A strong code of conduct is vital for employees to know what is expected of them. A successful code of conduct that is followed by all employees, from leadership to management to each and every worker is an important part of building an ethical, inclusive culture at work.
But an organisation seeking to formulate a successful code of conduct or update an outdated one may quickly run into difficulties. Off-the-shelf training rarely encapsulates the nuances of each individual organisation’s policies and procedures, and write-your-own solutions are cumbersome and time-consuming.
What’s changing in the world of mandatory corporate compliance?
The EU’s proposed new corporate due diligence and corporate accountability directive will cover companies that sell to the EU, not just those based there. Businesses will be required to identify, address and remedy their impact on human rights and the environment. Crucially, this is likely to go up and down the value chain, which means customers as well as suppliers. Businesses could be sued inside the EU for human rights violations or environmental damage committed by their customers or end-users of their products in third countries.
The Criminal Finances Act has been in force since 2017. While there have been no prosecutions as yet, HMRC are currently investigating thirteen potential violations of the Corporate Criminal Offence of failing to prevent the facilitation of tax evasion.
The Act places responsibility on businesses to make sure none of their employees are involved in helping someone evade their taxes. If they do, and if the business failed to have “reasonable procedures” to prevent or expose it, then the business itself could be found guilty and liable for some pretty steep fines.
This offence is broad-reaching. It can be committed whether or not the company is UK-based or established under the law of another country, or whether the associated person who performs the criminal act of facilitation is in the UK or overseas.
The Six Guiding Principles of The “Reasonable Procedures” Defence
Under this legislation, businesses can be held responsible for the actions of their employees, whether or not the business was aware of an employee’s criminal activities. A business’ only defence is to take “reasonable measures” to ensure that its employees do not facilitate tax evasion. Government guidance recommends the following six “reasonable measure” principles:
Proportionality of risk-based prevention procedures
In a survey carried out by VinciWorks, a staggering 50% of respondents said they weren’t confident their organisation would deal with a report of sexual harassment very seriously. And worse, 10% of respondents said that they had been shown sexually explicit or inappropriate content at work. The results of this survey and others evidence that in an environment where harassment is tolerated and complaints ignored, abuse will thrive. Sadly, a study by the US Equal Employment Opportunity Commission critically shows that 75% of victims don’t report abuse because they fear retaliation, whilst 75% of victims who did report abuse experienced retaliation.
Whistleblowing regulations in the UK
The current legislative framework governing whistleblowing in the UK was introduced by the Public Interest Disclosure Act (PIDA), which has been in force for some 20 years. PIDA amended the Employment Rights Act and its aim was to protect workers who blow the whistle not only for personal gain, but also for public interest.
PIDA clearly states that the dismissal of an employee for whistleblowing is automatically considered to be unfair if the reason, or the main reason, for their dismissal was that they made a “protected disclosure”.
Karla Gahan, Deputy Global Head of Risk & Advisory at VinciWorks
On 27 February, VinciWorks hosted its second in a series of risk masterclasses. In the interactive business continuity masterclass, experts Karla Gahan and Dean Hughes shared insights on how to run a tabletop exercise within your own organisation. Delegates were presented with a clear structure on how to prepare for and run a tabletop exercise. They also participated in a mock exercise, enabling them to understand how best to facilitate a session.
Guest speakers provide further insight on business continuity planning
We were delighted to invite business continuity experts to share their insights during the masterclass. Sam Dawson from disaster recovery and restoration provider Belfor discussed the services Belfor offer in the case of an emergency. Former firefighter Russ Timpson from Horizonscan shared his expertise on the role fire safety plays on your company’s business continuity plan.
We are all leaders, mentors, influencers or decision-makers at some level and we are all responsible for managing the risks and opportunities that our organisations face. But how does the pace of change impact on our people and their willingness to own risk? How do we contribute to the development of a climate that encourages ownership and individual success? And how do we build a culture where people are empowered and can have the conversations that really make a difference.
Karla Gahan, Deputy Head of Risk and Advisory at VinciWorks, will be speaking at the International Institute of Risk and Safety Management (IIRSM) annual conference on 28 March.
The unthinkable has happened and you’re busy gathering your business continuity team together to manage the incident. You pop your head around the door to the Head of HR and they say they have no idea that they’re meant to be on the team. The Head of Legal says the same. You’re already in a high-pressure situation as time is against you and now you need to explain to these people how the team works when what you really need is for them to mobilise quickly and perform their role.
Many organisations have detailed business continuity plans sitting on their shelves and the board, the auditors and often the insurers are expecting that the team will be able to respond quickly should an incident occur. However, many business continuity teams have never even met, let alone understand their role or what they will need to do in the heat of an incident. Tabletop exercises are an essential part of the business continuity process. However, many organisations may not have the experience or buy-in to conduct this training. Part of the issue in convincing organisations of the true value of these sessions is a lack of understanding of the benefit these exercises can bring.
As part of our commitment to providing our clients with better and more efficient products, we are pleased to announce that we have upgraded Omnitrack’s workflows. This upgrade improves many aspects of the system and simplifies workflows without changing any of the current functionality. The new version will feel instantly familiar and straightforward to existing users and should not require any new training.
What is Omnitrack?
VinciWorks’ Omnitrack is a fully flexible, fully customisable data collection tool that can be used by businesses to capture, track and manage any type of information, from registers and assessments to self-reporting forms and notifications. The Omnitrack platform has the versatility and power to log data assets, record complaints and breaches, enable whistleblowing, evidence regulatory compliance and manage other business processes internally, throughout the supply chain or on behalf of independent firms subscribing to outsourced business services.
When making any decision, from deciding what to have for dinner to buying a house, many biases can come into play. The workplace is no different, with unconscious bias affecting decisions on a daily basis. For example, the intern may have a great idea that gets shut down because “she hasn’t even graduated yet”, while the almost-retired customer relations manager may raise an important concern that isn’t taken seriously because “he doesn’t understand the system”.
In this webinar, Karla Gahan and Dean Hughes explored the biases that play a role in the workplace and how the risk of those biases clouding judgment can be mitigated.
The risk identification process should involve your entire organisation, hence the phrase “everyone is a risk manager”. This means conducting surveys and interviews, analysing the responses and drafting a risk register based on those results. This is known as the transparent risk identification process because it requires everyone in the organisation to be transparent, includes the whole organisation and the results can be shared throughout the company. Here are the four steps to transparent risk identification that we recommend.
1. Collect responses and perspectives
Getting buy-in for risk management initiatives from the leadership and getting time with key stakeholders is a huge challenge faced by risk managers. The best way to do this is to start with a survey. This keeps the process brief and concise; it can cut right across the organisation and capture answers from a broad congregation. Using the appropriate tools, this is a quick and easy process and encourages engagement due to it being fully inclusive. A survey can be made available to everyone but be mandatory for those who will be getting a follow-up interview. Sending a survey to everyone promotes the risk management initiative at the organisation and reinforces the idea that everyone is a risk manager and that risk management involves the entire organisation.