General Data Protection Regulation (GDPR) comes into force on 25 May 2018. If you are unprepared, this regulation could have a drastic impact on your business and how you collect data. The regulation creates significantly more rights and protections for data subjects, and imposes heavy fines on businesses that fail to comply.
The changes you may have to make to comply with GDPR include:
- Assessing and justifying all of your data collection
- Revising your privacy, data protection and cyber security policies
- Designing systems for new data rights including the right to be forgotten and the right to data portability
- Appointing a Data Protection Officer and implementing a “privacy by design” process
The webinar guides you through the first steps you need to take to become compliant. It will help you understand how the changes under GDPR will affect your organisation and how you should begin planning.
One of the first orders of business for the new government, whatever its colour, is to pass the Money Laundering Regulations 2017. According to EU rules, the Fourth Money Laundering Directive must be transposed into UK law by 26 June. While the consultation phase has been completed, there is still room for a new government to make some movement on the new regulations if it wishes. The Directive still leaves some rules open to national interpretation, so while the core of the changes are set, a new government will have just weeks following the election to decide what to do.
However, for the main themes of the legislation we do know what will be changing. Accountants need to be aware of some of the key changes coming in the Fourth Directive.
UBO is changing
The ultimate beneficial owner of a corporate client will need to be determined and due diligence checks performed. A UBO is anyone who owns or controls 25% or greater percentage in a corporation. If you don’t know who the UBO of a client is, you must take “all reasonable steps” to determine this. If no beneficial owners can be identified, then the details of senior managers must be recorded.
What business needs to prepare for no matter who walks into Number 10
Theresa May called a general election expecting, we all assume, that she would have an easy ride back into 10 Downing Street. While she still enjoys a commanding lead over the Labour party, this has narrowed in recent weeks. The Tories are still odds-on favourite to win, although elections can often throw up surprises.
Now the manifestos of all the major parties have been published, we can glean some idea of what will be changing in the compliance landscape no matter who the Prime Minister will be after the election. Of course, should the election result in a hung parliament, manifesto pledges can be traded and bartered away, and promises made before an election can often be forgotten in the glow of victory.
Nevertheless, it’s always a good idea to consider the potential risks of an election outcome, and start to prepare accordingly.
Ransomware attacks computers in 150 countries
On Friday hundreds of thousands of computers were held to digital ransom as a cyber security attack spread around the world. The cyber weapon, allegedly stolen from the US National Security Agency (NSA), even locked NHS staff out of their systems, forcing hundreds of critical operations to be cancelled and staff having to turn away sick patients at the door. The attack spread quickly and installed malware onto over 200,000 computers, demanding payments of up to $600 in return for the data. With cyber security experts expecting more attacks imminently, this latest attack shows everyone needs to understand cyber security and make it a top priority.
The cyber attack that began with spam emails
The attack began with targeted phishing emails appearing to contain job offers, security warnings and invoices, as well as people’s own personal files. Once the files were unassumingly downloaded, the ransomware was able to spread across large networks. This makes understanding how to protect against cyber attacks more important than ever, with the opening of phishing emails often having the ability to affect computers across a whole network.
“These crimes must be stopped and the victims of modern slavery must go free. This is the great human rights issue of our time, and as Prime Minister I am determined that we will make it a national and international mission to rid our world of this barbaric evil.” Prime Minister Theresa May
“Human trafficking is one of the world’s most heinous and profitable criminal enterprises. It is unconscionable that each year, thousands of vulnerable children and adults are forced into labor and prostitution. Those who buy trafficked labor must also be held accountable for their outrageous crimes.” US Senator Kamala Harris
The countdown to the new European money laundering regime has begun. The Fourth Money Laundering Directive must be implemented across the European Union by 26 June. On 12 April this year, the UK government ended the consultation on the draft regulations. Despite Parliament being dissolved and a general election taking place between now and the 26 June, it is relatively clear what changes to the UK’s AML regime will be made.
Despite knowing pretty much what the new law will say, the rapid, rollercoaster style timetable from the consultation to implementation has left little room for the regulated sector to get ready. From updating AML policies to retraining staff, a new AML regime means new changes.
Onto the Fifth Directive
Even while national parliaments are scrambling to rush through their AML updates, the EU is already drawing up rules for a Fifth AML directive. Designed to further increase transparency and assist law enforcement agencies, there may not be very much time for business to get used to one set of changes before having to prepare for the next ones.
The Criminal Finances Act, which received royal assent on 27th April, created a new corporate criminal offence for failing to prevent the facilitation of tax evasion.
The Act places responsibility on businesses to make sure none of their employees are involved in helping someone evade their taxes. If they do, and if the business failed to have “reasonable measures” to prevent or expose it, then the business itself could be found guilty and liable for some pretty steep fines.
This offence is broad reaching. It can be committed whether or not the company is UK-based or established under the law of another country, or whether the associated person who performs the criminal act of facilitation is in the UK or overseas.
Timeline for Implementation of The New Corporate Criminal Offence
The Act provides for commencement of the provisions from a date to be appointed by the Treasury. It is expected that this will be from September 2017, to coincide with the start of the first exchange of information under the Common Reporting Standard.
Before implementation, organisations of any size and type need to ensure that they have reasonable procedures in place.
The Six Guiding Principles of The “Reasonable Procedures” Defence
Under this new legislation, businesses can be held responsible for the actions of their employees, whether or not the business was aware of an employee’s criminal activities. A business’ only defence is to take “reasonable measures” to ensure that its employees do not facilitate tax evasion. Government guidance recommends the following six “reasonable measure” principles:
- Risk assessment
- Proportionality of risk-based prevention procedures
- Top level commitment
- Due diligence
- Communication (including training)
- Monitoring and review