If your clients are asking what they should do about ESG, the answer can be rather complicated. Many clients do not need to do anything. Regulation, although coming, is rather light on ESG. Regulation tends to focus on specific areas of ESG, such as modern slavery statements or gender pay gap reporting.
Even as more regulation around ESG comes, such as emissions reporting for listed companies, there is a wider context of ESG. Beyond the letter of the law, many companies are figuring out their ESG programmes from pressures outside of straightforward regulation. More often than not, ESG is coming from investor pressure.
The UK government has published its response to the data protection consultation
Response to the UK GDPR consultation published
The government have published the draft legislation to amend the data protection regime in the UK. The Data Protection and Digital Information Bill (DPDIB), which was introduced to Parliament just before the summer recess and before the appointment of the new government in September, would modify the existing UK version of GDPR and cause some significant areas of diversion with EU GDPR. Earlier this year, VinciWorks outlined the key changes that were expected to be made. The aim of the new UK data protection legislation is to ease GDPR requirements for companies and make them less burdensome.
What are the key changes the UK data protection bill seeks to introduce?
Among other things, the changes will:
amend the definition of personal data
use AI to process sensitive data and other information
add new legitimate interests
remove the requirement for cookie consent
amend accountability requirements
remove the need to appoint a data protection officer
charge fees to access your own data
remove record-keeping requirements
reform of the Information Commissioner’s Office (ICO)
raise fines for PECR breaches
Even though the bill proposes widespread changes, it actually preserves the existing UK GDPR and the PECR, as it was drafted as an amending act rather than a completely new legislative instrument.
In addition, there is a chance that political factors could stymie the bill. If an election is called prior to the bill receiving royal assent, it won’t become law. The UK’s adequacy status with the EU remains a question, even though the government has expressed the opinion it is entirely possible to retain it.
New courses and resources coming soon
VinciWorks is closely following the legislation and will, in the coming weeks and months, be releasing new updated resources, guides and a completely revised UK GDPR course that will reflect the changes and keep you and your organisation aware of everything you need to know about the updated bill.
Stay updated
You can keep up with the latest via our blog and through the Regulatory Agenda that we publish, which documents new and important compliance regulations.
It’s a bumper Queen’s Speech, with a raft of measures which will affect compliance departments. Chiefly is the long-awaited overhaul of GDPR in the UK and reform of the Audit sector. Companies House role is also expanding, and modern slavery reporting is to be strengthened. So there is plenty in this Queen’s Speech for compliance departments to think about.
We will be tracking all these new rules, alongside existing legislation, consultations, and events on the horizon, in our monthly regulatory agenda.
ESG – environmental, social and governance – are three factors that businesses can use to measure their net impact on the world. Broader than profit and loss, more detailed than corporate social responsibility, ESG reviews, details and documents how a company impacts on the environment, on society and people, and their own corporate governance.
What is the main purpose of ESG?
A myriad of factors can make up an ESG report. Some stretch to over 1,000 individual data points, from carbon emissions to the proportion of women on the board to how frequently a company undertakes bribery training. Many businesses are no longer working on environmental, social and governance issues in a silo. They are bringing them together under the banner of ESG to demonstrate the positive impact their existence is having on the world.
Bringing these disparate risks together helps a company prioritise their impact on the world. It helps them understand the risks they face, and it shows stakeholders they are taking the time to conduct due diligence and mitigation measures on those risks.
Here’s what you need to know about the UK’s plans to radically alter GDPR
The UK government’s consultation on reforming data protection, launched on 9 September, sets out a radically different framework for data protection than GDPR. From re-orientating the Information Commissioner’s Office to new ways for businesses to process data, these far-reaching reforms are set to have a significant impact on business.
Although the plans have been announced in consultation and not every proposal may make it into law, the direction of travel has been clear for some time. The UK plans to make it much easier for most businesses to use data, and get the most from data, while still ensuring strong levels of protection.
“The government wants to remove unnecessary barriers to responsible data use. A small hairdressing business should not have the same data protection processes as a multimillion-pound tech firm. Our reforms would move away from the “one-size-fits-all” approach and allow organisations to demonstrate compliance in ways more appropriate to their circumstances, while still protecting citizens’ personal data to a high standard.” Department for Culture, Media and Sport.
2019 was another important year of growth from VincWorks, with 38 new compliance courses, 9 webinars with industry experts and the release of our new revolutionary compliance tracking tool, Omnitrack.
With the dust settling on GDPR, we focused our attention on new compliance topics and areas on the regulatory horizon. Below is a list of the areas that we focused on in 2019 and will continue to be a focus in 2020.
Compliance training roundup
During 2019 users completed an average of 4 compliance courses and 1.5 hours of compliance training.
The most popular compliance training topics were:
Cyber security
Anti-money laundering
Data protection
Anti-bribery
Criminal Finances Act
SRA regulation
Diversity and inclusion
Those topics constituted over 80% of all compliance training time in 2019.
Understanding the impact of the Conservative landslide
Many would have thought Boris Johnson’s victory in the 2019 general election would bring some certainty to British politics. The UK will be leaving the European Union on 31 January 2020 for one thing. But for compliance departments, uncertainty is actually the most evident outcome of the election.
Issues that had long been on the regulatory agenda, such as IR35, whistleblowing, ePrivacy, GDPR and even money laundering, could all now be subject to the details of the free trade deal the UK government now must start negotiating with the EU. Otherwise, the UK will default to a no-deal scenario at the end of the transition period, currently set for 31 December 2020.
FCA warns firms to do better on risk assessments and training
The Financial Conduct Authority (FCA) has warned over 1,000 Annex 1 firms (lenders, money brokers and financial leasing companies), about serious money laundering failings at the most basic level.
The FCA has written to these firms, making it clear that firms should “complete a gap analysis against each of the common weaknesses we have outlined within six months.” The FCA’s letter also says that in future engagements with the FCA, they expect to be provided with the findings from the gap analysis, the gaps identified, and the progress towards effective policies, controls and procedures. Failing to do so could result in regulatory action.
The FCA’s review of financial crime controls revealed widespread weaknesses across various areas. Firms were found to be inconsistent in reporting their activities to the FCA, failing to adapt their controls to accommodate business growth, and lacking proper risk assessments. Additionally, the FCA identified shortcomings in due diligence procedures, ongoing monitoring, and the documentation of financial crime-related decisions. The review also highlighted a lack of resources and inadequate training provided to staff, alongside insufficient oversight from senior management.
2022 was an exciting year of growth for VinciWorks, as we continue our mission to reinvent the impact that e-learning can make. Over this past year, we have combined with Skill Boosters, DeltaNet, Compliance Office and EssentialSkillz to build the most comprehensive library of compliance, diversity and inclusion, and health and safety training in the industry.
Over the next few months, we will be offering a significantly expanded offering of training with different styles, tailored to each industry and each individual learner. In the meantime, here are some of the highlights from 2022.
1.7m diversity and inclusion videos streamed
Our partner Skill Boosters is the UK’s leading provider of video-based training on equality, diversity and inclusion, leadership, communication, personal effectiveness and workplace well-being. Skill Boosters Members’ Resource Centre (MRC) provides clients with instant access to preview and download all of Skill Boosters’ online courses, films, trainer packs, learner notes and other useful items. Our most streamed topics in 2022 covered allyship, neurodiversity, race bias, transgender awareness and unconscious bias. We have big plans for 2023, with upcoming courses covering intersectionality, inclusion and sexual orientation on the agenda.
1.2m compliance courses delivered
2022 had a returned focus for our clients to core regulatory topics. Anti-money laundering, anti-bribery and tax evasion have supplanted cyber security and data protection as the key topics for the year. Alongside those regulatory topics, we continue to see growth in D&I, ethics and mental health.
The Criminal Finances Act and other global legislation have placed anti-tax evasion measures on the corporate risk and compliance agenda. The past year has shown us that tax evasion enforcement is only ramping up. Increased investigations, large fines and new laws have demonstrated that there has never been a more important time to ensure that everyone in your organisation is on board with your compliance programme.
In this webinar, our experts explored the impact of tax evasion regulations over the past few years and shared best-practice guidance on compliance.
The webinar covered:
Why it’s important to have a strong compliance program
Reasonable procedures: do you have them and are they enough?
Best-practice guidance on spotting red flags
An international perspective on tax evasion, including DAC6
Major tax evasion cases and what we can learn
Tax evasion training requirements and best practice
