TATAKELOLA YANG SALAH - RENUNGAN HARI INI

Bila berbicara mengenai tatakelola, ketelusan adalah salah satu asas yang penting. Tidak guna berbicara mengenai tatakelola dengan niat yang tidak jujur.

Ada pihak-pihak tertentu apabila diminta laporan, mereka menyediakan 2 laporan yang berbeza. Satu laporan sebenar yang disimpan untuk dilihat oleh orang-orang tertentu, satu lagi laporan "berhias" untuk diserahkan kepada pihak atasan.

Laporan "cantik" hanyalah untuk "feel good factor" dan tidak menggambarkan suasana yang sebenar.

Ini menyebabkan ketidaktepatan maklumat mungkin juga membuka peluang kepada unsur korupsi berlaku.

Kisah sebenar hanyalah diketahui apabila melihat hasil/keputusan akhir atau berlaku sesuatu peristiwa yang kurang menyenangkan atau apabila pihak atasan turun sendiri untuk memeriksa ketepatan laporan berkenaan atau apabila pihak ketiga yang dilantik pihak atasan untuk memeriksa rekod/dokumentasi.

Perkara ini; pada saya; tidak patut berlaku dan sepatutnya dibendung oleh pihak pengurusan kerana ketidaktepatan maklumat laporan adalah juga unsur korupsi.

Jika mana-mana ahli pengurusan merasakan adanya unsur negatif seperti ini, tidak perlu takut untuk melaporkan hal yang sebenar kepada pihak atasan dengan bukti-bukti yang jelas supaya tindakan susulan boleh dilaksanakan.

Hal ini menjadi satu kesalahan dari segi agama dan perundangan terhadap mereka yang tidak melaporkannya atau memberikan laporan yang tidak benar dan juga ke atas mereka yang tahu akan kebenaran tetapi memilih untuk menyembunyikannya kerana ketakutan hilangnya sesuatu kepentingan.

A CASE STUDY OF CORRUPTION IN PROCUREMENT (CONSTRUCTION) THAT WAS OVERLOOKED BY ABMS AUDITORS - BY NIK ZAFRI

True case. That's why ABMS Auditors and the Authorities should also be equipped with some "forensic audit skills" especially when it comes to construction industry.

SOME OF THE SHADY TACTICS OF MONEY LAUNDERING - NIK ZAFRI

1) Professional services firms for example accounting, legal and even consultancy firms may unwittingly or knowingly become entangled in money laundering schemes.

Criminals might exploit them by using complex transactions- creating intricate financial transactions or structures, using services to obfuscate the origin of funds or make illicit gains appear legitimate. On the other hand, some professionals might be complicit in facilitating money laundering by either turning a blind eye to suspicious activities or actively aiding in the creation of complex financial setups that conceal the illegal source of funds.

Oversight and due diligence by these firms may also result in inadvertently processing transactions that involve illicit funds without recognizing the red flags.

A conflict of professional secrecy vs a crime will always be an issue. Professionals might be exploited by criminals to shield their activities from scrutiny, using these professionals to shield their transactions or communication from legal investigations.

I hope regulatory bodies should monitor some of these firms and ensure they too implement anti-money laundering measures and know-your-customer protocols. I know many professional firms are dedicated to comply with anti-money laundering and anti-corruption laws but the authorities should find more effective ways to prevent such misuse.

The reality now is that, I notice gaps in compliance or deliberate evasion may enable criminals to exploit and manipulate these services for money laundering purposes.

2)  The process of money laundering in the realm of cryptocurrency involves criminals using diverse methods and services to route funds through numerous addresses or enterprises, obscuring their initial source. Following this, these funds are moved from a seemingly lawful origin to a specific address or platform for conversion into cash.

This approach involves employing cryptocurrency tumblers and mixing services. These services fragment unlawful funds into smaller sums, dispersing them among various addresses before reuniting them, effectively disconnecting the connection between the initial fund source and where it eventually ends up.

CORRUPTION AND MONEY LAUNDERING TODAY

 I'd sincerely advise those involved in money laundering or corruption: attempting to outwit authorities is not a viable strategy. Eventually, regardless of your cunning, the risk of being caught is high, leading to severe penalties and imprisonment.

Corruption and money laundering constantly evolve as people find new ways to exploit systems.

Cryptocurrency is one of them. Its decentralized and pseudo-anonymous nature makes it attractive for illicit activities. Criminals are hiding behind cryptocurrencies to launder money by converting it into various cryptocurrencies and moving it through multiple accounts.

The good old trick still lives -  - establishing shell companies and trusts in countries with lax regulations allows individuals to obscure their identities and the origins of funds.

Trade-Based Money Laundering is done by manipulating trade invoices or falsify goods and services to move money across borders without detection.

Another old trick is via real estate where launderers invest illicit funds in high-value real estate, which can be sold later, legitimizing the money.

What is on the rise now are online gaming and gambling. These too are using platforms or sites to launder money by placing bets and cashing out with "clean" money.

The authorities should also look into those providing "the so-called" "professional services" hiding behind legal or accounting firms to legitimize illegal funds through transactions or complex financial structures.

Other which has posed so much risk is what I know as Cyber-Enabled Financial Crimes. Techniques like phishing, ransomware, and hacking can generate illicit funds that are then laundered through various means, including cryptocurrency.

Authorities and financial institutions should continuously adapting their strategies to combat these evolving methods. Technologies like AI and machine learning must be employed to detect patterns and anomalies in financial transactions, aiding in the fight against money laundering and corruption.

TYPICAL CORRUPTION PRACTICES IN PROCUREMENT (ANTI-BRIBERY MANAGEMENT SYSTEM SERIES)

Photo source : Dreamtime

Based on my experience in assessment, one of the most critical department that I would focus on would be Procurement (or Purchasing) This is because the department are involved in various transactions with Supplier/Sub-Contractor/Materials where if not properly controlled or without proper procedure, potential and risk of corruption practices may occur.

Disclaimer - Without naming such organization (s) due to Oath of Confidentiality and the author may change some details/sequence of events - corruption in the Procurement Department can occur through various means and practices. Here are some common ways in which corruption can happen in procurement:

(1) Bribery

Suppliers/Subcontractors may offer bribes to procurement officials in exchange for favorable treatment, such as winning a contract or receiving preferential pricing. This can involve cash payments, gifts, vacations, or other forms of illicit benefits.

(2) Collusion

Procurement officials may collude with specific suppliers/subcontractors to manipulate the bidding process. They might provide confidential information about competitors' bids, set biased selection criteria, or create artificial barriers to exclude certain suppliers, all with the aim of awarding contracts to predetermined vendors.

(3) Kickbacks

Procurement officials may receive kickbacks from suppliers/subcontractors after awarding them contracts. In this scenario, the suppliers/subcontractors inflate their prices and then kick back a portion of the excess payment to the corrupt officials.

(4) Fraudulent Invoicing

Suppliers/Subcontractors can submit fraudulent invoices to procurement departments for goods or services that were never delivered or were delivered at inflated prices (even I've seen cases of wrong (intentional) delivery to a further location "blaming" the location given by Procurement (intentional) - in order for the subcontractor/supplier to claim additional cost) Corrupt officials may approve these invoices in exchange for kickbacks or other personal benefits.

(5) Conflict of Interest

Procurement officials with undisclosed personal interests or relationships may manipulate the bidding process to favour companies they are associated with, such as family members or close friends (cronyism) . This undermines fair competition and can result in biased contract awards. (anti-trust)

(depending of the case where "impartiality" can be proven)

(6) Nontransparent Procurement Processes

Lack of transparency in procurement procedures can create opportunities for corruption. For instance, if the Procurement Department operates without clear guidelines or proper oversight, officials can exploit loopholes to engage in corrupt practices.

(7) Weak internal controls

Inadequate internal controls and poor governance structures within the procurement department can facilitate corruption. Lack of segregation of duties, limited oversight, and ineffective auditing mechanisms create an environment conducive to fraudulent activities.

(8) Influence peddling

Powerful individuals or organizations may exert undue influence on the procurement process to benefit certain suppliers/subcontractors. This could involve political pressure, nepotism, or other forms of manipulation, thereby compromising the integrity of procurement decisions.

Preventing corruption in the procurement department requires robust anti-corruption measures, such as :

a) implementing transparent processes,

b) promoting accountability and ethics,

c) conducting regular audits, and

d) providing training on anti-corruption practices.

It's crucial to establish a strong ethical culture and foster an environment where reporting corruption is encouraged and protected.

FINAL PART - ANTI BRIBERY MANAGEMENT SYSTEM - Nik Zafri

 (ABMS = ISO 37001)

7.0 Continual Improvement

Nonconformity and corrective action

When a nonconformity (NC) occurs (usually issued via a Corrective Action Request (CAR), take quick action, control and correct. 

Some NC can result in dire consequences such as OSH or Environmental issues that maybe fatal or cause damage to assets. Most safety issues are either related to ignorance or bribery. (Fatal dan Damage may be relevant to RISK MANAGEMENT, thus review the risk register to find out if the risk has been addressed and mitigated or the risk could be a new one)

(NC can sometimes repetitive in different places. It's advised that auditors should issue 1 CAR for same NC but state the occurrence at different locations)

Find out the root cause (s) of the NC. Root Cause is NOT a personal blaming platform. It should be more related to the process itself.

The idea of corrective action is not merely repairing the system or machine or devices, it is important to improve the process where similar NC may happen at other places as well. This is where preventive measures need to be taken which may include review of effectiveness and changes to the ABMS.

Corrective Action - shall be appropriate to the effects of non-conformities. Looking back at root cause and evidences may help in determining the right corrective action. It is imperative that auditors NOT to depend on pictorial evidence but to visit on a "before" and "after" the NC to verify the photos and action taken (including follow-up actions) accordingly by the auditee.

For auditors, the effectiveness of the corrective action can only be seen in the next audit. My advise that auditors should also look into the bribery risk register and relevant random inspection records where necessary. (in the next audit, the auditor should note the effectiveness of the last audited corrective action by looking into further evidence afterwards as well)

Continual improvement is to determine suitability, adequacy and effectiveness of the anti-bribery management system.

This improvement could be the follow up actions from :

a) Changes in statutory and legal requirements,

b) Results of the Management Review,

c) changes in the ABMS itself,

d) internally proposed 

ANTI-BRIBERY MANAGEMENT SYSTEM - PART 8 - Nik Zafri

 (ABMS = ISO 37001)

6.0 Performance Evaluation

• Monitoring - what has been established, implemented, impose control (e.g. revision, issue, superseded etc)
• Measurement - assess (audit/inspection) on benchmark, target
• Analysis  - statistics on e.g. department vs non-conformance, project vs non-conformance etc.
• Evaluation - against effectiveness of ABMS 

a) What to be monitored/measured
b) Person responsible 
c) Method with expected/actual results
d) timeframe/cut-off period
e) results of monitoring and measurement - analysed/evaluated (usually in Management Review)
f) reporting flow

Documented information required as evidence (records/forms/checklists duly filled)

Procedure is present for guide.

Internal audit is much the same clause as ISO 9000/14000/45000 etc. (differences are - anti-bribery details are defined in this clause)

- conduct at planned intervals (set a cut-off period/timeframe/frequency) e.g. every 6 months = 1 Internal Audit or every 1 fiscal year = 1 or 2 Internal Audit (1 every 6 months)

- to comply and conform to the law and ABMS - as far as is practicable to the organization (custom) - not all elements/criterions fit the organization (justify why such element are skipped with evidence)

- effectively implemented and maintained.

should there be many locations or projects/sites - then arrangement to be made by at least the HQ to be audited and - should there be many locations or projects/sites - then arrangement to be made by at least the HQ to be audited and 2-3 ongoing projects (sampling) of different nature/trades (sampling per 5 projects) (as the projects may have a different team members)

- define audit criteria and scope and select competent auditors, 

- conduct audit with objectivity and impartiality - either independent function/management representative, the function (critical department/unit) involved in anti-bribery, 3rd party etc.

- report the audit - top management/governing body

- compliance and documented evidence

- audit program/results

Audit shall be reasonable, proportionate and risk based (well-balanced between the 3 aspects), 

Procedures shall be referred to ascertain any suspected or actual bribery, violation of policy or ABMS, failure of business associates (including consultant, supplier, vendor, contractor, sub-contractor) determine weakness or improvement

No auditor shall audit his/her own work. (this include his own unit or department - it must be cross-department/unit)

Management review

Top management shall review ABMS at planned intervals (every 6 months - 1 Management Review (MRM) or every fiscal year - 1 or 2 MRMs), determine suitability/adequacy/effectiveness.

MRM to consider : previous MRM, changes in external/internal issues, performance - non-conformities/corrective actions, monitoring/measurement results, audit results, bribery reports,investigation, risks and mitigation and continual improvement (if any) as output. (If ABMS requires no improvement, then maintain it and don't repair it unnecessarily)

MRM results to be reported to governing body (if any) and retain documented information/evidence.

Governing body (if any) shall review the ABMS for further action (investigation) if any by anti-bribery compliance function. Anti-bribery compliance function shall assess to ensure that AMBS is adequate, implemented and effective including investigations/audit results to be reported to Governing body.

The organization may also use business associate (3rd party is recommended) to assist in the review. (This will usually happen when results are inadequate or found dissatisfactory due to lack of substantial evidence)

PART 7 - ANTI BRIBERY MANAGEMENT SYSTEM - by Nik Zafri

 (Anti Bribery Management System = ISO 37001:2016)

Note : This is the most critical element in ABMS, failure to understand and comply to this element may prove negative to the organization.

5. OPERATION - Planning and Control

Process to comply to ABMS requirements should be planned and implemented. They should also be controlled and reviewed. (Process requires criteria, control and proper documented information)

Do not change the process unnecessarily. Apart from internal, focus also on outsourced process (sub-contractor, supplier, vendor, consultant etc)

Due Diligence - Bribery Risk Assessment

Potential bribery risk should be assessed no matter how insignificant (conducted on defined frequency for updated information) - transactions - projects/activities, if necessary - always involved business associates and certain important positions of the organization. Despite the organization may conclude that it is unnecessary, unreasonable or disproportionate to undertake due dilligence on certain personnel and business associate, but it is advisable and highly recommendable that apart from prioritization, assessment should also cover the rest of the organization as well. (no stone left unturned)

Financial Controls

is required to manage risk. Non-Financial control managing such risk should also be prioritized such as purchasing/procurement, operation, sales, commercial, HR and legislation-related activities. It's recommended to encourage business associates/service providers to understand, implement and consistent with the organizational strong view on bribery and ensure the implement their own anti-bribery controls/mitigation as well. (subject to assessment) It's recommended that the business associate/service providers/3rd party to submit evidence of anti-bribery controls/mitigation. 

Assessment should be reasonable and proportionate.

Anti-Bribery Commitments

Business associates with low risk of bribery should still be subject to assessment. They should show evidence of commitment and be willing to be assessed on any transaction, project, activity, or relationship. Failure to do so; in the event of proven bribery; the organization may terminate the business associates.

The organization must also be ready to assist in assessing, managing and help business associates understand the risk.

Gifts, Hospitality, Donations or equivalent

Procedure(s) is required to ensure any offering, gifts, hospitality, donations or equivalent could be perceived as bribery. (Clear definitions and situations are required to address these issues) 

Managing Inadequacy of Anti-Bribery Controls

Not all risks are manageable. The organization may change the nature of transaction, project, activity or relationship where applicable in order to better manage the risks. (It is recommended that business associates, supplier, sub-contractor, consultants should share the responsibility and accountability to manage risks of bribery that is found difficult to control)

(Should there be "red flags" situation (proven bribery has been committed), the organization may terminate, discontinue, suspend or withdraw (even taking legal action where necessary).

Raising concerns

Procedure(s) is/are required especially for smooth reporting or whistleblowing any possible or ongoing bribery activities to the appropriate personnel such as Management Representative or anyone with authority to make decision such as members of the governing body. (Although the personnel may also; out of fear that such action may possibly jeopardize his work/duty; directly report the alleged incident to the authorities) All reports should be treated in strictest of confidence and the identity of the person reporting the incident must be protected whether or not the alleged corruption activity result to be genuine or otherwise.

The person in charge should investigate as soon as possible without partiality.

Investigating and Dealing with bribery

Procedure (s) is/are required for investigation process determining the extent of such alleged acts (based on the law, anti-bribery policy or ABMS). The personnel that is/are conducting such investigation should be given authority to do so. (transparency should be genuine with no attempts to "sweep the matter under the carpet" or intimidating investigators or intervening in the investigation. On the other hand, the personnel and witness should also be given ample opportunity to defend themselves, prove their innocence or provide evidence)

Organization may also; to avoid partiality; hire a 3rd party (such as private investigator) to investigate the matter.