In our recent webinar we covered competition law and what you need to know to be compliant. We were lucky to be joined by Head of Investigations and Intelligence David Harper and Assistant Director of Cartels within the Enforcement Directorate Kwadjo Adjepong from the Competition and Markets Authority (CMA). We explored the implications of existing competition law and gave guidance on how to comply with the legislation. We also answered questions on competition law and what you need to do to comply.
What is considered inside information?
All non-public precise information relating to your company, which, if made public, would be likely to have a significant effect on the price of financial instruments relating to your company is considered to be inside information. The existence of inside information must always be reported as soon as possible to the Inside Information Committee (IIC) by any person that suspects that certain information may constitute inside information.
No inside information may be publicly disclosed by other means than official press releases in accordance with the rules. Disclosing inside information by means of sharing such information with other people, such as but not limited to: journalists, analysts, shareholders, employees or other similar persons is strictly prohibited and can constitute a crime. Inside information can only be shared with persons who need access to such information in order to fulfil their professional duties, and as long as they are bound by a duty of confidentiality and are included in the relevant insider list.
Insider trading and inside information policy
All inside information must be handled with care and strict confidentiality in order to avoid a breach. Any employee who suspects a violation of your organisation’s policy must speak up and raise the issue to their immediate manager, or follow the company’s whistleblowing procedures. VinciWorks’ insider trading and inside information policy template can easily be edited to include your business’ reporting procedures and relevant contact information.
In October, it was revealed that banker Howard Wilkinson blew the whistle on Danske Bank in 2013, beginning a five year investigation on the bank. The concerns raised by Wilkinson helped uncover an alarming €200 billion in suspicious payments being made through Danske’s Estonian branch between 2007 and 2015.
The scandal, representing money laundering on a huge scale, threw a spotlight on European banks and their efforts to protect against fraud and precipitated renewed considerations of the effectiveness of regulators’ defenses. Further, the revelation challenged businesses to up their game in installing a culture whereby whistleblowing on suspicious or illegal activity is encouraged, with clear procedures for doing so in place.
The role of anti-money laundering whistleblowers
Whistleblowers are defined as those who expose information or activities deemed illegal or unethical. They have historically played an important role in helping banks protect the economic interests of the UK and clampdown on wrongdoing in the financial services industry. Whistleblowers who report suspicions of money laundering often have inside knowledge which is vital for fighting such crimes. However, blowing the whistle on such activities can often put them in a vulnerable position; they often know the subject, or subjects, of the allegations personally through their work and are put under pressure to remain silent on the information they hold that can incriminate their colleagues. While whistleblowers are protected by the Public Interest Disclosure Act 1998, making them immune from any repercussions, many feel at risk of personal retribution when making the report.
Businesses large and small are continuing to have sensitive data held at ransom and suffer from cyber security breaches. As a result, millions of individuals’ personal data has been compromised, costing businesses billions. For example, 50 million Facebook user accounts were compromised, FIFA documents were leaked, pointing to serious corruption, and around 380,000 British Airways transactions were breached. In many cases, breaches occur a long time before the target is aware or affected users are notified, meaning a lot of damage is done before the issue can be dealt with. For example, in 2013 and 2014, a suspected 3 billion Yahoo users’ accounts were compromised in a breach that was not reported until 2016. Clear reporting procedures are therefore needed to allow all staff to easily report any cyber attacks or suspicions of a breach.
California Bill No. 375, also known as the California Consumer Privacy Act, was
approved and passed on the 28th of June 2018. While it won’t come into effect until
January 1st, 2020, it is necessary for all organizations involved to have a comprehensive understanding of the law’s requirements and what is expected of them. The Act is applicable to any business, partnership, company, corporation, or legal entity that operates for the purpose of profiting as well as collects consumer’s personal information from the state of California. While The Act has certain similarities to the EU’s General Data Protection Regulation (GDPR), it’s conditions are somewhat different.
VinciWorks has published a whitepaper that explains the California Consumer Privacy Act and gives guidance on how businesses can comply with The Act.
This time last year, GDPR dominated the compliance agenda for 2018. Like many promised cliff edges, the data protection ravine many feared business would collapse into didn’t quite materialise. While some websites are still blocking users from the EU due to alleged ‘GDPR’ issues, the shift to a new data protection regime seemed to go not too badly. This isn’t because GDPR isn’t being taken seriously, quite the opposite. The promise of eye-watering fines and enforcement action spurred a multi-industry push to get GDPR compliance right.
For that reason, GDPR stays in the lead of our top compliance trends for 2019.
1. Moving from GDPR compliance to best practice
As GDPR day on 25 May 2018 approached, businesses big and small rushed to get their privacy notices updated and flooded all of our inboxes asking us to accept their new terms of re-give consent. Most of this was pointless and unnecessary, not to mention greatly annoying to us all. Plus it exposed a rather gaping failure to grasp the six conditions for processing data under GDPR and the myth that consent is always the best or strongest condition.
Cryptocurrencies and blockchains are set to be a key compliance theme of 2019, with the upcoming Fifth Money Laundering Directive setting out to regulate cryptocurrencies. While the first and most common cryptocurrency is Bitcoin, there are now close to 2,000 in existence, with the number continuing to grow. This level of growth causes two core issues; namely that cryptocurrencies are currently unregulated and that they can be used to launder money due to the unique way in which they are traded. In addition, some cryptocurrencies are either fake or are used to fuel financial scams.
A lot of the guidance below is taken from the cryptocurrency module in VinciWorks’ anti-money laundering refresher course.
What are cryptocurrencies?
In cryptocurrency, a network of peers maintains a complete history of all transactions, and the balance of every account using that cryptocurrency. This secure system is known as the blockchain.
In the wake of the #MeToo movement, have men finally begun to grasp how widespread the issue of sexual harassment against women is?
The answer seems to be no, according to a new study which reflects how much men in the U.S.— and 12 European countries, including Britain — underestimate levels of harassment against women. While both sexes underestimate sexual harassment, but this tendency is more pronounced among men. Men in the US were asked to estimate the levels of sexual harassment experienced by women since the age of 15 as part of an Ipsos Mori survey on the “Perils of Perception”. Their estimates were at an average of 44 percent.
Wednesday 27 February 8:30am — 12:30pm, London
In our interactive business continuity masterclass, experts Karla Gahan and Dean Hughes will share insights on how to run a tabletop exercise within your own organisation. Delegates will be presented with a clear structure on how to prepare for and run a tabletop exercise. They will also participate in a mock exercise, enabling them to understand how best to facilitate a session.
What is a tabletop exercise?
A tabletop exercise is a facilitated training workshop that tests existing business continuity plans to determine efficacy and identify any areas which need further attention and action. It is carried out face-to-face with a business continuity team and run with a facilitator to ensure the exercise covers all of your objectives.
Location: A beautiful Law Society venue in central London (113 Chancery Lane, WC2A 1PL)
Cost: The event will cost £199 per delegate and £149 for each additional delegate.
2018 was another momentous year from VinciWorks. Our team continued to innovate and exceed our targets with new courses and product updates, as well as creating new guides and policy templates to help businesses stay on the right side of compliance.
Here are some of the highlights from 2018.
We continued to deliver outstanding training with the number of training course completions more than doubling in 2018. GDPR is the most popular course, accounting for almost 25% of course completions, with anti-money laundering continuing to be a mainstay in most of our clients’ onboarding plan for new staff.
100,000 GDPR training completions
In the two years leading to the EU-wide General Data Protection Regulation coming into force on 25 May, VinciWorks made sure businesses were ahead of the game with their compliance tools and training. GDPR: Privacy at Work comes complete with a course builder, ensuring the most relevant training was delivered to each individual user. For users who required refresher training, or who were in lower-risk positions, GDPR: The Basics guides users through the changes being applied as a result of GDPR. Compliance is an ongoing process and VinciWorks continues to record around 5,000 GDPR course completions a month.