun Dr Mahathir bin Mohamad, Prime Minister of Malaysia on 29th January 2019 developed initiative number 2.1.3 which seeks

To introduce Anti-Bribery Management System (ABMS)MS ISO 37001 certification in all Government agencies”  within two years (Jan 2019-Dec 2020).

The guidelines further state in initiative 6.2.4:

To propose Anti-Bribery Management System (ABMS) MSISO 37001 certification as a requirement for State-Owned Enterprises (SOEs), Company Limited By Guarantee (CLBG) and the private sector to bid for Government contracts”.

In complying with these guidelines and to prove “adequate procedures”, public and private sector organisations should implement the ISO 37001 certification process which would provide proper assurance that the organisation has succeeded in establishing, implementing, maintaining, reviewing and improving its Anti-Bribery Management System.

State of Corruption in Malaysia

In Malaysia, apathy and ignorance towards bribery and corruption in your business will personally cost you. Malaysia’s seemingly never-ending battle to combat bribery and corruption took a decidedly different turn on June 1st of this year, as specific measures go into effect that saddle corporations and other organisations – along with their directors, controllers and senior management – with the full burden of proving that they are not involved in allegations of corrupt activity by their employees and third-party partners. That burden of proof means that corporations will have to effectively demonstrate that policies and procedures are firmly in place that deters, detect and defend against incidences of bribery at all levels of the organisation.

While a large part of the political and economic universe still believes that engaging in some form of corruption is the only way to survive and advance, many countries now are taking drastic measures to root out corruption, and Malaysia is rushing to the forefront of that trend. Currently ranked at 51 out of 180 countries on Transparency International’s “Corruption Perception Index” (2019), with a score of 53 (where 0 is perceived to be highly corrupt and 100 is perceived to be very clean), the Malaysian government emerged from the highly publicized 1MDB financial scandal on high alert and with a firm resolve to adopt tough anti-corruption legislation as one of its main priorities.

The result was the empowerment of the Malaysian Anti-Corruption Commission (MACC) and its 2009 Act which addressed corruption on both the political and private sector levels.  The Parliament’s subsequent amendment – Section 17A – was added in 2018, which likened the legislation to the UK Bribery Act but added a “parallel” element of personal criminal liability in corporate bribery cases. And that’s where business organisations need to take notice and take immediate action.

Demonstrating “Adequate Procedures” through ISO 37001 Certification

ISO 37001 Anti-Bribery Management System is an internationally accepted standard that specifies the procedures by which an organisation should implement in preventing bribery while detecting and reporting any bribery incident that occurs. The standard requires organisations to implement these procedures on a reasonable and proportionate basis according to the type and size of the organisation, and the nature and extent of bribery risks faced. It applies to small, medium and large organisations in the public and private sector and can be implemented in any country. Though it will not provide absolute assurance that bribery will completely cease, the standard can help establish that the organisation has in place reasonable, proportionate and adequate anti-bribery procedures.

ABAC® Center of Excellence Limited is fully accredited as a Conformity Assessment Body (Certification Body) to assist your organisation in attaining ISO 37001 certification through a thorough bribery risk assessment and audit covering the entire scope of the standard The audit methodology is evidence-based, meaning any issues raised will be confirmed through adequate evidence that the ABAC® Certification team has discovered during the audit. Auditing techniques take a risk-based approach to examining your organisation’s Anti-Bribery Management System (ABMS), and the ABAC® Certification team will increase the scale of the investigation if they determine that a specific process presents a higher risk side.  Factors such as Impact, Negligence, Minor, Major, and Critical are taken into consideration during the audit.

A separate audit method is a process-based approach where the ABAC® Certification examines the organisation’s processes while considering the interaction between those processes.  Finally, there is a sampling-based audit approach where ABAC® Certification incorporates an appropriate sampling plan utilising samples from different ABMS processes to conclude and support the audit findings and results.

The audit is extremely thorough in its approach, which results in accredited certification for the scope of the ISO 37001 Anti-Bribery Management System.  Because of the standard’s international acceptance and the thoroughness of the audit process, such certification can provide a valuable safeguard in demonstrating an “adequate procedures” compliance defence in cases posing a liability for a company’s failure to prevent bribery. Indeed, from an FCPA perspective, certification may provide tangible evidence that a compliance program was in place at the time of the alleged bribery actions. And from a UK Bribery Act perspective, the certification could provide the company with tangible prima facie evidence presented by an accredited certification body attesting to the establishment and effectiveness of the organisation’s compliance program. Notably, per Section 17A of the Malaysian Anti-Corruption Commission, the Prime Minister’s National Anti-Corruption Plan 2019-2023 has declared ISO 37001 certification a requirement for companies operating in Malaysia.

There is a strong likelihood that ISO 37001 Anti-Bribery Management System will continue to set the pace for a globally recognised “adequate procedures” standard for corporations embroiled in corruption litigation proceedings. But for now, the most powerful “insurance” tool that public and private sector organisations can use in their defence strategy is ISO 37001 ABMS certification.

 

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

MACCA’s Corporate Liability Provisions are in place

Malaysia is taking a further step against corruption with its new Corporate Liability Provisions of the Malaysian Anti-Corruption Commission (Amendment) Act 2018. The new provisions go into force this June. The measure has been compared to the UK Bribery Act 2010 and the U.S. Foreign Corrupt Practices Act (FCPA) 1977 (The Star, 2019). Section 17A of the MACC Act 2018 will enable the prosecution of individuals accused of corruption, not only organisations. Under the provisions, an organisation’s “directors, controllers, officers, partners, or managers are deemed to have committed the same offence, which carries a maximum penalty of a fine of not less than 10 times the value of the gratification or RM1 million, whichever is higher, and 20 years’ jail unless the firm is able to prove that it had in place procedures designed to prevent corrupt practices. The provision is modelled after the United Kingdom’s Section 7 of the Bribery Act 2010, which is widely regarded as ‘the toughest anti-corruption legislation in the world’” (New Straits Times, 2019). Perhaps it’s no coincidence that Malaysia improved by six points and jumped 10 places to 51 in Transparency International’s 2019 Corruption Perceptions Index (CPI). The CPI “measures public sector corruption including bribery, diversion of public funds, use of public office for private gain, and nepotism in the civil service” (Free Malaysia Today, 2020).

The change in law and perception meets popular demand in Malaysia, where the 1MDB case became the defining bribery scandal in the region. Malaysia’s state-owned investment fund, 1MDB, was supposed to attract foreign investment. Instead, it “spurred criminal and regulatory investigations around the world that have cast an unflattering spotlight on financial deal-making, election spending and political patronage under former Prime Minister Najib Razak. The figures are mind-boggling: a Malaysian parliamentary committee identified at least $4.2 billion in irregular transactions related to 1MDB. In May, Najib was ousted from power in a general election as the scandal fueled a voter backlash that ended his party’s 61 years of rule. As the investigations continue, Najib faces trial on corruption charges and U.S. prosecutors have implicated at least three senior Goldman Sachs Group Inc. bankers in a multiyear criminal enterprise” (Bloomberg, 2018).

The 1MDB scandal also demonstrated, however, that investigation and enforcement were stepping up in the face of public outrage. The MACC Act 2018 provided regulators with more teeth in the fight against corruption in the country. At ABAC Summit – Kuala Lumpur, organised by CRI Group, Mohd Nur Lokman bin Samingan, Assistant Commissioner at Malaysian Anti-Corruption Commission, said that some of the MACC Act’s provisions are meant “to encourage business and commercial activities being carried out in a corruption-free environment; to encourage all commercial organisations to take adequate measures in order to prevent corruption in their respective organisations; and to promote better corporate governance and legal compliance by requiring corporations to take proactive roles in preventing corruption.”

Demonstrating “adequate procedures” with ISO 37001 certification

Now more than ever it is critical that organisations undergo a program of compliance and demonstrate “adequate procedures” with ISO 37001:2016 Anti-Bribery Management standard certification. ISO 37001 is an established, tried and tested program that provides a comprehensive program for preventing bribery and corruption. It can be tailored to organisations of all sizes and industries, and certification requires the demonstration that processes have been implemented effectively – with follow-up evaluations. The new corporate liability provisions to the MACC Act are an important thing for safeguarding Malaysia’s economy and investments.

It is crucial to trust your anti-bribery and compliance strategies to accredited ISO 37001 certification providers. CRI Group’s ABAC® has recently announced that the United Kingdom Accreditation Service (UKAS) has accredited its ABAC Certification services for administering the ISO 37001:2016 Anti-Bribery Management Systems standard. ABAC® provides ISO 37001:2016 anti-bribery management systems certification for all types of organisations across the globe that implement prescribed measures to prevent, detect and address bribery. Pursuant to this, UKAS accredited ABAC Center of Excellence Limited in the UK, Malaysia and UAE for ISO 37001:2016 Anti-Bribery Management Systems (ABMS) certification in accordance with ISO/IEC 17021-1: 2015 conformity assessment requirements for bodies providing audit and certification of management systems.

Trust ABAC®, your accredited certification provider in Malaysia to comply with requirements of Section 17A of the Malaysian Anti-Corruption Commission Act (MACCA 2018) with confidence. To learn more about how the ABAC Center of Excellence can help tailor an ISO 37001 certification program to your organisation, contact ABAC Center of Excellence Limited today.[/vc_column_text][/vc_column][/vc_row][accordion_father][accordion_son title=”About CRI Group”]Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.[/accordion_son][/accordion_father][/vc_column][/vc_row]

Building a Resilient and Defensible Third-Party Risk Management Compliance Program

Third-Party Risk Management Compliance Program:

Does your business have a Third-Party Risk Management (TPRM) Compliance Program? Are you establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business?

It’s highly probable that, at some point, organizations that affiliate with outside providers will eventually have to deal with an operational interruption resulting from third-party related issues and inappropriate conduct. The risks involved in partnering with outsiders hasn’t changed over the centuries. It’s the potential liability that’s been ratcheted up several notches. International borders have been ripped down. Technology has improved the way businesses communicate.

Easy access to data and information enables the media to report on business news before a business can properly respond. And the markets are quick to form opinions based on a 24/7 on-demand news cycle. The result of this increased liability is problematic. Business litigation has skyrocketed. Corporate reputations are constantly being assaulted. Business strategies are forever shifting. Board members are increasingly subjected to intense scrutiny from outside critics, and a highly educated market responds immediately with their pocketbooks.

VIEW 3PRMTM BROCHURE

Discover How to Demonstrate a Resilient and Defensible Third-party Risk Management Compliance (TPRM) Program with 3PRM™ Services

CRI® Group has a network of local subject specialist operatives across the Middle East, Europe, South American and Asian regions to extend a helping hand and offer enhanced integrity due diligence being pre-emptive measures against:

  • Experiencing financial loss when a third-party provider failed.
  • Losing customers because of poor-quality service from a third party.
  • Exposing breaches to data systems because of poor information security practices by a third party.
  • Experiencing supply chain issues due to poor disaster recovery procedures by the third party.
  • Being exposed to litigation because of relationships with an outside provider significantly violated contractual terms, potentially resulting in regulatory exposure.

When Working with third-party providers, CRI® Group designed a solution: 3PRM-Certified™. This proactive approach includes Integrity Due Diligence, Enhanced Due Diligence, Anti-Bribery and Anti-Corruption Compliance Solutions (incorporating ISO 37001 Anti-Bribery Management System accredited certification and training) to mitigating the risks involved with third-party affiliations to protect the organization from liability, business interruption and brand damage.

You may also like this article:

WHEN TO CONDUCT THIRD-PARTY SCREENING?

3PRM-Certified™ A Third-party Compliance Verification and Certification Program

As the risk for data breaches and supply chain disruption continues to rise with COVID-19, so does the need for effective third-party risk management (TPRM) programs. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organization considering how to better equip your team with the best knowledge and skills, the 3PRM-Certified™ program is an all-in solution.

Our 3PRM™ service is flexible, and we tailor our scope to address an organization’s specific concerns and risk areas. Our extensive solutions include due diligence, employee pre- and post-background screening, business intelligence and compliance, facilitating any decision-making across your business no matter what area or department. Get ahead of any potential problems down the road with suppliers, contractors, and other third-party partners. Contact CRI® Group today and learn more about our third-party due diligence and risk management solutions.

CRI® Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organization from liability, brand damage and harm to the business. The 3PRM-Certified™ program includes a focus on the following:

  • Providing third-party risk assessments
  • Meeting contracting requirements
  • Conducting due diligence
  • Identifying potential fraud risks
  • Providing management oversight

Utilizing a network of trained professionals positioned across five continents, CRI Group’s 3PRM services utilise one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy AML and anti-corruption compliance program.

This TRM Strategy program will help organizations establish the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Third-party relationships are critical in business today and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organization, the business cannot overestimate the consequences of inadequate due diligence.

VIEW 3PRMTM BROCHURE

Inadequate Procedure 

December 2013: Over US$2.8 million for failing to have in place appropriate checks and controls to guard against the risk of bribery or corruption when making payments to overseas third parties, breaching the FCA’s principle on management and control. Between 19th February 2009 and 9th May 2012, the organisation received almost $33 million in gross commission from business provided by overseas introducers and paid them over $18 million in return.

Inadequate systems around these payments created an unacceptable risk that overseas introducers could use the payments made for corrupt purposes, including paying bribes to people connected with the insured clients and/or public officials.

Regulatory action is not a US or UK phenomenon alone but is increasingly becoming a global issue. Regulatory thinking around third-party risks in some other jurisdictions is highlighted below:

  • Singapore: The Monetary Authority of Singapore (MAS) has stated that it “is particularly interested in material outsourcing which, if disrupted, has the potential to significantly impact an institution’s business operations, reputation or profitability and which may have systemic implications.”
  • Australia: The Australian Prudential Regulatory Authority (APRA) aims to ensure that all outsourcing arrangements involving material business activities entered into by a regulated institution are subject to appropriate due diligence, approval, and ongoing monitoring.
  • Hong Kong: The Hong Kong Monetary Authority (HKMA) states that institutions “should not enter into, or continue, any outsourcing arrangements [that] may result in their internal control systems or business conduct being compromised or weakened after the activity has been outsourced.” – Source: Deloitte Report

Let’s Talk! If you have any further questions or interest in implementing compliance solutions, please contact us.

About CRI® Group

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue Diligence and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

 

 

10 Ways to Maintain GDPR Compliance

In 2018, the European Union’s (EU) General Data Protection Regulation (GDPR) came into force. The GDPR was a response to massive worldwide data breaches that were undermining the trust and security of private citizens whose personal information was at stake. As this data was exposed by both hackers and, in some cases, simply through poor security measures, governments of the EU felt it was time to create a strong piece of governance to bolster protection. While the initial rollout of GDPR held some uncertainty and unknowns for organisations subject to its guidelines, there is now a much clearer picture of how its standards apply. The punishments for being caught out of compliance can be severe: Violators of the GDPR may be fined up to €20 million or up to 4 percent of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater (European Commission, 2020, GDPR.eu, 2020). At CRI Group, our integrity due diligence experts are trained at helping organisatons achieve and maintain compliance with GDPR. Our leading risk management and compliance agents provide the following top 10 GDPR best practices for any business or entity that deals with collecting, storing or using personal information:

 

1. Employ a Data Protection Officer (DPO)

It is a GDPR requirement that entities who carry out regular and systematic monitoring of individuals on a large scale, or large-scale processing of certain special categories of data, have an assigned DPO. It is also recommended, however, for all other entities to help ensure data security. While the GDPR does not specifically list the necessary training or qualifications of a DPO, the regulation does require the DPO to have “expert knowledge of data protection law and practices” (Digital Guardian, 2019). Implement thorough background screening processes and make sure they are trained and qualified to be your DPO.

2. Train your employees

Ensure that all personnel are aware of the GDPR and your organisation’s commitment to compliance. Make sure that all leaders, and especially key personnel charged with collecting, handling or storing data, understand their responsibilities under GDPR. Make date protection training a regular part of your employee curriculum.

3. Confirm the legality of your data collection

GDPR requires that you have a legal basis to collect personal data. For most businesses, the following are the most likely to be applicable:

  • The information is necessary to perform a contract between the organisation and the individual;
  • You have a legal obligation to process the data (such as a court order);
  • The organisation has a legitimate interest in collecting and processing the data – in other words, there needs to be a relationship and business reason to collect the date (it cannot be random);
  • The individual has provided direct consent to the processing of the data.

4. Maintain thorough records

For larger organisations (more than 250 employees), GDPR requires that records of data collection and processing be maintained. Again, this is also a best practice for smaller organisations, as well. It can help establish that the organisation is dutifully complying with the data protection principles in GDPR. Take inventory and make a record of the data you have collected and are storing to date. Create a detailed matrix to understand what types of data you are holding, where/how it as collected, how and where it is held, and whether it is still needed. Based on this information, you can also develop a data-retention policy to govern how long personal data is kept and stored. Keeping data on file longer than needed is a liability, and serves no business purpose.

5. Establish consent policies for data

For some of your records, consent is your lawful basis for holding it. Under GDPR, it is no longer acceptable to assume consent in your collected data, or treat silence as consent. Create clear and unambiguous consent forms for your data collection that demonstrate adherence to GDPR principles. And remember, under GDPR, you must make it a simple process for an individual to withdraw their consent at any time.

6. Perform due diligence on third-parties

Under GDPR, your organisation is responsible if third-party partners collect, store or manage data for your organisation. You must ensure their compliance with GDPR as if it is your own, since they are responsible for your data. This is the time to update your contracts with them to include compliance measures, as needed. It is also important that you review their control systems and their data handling processes. They must be comprehensive and meet all of the GDPR requirements to keep data secure. CRI Group’s third-party risk management experts can help you conduct effective reviews of your partners and their processes.

7. Be responsive

Under GDPR, your organisation must respond to requests from individuals whose data you have collected and/or are storing. These requests are spelled out as individuals rights in regards to their personal data and they include the following:

  • Right to be informed about what data is collected and why;
  • Right of access to data that has been collected;
  • Right to rectification/correction of inaccurate data;
  • Right to erasure of data (“right to be forgotten”);
  • Right to restrict processing of personal data;
  • Right to data portability;
  • Right to object to use of data; and
  • Right not to be subject to automated decision making, including profiling.

Have a process in place to timely respond to requests and provide data when requested in order to stay in compliance.

8. Have written policies in place

Develop your internal policies in regards to GDPR and how you protect personal data, and communicate them across your organisation. Take special note to spell out policies on data retention, cross-border processing of date, and how you collect and handle data for persons under the age of 16, as GDPR has special requirements in regards to children’s data.

9. Conduct risk assessments

GDPR requires Data Protection Impact Assessments in certain cases. These assessments measure your organisation’s ability to protect personal data, and risks associated with that protection. If your data processing is considered high-risk, uses new technology, or deals in large-scale processing of data in certain categories, the assessments are required – but in for any organisation, they are recommended. Data protection experts at an outside firm like CRI Group can help you prepare robust risk assessments and follow-up plans to address their results.

10. Be prepared for a breach

A worst-case scenario in data security is a breach that exposes personal information. Under the steps above, your organisation should be well-positioned to prevent or limit any breach to your data security. However, you should always have a contingency plan in place to immediately respond to a breach should it occur. Understand that GDPR requires that the applicable EU data protection supervisory authority be notified within 72 hours of a breach. Gone are the days where a company can announce it weeks or even months after the fact. Be ready to notify the affected individuals that their data has been compromised, so that they can take the appropriate steps to respond.

Organisations don’t like to think about the impact of a data breach – but major cases have pushed governments to act in the public’s interest. Perhaps nowhere is this more true than in the EU, where the GDPR is now the governing policy for organisations that deal with individuals’ personal data. By being proactive with the steps above, your organisation can be better prepared and maintain compliance with the GDPR. Most importantly, you will have the confidence and trust of your consumers through effective best practices in handling and protecting their data. CRI Group’s experts are here to help. Contact us today so that we can walk you through the steps of GDPR compliance.

 

Let’s Talk!

If you have any further questions or interest in implementing compliance solutions, please contact us.

CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligencethird-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

25 Benefits of ISO 37001:2016 ABMS Certification

How to fight bribery and corruption?

Bribery and corruption are a dent on the image of any company. It is an unwanted and unsightly reflection that can be not only be mitigated but prevented in the organisation. The negative representation might result in a loss of trust among customers, affiliates and business patrons. In addition, the lack of internal anti-bribery controls and procedures has been one of the key reasons for deficiency in productivity inside global organisations. ISO 37001 ABMS

To combat these adverse effects, a strong standard is needed where governance, risk management and compliance (GRC) procedures are at the heart of the system. ISO launched ISO 37001:2016 ABMS standard – a global benchmark in the Anti-Bribery Management System (ABMS) which detects, protects and addresses the issues of bribery and corruption in the corporation. It is an assurance of employing the highest ethical standards and harnessing transparency even in the most complex business activities.

What is ISO 37001:2016 ABMS certification?

ISO 37001:2016 ABMS certification demonstrates organisation’s commitment to upholding the best practices in the corporate world. Being a framework that measures, identifies and controls the level of transparent commercial performance combined with international guidelines, it is applicable for all kinds, sizes and natures of organisations By adopting the ISO 37001:2016 ABMS certification, companies, subsidiaries and other affiliates are able to shield themselves from the dent that can tarnish their reputation and decrease their proficiency in the industry.

Through the implementation of ISO 37001:2016 certification, your organisation can cultivate a better anti-bribery and ethics culture along with the trust within the establishment. By adopting the ISO 37001:2016 certification, organisations will be able to combine the GRC strategies with the ISO system across all departmental units in a transparent and operative manner. Built with a set of globally accepted requirements, the ISO 37001:2016 certification is compliant with global, regional and local anti-bribery regulations worldwide, which increases the multi-level integrity of the association.

What are the benefits of ISO 37001:2016 ABMS Certification?

ISO 37001:2016 ABMS certification includes audit assessment procedures, to utilise the application and maintenance of a robust anti-bribery program. Being an all-encompassing standard that is integrated with other management systems, the ISO 37001:2016 ABMS certification provides several benefits:

  • Competitive advantage over other organisations
  • Greater awareness on the output of bribery
  • Enhanced aptitude for the prevention of corruption
  • Expansion of business opportunities
  • Continual improvement of services and products
  • Enhancement of the organisation’s reputation
  • Facilitation of efficient management operations
  • Apt demonstration of legal compliance and assurance
  • Reduction in structural and miscellaneous costs
  • Escalation of organisational assets
  • Better implementation of compliance programs
  • Precise execution of significant measures
  • Increase in business efficiency and effectivity
  • Superior trust and transparency
  • Reduction of malpractice and other hazards
  • Protection of resources and other capitals
  • Easy integration to existing management systems
  • Appropriate utilisation as a due diligence evidence
  • Accurate evaluation of organisation’s position
  • Recognition and deterrence of immediate threats
  • Placement of adequate procedures to combat risks
  • Timely observation and development of controls
  • Execution of feasible anti-bribery procedures
  • Practice of internationally recognised processes
  • Establishment of ethical global practices

How can your organisation attain ISO 37001: 2016 ABMS certification?

With the list of returns that ISO 37001:2016 ABMS certification holds, its value is undeniable. The cost and benefits of not adopting a viable Anti-Bribery Management System are far greater than the cost of its implementation. Dedicate your time, energy and capital towards your organisation’s growth and progress. By engaging with a qualified, trained and independent third-party certification body, your company is securing its future against losses and gaining a surplus of rewards. The Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence is looking forward to connecting with you and steering your organisation towards the espousal of ISO 37001:2016 ABMS certification. Provide your company with the credibility to go beyond and reach its envisioned destination. For more information, please feel free to contact our team and visit our website www.ABACgroup.com.

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.