Many businesses, such as law firms and accountancy firms, need to collect and analyse data from employees for regulatory and compliance purposes. While many firms carry this out annually, some may do it more often. VinciWorks spoke to several firms to learn how they collect, analyse and track responses from the annual declarations questionnaire, often referred to as annual compliance questionnaire, to uncover the key challenges in the process. What we learnt helped us develop our annual declaration reporting portal.
What do the annual declarations questionnaires include?
There are no regulations guiding the specifics of what information an annual declaration questionnaire should collect. The declaration might include information on the following:
Conflicts of interest
Staff should declare whether they have had any business dealings for the firm whereby their own interests are served. If there is a conflict of interest, this must be declared in the questionnaire.
Compliance with the General Data Protection Regulation (GDPR) is an ongoing process. Organisations should regularly review and update their policies and data collection processes, as well as take training. The best way to refresh staff’s knowledge is to enrol them in a new course around once a year, rather than simply ask them to take the same course they took a year ago. With GDPR now having been in force for over a year, VinciWorks will be adding a new course to the GDPR training suite that includes both refresher training and role-specific advanced modules.
How does the course work?
The recommended use of GDPR: A Practical Overview is to put all staff through the basic six modules, and to add advanced modules for specialised staff in certain departments. Personalisation questions at the beginning of the training means staff in roles that require advanced training, such as HR, IT and marketing, can choose to take job-specific modules. The basic modules cover the basics of data, keeping data safe, working from home, data subject rights and data breaches, with review questions included within each module.
The meaning of data can be as broad as any information, from health records to a lunch order. Different kinds of data are subject to different laws with varying levels of severity. Data about a person’s health, for example, is subject to a strict set of regulations known as HIPAA. Here is some guidance on protecting your clients’ and colleagues’ data through five basic data privacy rules.
The key data principles
While specific rules on data can vary by state and jurisdiction, there are some basic rules that should always be followed. You need to be aware of these because everyone in an organization is responsible for protecting the data held on employees, customers and clients.
Last year, we released a new harassment course that was inspired by the #MeToo movement. The interactive, story-based course brings to life the real impact of bullying and harassment at work through hard-hitting stories, connects users to a global movement, and gives them a chance to have their story heard too.
We have now released a new linear version of the sexual harassment course. The new course takes users through four key sections, with questions along the way to test users’ knowledge and understanding of the topic. The course is fully compliant with US federal and local harassment laws.
On 25 November 2019, the new SRA Standards and Regulations come into effect. Replacing the SRA Handbook, the SRA Standards and Regulations stipulate the behaviours, standards and requirements expected by solicitors and other SRA regulated people.
VinciWorks has produced a whitepaper that outlines what the new Standards and Regulations will include and the challenges it presents to firms.
The whitepaper covers:
Key differences between the SRA Code of Conduct and the new SRA Standards and Regulations
The requirements of the Insurance Distribution Directive
VinciWorks’ SRA Standards and Regulations training suite
The relationship between training and continuing competence
To help businesses keep track of updates in UK legislation and policies, VinciWorks regularly publishes a short regulatory update. Since our last update in June, the UK has gained a new Prime Minister. Boris Johnson has pledged to ensure the UK leaves the European Union by 31 October 2019.
The Regulatory Agenda is designed to provide an overview of regulatory changes or new regulations recently passed, proposed, or on the agenda which are relevant to key compliance areas of VinciWorks’ clients in the UK. It is divided by the main sources of UK policy and does not include provisions which have been dropped.
Main topics from the regulatory agenda:
Acts of Parliament
Bills before Parliament
Consultations – Open
Consultations – Closed
On the horizon
You can download the regulatory agenda for July by clicking here.
Data Privacy: Fundamentals provides all staff with a comprehensive overview of data privacy rules, policy, and legislation in the United States. The course combines short bursts of learning with practical scenarios and real-life case studies to ensure all staff know how to safely and securely work with data. Interactive scenarios test and score data privacy knowledge as you progress through the training.
A unique, experiential approach to data privacy, the Fundamentals course focuses on the practical knowledge and straightforward behaviors all staff need to know to keep data safe and secure. The course can be purchased either as a stand-alone course or as part of our data privacy training suite.
Under the Equality Act 2010, employers can be held legally responsible for sexual harassment of their staff at work, if the harassment is carried out by a colleague and the employer did not take all steps they could to prevent the harassment from happening.
Whilst the government considers this law effective, it has recognised the issues and deficiencies highlighted by the #MeToo movement in recent years.
HMRC has just released its draft regulations on implementing the 6th Directive on Administrative Cooperation, known as DAC6, into UK law. From 1 July 2020, taxpayers and their advisers are required to report details of certain cross-border arrangements that could be used to avoid or evade paying tax to HMRC. The UK has been lagging behind their European counterparts in producing draft DAC6 legislation.
Money laundering is a worldwide crime that is estimated to total over $2 trillion annually. In the past 20 years, laws have been put in place in the UK to crack down on this crime. This includes Client Due Diligence (CDD) procedures your firm must follow to ensure that your firm is not assisting in money laundering activities. When staff or businesses witness any suspicious activity, they are required to submit a suspicious activity report (SAR). Here is a short guide to what a SAR consists of and how to submit one.