Question mark

Will regulators actually fine businesses 4% of global turnover for committing a General Data Protection Regulation offence? What are the actual repercussions of failing to comply with GDPR?

It’s a headline-grabbing threat designed to leave you shaking at your keyboard, fearful that one wrong keystroke will siphon off €20m, or 4% of turnover, whichever hurts the most. The current maximum level of fine that can be levied under the Data Protection Act 1998 is peanuts in comparison, £500,000.

Some of the biggest fines levied by the UK’s data protection regulator, the ICO, would balloon under GDPR rules. TalkTalk’s 2016 fine of £400,000 would become nearly £60m

However, GDPR is not about fines. The ICO has made clear that maximum fines will not become the norm, nor will examples be made of big brands for minor infringements. As they’ve said, they prefer the carrot to the stick. The ICO’s record stands to reason. In 2016/17, the regulator dealt with over 17,000 cases. Only 16 resulted in a fine.

Learn more: download VinciWorks’ GDPR guide to make sure your business is ready for GDPR implementation on 25 May.

Continue reading

The number of cyber attacks hit an all-time high last year, with the threat expected to increase in 2018. The highest profile attack, WannaCry, affected over 230,000 organisations worldwide and caused the NHS to cancel appointments and operations. Human error remains the most likely cause of cyber breaches, with phishing emails the no. 1 tactic used by attackers. In more sophisticated attacks, such as spear phishing attacks, phishing emails will target individuals or organisations, being more personalised to include the victim or company’s name. The results of such an attack can be devastating, often resulting in sensitive information being compromised and financial repercussions.

Two new courses added to cyber security suite

VinciWorks’ cyber security suite has now been updated to help protect staff from the latest threats. We have added two new short courses, allowing users to learn how to protect themselves and their organisation in just five minutes.

Continue reading

In a speech given in Singapore for the 21st World Congress on Safety and Health at Work, Manpower Minister Lim Swee implored countries around the world to invest more effort in reducing the number of workplace deaths and injuries.

Addressing the congress – which included around 3,500 delegates from more than 100 countries – Mr Lim outlined the approach he hoped countries would adopt to reduce fatalities and accidents to below the current average of 1.9 fatalities per 100,000 workers (in the UK this figure was 0.4 per 100,000 in 2016).

Noting that different countries cite different averages for workplace accidents and fatalities, Mr Lim expressed his hope that each would learn from the other and work together to raise the profile of occupational health and safety across the board. He reiterated the importance of instilling a mind-set of safety and accident prevention in employers around the globe, and stressed the importance of offering regular health and safety training to all employees.

In truth, and looking only at absolute numbers, the amount of workplace accidents and fatalities is higher now than it has ever been. However, this is only because the workforce has grown exponentially year on year. To reverse the trend of workplace incidents, then, would mean reducing them at a pace faster than the global workforce is growing – a hefty goal, but one Mr Lim hopes to tackle with education and training over the next decade.

How can eLearning help?

It’s essential to deliver health and safety training in an interesting and easily accessible way. All our eLearning courses include exceptional content, using advanced instructional techniques such as interactive video and gamification to create highly engaging and enjoyable learning experiences.

Here are a few strategies we employ when developing health and safety courses:

Scenario

Scenarios are an effective way to showcase real-life situations. They allow you to introduce risk-based situations and present the learners with an environment related to their job environment. For example, scenarios can be used to train employees how to act in the event of a fire.

Video

Videos make situations seem real and offer learners a clear and relatable window into safety and compliance issues. They are also a useful tool to break up text/voice-over style learning and offer users a different way to learn and retain information.

Gamification

Incorporating elements of computerised-gaming is a great way to engage and motivate learners to take part. Individuals are tasked to collect points, trophies, stars, etc. to ‘complete’ the game by answering questions or reacting correctly to scenarios.

Graphics

It’s well-known that people tend to remember more when they see than when they read; so making use of appropriate images is very important as they help learners to remember and visualise concepts.

For more information about our ‘Health and Safety Essentials’ suite of eLearning courses, feel free to contact one of our friendly team.

Since the VW emissions scandal broke in September 2015, observers have been wondering if any of the company’s executives would face jail time for their involvement in the massive fraud.

At the end of last year, Oliver Schmidt was sentenced at a court in Detroit to seven years in jail and a $400,000 fine.

Oliver Schmidt, a German national, played a key role at VW’s engineering office in Michigan. As the head of the environmental compliance team, Schmidt knew that Volkswagen vehicles did not comply to US environmental standards, and that VW was using computer trickery to fool investigators. Schmidt actively misled US investigators and is accused of destroying incriminating documents.

Before receiving his sentence, Schmidt acknowledged his complicity. “I only have myself to blame,” he said, “I made bad decisions and for that I am sorry.”

About the VW scandal

The VW emissions scandal emerged in 2015, when the Environmental Protection Agency (EPA) discovered software in VW cars designed to make the cars seem less polluting. The software detected when the cars were being tested, and then switched the engines into an alternative mode that produced fewer emissions. With this method, VW were able to make investigators believe that diesel VW cars operated within limits set by the Clean Air Act.

This means that VW engines were emitting nitrogen oxide pollutants up to 40 times beyond the quantity allowed by US law.

Learning from VW

Volkswagen’s fraud has cost the company billions, lost them decades of goodwill, demolished trust and lead to resignations, recriminations and now, for Oliver Schmidt, jail time. The total cost of the scandal is difficult to determine because it is so vast, and because some effects will not be fully realised in the short term. Only time will tell how badly this incident affects VW.

What happened at VW is a reminder of how bad decisions at one level can ripple up through an organisation. Even though VW employees are reported to have warned against the fraud before it became company practice, the warnings were not heeded. The executives that gave the green light to the scam were blinded by the bucks; all they could see was the immense earning potential of their supposedly low-emission diesel cars. Profits were prioritised over ethical, environmental and legal concerns.

This highlights a key challenge for all organisations; how do we put compliance and lawfulness above profit? How do we ensure an ethical corporate culture, even when the temptation to cheat is so great?

At VinciWorks, we create eLearning programmes on a range of compliance topics, including Environmental Awareness, Code of Conduct, Competition Law, and Treating Customers Fairly. Because our training is online, it can be easily delivered to all personnel, wherever they are based. VinciWorks training is a practical solution to manage your compliance training requirements. Contact our team to learn more about our eLearning.

Symbol of corporate social responsibilityWhat is your organisation doing to embrace social responsibility? Social responsibility initiatives are not only good for the community, they build brand equity and reputation, and enhance client satisfaction. VinciWorks has created a free corporate social responsibility (CSR) policy template that can be used to clearly communicate CSR initiatives to clients and align employee behaviour.

Download policy template

ESG update – 2022

In the last few years, the term ‘ESG’ (environmental, social and governance) has somewhat eclipsed CSR. This doesn’t mean CSR is gone or no longer useful, but it can be helpful to consider CSR in the context of ESG. For more information about what ESG is, what it means, and how it relates to CSR and your business, view our ESG resources page which is constantly updated with new ESG information, guides, webinars and courses.

www.vinciworks.com/ESG

CSR Policy Template: What is CSR and what is a CSR policy template?

Corporate social responsibility refers to the way in which businesses regulate themselves to help ensure that they are socially accountable to themselves, their stakeholders, and the public. Sometimes called “corporate citizenship,” corporate social responsibility helps organisations be conscious of the impact they have on society, including economic, social, and environmental factors. A CSR policy template helps organisations that don’t have their own company policies in place by providing a model that can be used as an example and adapted to the individual needs of each organisation.

CSR Policy Template

What should be included in a CSR policy?

Here is some guidance on what to include in your corporate social responsibility policy:

Introduction

Begin the policy by acknowledging that the way your business is run affects society. While organisations have a responsibility towards their staff, clients and contractors, they must also consider the wider community in which they operate. The introduction should also state your organisation’s commitments to CSR.

Continue reading

After a successful 2017 that saw over 170,000 course completions, we are excited to present our tentative plan for our new course releases and updates planned for 2018. Every year, Vinciworks plans its course schedule based on a combination of client feedback and prevalent compliance issues.

Updated cyber security training suite with two new courses

After several high profile cyber attacks exposed millions of systems in 2017, VinciWorks is set to release two mini courses to help staff protect themselves and their organisation from the latest threats. Each course can be completed in just five minutes. The two new courses are:

Continue reading

21 FebruaryOn Tuesday 21 February at 12pm, Director of Best Practice Gary Yantin will be joined by Director of Course Development Nick Henderson to explore the challenges facing organisations in preparing for GDPR and give guidance on what still needs to be done.

The webinar will cover:

  • Is your organisation ready for the changes?
  • What are your biggest challenges?
  • Conducting Data Protection Impact Assessments (DPIA) and making the most out of them?
  • Dealing with sensitive categories of data
  • What to consider when appointing a Data Protection Officer
  • The Data Protection Bill 2018 There will be an opportunity for answering your questions.

The webinar will end with the opportunity to have any questions on the topic answered. You can register for the webinar by clicking on the button below.

Register now

Many products currently available on the UK High Street are made by, or contain ingredients produced by, adults and children trapped in slavery. This is a global problem, so far-reaching that The International Labour Organisation (ILO) estimates the number of Modern Slaves is now approaching 25 million (and growing). These adults and children generate billions of dollars in revenue for those exploiting them, prompting a commitment by world leaders at the G20 summit in July 2017 to take ‘immediate and effective measures’ against forced labour.

It’s true that awareness of this problem has grown in recent years, leading to legislation being introduced to combat it and increase commitment from organisations, especially large, global ones, to identify and eliminate Modern Slavery from their supply chains. This is a difficult task, however, largely because supply chains are increasingly complex in big companies and often cross several countries’ borders.

In 2015 the UK introduced ‘The Modern Slavery Act’. It aims to clamp down on the trafficking of people into the UK, but also requires big UK businesses to report on how they tackle slavery in their global supply chains. Under the Act, companies with an annual turnover of over £36 million must produce a Slavery and Human Trafficking statement stating what they are doing to prevent modern slavery abuses in their operations and supply chains. This is true even if the company in question is doing nothing – they must admit to this in their transparency statement. All companies should have published their first statement by 30 September 2017.

In addition to Modern Slavery, the issue of child labour is also becoming increasingly spotlighted. The ILO estimates that over 150 million children aged between 5 and 17 are involved in child labour, and often in hazardous industries with dubious health and safety practices. MSCI, the global research and analysis firm, has identified 62 companies against which allegations have been made about employing under-age workers. MSCI is concerned that large scale use of child labour could affect the long-term viability of such companies.

So, what can be done by organisations to identify labour exploitation in the supply chain?

There are a number of red flags that can help supply chain managers and buyers to identify areas of their organisation’s supply chain that are vulnerable to slavery, human trafficking, and the exploitation of child labour.

Red flags include:

  • The location of the suppliers. The Global Slavery Index identifies regions and countries that have an increased risk of labour exploitation. These include India, China, Thailand and Bangladesh.
  • Labour hiring practices of the suppliers. A variety of red flag practices can occur during the recruitment, employment, and contract termination of workers. For example, workers being charged excessive recruitment fees, being misinformed of the contract details, or not being provided with a clearly written contract.
  • Industry sector. Some industries are considered more at risk than others as they tend to operate in countries that have minimal labour laws or because the work is seasonal and therefore temporary. These industries include: agriculture, clothing and footwear manufacturers, construction, and hospitality.
  • Publicise labour standard concerns. An organisation which has previously been linked to unethical labour practices either via a media campaign, non-government organisation report (such as the Ethical Trading Initiative) or through audit non-compliance should be considered as a risk and investigated further before being selected as a supplier.

A supply chain mapping exercise should be carried out on existing suppliers to identify which of them could potentially be using slave labour. When sourcing a new supplier these red flags should be considered early in the sourcing process. Self-assessment questionnaires can be used to gather information from potential suppliers in relation to the red flags.

All this information should be collated to determine whether the supplier is high, medium or low risk. Once the risk level of the supplier has been identified a decision can be made whether to enter into a supplier agreement with them.

As part of any supplier agreement, suppliers should agree to participate in and fully co-operate with regular audits and/or onsite assessments. This will ensure that they are maintaining their ethical standards and that information provided in their self-assessment documentation and transparency statement is accurate. It will also help to determine whether they are being successful in tackling human trafficking and modern slavery in their organisation.

Can VinciWorks help?

We have a range of courses covering the issue of Modern Slavery, including an introduction and overview of what Modern Slavery is, detailed information of how to identify and assess the risk of Modern Slavery in your supply chain, and how to write/publish a Modern Slavery Transparency Statement in line with legislation.

As ever, we’re more than happy to chat through your requirements on this important issue.

Data protection lock

The General Data Protection Regulation (GDPR) is now in force. GDPR’s reach is global. Any company that offers goods or services to anyone in the EU will be required to comply.

If you haven’t started to comply, or are not sure what to do next, following these steps will help ensure you are ready for GDPR day.

1. Undertake a data audit

Organising an in-depth data audit across your organisation and all parts of the business is crucial to understanding where data exists, how it is used, and what should be done next. Think of data like oil running through an engine; it powers your organisation and makes it function, but it can also leak if the various conduits are not working properly. After an audit, you should be better able to identify risks, weak spots and priority areas to address.

Continue reading

Dollars from a suspicious transaction

Are your staff able to spot suspicious transactions when it comes to money laundering?

Suspicious transactions in money laundering

A suspicious transaction is any transaction or business dealing which raisis in the mind of a person involved any concerns or indicators that there may be something illegal or something related to money launering or terrorist financing involved the the transaction or dealing.

Examples of the money laundering suspicious activity

A few examples of suspicious transactions include the following:

  • Abnormally large transactions
  • Cash payments or deposits where this has not been the norm
  • Customer is reluctant to provide personal information or provides insufficient, hard to trace, or fictitious information
  • Any transaction whose nature, size, or frequency appears unusual or out of the norm for that customer or account
  • Accounts opened in offshore or high risk locations where, for example, drugs or drug trafficking may be prevalent
  • Transfer of investments to apparently unrelated third parties
  • Evidence of customer being a PEP
  • Use of multiple currencies in a transaction

There are many ways that someone will try to launder money, meaning that spotting the crime before it’s too late can sometimes be challenging. Here is some guidance on how to spot suspicious transactions and best practice on how to deal with such suspicions.

There are many ways that someone will try to launder money, meaning that spotting the crime before it’s too late can sometimes be challenging. Here is some guidance on how to spot suspicious transactions and best practice on how to deal with such suspicions.

7 ways to identify suspicious transactions

The guidance below is taken from our interactive e-learning course, Anti-Money Laundering: Know Your Risk. You can demo the course for free here.

E-commerce

Definition: payment for a service or product online through a credit card and other electronic payment systems.

The risk: e-commerce payments create ample opportunity for money laundering and terrorist financing. Selling counterfeit goods online or no goods at all or making payments and transfers where the credit card or the user does not need to be verified are often a blind spot in AML prevention measures.

Tip: have strong identity verification measures and transaction monitoring in place. Using technology to uncover suspicious activity can help reduce the money laundering risk of online payments.

Continue reading