Panama Privacy Laws, Offshore Companies and the ID of Ultimate Beneficiary Owners PG. 12
Does Your Risk Management Program Measure Up to Today’s Threats? PG. 22
Investigative Due Diligence: A Critical Step in Reducing Risk and Liability PG. 26
Ethics Resource ISSUE 1 2016
CRIGROUP.COM
THE WORLD IS WATCHING
Published by
CORPORATE ETHICS & TRANSPARENCY PG. 16 Fraud and White-Collar Crime Investigations
|
Background Investigations
|
Business Intelligence
|
Corporate Security
|
Forensic Accounting
|
Investigative Due Diligence
Letter from the CEO Strong Corporate Governance: Where Ethics and Business Intersect ZAFAR I. ANJUM, MSc, CFE, CII, MICA, Int. Dip. (Fin. Crime) CRI Group Chief Executive Officer
In our global economy, we’ve gone beyond the point where business leaders can turn a blind eye to ethic and corporate governance issues. New laws, compliance standards and business practices on the whole have evolved. In this issue of Ethics Resource, we take a deep look at due diligence, risk management and other issues tied to ethics, providing you with the latest news and best practices for your business. Our cover story, “The World is Watching: Corporate Ethics & Transparency” reminds the reader that an ethical culture in business truly has to come from the top. With strong corporate governance, third-party risk management and proper due diligence, organizations help protect themselves and their stakeholders from potentially damaging situations. Speaking of risk management, does your organization have an effective process in place? In other words, “Does Your Risk Management Program Measure Up to Today’s Threats?” This article asks engaging questions and offers practical advice that every business leader should read and put into practice. Two focus pieces provide an insider’s look at ethical issues. In “Investigative Due Diligence: A Critical Step in Reducing Risk and Liability,” you’ll read about the purpose of thorough investigations and important considerations when undertaking them. We also provide an insightful look at the Panama Papers, an unbelievable scandal raising endless ethical issues and questions. I hope you enjoy this edition of Ethics Resource, and find it informative and helpful in your efforts to maintain an ethical corporate culture.
2 | Ethics Resource | ISSUE 1 2016
Spotlights & Features Ethics Resource | Issue 1 2016
16
The World is Watching: Corporate Ethics & Transparency Preparedness for investigations and management of vulnerabilities is critical for organizations seeking to maintain a global competitive advantage. Learn five best practices for risk management, investigations and FCPA compliance.
12
Panama Papers: Panama Privacy Laws, Offshore Companies and the ID of Ultimate Beneficiary Owners
22
Third-Party Risk in 2016: Does Your Risk Management Program Measure Up to Today’s Threats?
26
Investigative Due Diligence: A Critical Step in Reducing Risk and Liability Ethics Brief...................................................................................................................6 News & Media........................................................................................................... 32 By the Numbers......................................................................................................... 35
ISSUE 1 2016 | Ethics Resource | 3
Ethics Resource Ethics Resource is created for business leaders, directors, investors and professionals who need
the latest information and best practices on ethics and compliance. Presenting practical tools, case studies and articles focused on ethics, compliance and due diligence, Ethics Resource provides an insightful look at the issues impacting businesses worldwide. Ethics Resource is published by Corporate Research and Investigations, LLC. (CRI Group).
WORLDWIDE LOCATIONS MIDDLE EAST & NORTH AFRICA
Dubai CRI Group Headquarters Level 9, #917, Liberty House, DIFC P.O. Box 111794 Dubai, UAE Tel: +971-4-3589884 Fax: +971 4 3589094 Email: cridxb@CRIGroup.com Web: CRIGroup.com Abu Dhabi Office No: 3509, 35th Floor Al Maqam Tower, ADGM Square Al Maryah Island, Abu Dhabi, UAE Tel: +971 2 4187568 Email: abudhabi@CRIGroup.com Qatar QFC Branch Office No. 130, 1st Floor Al – Jaidah Square, 63 Airport Road P.O. Box 24369 Doha, Qatar Mobile: +974 7406 6572 Tel: +974 4426 7339 Email: doha@CRIGroup.com
EUROPE
London EMEA Head Office Level 37 1 Canada Square London E14 5AA, United Kingdom Tel: +44 207 712 1626 or +44 203 4782449 Email: london@CRIGroup.com
4 | Ethics Resource | ISSUE 1 2016
NORTH AMERICA
New York 445 Park Avenue 9th Floor – Suite 957 New York, NY 10022 United States of America Tel: +1 (212) 745-1148 Email: newyork@CRIGroup.com
ASIA
Pakistan Level 12, #1210, 1211 55-B, Islamabad Stock Exchange (ISE) Towers Jinnah Avenue, Blue Area Islamabad, Pakistan Tel: +92 51 111 888 400 Toll Free: 0800 00 CRI (274) Email: pakistan@CRIGroup.com Singapore 1 Raffles Place, #19-61, Tower 2 One Raffles Place Singapore 048616 Tel: +65 6808 5634(35)(36) Email: singapore@CRIGroup.com Hong Kong Rooms 05-15, 13A/F, South Tower World Finance Centre, Harbour City 17 Canton Road Tsim Sha Tsui Kowloon, Hong Kong Tel: 852-2208-6064 Email : CRI.hongkong@ CRIGroup.com Malaysia Lot 2-2, Level 2, Tower B, The Troika, 19 Persiaran KLCC,M 50450 Kuala Lumpur, Malaysia
SUBSCRIPTIONS To subscribe to Ethics Resource, please email PR@CRIGroup.com. Or contact one of our worldwide locations directly.
ADVERTISE To advertise with us, please send an email to PR@CRIGroup.com. Space is available for our printed magazines as well as our email newsletter, Fraud360 News Brief International. Contact us today for more information.
EDITORIAL For editorial inquiries, questions and comments, please contact Ms. Arooj Mehmood at arooj.mehmood@CRIGroup.com. Ethics Resource is published by Corporate Research and Investigations LLC: Global Headquarters Level 9, #917, Liberty House DIFC, P.O. Box 111794 Dubai, UAE Tel: +971-4-3589884 Fax: +971 4 3589094 © 2016 Corporate Research and Investigations, LLC. Copyright is reserved throughout. Although Ethics Resource may be quoted with proper attribution, no part of this publication may be reproduced without the express written permission of the publisher. Contributions are invited but copies of all work should be kept as Ethics Resource can accept no responsibility for loss. The views expressed in Ethics Resource are those of the authors and might not reflect the official policies of CRI Group.
About CRI Group Corporate Research and Investigations, LLC (CRI Group) is a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organizations. A licensed and incorporated entity of the Dubai International Financial Centre (DIFC), CRI safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business.
Connect with us on the web or through social media. LinkedIn Facebook Twitter Blog: FraudInsider.com
CERTIFICATIONS
ISSUE 1 2016 | Ethics Resource | 5
Ethics Brief Fraud in the Middle: Corruption Risk in Defense Contracts In the long history of business, use of a “middle man” has been a traditional, if somewhat shadowy, way of securing deals between parties. Unfortunately, the use of a middle man to
report defines the likely problems and how, and why, they arise, TI also offers several key recommendations for both companies (contractors) and military organizations doing business with them. Companies
facilitate business can also increase the risk of
• Implement ethics and anti-corruption pro-
corruption through bribery and similar malfea-
grams that minimize the corruption risks
sance. Nowhere is this more true than in the
posed by agents.
military defense industry. One recent example is the new investigation by the UK Serious Fraud Office (SFO) into allegations of fraud, bribery and corruption at Airbus. Katherine Dixon, Director of Transpar-
• Ensure that agent incentive structures are centralized, accountable, and transparent. • Make greater demands of governments (for guidance, clarity and accountability).
ency International (TI) Defence and Security Programme, said: “The use of agents is one of the biggest corruption risks across the defence and aerospace sector, and Airbus is just one of a long line of companies that have run into trouble. The failure of Airbus to declare its agents highlights the weakness of self-disclosure
Importing Governments • Increase clarity and transparency in procurement. • Establish ethics and anticorruption requirements for all bidding companies • Strengthen oversight and enforcement.
requirements and why governments can and should use export policies to reduce the influence of corrupt middlemen. “The Airbus case demonstrates the need for more consistent transparency requirements in export policies around the use and payment of agents.”
Exporting Governments • Review arms export strategies and strengthen export controls. • Support companies facing demands for corrupt behavior.
TI, the global corruption watchdog organization, recently produced a report that examines
The above bullet points are elaborated on
this problem. “Licence to Bribe? Reducing
in greater detail in the report itself, which is
corruption risks around the use of agents in
downloadable at TI’s website. The report also
defence procurement” highlights the risk of
includes guidance for society on the whole, with
using middle men in defense deals. While the
useful advice such as:
6 | Ethics Resource | ISSUE 1 2016
• Demand more information from governments
companies must take, as working with third par-
on how public money is spent in the defense
ties is a necessary (and most often beneficial)
sector.
aspect of conducting business today.
• Monitor defense procurement and publish information on defense contracts. • Conduct research into agent ethics and anticorruption programs. • Discuss the risks around the use of agents with national defense establishments and export credit agencies, and provide advice for reducing these risks. • Advocate for greater disclosure around the use of agents by defense companies. • Advocate for governments to require companies to have ethics and anti-corruption programs that apply to their agents as a condition of bidding for MoD contracts. • Establish independent reporting mechanisms to collect allegations of malfeasance. Fraud will always exist, and high-dollar defense and other military contracts will always be targeted by fraudsters due to the sheer amounts of money that can be made through bribery and corruption. Use of a middle man only adds to this corruption threat. Following TI’s guidance, businesses, governments and the citizens they serve can help limit future cases of fraud and help reduce financial losses.
Rather than taking the unrealistic and unnecessary approach of cutting all ties with outside companies, business leaders should instead take proper steps to mitigate risk and vet the third parties as thoroughly as possible. First, let’s look at the main risks posed by conducting business with third-party partners: 1. Harm to reputation. Adverse effects and negative opinions attached to a third party can damage the organization. Especially in high profile scandals involving a third-party partner, the effects might include disappointed clients and a loss of trust. Unfortunately, the lost confidence of your customer base is the kind of capital that is difficult, if not impossible, to restore or replace. 2. Non-compliance issues. If a third-party partner is skirting regulations or falling short of compliance standards, this can affect your business directly, especially if they are a supplier or a contractor conducting work for your business. Consider a construction firm that contracts electrical work to a firm that subsequently falls into non-compliance in the eyes of various regulating bodies. This can have a disastrous effect on your company’s projects — and your bottom line. 3. Negative financial impacts. A third party’s
Top 5 Risks of Conducting Business With Third Parties
system failures, human mistakes, fraud or an incapability to provide services as described, or in a timely manner, can
There are inherent risks involved for any orga-
directly impact your own ability to deliver
nization that does business with third-party
for clients. Improper due diligence and no
partners. Without a doubt, these are risks most
appropriate contingency plan for selecting
ISSUE 1 2016 | Ethics Resource | 7
third parties leads directly to a heightened business risk. 4. Cultural differences. Working with third parties located in foreign countries is often necessary for international corporations. However, there can be unseen difficulties in conducting business with partners based in countries that have varying cultural values and beliefs. The social, political or cultural values could adversely affect activities of the foreign-based third-
Bribery Scandal: FIFA, a Victim? The recent headlines regarding scandal-ridden FIFA, the governing body for international football, might surprise some, and they certainly provide an interesting twist to the saga. FIFA’s latest move is to petition the United States for “tens of millions of dollars” it claims — and admits — were lost through bribery, kickbacks and other corruption schemes. The move signals a new chapter in the scandal, which is now more than a year old. It
party service providers, creating
is the most official acknowledgment
challenging situations that may
yet from FIFA that the widespread
harm the organization.
corruption did indeed occur, and
5. Changes in your supply line. Many third-party partners are essential suppliers of goods and/or services for large, multinational companies. But what happens if those suppliers go out of business suddenly? Or are faced with financial hardship, causing unreliable supply or gaps in delivery? Your own business could suffer. It’s enough to keep a supply chain manager awake at night.
vote selling and other payoffs directly impacted bidding processes — in particular, the winning bid for South Africa to host the 2010 World Cup.
Millions at Stake According to BBC Sports Editor Dan Roan, the move shouldn’t be seen as a surprise: “FIFA’s survival depends on it retaining the victim status afforded it by the US Department of Justice and this helps reinforce the narrative that it was the injured party in football’s corruption scandal, rather than the perpetrator,” Roan
The aforementioned risks will always be pres-
wrote. “With millions of dollars being spent
ent for any company doing business with third
each month on lawyers to clean up the scandal,
parties, and the best way to address them is by
as well as the loss of key sponsors, FIFA could
conducting thorough due diligence on each and
do with the money.”
every partner in your business. A formalized vetting process should be initiated for every new or prospective partner, and regular checks should also be applied to existing (even long-
Many media outlets, especially those in the U.S., weren’t very charitable about the move from FIFA. NBC News, for example, ran with the following headline: “FIFA Demands Millions in Restitution From U.S. — for Its Own Misdeeds.”
time) partners. To cut corners on due diligence
The tenor of the article itself mostly matches
is to invite risk, and possible disaster, for your
the irony-laden headline:
business future.
8 | Ethics Resource | ISSUE 1 2016
“FIFA, the disgraced governing body of world
soccer, is demanding tens of millions of dollars from the U.S. government as restitution for bribes and benefits paid to its own former leaders, according to court documents.” Since a joint U.S.-Swiss raid on FIFA of-
Background Checks: 4 Red Flags Trying to land a new job can be a challenge. But what is often overlooked is how difficult the employment arena can be from the other side of
fices in Switzerland, and the arrests of several
the interview desk. Companies looking to hire
highly placed FIFA officials, nearly a year ago,
additional staff face risks and pitfalls in trying
the breadth of the scandal has only continued
to find the perfect new team member.
to grow. Most recently, on February 19, Sepp Blatter insisted that Qattar won bidding for the 2022 World Cup fairly.
Among those risks is the threat of a dishonest job candidate. Some prospective employees will exaggerate their credentials or, in extreme cases, make things up
Ethics Proceedings Ongoing Only two months earlier, in December, Blatter was banned for eight years from all football-related activities. The ban comes from FIFA’s ethics committee. UEFA President Michel Platini was also banned for eight years. Also, on February 23, Prince Ali appealed to
entirely to give themselves an edge in a competitive job market. For employers who fall victim and don’t discover the truth, they risk hiring unqualified, untrained and dishonest new staff members — which can be a dangerous proposition. This is why it is absolutely crucial for any organization to include thorough background
have FIFA elections suspended in the name of
checks as an integral part of their hiring
establishing better transparency for the voting
process. Whether conducted in-house or by a
process (his request for transparent voting
qualified third party, the pre- and post-employ-
booths was refused). His appeal was rejected.
ment screening process (background checks)
And on February 25, FIFA’s ethics committee
should cover all the bases to verify a candi-
opened proceedings against CONMEBOL vice
date’s information.
presidents Luis Bedoya and Sergio Jadue. Both are expected to be banned, no surprise considering each pleaded guilty to charges of rack-
The following are just a few of the things that will raise red flags in a background check. 1. Employment gaps. Recent gaps in employ-
eteering conspiracy and wire fraud conspiracy.
ment on a resume are fairly common, but
At the same time, Blatter and Platini’s bans
the candidate should be able to provide a
were reduced to six years. But anyone who has
sound explanation, such as being off work
followed Sepp Blatter over the years knows
for illness. Frequent employment gaps can
that we haven’t heard the last of him ... even
signal a problem and may warrant caution
if he is relegated to media interviews in which he continues to plead innocence or ignorance
on the part of the employer. 2. Educational “fluffing.” Educational
— ignorance of rampant corruption within the
degrees, certifications and other achieve-
organization he led for nearly 20 years.
ments should be verified directly with the
ISSUE 1 2016 | Ethics Resource | 9
college, university or sanctioning body. Any discrepancies require an explanation from the candidate, but be aware: claiming a degree that was not earned is a common scenario, unfortunately; and it is unlikely to end up on a resume by mistake. Such claims are an indication of dishonesty. 3. Poor financial history. Credit checks should be conducted (as allowed by law),
• Credit checks • Background information on former employers • Analytic research of credential breaches • Bankruptcy checks • Criminal record checks • Civil litigation checks • Financial regulatory checks
and a poor credit history can indicate
• Directorships & significant shareholdings
a risk factor for any employee. While it
• Professional qualifications & memberships
might not reflect dishonesty, at the least it could signal irresponsible financial behavior. The candidate should be given the
• Criminal watch lists • Employment references
opportunity to explain the problem, but the organization might see fit
Hiring new employees doesn’t have to
to avoid placing the individual
feel like a walk through a minefield.
in a position where they would
By conducting comprehensive pre-
handle financial matters for
employment screening, any company
the organization.
can increase their protection from
4. Criminal history. Every pre-employment screening process should include a background check of the individual’s criminal history, and serious crimes are an obvious red flag. Many fraudsters have been caught committing the same financial crime they perpetrated at a previous job just months or years before. Any criminal acts involving theft or fraud, in particular, should be weighed heavily in the background screening process. At CRI Group, our experts know that the most effective pre-employment screening includes as many of the following checks as permitted by law in your jurisdiction:
fraud and unethical behavior.
The Right Fraud Prevention Program: Key Elements What company can afford to lose 5 percent or more of their revenues to fraud? If business leaders considered how much they are losing that is unrecoverable, the first question would be: “How can we stop this?” The best answer is: prevention. Every organization, large or small, should have a plan in place for preventing and detecting fraud. In this article, we will discuss the critical elements of a fraud prevention program and how they help companies protect themselves and lessen their risk.
• Verify current & former address
Code of Conduct
• Verify name, date-of-birth, national ID number
It is not enough to just expect employees to
10 | Ethics Resource | ISSUE 1 2016
know that fraud won’t be tolerated at any level.
ings from an audit can be provided for follow-
An ethical code of conduct should spell out in
up to fraud investigators, whether external
plain language the company’s expectations and
or in-house, who can determine if intentional
zero-tolerance policy toward unethical behavior. Furthermore, every employee, from the top to the bottom of the organization, should be required to read and sign it. It can stand alone or be included in an employee manual, and
wrongdoing has occurred.
Provide a Hotline Studies show that most frauds are still uncov-
it should be discussed at orientation and/or
ered by tips. The tips come from employees,
employee training events.
contractors and even clients/customers. The
Background Checks A robust fraud prevention program should include pre- and post-employment background screening. Such checks should be conducted as a matter of policy, and should include a thorough investigation of employment, credit, licensing and criminal history for all new hires.
key is that any reporting system should be anonymous, alleviating fear of retribution or other consequences for the person reporting the potential fraud. Make it easy for people to make a report, whether through a hotline, an online reporting system, or both.
References should be checked and verified,
Review Your Progress
as well.
Once a fraud prevention program has been
Segregation of Duties Roles and responsibilities should be divided so that no single employee has too much control over finances or assets. Accounting functions, in particular, should be separated and owners or managers should review bank statements
implemented, the company should make sure to review the program’s effectiveness over the coming weeks, months, and years. Consider it like any other key business function — in fact, it is arguably one of the most important, as it helps safeguard the business and invest-
and payroll checks. Check-signing authority
ments from fraud. Schedule regular assess-
should be reserved for an employee who does
ment periods to track how much fraud has
not have regular access to checks. Transactions
been uncovered, what systemic weaknesses
should require proper authorization in all cases.
were found and what actions were taken to
Audits and Other Checks Frequent, surprise audits can help uncover even small problems before they develop into something worse. Audits alone can’t protect a company from fraud — nor are they designed to do so. But they can expose accounting irregular-
follow up on them. With a robust fraud prevention system in place, business owners and executives can sleep a little easier knowing their organization has reduced risk and increased their ability to prevent and detect fraud.
ities and reveal weakness in an organization’s accounting systems and processes. And find-
— Compiled by CRI Group Staff
ISSUE 1 2016 | Ethics Resource | 11
I N F O C U S : The Panama Papers
Panama Privacy Laws, Offshore Companies and the ID of Ultimate Beneficiary Owners
By CRI Group Staff
T
he leak of a set of confidential
ca, operating out of Panama. Panama provides
documents providing detailed
a constitutionally guaranteed privacy for both
information about hundreds
citizens and foreigners under its jurisdiction,
of offshore companies listed
thus allowing Mossack Fonseca to be protected
by the Panamian corporate
by Panama privacy laws that provide complete
service provider Mossack Fonseca
anonymous ownership of business interest and
resulted in the scandalous release of the identities of owners, shareholders and directors of several offshore companies. The documents, which were first made
ventures. Article 29 of its constitution specifically prohibits the violation of private documents and correspondence and states that these docu-
available in 2015 by an anonymous source,
ments may not be held or examined by a third
were analyzed and investigated by the Interna-
party except for legal or judicial purposes. Also,
tional Consortium of Investigative Journalists.
Law 6 (2002) of the Panama privacy codes
Earlier this year, the enormous leak revealed
establishes that personal information can only
several wealthy individuals, including public of-
be shown to an interested party, and makes it
fice holders and celebrities, to be the Ultimate
a crime if the confidentiality is violated. These
Beneficial Owners of the offshore companies. It
laws allow Mossack Fonseca to choose not to
has been intimated that the dealings of these
make public the Ultimate Beneficial Owners of
individuals with Mossack Fonseca were part of
the offshore companies it controls, and thus
a bid to carry out illegal activities such as tax
making the EDD process difficult.
evasion, fraud, bribery and corruption.
Enhanced Due Diligence
Layers of Deception To make matters worse, Mossack Fonseca
Financial institutions are typically required to
operates in such a way that they stand in or
carry out an Enhanced Due Diligence (EDD)
provide stand-ins to serve as the owner(s) of a
procedure to find out the Ultimate Beneficial
company. They register the company, open bank
Owner of an offshore company seeking to do
accounts and even provide directors to sit on
business with them. The EDD is carried out
the company’s board. They also provide several
to reduce high risk situations, such as money
layers of ownership in a bid to hide the Ultimate
laundering and financing terrorism, that may
Beneficial Owner, so that an individual listed
be associated with dealing with an individual
or found to be the legal owner of the offshore
or company. The EDD involves the gathering of
company may simply be holding the position for
additional information to verify the identity of
another individual who prefers anonymity.
customers, as well as their source of income.
Thus it is important that a thorough En-
An EDD is also especially required where the
hanced Due Diligence process, along with
customer is not available in person, or the cus-
forensic analysis, be carried out even after the
tomer is a politically exposed person.
identity of a stated Ultimate Beneficial Owner
However, the Enhanced Due Diligence pro-
has been discovered. For instance, EDD and fo-
cess may become a tedious task with a corpo-
rensic analysis should be used to find out if the
rate service provider, such as Mossack Fonse-
stated individual has a financial profile which
ISSUE 1 2016 | Ethics Resource | 13
Panama Papers Drive New Rules, But Are They Enough? Among government reactions to the incendiary Panama Papers, the U.S. Departments of Treasury and Justice rolled out new measures in an effort to fix gaps requirements to identify the Ultimate Beneficiary Owners (aka “beneficial owners”) of companies. Such owners are the main subjects of the Panama Papers, sheltering funds in overseas entities that are described, in
The case of the Panama Papers, an international exposé of corruption, continues to drive discussions about ethics and transparency. What lessons can we take from this outrageous scandal? Download CRI Group’s “Panama Papers: Critical Lessons for Government, Corporate Leaders” at CRIGroup.com/whitepapers.
many cases, as shell companies. The problem, according to critics, is that the new measures don’t go far enough. According to Global Financial Integrity (GFI), a non-profit, Washington, D.C.-based research and advisory organization, the rules being implemented by Treasury and Justice “fail to ensure that beneficial owners are identified.”
Who is a ‘Beneficial Owner’? As GFI asserts in a news release, one sticking point is that the final rule “requires banks to
corresponds with the activities of the offshore
identify one individual who has significant re-
account, and/or if the individual is related to or
sponsibility to control or manage the company,
is an associate of a wealthy or famous individu-
defined to be a manager, as well as individu-
al, or a politically exposed person.
als — if any — who have a 25 percent or greater
CONTACT INFORMATION Corporate Research and Investigations LLC 917, Liberty House, DIFC P.O. Box 111794 Dubai, U.A.E.
ownership interest in a company. Where no individual with a 25 percent interest is identified, the only person named will be the manager.” GFI’s Policy Counsel Liz Confalone notes:
Tel: +971-50-9038184
“Treasury has muddled the concept of
Fax: +971-4-3589094
control in their definition of ‘beneficial owner.’
Toll Free: +971 800- CRI LLC (274-552)
Managers — as persons who conduct the
Email: cridxb@CRIGroup.com
day-to-day operations of a company — are not
14 | Ethics Resource | ISSUE 1 2016
beneficial owners. There is a difference between the control that someone exerts over a company despite not having an ownership interest, such as rights to veto board decisions and to appoint directors and the day-to-day management control of the company. “When we talk about control in the beneficial owner context, we’re talking about the former. That is the distinction missing in Treasury’s definition. This means that banks can fulfill their due diligence requirement without identifying any actual beneficial owner. This is a problem for everyone, but Congress has the power to adopt new legislation to fix it and should not hesitate to do so.”
Vulnerabilities Exposed More than 30 U.S. citizens are linked to the offshore companies exposed by the docu-
More than 30 U.S. citizens are linked to the offshore companies exposed by the documents leak, a fact that has upped the pressure on the U.S. government to shore up vulnerabilities that make such skirting the law and regulations possible.
ments leak, a fact that has upped the pressure on the U.S. government to shore up vulnerabilities that make such skirting the law and regulations possible. As guidance for governments goes, worldwide anti-corruption group Transparency International (TI) has proposed several courses of action:
property to disclose on whose behalf they are operating.
1. All countries should require much higher levels of transparency around who owns
TI expands on the above points on its website.
and controls companies registered in their
One thing is for sure: the Panama Papers will
territories.
continue to drive discussion and the need for
2. Professional enablers that are found to be complicit in corruption must be sanctioned. 3. All countries should require any company bidding for public contracts or purchasing
new rules and legislation for the foreseeable future. Both governments and business leaders need to get on the right side of transparency — and help combat corruption — before a widening scandal worsens.
ISSUE 1 2016 | Ethics Resource | 15
THE WORLD
IS WATCHING
CORPORATE ETHICS & TRANSPARENCY BY Z AFAR AN J U M, M SC , CFE, CII, M ICA , I NT. D IP. ( FIN. CRIM E)
Business ethics is a commit-
publicity and embarrassing
ment. It is an action. Before
scandals are not just major
an organization can consider
red flags for consumers look-
its governance a strength, it
ing for secure investments.
needs clearly defined values
They discourage customers,
that guide decision making
drive out talented employ-
and behavior at every level. It
ees, and with top-tier talent
needs a mechanism in place
eager to work for companies
to measure ethical perfor-
dedicated to transparency
mance. It needs a plan for
and ethical operations, they
continually identifying, inves-
make recruitment an impos-
tigating and managing risk.
sible task.
The strongest organizations
Still, it seems that every
hold their guiding values so
day brings news of bribery
closely that they are known
scandals, corporate leaks,
not only by leadership and
human trafficking investiga-
employees, but also by share-
tions and corruption of all
holders and customers.
sorts. The constant stream of
Companies thrive on
stories involving organizations
healthy relationships with
behaving badly has fed public
shareholders, customers and
cynicism and distrust — senti-
employees. Unethical prac-
ments that recent trends sug-
tices destroy relationships.
gest have reached a tipping
A lack of solid, well-planned
point. Simply put, people have
corporate governance is a
had enough of corruption and
vulnerability that inevitably
unethical behavior. Demand
becomes public. Constant
for transparency and account-
court battles, penalties, bad
ability is strong.
ISSUE 1 2016 | Ethics Resource | 17
a revelation. Corruption in
is a development worth cel-
Third-Party Risk Management
business and government has
ebrating. As cultures around
At CRI Group, we tell our
always been despised. But
the world commit to demand-
clients that when it comes
for years, corruption in some
ing a higher standard of trans-
to third-party anti-corruption
industries has been perceived
parency, integrity, and respon-
management, a strong initial
as unavoidable and too costly
sibility from businesses and
to eliminate. Essentially, par-
risk assessment is key. Know-
governments, we move closer
ticipants have chosen to pass
ing what risks third-party ven-
to an undeniably better, safer
unethical practices off as ‘the
dors present drives a broader
environment for everyone. We
strategy based on constant
move toward more stable eco-
assessment, analysis, train-
nomic, political and regulatory
ing and monitoring.
In one sense, this is not
cost of doing business’ or ‘business as usual’ to justify looking the other way. But in another sense, it’s worth considering that
We can all agree that this
environments. Societies connect in new
This is not a simple task, as companies evolve over
ways every day. Information
time. A vendor that repre-
today is shared at lightning
sents a low risk one year
speed and judgments are
may become a major vulner-
made just as quickly. So,
ability the next, becoming an
when damaging news or alle-
unknown threat. Similarly,
gations regarding a company
a vendor considered high
is leaked, it is instantly shared
risk one year may drastically
around the world and a story-
improve its risk profile the
line is developed. A reputation
next and no longer demand
for integrity and transparency
the time and effort neces-
is the best defense. But it can
sary for heightened scrutiny.
only be earned. In a world
With a strong program in
have shown that passive
where secrets no longer stay
place to continually monitor
acceptance of corruption as
secrets for long, transparency
and evaluate vendor relation-
an unfortunate but necessary
is crucial.
ships, organizations can be
as consumer expectations of service have changed, so have expectations of corporate responsibility. Just as any organization cannot afford to ignore changing economic conditions, organizations cannot ignore changing social conditions. Recent global trends in popular demonstrations, media scrutiny, government action and judicial focus
evil is rapidly disappearing.
Now, more than ever, orga-
assured that resources are
nizations must be relentlessly
being properly appropriated to
A Time for Transparency
focused on managing third
reduce risk.
For many countries, the road
value on transparency. One
dal involving Alcoa Inc., the
from adopting anti-corruption
incident in an inadequately
largest U.S. manufacturer
regulations to actively enforc-
managed and monitored sup-
of aluminum, resulted in a
ing them has been long. But
ply chain can have destructive
penalty of $384 million. The
without question the pace
consequences that could tie
charges stated that a closely
has quickened dramatically in
an organization up legally and
held subsidiary of Alcoa
recent years.
financially for years.
bribed officials of a Bahraini
18 | Ethics Resource | ISSUE 1 2016
party risks with a heightened
A recent bribery scan-
state-controlled aluminum
Bribery act, the Modern Slav-
management program, but
smelter. This incident, and
ery Act, and the FCPA that call
person-to-person interaction
its resulting consequences,
for careful consideration. This
is invariably the best path to
could have been prevented
makes compliance challeng-
meaningful insight into a third
had a comprehensive pro-
ing for companies with broad
party’s reputation, practices
gram been in place to detect
supply chains.
and ethics.
and prevent unethical action.
A comprehensive third par-
The Securities and Exchange
ty risk management program,
Commission released a
administered responsibly, is
Ethical Companies are Strong Companies
statement that read, in part:
the only way to ensure gover-
The benefits of a company’s
“It is critical that companies
nance standards are upheld
strong commitment to eth-
assess their supply chains
throughout an organization’s
ics and social responsibility
and determine that their
supply chain. Automated due
go beyond the immediate
business relationships have
diligence processes based
gratification of simply doing
legitimate purposes.”
on public records, with the
the right thing. Certainly, a
promise of low cost efficiency,
commitment to profitability is
cracking down on corruption
is alluring. But relying on
a central tenet of any suc-
is worldwide, regulations
public records for identifying
cessful business. But the cost
vary greatly from country to
vulnerabilities across multi-
of pursuing profit blindly —
country, and from industry to
national vendor relationships
without giving concern to the
industry. Recent years have
is a half-measure. Certainly,
means of pursuit — must be
seen major changes to, or
public records-based com-
reckoned with.
introductions of, far-reaching
pliance will always be a
legislation, including the UK
basic component of a risk
While the trend toward
A reputation for ethical behavior is a crucial compo-
ISSUE 1 2016 | Ethics Resource | 19
nent for any organization’s
at an individual level, become
and participate in constant di-
long-term success. Securing
‘why’ a company operates.
alogue around their organization’s ethics. Annual retreats
such a reputation requires
and frequent webinars simply
toward building, maintaining
A Matter of Leadership
and protecting values that
An organization’s ethical per-
discussions about transpar-
guide decisions through-
formance rises and falls with
ency and ethics belong in
out the organization. It also
leadership. To truly instill an
every level and in every facet
requires a diligent effort to
ethical culture, the leaders of
of an operation. The commit-
remain capable of adapting to
the organization must define
ment to social responsibility
an ever-changing environment.
guiding principles and values,
should be embraced as one
clearly communicate them,
that must evolve and grow
strong commitment to social
and, most importantly, live
with its surrounding culture.
responsibility are great,
them. Leadership must serve
building and maintaining high
as daily examples of execut-
leadership publicly and
ethical standards is not easy.
ing goals with integrity.
internally puts their dedica-
a constant, deliberate effort
Though the benefits of a
Even for companies with long-
Employees will not em-
standing result-driven compli-
brace a proactive culture of
ance programs, performance
responsibility without trusting
according to these standards
that the organization’s leader-
can fluctuate. Ethisphere and
ship is uncompromising in its
similar corporate ethics insti-
dedication to doing the right
tutions reflect this reality in
thing every time, regardless
annual indexes and rankings.
the cost. Hotlines and surveys
A strong culture of social
are common tools organiza-
responsibility adds value
tions use to gauge perfor-
to every interaction. When
mance in these areas. At
principles guiding ethical
many companies, they are the
behavior become part of a
only tools. We know well the
company’s culture, the risk
flaws associated with relying
of focus shifting away from
only on the results gained from
responsibility disappears.
them. Ironically, the tendency
Principles handed down from
for skewed results can largely
the top become reminders —
be traced back to leadership.
they become ‘how’ a company
How likely would it be for an
operates. We should hold our-
employee to report unethical
selves to a higher standard.
behavior if leadership had not
The principles guiding an
demonstrated a willingness to
organization, when truly part
take it seriously?
of the culture and embraced
20 | Ethics Resource | ISSUE 1 2016
Leaders should encourage
are not enough. Meaningful
When a company’s
tion to ethical practices at the forefront of the organization’s priorities, it sends a powerful message to employees and customers. For some companies a commitment to guiding principles becomes a valuable component of their brand’s identity.
The World is Watching Corruption is an ongoing storyline. It is now a narrative with which the public is constantly engaged. From Alcoa and Petrobras to the Panama Papers and FIFA, allegations catch fire quick and judgement from the court of public opinion is handed down just as fast. These conditions lead to one unavoidable truth: It is time for all companies to step up the commitment to transparency and ethical practices.
The due diligence requirements mandated by regulators must be considered a baseline. Companies must be vigilant in implementing strong anti-corruption programs that extend to vendors. The world is watching, and expectations have never been higher. ABOUT THE AUTHOR Zafar I. Anjum, CFE, is chief execu-
The World is Watching: Recent Case Studies in the News Telia to Pay $1.4 Billion in Bribery Probe U.S. and Dutch authorities are asking Swedish telecom carrier Telia Company AB to pay $1.4 billion to settle allegations it distributed hundreds of millions of dollars in bribes to secure business in Uzbekistan — the latest move by U.S. prosecutors to target corrupt practices overseas. Telia, which is partly owned by the Swedish govern-
tive officer of CRI Group, a global
ment, has said it was cooperating with the probes and
supplier of investigative, forensic
has acknowledged shortcomings. Chairwoman Marie Eh-
accounting, business due diligence
rling said the company’s entry into Uzbekistan “was done
and employee background screen-
in an unethical and wrongful way, and we are prepared to
ing services for some of the world’s
take full responsibility.”
leading business organizations. A member of the Dubai International Financial Centre, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your
Trial Begins for Maurice Greenberg, Ex-A.I.G. Chief Accused of Fraud The 11-year-old accounting fraud case against the former American International Group (A.I.G.) chief executive Maurice R. Greenberg finally came to trial on September 13. A senior New York State trial counsel, David N. Ellen-
business. CRI Group maintains
horn, said that while defense lawyers had used “delaying
offices in UAE, Pakistan, Qatar,
tactics,” including seven pretrial appeals, “the day of
Singapore, Hong Kong, Malaysia,
reckoning” had finally arrived for Greenberg, and A.I.G.’s
USA and the United Kingdom.
former chief financial officer, Howard I. Smith.
CONTACT INFORMATION
Three Charged Over Tesco Accounts Fraud
Zafar Anjum, MSc, CFE, CII, MICA, Int. Dip. (Fin. Crime) CRI Group Chief Executive Officer 917, Liberty House, DIFC PO Box 111794, Dubai, UAE
Three former Tesco executives have been charged as part of a continuing investigation into accounting irregularities at the supermarket giant in 2014. Carl Rogberg, Christopher Bush and John Scouler
Phone: +971 4 3589884
have been charged with fraud and false accounting, the
Fax: +971 4 3589094
Serious Fraud Office (SFO) said. Tesco said there had
Cell: +971 50 9038184
been “an extensive programme of change” since 2014.
Email: zanjum@CRIGroup.com
ISSUE 1 2016 | Ethics Resource | 21
I N F O C U S : Third-Party Risk in 2016
Does Your Risk Management Program Measure Up to Today’s Threats? Speed. For today’s consumer, it isn’t a benefit
inadequate due diligence cannot be overesti-
or feature — it is an expectation. Thanks to
mated. With a strong third-party risk manage-
rapid innovation across an expanding land-
ment program, your organization’s network of
scape of service providers, manufacturers and
third-party service providers can be part of a
supply chain partners, companies today are
successful path to industry leadership. Without
better positioned to meet this expectation than
a good program to identify and remediate risks,
ever before. Convenience is now a commodity.
you may someday find yourself scrambling to
However, the convenience of calling upon a global network of vendor support comes with considerable risk. The consequences of
BY ZAFAR I. ANJUM, MSC, CFE, CIS, MICA, INT. DIP.
22 | Ethics Resource | ISSUE 1 2016
pick up the pieces of everything you built while your hard-earned customers jump ship. Recent years have seen a number of
(FIN. CRIME), CII, MIPI
large scale data breaches attracting massive
regulatory penalties. Perhaps the most damag-
amounts of attention. Individual breaches
ing effect, and certainly the hardest to reme-
are now seen by the public as part of a trend.
diate, is the hit to your organization’s reputa-
This has resulted in tighter regulation, greater
tion and perceived trustworthiness. Building
consumer skepticism and a stronger-than-ever
customer confidence is a long term process in
need for organizations to identify third-party risk
which one negative experience can spoil years
management as a primary focus area.
of hard work.
The Stakes Are Higher Than Ever Companies that do not rely on third-party ven-
Be Deliberate in Protecting Your Business
dors for at least part of their operation today
Your organization is only as safe as the least-
are few and far in between. The practice is com-
protected component of your third-party vendor
monplace globally across nearly all industries.
network. It is up to you to ensure adequate
Though the trend reached maturation some
protection against risks like the loss of sensitive
time ago, third-party vendor services remain
data or changing regulations.
high in demand. This continues to drive innova-
Many companies do not have a formal third-
tion across markets. Explosive growth is pos-
party risk management program. Some have a
sible today in ways we couldn’t have imagined
program that was sufficient when put in place,
even 20 years ago.
but is no longer relevant to today’s risks. If your
Of course, with growth comes vulnerability.
risk management processes do not grow and
Every day customers are trusting companies
adapt with evolving threats and regulations, you
with more sensitive information, companies are
are vulnerable. This is an area where assump-
utilizing new capabilities for storing informa-
tions are simply not enough.
tion, and bad actors are developing new ways to target systems. A breach of data security for your organiza-
Developing and implementing a third-party risk management program is essential, but not easy. It is a deliberate process with many
tion means a breach of trust for your customers.
considerations. Organizations grapple with
A security breach resulting in the exposure of
decisions at every point in the risk-management
sensitive customer information is a red flag for
process, from identifying what risks call for
everyone watching, including current and po-
increased oversight to efficiently addressing
tential customers. A vendor may be at fault, but
issues when they are discovered.
your customers will ultimately hold the principal not care which one of your vendors caused you
Know Your Needs and Modernize How They Are Addressed
to fall short of their expectations. This means an
The key to effective risk management in 2016
immediate negative impact on your bottom line.
is proactivity. Asking difficult questions now can
organization accountable. Customers simply will
Beyond the financial risk, a breach in data se-
save you from answering accusatory questions
curity can mean litigation, loss of market value,
later. An honest self assessment is imperative.
a decrease in share price and any number of
Questions you might consider include:
ISSUE 1 2016 | Ethics Resource | 23
Depending on the complexity of your vendor network and the nature of your organization, you might consider hiring a firm that specializes in due diligence services. • Are your vendors equipped to protect your sensitive information against today’s risks? • How sophisticated is your cloud and social
• Can you identify warning signs with vendors? • Do you have a well-communicated reporting process?
media security? • Are your vendors capable of adapting to regulatory compliance changes? • Are proper redundancies in place to ensure your information is protected against acts of nature? • Who owns the process internally? • Do you have a set methodology for addressing incidents? • Do you maintain an accurate and complete interactive inventory of your vendors?
24 | Ethics Resource | ISSUE 1 2016
Considerations change from company to company and from industry to industry. Financial institutions have a set of concerns far different from food service companies. Universities have a set of concerns far different from construction companies. And certainly the size of an organization will shape the necessary functions of a risk management program as well. A five-person start-up will require a much different program than a 5,000-person corporation in order to be adequately protected.
That said, modern risk management pro-
automated actions. At its core, a thought-
grams all have a number of things in common.
ful third-party risk management program
While organizations can take many shapes and
protects your most valuable asset — the trust
sizes, the principles of responsible risk manage-
of your customers — in a manner that saves
ment are one-size-fits-all:
both time and money.
• Not all risks are created equal. What risks are
• Stay focused. It’s common sense: Companies
organizations in your industry most suscep-
that identify third-party risk management as
tible to? Prioritize your focus. Know which
a primary focus area are in the best position
vendors carry a greater risk and require a
to succeed. Whether your company is build-
more active risk management strategy. Not all
ing a program for risk management for the
vendors require on-site review. A vendor with
first time, refreshing a program built previ-
no history of security concerns and with little
ously or conducting a scheduled review of
access to sensitive information does not call
your processes, it is important to establish
for the same level of scrutiny as a vendor man-
and effectively communicate the purpose of
aging large amounts of transactions through a
the program. Maintaining an effective risk
web of multinational compliance procedures.
management program cannot be a passive
• If you fail to plan, plan to fail. Maintain standards and policies for compliance across your organization. Depending on the complexity of your vendor network and the nature of your organization, you might consider hiring a firm that specializes in due diligence services. Even if this is the correct route for your company, it is still crucial — perhaps even more so — to identify an internal point person to own the process and to maintain the principles of risk management within your culture. • Keep it evolving. Your program should be
task. It must become part of your company’s culture. ABOUT THE AUTHOR Zafar I. Anjum, CFE, is chief executive officer of CRI Group, a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organizations. A member of the Dubai International Financial Centre, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI
subject to frequent adjustments and regular
Group maintains offices in UAE, Pakistan, Qatar, Singa-
review and ongoing evaluation. Your ability to
pore, Hong Kong, Malaysia, USA and the United Kingdom.
respond to changing regulations and adjust accordingly is crucial. Keep a close partner-
CONTACT INFORMATION
ship with regulators. Know what changes
Zafar Anjum, MSc, CFE, CII, MICA, Int. Dip. (Fin. Crime)
to anticipate. Additionally, the tools at your
CRI Group Chief Executive Officer
disposal for risk management continue to
917, Liberty House, DIFC PO Box 111794, Dubai, UAE
strengthen in cost-efficient ways. Organi-
Phone: +971 4 3589884
zations are relying less on passive, time-
Fax: +971 4 3589094
consuming and costly manual assessment
Cell: +971 50 9038184
of vendors, and more on analytic-focused,
Email: zanjum@CRIGroup.com
ISSUE 1 2016 | Ethics Resource | 25
I N F O C U S : Investigative Due Diligence
A Critical Step in Reducing Risk and Liability By CRI Group Staff
Due diligence refers, in a broad sense, to the
tion agreements, compensation arrangements,
level of judgment, care, prudence, determina-
and so forth.
tion and activity that a person would reason-
This article focuses on investigative due dili-
ably be expected to exercise under particular
gence versus inadequate due diligence. Legal
circumstances. In corporate law, due diligence
and financial due diligence will not be entirely
is the process of conducting an intensive
excluded, as all three of these specialties can
investigation of a corporation as one of the
interrelate, depending on circumstances —
first steps in a pending merger or acquisition.
which in part include the objective(s) of the
In a company acquisition, due diligence would
client. The expertise of legal counsel or accoun-
include fully understanding all of the obligations
tants may be necessary components in some
of the company: debts, pending and potential
situations, requiring a team approach.
lawsuits, leases, warranties, long-term customer agreements, employment contracts, distribu-
26 | Ethics Resource | ISSUE 1 2016
Oftentimes, clients have their own in-house lawyers, accountants and auditors. They may
also have their own security and investigative
are some of the areas potentially affecting the
personnel. However, in global transactions
outcome of any business decision. Evaluating
knowledge of and the ability to operate in
the personal and business reputation of po-
foreign countries may be less than adequate
tential business partners, associates, agents,
to cope with the complexities of gathering reli-
representatives, and consultants is a critical
able information in unfamiliar places. Corpo-
piece in determining not only the soundness of
rate Research and Investigations LLC (here-
a business relationship, but the reputation and
inafter called “CRI Group”) is an investigative
standing of the client as well. The three classic
research firm well positioned in the Asian and
elements of investigative due diligence are busi-
Middle Eastern regions specifically to provide
ness and media data research, public records
investigative due diligence services and to
search, and direct contact with government and
also serve as an advisor to clients in locating
private sources.
competent “local” expertise on the legal and financial side, if necessary.
The Purpose of Due Diligence Investigations
An optional fourth element — often overlooked, but extremely useful in certain situations — is a detailed written disclosure and background questionnaire. Voluntary questionnaire responses can provide important leads,
In essence, due diligence investigations are
as well as providing benchmarks that can be
about reducing risk and successor liability and
used in assessing the credibility of a subject.
should be a major consideration in any transac-
The questionnaire also serves as a means to
tion. Since it is impossible to eliminate all risk,
document due diligence efforts. Not all of these
the purpose of exercising due diligence is to cut
elements can be used in every due diligence
the risk down to a manageable and acceptable
inquiry — a limited amount of foreign media,
level. A considerable measure of judgment is
business and public records may be available
involved, not only in deciding what action to
online for a particular locale — but this can be
take, but in determining the level of investiga-
inadequate for remote locations, specifically
tion that matches the importance of the matter
the Middle East and Asian regions. Investiga-
to the client.
tive due diligence is an information-gathering
Due diligence investigations can allow the
discipline that is both distinct from and comple-
buyer of a property (company, trademark,
mentary to traditional legal and accounting due
license, etc.) to make an informed investment
diligence inquiries. It focuses on in-depth back-
decision with respect to the proposed acquisi-
ground investigation, vulnerability analysis and
tion. Lenders of money for all types of business
assessment, corporate personality and culture,
purposes need to know the level of risk and
and business intelligence.
security associated with a loan. The aforementioned are only two examples in which a due
Increased Mergers & Acquisitions
diligence investigation seeks to anticipate,
Merger and acquisition activity has been boom-
identify, avoid or minimize the risks before a cli-
ing, a trend that started in the 1990s. The total
ent makes a commitment. Political, economic,
value of mergers and acquisitions increased
legal, regulatory and security considerations
from $178 billion in 1990 to more than $1.7
ISSUE 1 2016 | Ethics Resource | 27
trillion in 1998. Today, as major industries like
Other U.S. legislation is either pending or
banking, insurance and telecommunications
contemplated in regard to increasing transpar-
continue to consolidate, mergers and acquisi-
ency and accountability in the foreign market-
tions should grow at an even faster rate. The
place. The expansion of U.S. business into new
increase of foreign investments by the world’s
markets has prompted law firms to brief corpo-
major economic powers, the emergence of
rate clients about the FCPA and to encourage
previously closed markets such as the former
them to establish compliance programs. The
Soviet Union and Eastern Europe, the recent
U.S. Department of Justice is beginning to use
opening of major markets such as China and India, the increase in major infrastructure projects worldwide, and the privatization of government entities have created a need for accurate, timely and reliable information that has become identified as added value in transactions. International terrorism is on the rise and will undoubtedly present increasing challenges in the future for corporations and other business interests seeking stability for their operations. Major law firms require litigation support. Loan underwriting and the secondary mortgage market are growing components of the commercial real estate industry.
more aggressive tactics to investigate alleged violations of the Act; these tactics include consensually monitored telephone conversations and search warrants. U.S. companies cannot escape the act by conducting business through a foreign subsidiary or joint venture that makes illegal payments. U.S. companies must also be concerned about whether a joint-venture partner is owned, in whole or in part, by a foreign official or an official’s relatives. FCPA exposure is greatest in areas where corruption is common and in industries in which foreign government involvement is greatest. While corruption may seem to
The Impact of Legislation
be omnipresent in international business, grow-
With extensive enforcement of the Foreign Cor-
ing pressure for change can be seen in the form
rupt Practices Act (FCPA) after 9/11 and most
of domestic political backlash that has recently
recently legislation of UK Bribery Act 2010, it is
occurred in Indonesia, Pakistan, and South
mandatory for companies to undertake integrity
Korea, to cite a few examples. This increasing
due diligence before taking any decision with
intolerance of corruption has caused some po-
potential business deals/joint ventures and es-
litical leaders to be humiliated and sometimes
tablishing working relationships with third party
driven from power.
services providers. The FCPA prohibits American businesses
The most effective way to minimize the risk of FCPA prosecution is to perform adequate in-
from paying bribes to foreign officials, even in
vestigative due diligence before hiring a foreign
countries where it is considered standard prac-
agent, consultant or representative, or enter-
tice. The Act requires companies to undertake
ing into a foreign merger, acquisition or joint
due diligence efforts to determine if business
venture. Where traditional investigative due
contacts are tainted. Due to its enforcement
diligence is typically performed to evaluate the
measures, the FCPA has emerged as a hot topic
quality and reputation of targeted businesses
in corporate board rooms across the U.S.
and individuals, investigative due diligence for
28 | Ethics Resource | ISSUE 1 2016
FCPA compliance seeks to determine whether
jurisdictions, and the practice by the rest of the
foreign business partners or consultants are
world. Under the common law practice, clients
government officials as defined by the Act.
usually expect due diligence to be conducted
Aggressive enforcement of the UK Bribery Act
before a transaction is closed or completed.
marks a similar approach.
However, this raises two issues with cross-cultural overtones — the scope and timing of a due
Cross-Cultural Considerations
diligence investigation. In common law circles,
International acquisitions are becoming more
the shared belief is that one can never do
and more attractive to foreign companies
enough due diligence. Such a comprehensive
whose strategy is to gain instant goodwill,
approach is grounded on the doctrine of caveat
distribution and/or management expertise
emptor, or buyer beware.
in a particular local market. This investment
In this type of atmosphere, the burden of
strategy will become more popular as devel-
investigation is placed on the client’s (buyer’s)
oping countries continue to relax their foreign
shoulders. By contrast, due diligence in other
investment controls to allow more opportu-
countries may be somewhat more abbreviated.
nities for 100 percent foreign ownership of
The matters normally covered by a common
domestic companies. Properly conducted
law type due diligence investigation may not be
due diligence takes on a greater role with the
necessary because in civil law countries many
prospects of having to deal with multi-jurisdic-
of those issues are covered by more specific
tional entities. This role will require a client to
rules. In some countries, comprehensive due
be concerned with both country-specific and
diligence may be interpreted as intrusive at
target-specific investigations.
best and at worst a sign of mistrust or bad
Whether an investment is a joint venture,
faith on the buyer’s part.
corporate acquisition or a strategic alliance, a foreign investor must be up to speed in matters
Cultural Differences in Due Diligence
such as the cultural, geographic, and legal envi-
For example, in Japan there is a hesitation to
ronment of the host country or countries of the
conduct a full investigation in order to pre-
proposed business venture. With this in mind,
serve the spirit of mutual trust between buyer
the client must be advised to carefully consider
and seller. The Japanese system places the
the “big picture.” Attitudes toward due diligence
burden of diligence on the seller, not the buyer.
may vary from country to country. A good first
The seller has a good faith duty to satisfy the
step is to consult a regional or country special-
buyer’s reasonable and good faith expecta-
ist who understands the area, if such a person
tions in a business transaction. This belief
is not already on staff.
is grounded in a strong Japanese tradition of honesty in business dealings, and by the
U.K., U.S. and the World
desire of Japanese businessmen to maintain
Practically speaking, global due diligence can
long-term relationships.
be separated into two schools: the practice
It is important to note that doing busi-
from the U.K., U.S., and other common law
ness on the basis of long-term relationships
ISSUE 1 2016 | Ethics Resource | 29
is common throughout all of Asia, as well as
the aforementioned business cultures is to
in Latin America. Saudi business executives
be aggressive. This approach can destroy any
prefer to feel comfortable with their business
chance of achieving success in consummat-
partners before any agreements or contracts
ing a deal in the short term, and developing a
are signed. Hence, a number of leisurely paced
long standing relationship in the long run. In
meetings can be expected where no substan-
most parts of Asia, the deal is embodied in the
tive business is discussed and interruptions
harmonious relationship between the parties.
The Japanese system places the burden of diligence on the seller, not the buyer. The seller has a good faith duty to satisfy the buyer’s reasonable and good faith expectations in a business transaction. This belief is grounded in a strong Japanese tradition of honesty in business dealings, and by the desire of Japanese businessmen to maintain longterm relationships.
(phone calls and visitors) and lack of privacy is
For Westerners, the deal is typically embodied
not uncommon. As the time comes to actually
in the documents. Thus the stage is set for a
finalize an agreement, confidentiality is most
clash of cultures which can usually be avoided
likely to increase. From the Saudi point of view,
with proper planning and forethought.
due diligence through social interaction actually becomes an important aspect of the process. The worst step anyone can take in any of
30 | Ethics Resource | ISSUE 1 2016
The timing of a due diligence investigation should be handled with this view towards cultural sensitivity. Due diligence in common
law situations is generally conducted before any definitive agreement is signed. At the very least, the client’s satisfaction with its due diligence is made a condition precedent to the client’s obligation to complete the transaction. In many countries, it is not uncommon for due diligence to completed as condition subsequent to closing a deal. As with the scope of due diligence, timing of the investigation may result in a culture clash where one party views such a demand as a sign of mistrust or bad faith. However, conducting discreet or even covert investigative due diligence investigations may be necessary. The utmost care and planning must be undertaken in investigations of this type.
Top 5 Due Diligence Pitfalls That Proper Investigations Help You Avoid Proper due diligence investigations expose security issues that could have potentially disastrous impacts on your organization’s business operations, were they to remain uncovered. Such investigations conducted by experts can unearth critical information that enables business leaders to avoid: 1. Merging with an international busi-
Conclusion
ness embroiled in several behind-
Reducing risk and successor liability should be
the-scenes legal battles.
critical focus areas for any company conducting business in our global economy. It will never be possible to eliminate risk entirely. But the purpose of proper due diligence is to reduce risk to a manageable and acceptable level. There is no “one size fits all” solution to due diligence for each client; it must be tailored to each sce-
2. Getting caught up in making procurement decisions involving the inappropriate influence of government officials who were slated to receive kickbacks. 3. Partnering with organizations that
nario. And to be successful, the due diligence
are potential credit risks, have
process must be thorough — and conducted by
claimed bankruptcy, have dissolved
proven experts.
stated companies or are faced with debtor filings.
CONTACT INFORMATION Corporate Research and Investigations LLC 917, Liberty House, DIFC P.O. Box 111794 Dubai, U.A.E. Tel: +971-50-9038184
4. Awarding work to an overseas contractor with absolutely no prior experience. 5. Affiliating with a contracting com-
Fax: +971-4-3589094
pany owned by a politician with sig-
Toll Free: +971 800- CRI LLC (274-552)
nificant influence on future awards.
Email: cridxb@CRIGroup.com
ISSUE 1 2016 | Ethics Resource | 31
News & Media Upcoming Events Find CRI Group at the following events around the globe in 2016:
CRI Group: Official Supporter of International Fraud Awareness Week Fraud costs organizations worldwide an es-
2016 ACC Annual Meeting October 16-19, 2016 San Francisco, CA
timated 5 percent of their annual revenues. The seriousness of the global fraud problem is
Abu Dhabi International Petroleum Exhibition and Conference 2016 (ADIPEC) November 7-10, 2016 Abu Dhabi, UAE
why CRI Group has announced that it will once again be participating in International Fraud Awareness Week, Nov. 13-19, 2016, as an official supporter to promote anti-fraud awareness and education.
ASIS China Conference November 14-15, 2016 Crowne Plaza Shanghai Shanghai, China
The movement, coordinated by the Association of Certified Fraud Examiners (ACFE) and
4th Annual Asia Ethics Summit December 6, 2016 The Fullerton Hotel Singapore
OFFICIAL SUPPORTER known commonly as Fraud Week, champions the need to proactively fight fraud and help safeguard business and investments from the growing fraud problem. This will be the sixth year in a row that CRI Group has been at the front of the yearly campaign, joined by hundreds of organizations who have partnered with the ACFE for the Fraud Abu Dhabi, UAE
32 | Ethics Resource | ISSUE 1 2016
Week movement. During Fraud Week, official supporters will
engage in various activities, including: hosting
said. “At CRI Group, we encourage organizations
fraud awareness training for employees and/or
of all shapes and sizes to conduct proper due
the community, conducting employee surveys
diligence and minimize risk. Only by addressing
to assess levels of fraud awareness within their
fraud and corruption proactively can we make
organization, posting articles on company web-
progress in preventing and detecting it.”
sites and in newsletters, and teaming with local media to highlight the problem of fraud. CRI Group CEO Zafar I. Anjum, CFE, said his organization is proud to be a supporter of such an important initiative, helping to spread aware-
stand how serious and pervasive fraud is, and how critical fraud prevention is to their overall business success. For more information about increasing awareness and reducing the risk of fraud dur-
ness and education about fraud. “Fraud is a serious issue for companies worldwide, and it is only getting worse,” Anjum
Advertise With Us
It is important that business leaders under-
ing International Fraud Awareness Week, visit FraudWeek.com.
To advertise with us, please send an email to PR@CRIGroup.com.
Space is available for Fraud360 and Ethics Resource magazines as well as our monthly email newsletter, Fraud360 News Brief International.
CRI Group Plays Key Role at First-Ever ACFE Middle East Fraud Conference More than 300 anti-fraud professionals
security and loss prevention professionals, and
gathered in Dubai in February under the kind
governance, risk and compliance professionals.
patronage of His Highness Sheikh Maktoum
CRI Group’s CEO Zafar I. Anjum, CFE, said
Bin Mohammed Bin Rashid Al Maktoum, the
that his company eagerly embraced the oppor-
Deputy Ruler of Dubai and Chairman of FAD, at
tunity to be a Platinum Sponsor at the Middle
the 2016 ACFE Middle East Fraud Conference.
East Fraud Conference. CRI Group’s world head-
CRI Group was proud to be a Platinum Sponsor
quarters is located in Dubai. “The conference provided an unmatched
for the event. Hosted by the Financial Audit Department
opportunity for training and sharing best prac-
of Dubai and held at Atlantis, the Palm, the
tices for fighting fraud in the Middle East,” An-
event was the first of its kind in the Middle East.
jum said. CRI Group’s representatives met face-
Attendees included Certified Fraud Examin-
to-face with many of the attendees, discussing
ers (CFEs), anti-fraud specialists, internal and
their challenges in fraud fighting — and sharing
independent auditors, forensic accountants, in-
“ways we can all work together to prevent and
formation technology and IT security profession-
detect more fraud — not just in the Middle East,
als, law enforcement and private investigators,
but around the world,” Anjum said.
Join the Conversation
ISSUE 1 2016 | Ethics Resource | 33
Fraud fighters from around the region learned the latest trends in fraud prevention, detection and deterrence during interactive sessions, educational workshops and an informative panel discussion. Attendees also met high-ranking and reputable speakers from leading organizations in the Middle East; gained insights into best prac-
CRI Group Adds Investigative Services to List of BSI Certifications CRI Group recently became the first investigative research company in the Middle East to receive the BS 7858:2012 certification – Security Screening of Individuals Employed in a Security Environment, from internationally recognized
tices and cutting-edge tools and techniques
training and certification body BSI. The certifica-
to detect fraud; and forged alliances with new
tion recognizes CRI Group’s expertise in screen-
and existing contacts who share similar chal-
ing services including identity checks, financial
lenges and goals.
checks, employment checks and criminal
Featured speakers included Bruce Dorris, J.D., CFE, CVA, vice president and program
records checks. This week, CRI Group added to its expanding list of expert credentials by also earning the BS 102000:2013 certification – Code of Practice for the Provision of Investigative Services. The BSI certification is provided based upon CRI Group’s proficiency in providing services regarding: • Fraud risk assessment and investigations
Attendees at the 2016 ACFE Middle East Fraud Conference in Dubai, UAE.
director for the Association of Certified Fraud Examiners (ACFE); Prof. Dr. Marco Gercke, director, Cybercrime Research Institute; Jeffrey Robinson, author and international expert on organized crime and fraud; and Hamed Kazim, CEO, HK Consulting (United Arab Emirates). The host of the conference, the FAD, conducts regular financial audits, information systems audits and performance audits for
• Forensic accounting • Intellectual property (IP) investigations • Due diligence and background investigations • Debt collections • Corporate security consulting and investigation • Pre- and post-employment screening (on request to BS 7858:2012) • Fraud and crime investigations (all investigations to the requirements of BS 10200:2013 All of the above functions are part of CRI
ascertaining the extent of legality, adequacy of
Group’s core competency in safeguarding
financial prudency and management of finan-
businesses worldwide from fraud and corrup-
cial operations. The objectives include review-
tion, and providing due diligence, pre- and
ing of efficiency, effectiveness and economy in
post-employment background screening, risk
planning, directing, execution, controlling and
management, compliance and other profes-
monitoring of operations.
sional services.
34 | Ethics Resource | ISSUE 1 2016
Zafar I. Anjum, CRI Group’s president and
Founded in 1901, BSI (also known as British Standards Institution) is the UK national
CEO, said that earning multiple certifications
standards body that works with thousands of
from a distinguished standards body like BSI is
organizations in more than 150 countries. BSI is
a mark of pride for the company. In December
accredited by 20 local and international bodies.
of 2014, Anjum announced that CRI Group
CRI Group now holds the following certifica-
would be engaging BSI for training and certification on many levels, and the recent certifica-
tions from BSI: • BS 7858:2012 – Security Screening of Individuals Employed in a Security Environment • BS 102000:2013 – Code of Practice for the
tions are direct results of that initiative. “CRI Group has always provided the highest level of professional security checks, investigative services, information security and other critical services for clients all over the world,”
Provision of Investigative Services • ISO/IEC 27001:2013 – Information Security Management System
Anjum said. “We are pleased to have our competence in these areas recognized by BSI, and we will continue to strive to provide the highest
• ISO 9001:2008 – Quality Management
level of expertise for businesses to help them
System
prevent and detect fraud.”
Ethics & Compliance by the Numbers Corruption and Fraud in Resource Development
The Impact of Bribery in the Workplace
Integrity Violations in Business
Number of preliminary
of bribery cases
of integrity violations
inquiries related to
involved payments
investigated by Asian
fraud, corruption and
through intermediaries.
Development Bank (OAI)
collusion received by
1 3
were fraud-related. Half
323 75% 60% World Bank Group in 2015.
88
Percent of external
in
Bribery cases were instigated by selfreporting.
of integrity complaints received by OAI were from external parties.
970
tions of corruption.
53%
72% of corruption
involved corporate man-
of 102% from 2014.
cases also included
agement or CEOs.
Sources: The World Bank Group Integrity Vice Presidency; OECD Foreign Bribery Report; Office of Anticorruption and Integrity (OAI), Asian Development Bank.
cases under investigation at the end of 2015 involving allega-
elements of fraud
of bribery cases
Number of investigative due diligence requests handled by CRI Group this year, an increase
and/or collusion. ISSUE 1 2016 | Ethics Resource | 35
What Third-Party Ethics and Compliance Risks Threaten Your Business?
Third-party relationships are critical in business today. While such affiliations are
essential to the success of your organization, the negative consequences of inadequate due diligence cannot be underestimated.
Our Third-Party Risk Management (3PRM™) experts will work with you to develop a proactive approach to mitigating risks from third-party relationships. Our 3PRM strategy focuses on providing ethical risk assessments, conducting investigative due diligence, identifying fraud risks, investigating cases of unethical behavior, measuring effectiveness and results, and more.
Top Risks Posed by Third-Party Partners: Harm to Reputation Non-Compliance Issues Negative Financial Impacts Supply Chain Risk Security Threats
Visit us online at CRIGroup.com cridxb@CRIGroup.com / +971 4 358 9884 / +44 207 8681415
UAE / Qatar / Pakistan / Saudi Arabia / Singapore / Malaysia / United Kingdom / USA