VinciWorks by the numbers: 2016 a year in review

In the waning days of 2016, as we huddled around our board room fireplace with hot chocolate and crumpets, we took some time to reflect on a stellar 2016 and look forward to the incredible new innovations yet to come in the new year.

14 new courses

Traditionally VinciWorks has provided compliance training primarily to the legal sector. We proudly train over 20% of all UK solicitors and work with 60 of the top 100 global law firms.

In 2016 we expanded our corporate offering significantly and created courses that are tailored to many new industries.

This year we introduced the Corporate Compliance Suite, which includes courses on the Bribery Act, money laundering, information security, cyber security, diversity and the Modern Slavery Act. There are sector-specific courses for accountants, corporates, estate agents and financial services firms.

Other new courses

Continue reading

What We Learnt From The Panama Papers

iceland PM resigns over panama papers
Iceland’s prime minister resigns in response to the controversy over his offshore holdings, exposed by the Panama Papers.

A cyber security breach of major magnitude was reported in April 2016 and involved Panamanian law firm Mossack Fonseca. The breach revealed information including millions of documents and emails with data about the firm’s clients, both individuals and companies.

It is still unclear whether the attacker is an insider with access to the firm’s systems or an entity from the outside.

Another possibility is that the breach was less of a sophisticated attack but rather the result of out-of-date security and inferior cyber security measures at the firm. Continue reading

Mapping VinciWorks Courses to the SRA’s Continuing Competence

Under the SRA’s New Approach to Continuing Competence, solicitors are required to reflect on the SRA’s Competence Statement, identify knowledge gaps and undertake learning to bridge those gaps.

All of VinciWorks’ courses correspond to competencies in the Competence Statement and can be used to bridge learning gaps. The guide below is a complete mapping of our courses with the Competence Statement.

Download the guide

Continuing Competence is Here: Five Practical Steps to Take Now

continuing-competence-moduleThe SRA’s new approach to continuing competence comes into effect Nov 1.

According to our research, only 25% of firms have implemented the changes to CPD. If your firm has not begun the transition, you should expect a time-consuming and complex process.

Confused where to begin? Below are four practical steps you can take to prepare your firm for the changes to CPD.

 

competence step 1 1. Become Experts
VinciWorks has published an hour-long webinar for compliance officers and L&D staff. It takes a deep dive into the regulation, reviews SRA guidance and presents best-practice case studies. Watch the 1-hour webinar

competence step2

2. Train your staff
VinciWorks has published an hour-long webinar for compliance officers and L&D staff. It takes a deep dive into the regulation, reviews SRA guidance and presents best-practice case studies. Preview 10-minute course

competence step33. Record your learning
The Continuing Competence Module is the first compliance solution designed specifically for the SRA’s new approach to CPD. It guides solicitors through the reflective learning process and enables them to keep their learning record organised and up-to-date. Sign up for free

competence step4

4. Monitor Compliance
The VinciWorks Learning Management System enables administrators to monitor and track compliance with continuing competence. The dashboard provides a holistic view of solicitors’ learning plans and progress. See Demo

5. Talk to usphone
VinciWorks has already helped tens of firms transition to the new regime. We are in close contact with the SRA and have developed a toolkit for adopting the new approach. To learn more about our consulting services call us at 0208 815 9308 or email us at [email protected].

Security update: penetration testing complete and new features

Cybersecurity CoursesVinciWorks is committed to the highest cyber-security and data protection standards in all of its products. We have published guidance on the EU GDPR and a new cyber security course will be released next month.

Below are a number of updates and feature enhancements that ensure strict levels of information security.

New security feature – force password reset

Administrators can now enforce a stricter password policy across the organisation. If users were using generic or simple passwords, administrators can now force password reset on next login. To activate this feature contact your VinciWorks representative.

Continue reading

New LMS Feature: Custom Feedback Forms for All Courses

In the VinciWorks LMS there are many properties that can be customised through the “Edit Course Properties” screen.

course-properties

These include:

  • Access type (private vs. public)
  • Pass mark
  • Special instructions
  • File attachments
  • Feedback forms

Custom feedback forms

In the latest release we added the ability to link any course with external feedback forms. This enables firms to create custom forms in SurveyMonkey or other tools and prompt users to fill in the form after completing the course. Continue reading

Notwithstanding the fear and uncertainty — Brexit will not affect data protection laws

Brexit will not affect data protection laws

There has been a lot of confusion and fear mongering around the implications of Brexit to data protection law.

However, despite the current media frenzy, nothing will actually change in the short term. The Data Protection Act 1998 is an Act of UK Parliament and remains the law of the land regardless of the UK’s EU status. The ICO made this point clear when it released a prompt statement on 24 June:

“The Data Protection Act remains the law of the land irrespective of the referendum result.”

In other words, for at least the next two years there will effectively be no changes to data protection laws.

Brexit and GDPR

As we have reported, the European Union will likely sign General Data Protection Regulation (GDPR) into law in 2016. The regulation represents the most significant global development in data protection law since the EU Data Protection Directive in 1995 and, due to the sweeping changes, firms are already investing serious resources in preparation for GDPR.

The crux is that a “regulation”, unlike a “directive”, is applicable in all EU member states without the need for national legislation. The expected enforcement date is spring 2018, right around the expected official Brexit date. With the UK leaving the EU, technically GDPR no longer applies and the UK is not currently working on a similar update to its data protection laws.

Therefore, the question on everybody’s mind is: will UK companies need to adhere to GDPR after Britain exits the union?

The likely answer is yes. GDPR, or some form of it, will be binding for UK companies regardless of Brexit, and companies should continue preparing for the regulations. There are two main reasons for this.

1. GDPR applies to non-EU companies

The regulation states that it applies to any non-EU companies that process the data of EU residents. This is true even if a company has no physical presence in the EU. Therefore, for most UK companies, the cost of doing business with Europe will be adhering to GDPR.

2. The ICO intends to introduce ‘adequacy’

According to the ICO statement from 24 June 2016:

“If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK. But if the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.”

The ICO is signalling that it will push the UK legislature to implement laws that are similar to GDPR in order to facilitate cross-border commerce.

The danger here is that the ICO might have to negotiate a ‘Model Clause’ contract that companies can use to facilitate and regulate transfer of data between EU and non-EU countries. This process has been fraught with issues in US-EU relations, with the European Court of Justice overturning the Safe Harbour treaty in October and officials scrambling to negotiate the new EU-US Privacy Shield.

Alternatively, Parliament will implement data protection laws that are identical or similar enough to the GDPR. In that scenario the UK and EU could come to an understanding that data can flow securely and freely across borders without the need for companies to have Model Clauses.

Next steps

In spite of Brexit, companies should continue preparing for GDPR as if Remain won the referendum. If you are responsible for implementing compliance with GDPR and you do not know where to start, the ICO has published a guide with 12 steps to take right now in order to prepare for the GDPR.

The Modern Slavery Act – A Guide to Compliance

Time is ticking on the Modern Slavery Act. Organisations with a financial year ending 31 March 2016 have a looming compliance deadline in September.

Under the Act, organisations with over £36m in revenue must publish a slavery and human trafficking statement within six months of their financial year. This statement should detail the steps taken to identify and eradicate slavery from the supply chain, including:

  • Slavery and human trafficking policies
  • Due diligence procedures
  • Risk assessments and KPIs
  • Staff training

Forming a proper statement takes months of preparation. Policies need to be drafted, staff must be trained. Now is the time for all companies affected by the Act to start laying the groundwork for compliance.

VinciWorks has released a complimentary guide to compliance with with the Modern Slavery Act. Written by experts on the new law, the guide details the steps you must take to prepare a slavery and human trafficking statement. It includes sample statements, practical examples and checklists.

Download the guide

Introducing Human Nagware

FOR IMMEDIATE RELEASE
April 1, 2016

Introducing Human Nagware

Because sometimes email is not enough

London — Convincing people to complete their compliance training has always been a challenge. Work deadlines, client pressures and other high priority tasks all contribute to employees neglecting their online courses. However, training on topics such as money laundering, bribery and diversity is mandatory and important.

Due to compliance requirements, firms require that staff complete training, and expensive administrative resources are spent chasing non-compliant individuals. Moreover, low completion rates expose firms to regulatory sanctions.

How Nagware changed compliance

In 2011 VinciWorks improved the state of compliance training forever when it introduced its revolutionary Nagware. With Nagware firms could auto-remind employees to complete training with gently escalating reminder emails.

“Nagware was a game changer”, Howard Finger, VinciWorks’ CEO commented. “Overnight, course completions tripled. Firms were asking us to incorporate Nagware into other processes in order to increase compliance rates. To fulfil that request we developed Policy Tracker for tracking policy compliance and we integrated Nagware into the Risk Management System for control procedures. We are now looking at Nagware for the Breaches Register and the Annual PI Questionnaire.”

Nagware did not go far enough

However, Nagware did not go far enough. In a pilot programme with Local Law LLP to test the efficacy of different Nag regimens, the compliance rate never rose above 75%. Nigel Plaskitt of Local Law summed up the experiment: “We threatened, we cajoled, we sent ominous emails from the managing partner. Nothing seemed to work. There were always 15-20 people who did not complete the mandatory courses.”

The only solution was a human touch

Adam Sinclair, VinciWorks’ Director of Product was tasked with finding a solution. “We hired UX experts, social scientists, you name it; we threw every resource we had at the product. We tried iPhone apps, robo-calling and text-messaging. The best we could achieve was 85% compliance.”
Continue reading