February 2017 | VinciWorks

RMS Update: Dashboard is now filterable

The dashboard of the Risk Management System is the nerve center of the risk management process. It provides an overview of an organisation’s risk profile, important alerts, top risks and the latest risk news.

This risk epicenter is now even more powerful with the addition of filters for categories and org units.

This granular view of your risks and controls enables you to drill down into any category or org unit and identify potential risks and opportunities. When using the filter, all elements of the dashboard, including reports, charts, control procedures etc. are updated with the filter.

VinciWorks 2017 course schedule

After a successful 2016 that saw 150,000 course completions, we are excited to present our tentative plan for 2017 online course schedule.

First quarter

Data Protection: Privacy at Work
Modern Slavery: Practical Steps for Procurement
Micro-learning module: phishing

Second quarter

Tax evasion: Failure to Prevent
All new AML refresher
Continue reading

Changes to CPD Course & Product Updates Events Thought Leadership
0
3 min read

VinciWorks hosts second continuing competence user group

Over 22 leading firms joined Director of Best Practice Gary Yantin and SRA Policy Executive Richard Williams for the second continuing competence user group. This candid conversation between the firms and the regulator focussed on how firms are implementing continuing competence since the changes to CPD in November, and to share best practice.

Many firms currently implementing changes to CPD

Richard spoke about how many firms are still in the process of implementing continued competence. He voiced the importance that the SRA places on the new approach and advised that there will be an annual declaration as part of a renewal exercise to make sure firms are meeting regulatory obligations. Richard also made clear that the SRA will not be carrying out spot checks on firms, but will use the annual declaration in conjunction with other regulatory data to explore concerns that they may have with the competence or standard of service provided by a solicitor or firm.
Continue reading

Thought Leadership
0
2 min read

Fourth Anti-Money Laundering Directive – key changes for solicitors

Briefcase with a lot of cash

The Fourth Anti-Money Laundering Directive will be implemented by the end of June 2017. Many pages have been written detailing all of the changes and minutia. Below are the key changes that solicitors need to be aware of as part of their day-to-day work.

We will be updating our AML courses accordingly and launching a new version of our AML 360 course later in the year.

Here are the key updates:

Simplified CDD no longer automatic

Previously certain listed companies or public bodies would automatically qualify for simplified due diligence. This exemption is no longer automatic and any decision to undertake simplified CDD must be backed up with evidence and subject to a risk assessment.

Cash thresholds reduced

The limit for eligible cash transactions is reduced from €15,000 (£12,544) to €10,000 (£8,361) and is extended to receiving as well as making payments in cash.

Absolute turnover raised

The link to the VAT registration threshold of £64,000 is removed and the annual turnover limit is raised to £100,000 across all financial activities.

Brexit GDPR
0
5 min read

How Brexit and Trump could cause a data protection headache

The risks of a hard brexit

Regardless of what the UK does with GDPR after Brexit, the biggest threat to data protection is from an exit from the EU without any deal. This is the so-called hard Brexit and fallback to World Trade Organisation rules until a further agreement is reached, or not. It’s the kind of Brexit Theresa May and many inside the Conservative party and Leave camp have called for. As we have seen, the crucial component for the UK after Brexit is to be judged as offering an adequate level of protection by the European Commission.

A hard Brexit with no deal means no assessment of adequacy. Furthermore, the UK cannot apply to the European Commission for an assessment of adequacy, that determination can only be given by the Commission itself. If the negotiations turned sour and both parties decided to walk away with no deal, perhaps due to the estimated €60bn leaving bill, there might not be much goodwill left to speed up a UK adequacy determination for GDPR.
Continue reading

GDPR Thought Leadership
0
16 min read

The 8 Principles of the Data Protection Act 1998 and how GDPR will affect them

The UK Data Protection Act

The United Kingdom (UK) Data Protection Act (DPA) sets out rules for how your personal information can be used by organisations, businesses or the government.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

The DPA 2018, which came into effect on 25 May 2018, updates and replaces the Data Protection Act 1998. Post Brexit, the act was further amended in January 2021 by regulations under the European Union (Withdrawal) Act 2018, to reflect the UK’s status outside the EU.

The Data Protection Act 1998

The Data Protection Act 1998 was a UK Act of Parliament designed to protect personal data stored on computers or in organised paper filing systems. It replaced the 1984 Data Protection Act, which had barely mentioned digital media and computers.

The 1998 Act, which enacted provisions from the EU Data Protection Directive 1995, was based on 8 principles that were used by organisations to design their own data protection policies. The eight principles related to the protection, processing, and movement of data, and mostly did not apply to domestic use. The eight guiding principles of the act were as follows:

Principle 1 – Fair and Lawful
Principle 2 – Purposes
Principle 3 – Adequacy
Principle 4 – Accuracy
Principle 5 – Retention
Principle 6 – Rights
Principle 7 – Security
Principle 8 – International transfers

Data Protection Act 2003

The Data Protection (Amendment) Act, 2003 implemented the European Data Protection Directive 95/46/EC. Together with the Data Protection Act 1998, these acts regulated how employers collect, store and use personal data about their employees (past, prospective, and current) that is held by them. The Acts stated that anyone responsible for holding or using data followed the ‘data protection principles’, and they must make sure that the information they collect is used fairly and lawfully, for limited, specifically stated purposes, in a way that is adequate relevant, is accurate, is handled according to people’s data protection rights, and is kept safe and secure.

What is the Data Protection Act 2018?

The Data Protection Act 2018 is a United Kingdom Act of Parliament that replaced the Data Protection Act 1998. The 2018 Act served to update data protection laws in the UK, and it is the UK’s implementation of the EU’s General Data Protection Regulation (GDPR). The Act sets out rules for the processing of personal data, and implements the parts of GDPR that “are to be determined by member state law” and sets out its own similar framework for the processing of personal data that is not subject to GDPR, such as intelligence services processing, immigration services processing, and the processing of personal data held in unstructured form by public authorities.

The main differences between the 2018 Act as opposed to the 1998 Act are in the right to reassure, inclusions of exemptions from the Data Protection Act, the fact that the Act works in tandem with GDPR, and a revision that allows law makers to erase data if an individual chooses to, which is based on the individual’s right to privacy.

Changes to Data Protection Under GDPR

Data protection law in the UK is based on the 1998 Data Protection Act. However, with continued changes in technology, 20 years on that law looks outdated and not relevant to the data protection concerns we face today. In May 2018, the General Data Protection Regulation (GDPR) will replace the Data Protection Act and will impose many new responsibilities and sanctions on organisations. Despite all the noise around GDPR, the eight principles of data protection laid out in the 1998 Data Protection Act will remain relevant, with changes to some of the key principles. Below is an overview of the eight principles of data protection, with guidance on the changes and what they could mean for your business.

Editor’s note: the eight principles of data protection have now been amended to become the six principles of GDPR.

VinciWorks’ GDPR training suite

The Eight Principles of Data Protection

1. Fair and lawful

Your organisation must have legitimate grounds for collecting the data and it must not have a negative effect on the person or be used in a way they wouldn’t expect. Organisations are required to provide full transparency about how they wish to use the data, as well as ensure their data is only used in ways customers would expect. Detailing precisely what a consumer’s information is being used for allows them to make an informed decision as to whether to share certain pieces of personal information.

Changes under GDPR

Under GDPR, conducting criminal record checks on employees must be justified by law. For example, a school is far more likely to be permitted to carry out such checks on their teachers than a restaurant hiring kitchen staff.

Modern Slavery Act
0
6 min read

Timeline for publishing a modern slavery statement

Financial Year Ending 31st March 2016 — Around 50% of the FTSE 100’s financial year ends on 31st March

When Should My Organisation Publish its Modern Slavery and Human Trafficking Statement?

The 2015 UK Modern Slavery Act stipulates that all companies with an annual turnover of over £36 million must publish a Slavery and Human Trafficking Statement for 2016. The government guidelines recommend that a company’s Slavery and Human Trafficking Statement should be published prominently on its website within six months of the end of its financial year. Here are the relevant dates for companies to produce their statement:

Financial Year End	Recommended Start Date	Statement Due Date
31st March 2016	1st April 2016	September 30th 2016
31st June 2016	1st July 2016	December 30th 2016
31st September 2016	1st October 2016	March 30th 2017
31st December 2016	1st January 2017	June 30th 2017

Here is a practical checklist with the steps you need to take to ensure your statement is published on time.

Our Research shows that around 50% of companies have a financial year end of 31^st March. This means that over half of the companies with a turnover of over £36 million should have already published a Slavery and Human Trafficking Statement. As organisations get to grips with the new regulations under the Act, it is clear that not all the organisations are ranking so well.

The findings from a recent report by the Business and Human Rights Resource Centre shows that most organisations are still far from meeting the minimum requirements and showing that they take the Act seriously. The report gives an analysis of the FTSE 100 companies that have a statement due date of 30^th September or that have already published a statement. Findings show that:

Only 56% of the Slavery and Human Trafficking statements met the minimum requirements of the Modern Slavery Act
In the Structure, Business & Supply Chains category, the average score out of 5 was 1.8
The Risk Assessment & Management category had an average score of 2.2
Only M&S provided Key Performance Indicators in their statement, with the Effectiveness category scoring an average of 1 out of 5
The highest scoring category was that of Due Diligent Processes. Nonetheless, it achieved an average score of only 2.3%

Twelve Months Prior to Publication – Understand Supply Chains and KPIs

Develop measurable KPIs for your anti-slavery programme
Review and update your company’s supply chain risk assessment
Review and update due diligence measures

Uncategorised
0
4 min read

Workplace stress- what’s the answer?

Stress is a big problem for people at work. And the cost to employers is enormous. A few shocking statistics summarise the size of this problem:

440,000 people in the UK reported that work-related stress was making them ill (according to the Health and Safety Executive)
11.7 million working days were lost in 2015/16 due to stress
23.9 days are lost, on average, for every stressed employee
45% of all working days lost to illness are due to stress

Clearly, stress is a huge problem for working people and their employers. But what exactly is stress, and what can employers do about it?

One definition of stress is ‘an adverse reaction to excessive pressures and demands’. Stress is felt when someone is struggling under the weight of expectations, rather than thriving under pressure. Stress can result in a wide range of symptoms, including a racing heart, palpitations, loss of appetite, trouble sleeping and depression.

Stress can be triggered by a wide range of factors, but common causes include overwork, lack of support, intimidation, bullying and a hostile working environment.

For some individuals, stress becomes a problem when things change at work, such as when their team changes, or when their workload increases. A sense of instability or unclear expectations can leave employees feeling unsupported and anxious.

Unsurprisingly, given the enormous cost of stressed employees, many organisations look for ways to reduce the risk. So what can employers do to support their teams?

A positive first step is to discuss the issues with senior managers, and ensure that they understand the causes and treatments of stress. Training is important, in part because stress can be difficult to identify, difficult to understand and difficult to treat. Senior buy-in helps ensure that a positive, supportive environment permeates down from the top.

Employers can encourage people to talk about stress and acknowledge that sometimes, situations at work can lead us to feel stressed. Employees should be given advice on coping with stress and training to help them spot potential causes. This can help people sidestep potential dangers before they become overwhelming. For example, an individual who is becoming overworked might recognise the beginnings of stress and decide to raise their concerns with their line manager. Together, the pair might agree to delegate some work to a colleague, and perhaps take a short break from work.

For some colleagues, time management training may help them manage their workload differently and prevent feeling stressed. For others, resilience training may help people to cope with stresses at work. This might mean changing their lifestyle, diet or exercise routines to help them relieve the stress they encounter at work. It might also mean taking a break from work, or turning to friends and family for support in times of stress. By learning how to become more resilient, people can gather tools to use when times are difficult.

So while stress might seem like an enormous, inescapable challenge for working people, evidence suggests that there are solutions, and that a little training can go a long way in preventing stress-related absences from work. By simply making employees feel supported, aware of the dangers of stress and capable of developing their own resilience, employers can reduce the impact of stress on their workforce.

VinciWorks provide a number of resources dedicated to identifying stress and managing stress both on an individual level and within a team.

Online Stress Management courses include:

Managing your Personal Stress
Identifying Stress in your team
Managing Stress in your team

Oxfam scandal – seven vital steps to manage reputational risk

The answer, Bell Pottinger has taught us, is yes. Mrs Thatcher’s favourite PR firm entered administration this week on the back of a disastrous, well, PR campaign. The swirling scandal that brought down an industry giant started with a £100,000 per month contract to run a campaign in South Africa on behalf of the Guptas, a family-run business empire ensnared in the largest web of corruption and political intrigue since the end of apartheid.

Money Laundering News Thought Leadership
0
2 min read

New Anti-Money Laundering refresher course for accountants

Introducing VinciWorks’ new AML 360° course for accountants

VinciWorks has just released a new course on anti-money laundering aimed at accountants. The course will focus on money laundering challenges that accountants in particular are faced with. This includes information on the EU Fourth Directive that comes into effect on 26 June 2017, as well as identifying potential red flags specific to accountants.

Our course is tailored for accountants who have already undergone training on anti-money laundering; users will be provided with in-depth knowledge to help keep them up to date with anti-money laundering laws. Real-world, industry-specific scenarios will help guide participants through money laundering questions that face accountants today.