The Criminal Finances Act has been in force since 2017. While there have been no prosecutions as yet, HMRC are currently investigating thirteen potential violations of the Corporate Criminal Offence of failing to prevent the facilitation of tax evasion.
The Act places responsibility on businesses to make sure none of their employees are involved in helping someone evade their taxes. If they do, and if the business failed to have “reasonable procedures” to prevent or expose it, then the business itself could be found guilty and liable for some pretty steep fines.
This offence is broad-reaching. It can be committed whether or not the company is UK-based or established under the law of another country, or whether the associated person who performs the criminal act of facilitation is in the UK or overseas.
The Six Guiding Principles of The “Reasonable Procedures” Defence
Under this legislation, businesses can be held responsible for the actions of their employees, whether or not the business was aware of an employee’s criminal activities. A business’ only defence is to take “reasonable measures” to ensure that its employees do not facilitate tax evasion. Government guidance recommends the following six “reasonable measure” principles:
Proportionality of risk-based prevention procedures
In a survey carried out by VinciWorks, a staggering 50% of respondents said they weren’t confident their organisation would deal with a report of sexual harassment very seriously. And worse, 10% of respondents said that they had been shown sexually explicit or inappropriate content at work. The results of this survey and others evidence that in an environment where harassment is tolerated and complaints ignored, abuse will thrive. Sadly, a study by the US Equal Employment Opportunity Commission critically shows that 75% of victims don’t report abuse because they fear retaliation, whilst 75% of victims who did report abuse experienced retaliation.
Whistleblowing regulations in the UK
The current legislative framework governing whistleblowing in the UK was introduced by the Public Interest Disclosure Act (PIDA), which has been in force for some 20 years. PIDA amended the Employment Rights Act and its aim was to protect workers who blow the whistle not only for personal gain, but also for public interest.
PIDA clearly states that the dismissal of an employee for whistleblowing is automatically considered to be unfair if the reason, or the main reason, for their dismissal was that they made a “protected disclosure”.
Karla Gahan, Deputy Global Head of Risk & Advisory at VinciWorks
On 27 February, VinciWorks hosted its second in a series of risk masterclasses. In the interactive business continuity masterclass, experts Karla Gahan and Dean Hughes shared insights on how to run a tabletop exercise within your own organisation. Delegates were presented with a clear structure on how to prepare for and run a tabletop exercise. They also participated in a mock exercise, enabling them to understand how best to facilitate a session.
Guest speakers provide further insight on business continuity planning
We were delighted to invite business continuity experts to share their insights during the masterclass. Sam Dawson from disaster recovery and restoration provider Belfor discussed the services Belfor offer in the case of an emergency. Former firefighter Russ Timpson from Horizonscan shared his expertise on the role fire safety plays on your company’s business continuity plan.
We are all leaders, mentors, influencers or decision-makers at some level and we are all responsible for managing the risks and opportunities that our organisations face. But how does the pace of change impact on our people and their willingness to own risk? How do we contribute to the development of a climate that encourages ownership and individual success? And how do we build a culture where people are empowered and can have the conversations that really make a difference.
Karla Gahan, Deputy Head of Risk and Advisory at VinciWorks, will be speaking at the International Institute of Risk and Safety Management (IIRSM) annual conference on 28 March.
The unthinkable has happened and you’re busy gathering your business continuity team together to manage the incident. You pop your head around the door to the Head of HR and they say they have no idea that they’re meant to be on the team. The Head of Legal says the same. You’re already in a high-pressure situation as time is against you and now you need to explain to these people how the team works when what you really need is for them to mobilise quickly and perform their role.
Many organisations have detailed business continuity plans sitting on their shelves and the board, the auditors and often the insurers are expecting that the team will be able to respond quickly should an incident occur. However, many business continuity teams have never even met, let alone understand their role or what they will need to do in the heat of an incident. Tabletop exercises are an essential part of the business continuity process. However, many organisations may not have the experience or buy-in to conduct this training. Part of the issue in convincing organisations of the true value of these sessions is a lack of understanding of the benefit these exercises can bring.
As part of our commitment to providing our clients with better and more efficient products, we are pleased to announce that we have upgraded Omnitrack’s workflows. This upgrade improves many aspects of the system and simplifies workflows without changing any of the current functionality. The new version will feel instantly familiar and straightforward to existing users and should not require any new training.
What is Omnitrack?
VinciWorks’ Omnitrack is a fully flexible, fully customisable data collection tool that can be used by businesses to capture, track and manage any type of information, from registers and assessments to self-reporting forms and notifications. The Omnitrack platform has the versatility and power to log data assets, record complaints and breaches, enable whistleblowing, evidence regulatory compliance and manage other business processes internally, throughout the supply chain or on behalf of independent firms subscribing to outsourced business services.
When making any decision, from deciding what to have for dinner to buying a house, many biases can come into play. The workplace is no different, with unconscious bias affecting decisions on a daily basis. For example, the intern may have a great idea that gets shut down because “she hasn’t even graduated yet”, while the almost-retired customer relations manager may raise an important concern that isn’t taken seriously because “he doesn’t understand the system”.
In this webinar, Karla Gahan and Dean Hughes explored the biases that play a role in the workplace and how the risk of those biases clouding judgment can be mitigated.
The risk identification process should involve your entire organisation, hence the phrase “everyone is a risk manager”. This means conducting surveys and interviews, analysing the responses and drafting a risk register based on those results. This is known as the transparent risk identification process because it requires everyone in the organisation to be transparent, includes the whole organisation and the results can be shared throughout the company. Here are the four steps to transparent risk identification that we recommend.
1. Collect responses and perspectives
Getting buy-in for risk management initiatives from the leadership and getting time with key stakeholders is a huge challenge faced by risk managers. The best way to do this is to start with a survey. This keeps the process brief and concise; it can cut right across the organisation and capture answers from a broad congregation. Using the appropriate tools, this is a quick and easy process and encourages engagement due to it being fully inclusive. A survey can be made available to everyone but be mandatory for those who will be getting a follow-up interview. Sending a survey to everyone promotes the risk management initiative at the organisation and reinforces the idea that everyone is a risk manager and that risk management involves the entire organisation.
On Wednesday 17 October, VinciWorks ran its first risk identification masterclass in an impressive Central London venue, the Law Society. Facilitators, experts Dean Hughes and Karla Gahan, focussed on risk identification, one of the key steps of Enterprise Risk Management (ERM). They gave guidance to delegates on how to better facilitate risk conversations, reveal awkward risks and black swans, and present those risks to the leadership with clarity and insight. This class provided delegates with the skills and confidence required to identify risks at a whole new level through a safe and constructive process.
What is risk identification?
Risk identification is the term used to describe the process of collecting, collating, classifying, refining, aggregating and disseminating risks. It is a critical step in the ERM process and takes place within the context of the risk framework. While one-off workshops and department-wide meetings play a role in risk identification, the process itself is ongoing and should be revisited on a regular basis.
Making risk management decisions can often be clouded by unconcious bias
Risk managers have a unique and privileged position in terms of being able to recognise and assist in countering unconscious bias, either explicit or implicit. When assessing and discussing risks, we are given direct access to what happens in all areas of the business and have the opportunity to observe behaviours first hand. When we notice biases as part of our role, we can help to implement measures or nudges that encourage a change in behaviour and improve culture.
Here are some practical techniques that can be used to counter the risk of unconscious bias influencing our business decisions.
Pre-meeting or workshop surveys
While conducting surveys is a standard technique for risk assessments, it is helpful in reducing bias from several perspectives. It helps to focus the conversation in subsequent meetings and elicits a personal view of the subject at hand, thereby avoiding groupthink.