New technologies have revolutionised how we do business, find love, travel and shop. And more recently, the digital age has shaken up the worlds of finance and banking.

But as people move to innovative banking and saving formats, how can regulators protect the public while also providing a level playing field for established banks and new entrants alike?

And how can the new breed of FinTech companies adhere to regulations without being crippled by the administrative overload?

Before we try to answer these questions, let’s define FinTech.

What is FinTech?

In brief, FinTech is the application of new operating models and software solutions to traditional financial services.

In reality, FinTech means many different things. FinTech includes mobile apps, cryptocurrencies, blockchain, peer-to-peer lending and flexible investment platforms. FinTech firms are often new startups founded by technical experts with the skills to bring bold new ideas to life.

While FinTech startups move quickly and attract bright young developers, they may not have the resources and customer base to capitalise on the promise of their inventions. This has led to a number of partnerships (and buyouts) of FinTech startups by established banking giants, meaning that some of the innovators are now underpinned by the very ancestors they sought to disrupt.

The FinTech regulation puzzle

One challenge for FinTech companies is the weight of regulation.

Starting a new financial service company can be immensely challenging, because of the huge number of laws that protect consumers and governments from bad banking practices. While the current regulatory landscape has emerged over many years, giving banks plenty of time to comply, new entrants must meet all the regulatory requirements from day one – something that can become a financial drain when income is minimal.

Consequently, FinTech startups and their supporters advocate for a light-touch approach to regulation so that they can find their feet and bring customers new ways to bank, borrow, invest and save.

On the other side of the coin, regulators want to give FinTech startups the room to grow, while also protecting consumers, corporations and governments from unorthodox financial experiments.

Regulatory sandboxes

One approach to fostering innovation while protecting consumers is to create a regulatory sandbox – essentially an environment for testing new financial products and services under tight control by regulators.

In 2013 the UK’s Financial Conduct Authority (FCA) created a regulatory sandbox for FinTech startups in their London headquarters. This gave startups a chance to develop their ideas without the usual degree of red tape and compliance challenges.

Compliance and FCA training from VinciWorks

VinciWorks provides a wide range of corporate eLearning solutions, including a suite dedicated to compliance and a selection of FCA training modules. Our eLearning can be delivered as off-the-shelf packages, or we can customise the content to suit your organisation.

Data breach: airport fined for lost USB memory stick

An airport was fined £120,000 after an employee lost a USB memory stick containing sensitive personal information. A member of the public found the memory stick on the street and viewed the files on a library computer. The contents on the USB included the times guards were scheduled to patrol for terrorist attacks and routes and security details for high-officials using the airport, one of them being the Queen.
The person who found the USB gave it to a national newspaper, which copied the contents of the stick before it was returned to the airport.
According to Steve Eckersley, ICO director of investigations: ‘Data protection should have been high on airport’s agenda. But our investigation found a catalogue of shortcomings in corporate standards, training and vision that indicated otherwise.’

To read the full story click here

Council fined £25k for sex discrimination

A former council worker was paid £25k in a sex discrimination case. During her five year employment at the council, she said she was denied overtime and training that was only offered to her male colleagues. She claimed she was ordered to clean the kitchen and the toilets, because the toilets ‘needed a woman’s touch’. She complained internally according to the council’s grievance policies and procedures, but the council responded with abusive and rude language. According to her, she always felt as if she had to prove herself more than her male colleagues. This had a huge affect on her self-worth and made her feel inferior to other men at work.

Michael Wardlow, chief commissioner of the Equality Commission, said that asking to clean the toilets because they needed a ‘woman’s touch’ was a ‘direct and inappropriate reference to her gender. Employers must make sure, not only that they have such policies in place, but that all their staff are fully aware of the importance the employer places on implementing them’.

Spokesperson of the council said: ‘the council is committed to promoting equality of opportunity for all employees and further embedding these principles within the organisation, through an ongoing programme of training and development’.

To read the full story click here

Two dead at the poultry factory after suspected gas leak

Police were called to a poultry factory after two subcontractors were found dead from a suspected gas leak. Two ambulances, a rapid response vehicle and three hazardous area teams were rushed to the factory, but they were unable to save the two workers. The initial assessment of the accident indicated that the gas leak was caused by a refrigerator close to where the subcontractors were working. The Health and Safety Executive launched an investigation into the deaths to find the exact reason, and determined the gas leak would not cause a greater threat to the public.

Banham Poultry said: ‘We are deeply saddened and send our deepest condolences to their family and friends. We are working closely with the police and health and safety authorities to determine what happened, and are also conducting our own internal investigation.’

The factory is now for sale which could cause hundreds of jobs to be lost.

To read the full story click here

cartel defition

Businesses have a responsibility and a legal obligation to follow competition law as laid out in the Competition Act 1998. In recent years, many large companies have been fined for involvement in cartels, and it is important for businesses to be aware of the dangers and pitfalls to avoid falling foul of the law, and racking up eye-watering fines which could run up to 10% of revenue. 

What is a cartel?

A cartel is an agreement between competitors which results in anti-competitive activities. This could include an agreement to fix prices, share markets, rig bids or limit output at the expense of the interests of customers and without any countervailing customer benefits. They increase prices by removing or reducing competition which results in increased prices for customers. They have a corrosive effect on the wider economy, as they reduce the incentive for businesses to operate efficiently, innovate, and provide the best value for money for consumers. Cartels lead to higher prices, poorer quality, and restricted or no choice.

Continue reading

VinciWorks’ knowledge checks are five minute courses designed to help you and your staff assess their level of compliance, allowing you to decide on next steps. Feedback is given after each question is answered, allowing users to improve their knowledge while completing the assessment. A score is given at the end of each assessment, meaning users can easily establish how much they have yet to learn.

We have now released two knowledge checks focussing on specific aspects of data protection and the General Data Protection Regulation.

GDPR for Human Resources Staff

Screenshot of VinciWorks' Human Resources knowledge check
Each knowledge check offers feedback after each answer

This GDPR knowledge check was created for human resources staff and tests the following:

  • HR’s role in complying with GDPR
  • Processing and storing employees’ data
  • Consent, subject access requests and conditions for processing data
  • Employee rights with regards to GDPR

Free demo

Continue reading

The risk identification process
The four steps to risk identification

The risk identification process should involve your entire organisation, hence the phrase “everyone is a risk manager”. This means conducting surveys and interviews, analysing the responses and drafting a risk register based on those results. This is known as the transparent risk identification process because it requires everyone in the organisation to be transparent, includes the whole organisation and the results can be shared throughout the company. Here are the four steps to transparent risk identification that we recommend.

1. Collect responses and perspectives

Getting buy-in for risk management initiatives from the leadership and getting time with key stakeholders is a huge challenge faced by risk managers. The best way to do this is to start with a survey. This keeps the process brief and concise; it can cut right across the organisation and capture answers from a broad congregation. Using the appropriate tools, this is a quick and easy process and encourages engagement due to it being fully inclusive. A survey can be made available to everyone but be mandatory for those who will be getting a follow-up interview. Sending a survey to everyone promotes the risk management initiative at the organisation and reinforces the idea that everyone is a risk manager and that risk management involves the entire organisation.

Continue reading

An example of VinciWorks' LMS 6.0 dashboard
An example of VinciWorks’ LMS 6.0 dashboard

What is a learning management system (LMS)? Who needs an LMS? How do they help with learning? While many have heard the term, for others it may be difficult to understand exactly what an LMS is and how it could be helpful to your organisation. Here is everything you need to know.

What is a Learning Management System?

The best way to describe a learning management system is to break down the title.

Learning – organisations manage ranges of staff, from a small team of ten to a multitude of departments, amounting to thousands of employees. Those employees are assigned to train on a number of topics, ranging from compliance training such as anti-money laundering, to webinars, workshops and seminars.

Continue reading

Download the New York sexual harassment whistleblowing policy template

When it comes to any potential foul play at work, it is important that employees understand when they should share their concerns, who they should share them with and how to do so. In order to ensure all your staff feel comfortable raising any concerns they have regarding whether staff or clients are involved or assisting in sexual harassment, we have created a detailed whistleblowing policy template. The template can easily be edited to include relevant contact information, the company name and any company-specific procedures. The template is fully compliant with the New York State and City sexual harassment regulations.

Download policy template

Continue reading

Ruth Cohen, VinciWorks' Legal and Research Executive
Ruth Cohen, Legal and Research Executive at VinciWorks

Director of Best Practice Gary Yantin and Legal and Research Executive Ruth Cohen recently travelled to Birmingham to meet with the SRA and discuss what’s coming up in the next 12 months. The new SRA Handbook is going to see some important changes in the regulation of solicitors, and we’re working hard at VinciWorks to make sure you have the tools you need to understand the Handbook and be compliant with the updated rules.

Overall, solicitors can not only expect a shorter, simpler code but two codes of conduct; one for individuals and one for firms. Nevertheless, the revised, 20th edition of the SRA Handbook was published on 1 October and contained a series of changes to the Insurance Distribution Directive (IDD).

The key changes being introduced by the SRA

SRA to provide regulatory guidance, yet support additional training from compliance providers

The SRA, while focusing on regulation, will be providing guidance to support the implementation of the upcoming regulatory changes. In addition to their own guidance, the SRA sees the role of compliance providers such as VinciWorks to provide additional guidance and training materials for law firms.

Continue reading

The risk identification process
The four steps to risk identification

On Wednesday 17 October, VinciWorks ran its first risk identification masterclass in an impressive Central London venue, the Law Society. Facilitators, experts Dean Hughes and Karla Gahan, focussed on risk identification, one of the key steps of Enterprise Risk Management (ERM). They gave guidance to delegates on how to better facilitate risk conversations, reveal awkward risks and black swans, and present those risks to the leadership with clarity and insight. This class provided delegates with the skills and confidence required to identify risks at a whole new level through a safe and constructive process.

What is risk identification?

Risk identification is the term used to describe the process of collecting, collating, classifying, refining, aggregating and disseminating risks. It is a critical step in the ERM process and takes place within the context of the risk framework. While one-off workshops and department-wide meetings play a role in risk identification, the process itself is ongoing and should be revisited on a regular basis.

Continue reading

Judge sitting at his desk

Section 11 of the Criminal Finances Act 2017 amends the Proceeds of Crime Act (POCA) and affects the regulated sector. The new data sharing regime enables regulated persons to request and share information with their regulated peers, free in most respects from contravening the EU’s General Data Protection Regulations (GDPR). Any disclosure “made in good faith” that does not breach any duties of confidence or “any other restriction on the disclosure of information”.

The purpose is to encourage the sharing of information from different entities in the regulated sector and better enable the collation of multiple reports of potential money laundering into a single Suspicious Activity Report (SAR).
Continue reading