The United Arab Emirates (UAE) is the 21 least corrupt nation out of 180 countries, according to the 2019 Corruption Perceptions Index reported by Transparency International. However, UAE corporate fraud and corruption still prevails as UAE is just one of many enablers of global corruption, crime, and illicit financial flows. Addressing the emirate’s role presents anti-corruption practitioners, law enforcement agencies, and policymakers with incredibly complex challenges. Read the answers to the following questions:
- To what extent are boards and senior executives in UAE taking proactive steps to reduce incidences of fraud and corruption from surfacing within their company?
- Have there been any significant legal and regulatory developments relevant to corporate fraud and corruption in the UAE over the past 12-18 months?
- When suspicions of fraud or corruption arise within a firm, what steps should be taken to evaluate and resolve the potential problem?
- Do you believe companies are paying enough attention to employee awareness, such as training staff to identify and report potential fraud and misconduct?
- How has the renewed focus on encouraging and protecting whistleblowers changed the way companies manage and respond to reports of potential wrongdoing?
- And much more…
Q. To what extent are boards and senior executives in UAE taking proactive steps to reduce incidences of fraud and corruption from surfacing within their company?
Anjum: High-profile corruption scandals have driven home the seriousness of fraud and corruption, and the turmoil that can engulf a company because of it. Organisations in the United Arab Emirates (UAE), and in the Middle East region as a whole, understand that being proactive against risk can be a matter of survival, especially in a competitive environment, but it is more than that. Today, being forward-thinking and proactive when it comes to fraud and corruption can actually foster organisational growth. Business grows an average of 3 per cent faster where corruption is low, according to the World Bank. And more organisations are engaging in trusted certifications like ISO 37001 for anti-bribery management because having that certification tells customers, vendors, third parties and employees that the company places a high priority on fraud training and prevention.
Q. Have there been any significant legal and regulatory developments relevant to corporate fraud and corruption in the UAE over the past 12-18 months?
Anjum: In January 2017, UAE president Shaikh Khalifa Bin Zayed Al Nahyan approved the highly anticipated Anti-Commercial Fraud Law, which strengthens protections of intellectual property rights (IPR) and imposes stricter penalties on counterfeiters. Counterfeiting and adulterated goods, along with intellectual property (IP) theft, are severe problems in the Middle East, propagated by unscrupulous inland and free zone traders. And while fraud and corruption still plague the region, the UAE continues to lead the Middle East in Transparency International’s latest Corruption Perception Index for its strides in addressing fraud risk and areas of concern, including bribery and corruption. With that said, experts have noted that businesses and governments in the UAE, and the Middle East, on the whole, face increasing threats of cybercrime, with a need for continuously updated laws and regulations to keep pace with this ever-evolving fraud threat.
Q. When suspicions of fraud or corruption arise within a firm, what steps should be taken to evaluate and resolve the potential problem?
Anjum: Fraud allegations, from bribery to embezzlement, should be treated as a very serious issue. When suspicion arises at an organisation, business leaders and the board should bring in expert help. Professional investigators have years of training in evidence collection and interviewing, and their role is to establish the facts of the case. The key to a proper investigation is to not approach it with a preconceived notion of how it will conclude. It is critical to remember that companies do not get a second chance when conducting a fraud investigation. It has to be done right the first time to reach a successful conclusion.
Q. Do you believe companies are paying enough attention to employee awareness, such as training staff to identify and report potential fraud and misconduct?
Anjum: Employees are the eyes and ears of your company, and the first line of defence against fraud and corruption. Many organisations are getting the message and making employee training and awareness of key parts of their fraud prevention programme. One key way to do this is by engaging in ISO 37001, which certifies that an organisation has implemented reasonable and proportionate measures to prevent bribery. The certification process involves a training module for employees. It stresses the importance that such training should continue as mandatory for all staff, and be provided on an annual basis – if not more frequently. If employees do not know what constitutes fraud, or how to recognise it, organisations face a heightened risk of being victimised.
Q. How has the renewed focus on encouraging and protecting whistleblowers changed the way companies manage and respond to reports of potential wrongdoing?
Anjum: Statistics from the Association of Certified Fraud Examiners (ACFE) show that most fraud is discovered by tips, which often come from employees, vendors and others connected to the organisation in some way, and the only way to get those tips is to provide a culture that supports and encourages whistleblowers. That is why having an anonymous reporting system, and communicating it to employees is a critical part of any fraud and risk prevention strategy. But for it to work, employees have to know what type of behaviour should be reported. This is where a training protocol like ISO 37001 comes in. It provides a curriculum that helps employees recognise the red flags of fraud, and also communicates how they can report fraud when they see it.
Q. Could you outline the main fraud and corruption risks that can emerge from third-party relationships? In your opinion, do firms pay sufficient attention to due diligence at the outset of a new business relationship?
Anjum: Many companies pay lip service to due diligence, but when an opportunity arises to make a major move, such as a merger, acquisition or new partnership, the interest of growing the business trumps a more cautious approach. This may be changing, however, as more organisations in the UAE and elsewhere put established due diligence procedures in place that cannot be circumvented by overeager business leaders. This is important because the risks are great.
Q. What advice can you offer to companies on implementing and maintaining a robust fraud and corruption risk management process, with appropriate internal controls?
Anjum: Begin with a thorough fraud risk assessment that examines every area of your organisation. This should be conducted by experts and used to gauge your overall threat level, as well as help you create a plan for moving forward by exposing a weakness that could lead to fraud risk and compliance issues. When creating your fraud and corruption risk management process, be sure to include hiring procedures, including thorough background checks, due diligence for any new mergers, acquisitions and partnerships, regular schedule audits and implement an anonymous reporting system. Build-in review processes that track the effectiveness of your controls, including how tips were handled and ultimately resolved. Finally, try to think like a fraudster. Consider any way that an employee, vendor or even customer might try to take advantage of your organisation. You might be surprised at what you find.
Speak up – report any illegal, unethical, or improper behaviour
If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy.