Risk assessment: exposure to the new corporate criminal offence for failure to prevent tax evasion

Tax evasion

HMRC has secured more than £2.5bn from offshore tax evaders since 2010

Does the Criminal Finances Bill put you at risk?

VinciWorks has created a five minute tax evasion assessment to help you evaluate your exposure to the new corporate criminal offence for failure to prevent tax evasion.

About Tax Evasion Risk Assessment

Described as “the largest expansion of UK corporate criminal liability since the Bribery Act”, the Criminal Finances Bill creates a new corporate criminal offence for failing to prevent tax evasion. HMRC has committed to naming and shaming tax evasion ‘enablers’, those who assist individuals in evading tax. New rules mean that organisations can be held liable for assisting in tax evasion even if they were not aware that it is taking place.

Continue reading

Our new data protection course is now available

Data Protection: Privacy at Work

VinciWorks has just released the only data protection course your company needs. This course
combines the latest in policy and law with best practice guidelines for data protection. It provides real-world scenarios, interactive features and review questions to test participants’ understanding of key points. To begin, an interactive game will guide users through the complex web of decisions that every business must make when it comes to implementing data protection policies, providing a deeper understanding of the core issues.

Data Protection - Protecting Personal Data
Course modules such as Protecting Personal Data are chosen based on each users needs

Industry and Role-specific Customisable Course

This 20-minute course is our most customisable yet. At the start of the course, each user specifies their individual role, responsibilities, location, and more to create a user-specific learning plan. With over 1,000 different course options available, anyone in your organisation can take this data protection course.

After taking the course users will:

  • Understand how data protection affects real-world scenarios, with review questions to test participants’ understanding of key points
  • Know the latest in policy and law with best practice guidelines for data protection
  • Know how to comply with data protection laws for the user’s specific role in your organisation
  • Learn how changes to regulation like the General Data Protection Regulation (GDPR) affect their work

VinciWorks by the numbers: 2016 a year in review

In the waning days of 2016, as we huddled around our board room fireplace with hot chocolate and crumpets, we took some time to reflect on a stellar 2016 and look forward to the incredible new innovations yet to come in the new year.

14 new courses

Traditionally VinciWorks has provided compliance training primarily to the legal sector. We proudly train over 20% of all UK solicitors and work with 60 of the top 100 global law firms.

In 2016 we expanded our corporate offering significantly and created courses that are tailored to many new industries.

This year we introduced the Corporate Compliance Suite, which includes courses on the Bribery Act, money laundering, information security, cyber security, diversity and the Modern Slavery Act. There are sector-specific courses for accountants, corporates, estate agents and financial services firms.

Other new courses

Continue reading

New course – Cyber Security: Practical Applications

Appropriate for all staff, the course challenges learners to reassess their attitudes towards cyber security. It educates users on the sophistication of modern hackers and drives users to adopt safer cyber behaviours.

The course is designed as a 25 minute journey through a series of short interactive apps. Each app tackles a different topic and provides actionable advice for improving cyber security. The final app is a test section which verifies understanding.

Users will learn how to identify suspicious files or attacks, explore best practices for online communication, and acquire tools for integrating cyber security into their work flow.

Continue reading

New VinciWorks Feature: Single Sign-On with SAML

VinciWorks now helps clients avoid logging in separately with the ability to automatically sign into VinciWorks products using Single Sign-On (SSO).

How it wSSOorks

Single Sign-On gives you complete ownership of the authentication process and works with your company’s existing password policies.

SSO works behind the scenes to let users sign in one time to securely access all of their VinciWorks apps. For users, SSO means ease — one fewer password to remember and one fewer step to get to your work.
Once logged in to your system, there’s no need to sign in to VinciWorks separately. For IT admins, SSO means additional security and administrative management.

Techy details

VinciWorks’ SSO uses the industry-standard Security Assertion Markup Language (SAML) and integrates with a wide range of identity providers including Active Directory, OneLogin and many others.

Next steps

VinciWorks has developed a full guide to implementing SAML with your systems. To learn more and receive a copy of the guide, simply email your VinciWorks representative or leave your details below.

Security update: penetration testing complete and new features

Cybersecurity CoursesVinciWorks is committed to the highest cyber-security and data protection standards in all of its products. We have published guidance on the EU GDPR and a new cyber security course will be released next month.

Below are a number of updates and feature enhancements that ensure strict levels of information security.

New security feature – force password reset

Administrators can now enforce a stricter password policy across the organisation. If users were using generic or simple passwords, administrators can now force password reset on next login. To activate this feature contact your VinciWorks representative.

Continue reading

Notwithstanding the fear and uncertainty — Brexit will not affect data protection laws

Brexit will not affect data protection laws

There has been a lot of confusion and fear mongering around the implications of Brexit to data protection law.

However, despite the current media frenzy, nothing will actually change in the short term. The Data Protection Act 1998 is an Act of UK Parliament and remains the law of the land regardless of the UK’s EU status. The ICO made this point clear when it released a prompt statement on 24 June:

“The Data Protection Act remains the law of the land irrespective of the referendum result.”

In other words, for at least the next two years there will effectively be no changes to data protection laws.

Brexit and GDPR

As we have reported, the European Union will likely sign General Data Protection Regulation (GDPR) into law in 2016. The regulation represents the most significant global development in data protection law since the EU Data Protection Directive in 1995 and, due to the sweeping changes, firms are already investing serious resources in preparation for GDPR.

The crux is that a “regulation”, unlike a “directive”, is applicable in all EU member states without the need for national legislation. The expected enforcement date is spring 2018, right around the expected official Brexit date. With the UK leaving the EU, technically GDPR no longer applies and the UK is not currently working on a similar update to its data protection laws.

Therefore, the question on everybody’s mind is: will UK companies need to adhere to GDPR after Britain exits the union?

The likely answer is yes. GDPR, or some form of it, will be binding for UK companies regardless of Brexit, and companies should continue preparing for the regulations. There are two main reasons for this.

1. GDPR applies to non-EU companies

The regulation states that it applies to any non-EU companies that process the data of EU residents. This is true even if a company has no physical presence in the EU. Therefore, for most UK companies, the cost of doing business with Europe will be adhering to GDPR.

2. The ICO intends to introduce ‘adequacy’

According to the ICO statement from 24 June 2016:

“If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK. But if the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.”

The ICO is signalling that it will push the UK legislature to implement laws that are similar to GDPR in order to facilitate cross-border commerce.

The danger here is that the ICO might have to negotiate a ‘Model Clause’ contract that companies can use to facilitate and regulate transfer of data between EU and non-EU countries. This process has been fraught with issues in US-EU relations, with the European Court of Justice overturning the Safe Harbour treaty in October and officials scrambling to negotiate the new EU-US Privacy Shield.

Alternatively, Parliament will implement data protection laws that are identical or similar enough to the GDPR. In that scenario the UK and EU could come to an understanding that data can flow securely and freely across borders without the need for companies to have Model Clauses.

Next steps

In spite of Brexit, companies should continue preparing for GDPR as if Remain won the referendum. If you are responsible for implementing compliance with GDPR and you do not know where to start, the ICO has published a guide with 12 steps to take right now in order to prepare for the GDPR.

Risk Management System updated with new fields and new reports

Version 2.01 of the Risk Management System includes many enhancements and built in reports.

New fields in the risk assessment process

We have added several new fields for risks: risk velocity, explanations for assessments, tolerance, further actions being considered, review date, and several new fields for controls: type, effectiveness score, effectiveness description, improvements being considered or pursued, review date.

risk-assessment-fields [2]

Continue reading

Hochtief AG admits to insider trading contravention

ASIC has started legal action in the Federal Court of Australia against German construction group holding company Hochtief Aktiengesellschaft (Hochtief AG), seeking a declaration of contravention and a financial penalty order against the company for insider trading.

ASIC’s action centres on the early 2014 on-market acquisition of ordinary shares of Leighton Holdings Limited (now called CIMIC Group Limited) (ASX code: LEI) by Hochtief AG’s subsidiary, Hochtief Australia Holdings Limited (HAHL).

ASIC alleges that Hochtief AG contravened the insider trading provisions of the Corporations Act by procuring HAHL to acquire LEI when, on, 29 January 2014, it varied previous instructions to acquire a large parcel of LEI (by pushing out the last day to purchase the shares from 31 January 2014 to 14 February 2014) while it was in possession of insider information, being that Leighton Holdings Limited’s 2013 financial results were likely to be at the high end of previous earnings guidance.

Hochtief AG has admitted the alleged contravention.

Read the full press release