Asbestos awareness key for all businesses

Exposure to asbestos is the single highest cause of work-related deaths in the UK. Commonly used in buildings between the 1950s and the 1990s for insulation and fire-proofing, asbestos fibres can be fatal if inhaled.

It’s for this reason that every business has responsibilities under the Control of Asbestos Regulations 2012 to protect employees from the risk of contact with asbestos.

In the last week a construction company was fined £50,000 and an unlicensed builder received a jail term for exposing workers to asbestos.

As well as risking fines and prison sentences, any business failing to adhere to the regulations may lead to serious illness and death.

If your employees, or any employees or contractors that they supervise, are liable to be exposed to asbestos then they must be given adequate information, instruction and training to reduce the risk of asbestos.

Our Asbestos Management eLearning course is designed to meet this need, and is available on-demand for staff who are liable to be exposed to asbestos, and their supervisors.

Risk comes before a fall when working at height

We hope it’s common knowledge that if an employee is injured due to a fall at work, employers can be prosecuted and fined.

But employers don’t only pay when there is a fall.

Even if no injury occurs, if work at height takes place without necessary safety measures in place, then you are risking more than their wellbeing.

You also put your business at risk of prosecution, significant fines, and a damaged reputation.

Health and Safety Executive inspectors proactively visit sites looking for evidence of safety measures including necessary equipment and risk assessments, as seen in recent cases.

As an employer or manager of staff who work at height, it’s your responsibility to provide that evidence.

Our Working at Height Essentials and Working at Height Advanced eLearning courses cover the essentials your employees need to know including legislation, risk assessment, equipment selection, maintenance and usage, and more.

Using eLearning to train your employees in Health and Safety allows you to be consistent to all employees and ensure their understanding of key subjects, with completion reports and assessment scores allowing you to pinpoint any areas of risk which need further attention.

Our Working at Heights Essentials and Working at Heights Advanced eLearning courses are also fully responsive – so workers can even learn on site using their mobile phone or tablet, with no need to train in a central office.

People are frequently the weak link in data protection – so how can you ensure your employees are wise to social engineering?

People are frequently the weak link in data protection – so how can you ensure your employees are wise to social engineering?

The data of four million employees in the USA may have been compromised after federal government computers were hacked last week, as reported by the BBC.

It’s currently unclear who carried out the attack, which has lead to a White House spokesman describing hacking as an “ever evolving threat.”

Security software is also ever evolving, with firewalls, anti-virus and email scanners among the software solutions organisations put in place to protect themselves.

However, even the latest software struggles when it comes to the threat of human error which, as reported in our own Compliance News, is the biggest driver in data protection breaches.

Social engineering

Social engineering is one of a number of tools used by hackers to gain access to confidential material.

Rather than attempting to bypass login screens programmatically, as the traditional Hollywood vision of a ‘hacker’ might, this relies on capitalising on the errors in judgement of individuals to gain access to personal details which can be used to login to various services and access confidential information.

Take for example an individual who uses the same email address for multiple services, perhaps even emailing themselves password reminders for their work accounts. A hacker gaining access to that email account would likely have all the information they would need to access the confidential information of potentially thousands of people.

Some examples of what social engineering may look like include:

  • Fake login pages – since many people use the same passwords across multiple sites, making a person think they are logging into one of them can give hackers access to all kinds of information on a variety of sites.
  • Seemingly personal emails – by sending a personal-looking email, hackers can receive personal information including birth dates and addresses – exactly the kind of information that lets them log in via a ‘forgotten password’ feature on many websites.
  • Creating a false urgency – by calling someone with an apparently urgent problem, hackers can trick people into giving away bank details or passwords.
  • Social networking – many people have personal details publicly visible on social networks, or accept friend requests from people they do not know. This often gives hackers a wealth of information about the person, which can be used to gain unauthorised access to files.
  • Bribery or intimidation – by making a person feel threatened, social engineers can often coerce them into revealing passwords granting them access to confidential information.

By capitalising on human flaws, hackers can circumvent even the most robust security software. A thorough employee training programme is therefore a key ingredient in any organisation’s data protection policy.

Our Data Protection eLearning is designed to educate your staff on the laws and procedures involved in effectively managing data, and includes information on how to recognise and respond to the above tactics, reducing the risk of hackers illegally accessing confidential information.

Beating Bribery: Dos and Don’ts

Best practise in Ethics and Conduct on the global stage

One of the biggest headaches for companies conducting business overseas is bribery and corruption.

The grey area of what is deemed a fair gift, meal or payment against what might be constituted a bribe is a challenge keeping senior executives up at night.

And with the screws being tightened on enforcement of anti-bribery laws, such as the UK Bribery Act and US Foreign Corrupt Practices Act, this problem looks set to bedevil the industry for years to come.

The multi-jurisdictional reach of anti-corruption laws means companies can now be prosecuted for acts of bribery committed anywhere in the world. And turning a blind eye to corruption is no protection against liability.

Protect yourself

The onus is on businesses to protect themselves from criminal prosecution. Corruption charges are not only a reputational issue. Conviction under the UK Bribery Act could lead to multi-million pound fines, and lengthy prison terms as seen by the 13 year term handed down to Directors of Sustainable AgroEnergy Plc, the first such convictions under the Act in 2014.

Develop your culture

How can you actively develop a culture that prevents any violations from occurring in the first place? The role of Compliance Officer is demanding and multi-faceted. Part circus ring-master, part detective they must juggle policy, procedure, regulation, training and compliance whilst demystifying complex supply chains and third party risk.

Third Party and Supply Chain Risk

A major challenge for companies working to eliminate bribery and corruption is third party risk. Growing regulatory and enforcement activity has led companies to plough vast resources into maintaining high ethical standards and establish policies, infrastructure and processes to battle corruption.

GUIDANCE FOR MEETING BRIBERY AND CORRUPTION RISK

DO

  • Put in place a robust anti-bribery strategy and appoint a director to take responsibility for executing it.
  • Ensure that your tough stance on bribery and compliance message is passed on to all employees and stakeholders, including suppliers and agents.
  • Identify the main bribery risks faced by your business, document them in a risk register and make sure the board is in full knowledge of them.
  • Have knowledge of the companies you do business with – especially agents, suppliers and other third parties – ensure vigorous due diligence is conducted and keep up to date records on your findings.
  • Regularly refresh your company’s policies on gifts, entertainment, hospitality, donations and facilitation payments and ensure financial limitations are in place.
  • Monitor your anti-bribery strategy to ensure it does not fall foul of anti-bribery legislation and report your findings to the board.

DON’T

  • Assume the UK Bribery Act and other anti-corruption legislation is not relevant to you.
  • Bury your head in the sand when concerns about bribery are raised by an employee or third party with whom you have business associations.
  • Be afraid to walk away from a business contract if due diligence flags-up concerns about bribery or if you are not comfortable for whatever reason. Always record your findings.
  • If you are forced to make facilitation or grease payments because you fear for personal safety, ensure these are recorded and notify the local UK embassy or consulate.
  • Accept generous gifts and hospitality. If you do then record what you have received accept and consider donating them to charity.

Jeremy Crame, CEO of Hitec recommends a fit for purpose technology based Policy Management solution that supports the key principles of the UKBA/FCPA and BSI 10500, he said:

“Proving ‘adequate procedures’ is easier said than done. Communicating policy, procedure, regulation and compliance to a multi-lingual workforce can be a logistical nightmare. Ensuring that they have been received, read and understood across jurisdictions by every employee, supply chain partner, and agent – and a compliance declaration received from each person – is a major challenge for any global company. The only way that companies can demonstrate Best Practice and distance themselves from the actions of a rogue individual is to implement a bespoke technology based Policy Management solution that ensures a clear compliance audit trail for the benefit of the Board, Senior Management, Auditors and Regulators.”

This article is an excerpt from a white paper by our partner, Hitec (Laboratories) Limited. Click here to read the full white paper.

VinciWorks partnered with Hitec to provide compliance training material within Hitec’s procedure and policy management software, PolicyHub.

How can eLearning help you demonstrate organisational compliance?

Investigations into suspected corruption at FIFA continue to attract global scrutiny, with widespread questions around the decision making and cash flow within the organisation.

Transparency and ethical behaviour is essential within any business organisation. As well as maintaining reputation, there are numerous legal requirements, and as we have seen, failing to adhere to compliance law can lead to criminal charges and large fines.

Whether you are a startup or large corporation, our specialist compliance eLearning is an effective way to ensure your organisation, and everyone within it, is compliant.

Incorporating eLearning into your organisation can help you answer questions like:

Where does your money come from and go to?

Any cash flowing through a business needs to be accounted for, and any individual failing to do so can put the entire organisation at risk.

Our compliance eLearning courses are designed to raise employees’ awareness of their legal requirements in subjects including anti-money laundering, anti-bribery and corruption, and records management. This not only helps ensure all activity taking place is legal, but also that it is fully auditable.

How are business decisions made?

Businesses need to be transparent about the decision making process, especially where the exchange of money is involved, to ensure and prove that no bribery or corruption is taking place.

As well as compliance eLearning courses, we provide tools including our Gift and Hospitality Register which allows the monitoring and approval of all gifts, hospitality and travel your staff give or receive, facilitating demonstrate compliance with laws around anti-bribery and corruption.

Who does your organisation do business with?

As well as their own organisation’s procedures and training, businesses have a responsibility for due diligence into third party organisations they work with, to protect their reputation and ensure they are not supporting criminal activities.

Our compliance eLearning enables you to raise awareness of legal requirements among all employees, and our Third Party Database enables you to keep a record of all external contractors and companies your business works with.

Demonstrable, auditable compliance

Incorporating our eLearning courses and tools into your compliance programme gives you a fully auditable data trail, enabling you to be fully transparent about business activity, and pinpoint and address areas in need of attention.

FIFA scandal: what compliance lessons can businesses take away?

Last week, Sepp Blatter won a fifth term as president of FIFA amid news of the arrests of seven FIFA officials linked with racketeering, wire fraud, and money laundering.

Yesterday, Blatter announced his resignation, which will bring to an end a 17 year reign littered with allegations of fraud and corruption.

While the football world at large is reeling from this news, we’ve taken a moment to consider what compliance lessons can be taken from the scandal.

The risk to individuals found guilty of corruption, fraud or money laundering can include hefty fines and serious charges leading to prison sentences. There are also wider consequences to organisations as a whole:

Future business is impacted

Both the 2018 and 2022 FIFA World Cups are now officially under investigation, with question marks held over whether they’ll go ahead as planned.

When any organisation is found to have breached laws related to compliance, the consequences on other business activity can last for years, with ongoing and even planned activities impacted.

Damaged reputation

When the fourteen indictments were made last week at FIFA, the story dominated the news. Worldwide, people destroyed FIFA products in outrage and took to social media to question the integrity of the organisation as a whole.

If anyone within your organisation is suspected or found guilty of any form of corruption, the entire organisation’s reputation is at stake.

Lost partnerships and revenue

Many of FIFA’s high-profile sponsors and partners publicly called FIFA’s integrity into question following the allegations, cautious about the potential damage by association to their own reputations.

If your organisation gains a negative public perception, it will become harder to do business with other organisations, and existing relationships could be damaged.

Years of uncertainty

Despite his resignation, Sepp Blatter is estimated to remain as president until at least 2016 while new candidates run their campaigns. Then will begin a long road to rebuilding the reputation of the organisation.

If your organisation is damaged by any form of corruption or breach of compliance law, it will require a long and costly rebuilding process, often entailing an entire organisational restructure.

Need for a proactive solution

Compliance breaches within organisations are often caused by individuals, but the consequences are suffered by the entire organisation. A rigorous compliance training programme is therefore essential in protecting your organisation from these risks.

VinciWoks are specialist compliance eLearning providers, with a range of courses available either individually as a cost-effective suite, and all of the tools required to roll out training across your organisation with full audit trails.