What happened at the first week of COP26?

New ESG regulations and net-zero commitments from Glasgow

COP26 is now entering its final week, but many major pledges have already been announced. The chancellor, Rishi Sunak, announced that most big UK firms and financial institutions will be required to publish their net-zero plans in line with the UK’s environmental disclosure framework: TCFD. With the ‘E’ part of ESG gathering significant attention at the Glasgow conference, it seems the UK is moving towards a regulated and mandated ESG disclosure framework. 

The announcement by the Treasury means companies will have to set out detailed plans for how they intended to meet the UK’s goal of net-zero by 2050. Commitments though will not be mandatory, and it will be up to firms and shareholders to decide how to adapt to a low carbon future. The requirement is on the publication of the plans, with the aim of letting the market decide which plans are credible. 

The Glasgow Financial Alliance for Net Zero (GFANZ) led by former Bank of England governor Mark Carney says more than $130trn (£95trn) of private capital “is now committed to transforming the economy for net zero.” In practical terms, this means financial institutions divest from highly polluting industries like oil fields and coal mines, and instead invest in renewable energy or provide a mortgage product that subsidises highly efficient homes.

continue reading

COP26: Early spotlight on supply chain due diligence

World leaders likely to make more ESG reporting mandatory

Prime Minister Boris Johnson and President Joe Biden at the UN Climate Change conference in Glasgow

COP26 might be experiencing its own logistics problems, with delegates queuing for hours to get in and a foreign energy minister unable to access the venue because she is a wheelchair user, but the early spotlight at the conference has fallen on supply chains. Already one of the key takeaways from the global climate summit in Glasgow will be a need for businesses to pay much closer attention to supply chain due diligence as countries commit to more mandatory ESG reporting.

World leaders agreed a significant deal to tackle deforestation, committing billions of funding to restore degraded land, protect forests and mitigate damage. The UK is already pushing ahead with regulation to tackle deforestation. The Environment Bill currently going through parliament includes provisions to require large companies to undertake supply chain due diligence and report on the risks of deforestation in their supply chains. 

continue reading

COP26: UK to mandate climate related company disclosures from April 2022

UK first G20 country to require ESG reporting on TCFD

  • Taskforce on Climate-Related Disclosures to become mandatory

Ahead of COP26, the UK has announced it will become the first country to pass legislation to mandate climate change TCFD disclosures for Britain’s largest companies and financial institutions from April 2022. The Taskforce on Climate-Related Financial Disclosures (TCFD) is an environmental reporting framework which helps companies report consistent climate risks and opportunities, forming part of a broader effort to standardise ESG reporting which is only likely to increase after Glasgow.

The new requirements will come into effect on 6 April 2022, and require over 1,300 of the largest UK-registered businesses required to disclose climate-related financial information. This will include many of the largest companies, including banks, insurers as well as private businesses with over 500 employees and £500 million in turnover.

TCFD is an industry-led group which helps investors understand the financial impact of climate risks. It was launched at COP21 in Paris in 2015, and the adoption of it as part of the UK’s company disclosure information will help ensure the largest companies are required to think seriously about the risks of climate change. They will have to consider emission reduction plans and sustainability programmes, and go beyond paying lip service to the UK’s net-zero commitments.

continue reading

VinciWorks joins forces with Marlowe PLC to accelerate growth

Marlowe PLC

We are excited to announce that VinciWorks has been acquired by Marlowe plc, the UK leader in business-critical services and risk & compliance software.

Marlowe, a London Stock Exchange listed company, with a market cap of around £700m brings significant resources, complementary products and operating expertise to help VinciWorks expand its risk and compliance offering.

Alex Dacre, Chief Executive of Marlowe plc, said:

“The acquisition of VinciWorks is a major development in Marlowe’s strategy to become the market leader in governance, risk and compliance software and cements our position as the UK’s leading GRC compliance eLearning business. The acquisition is highly complementary to our existing portfolio of compliance software products and will enable us to offer clients a complete regulatory solution that enhances their visibility and understanding of evolving standards and regulations, enabling them to better manage their corporate & ESG, employee and workplace risks.”

Josh Goodhardt, CEO of VinciWorks, said:

“Joining Marlowe was a natural next step for VinciWorks. Marlowe’s expertise and resources will help us accelerate our vision for a one-stop governance, risk and compliance platform. VinciWorks has grown rapidly from an e-learning business into a comprehensive risk, compliance and ESG solution. As the GRC market develops, global organisations face compliance with an ever-increasing number of complex regulations and ESG requirements. VinciWorks has the regulatory knowledge and technical expertise to, together with Marlowe, build a next-generation platform for identifying and navigating risk and compliance around the globe.”

continue reading

Corporate social responsibility policy template

Symbol of corporate social responsibilityWhat is your organisation doing to embrace social responsibility? Social responsibility initiatives are not only good for the community, they build brand equity and reputation, and enhance client satisfaction. VinciWorks has created a free corporate social responsibility (CSR) policy template that can be used to clearly communicate CSR initiatives to clients and align employee behaviour.

Download policy template

ESG update – 2022

In the last few years, the term ‘ESG’ (environmental, social and governance) has somewhat eclipsed CSR. This doesn’t mean CSR is gone or no longer useful, but it can be helpful to consider CSR in the context of ESG. For more information about what ESG is, what it means, and how it relates to CSR and your business, view our ESG resources page which is constantly updated with new ESG information, guides, webinars and courses.

www.vinciworks.com/ESG

CSR Policy Template: What is CSR and what is a CSR policy template?

Corporate social responsibility refers to the way in which businesses regulate themselves to help ensure that they are socially accountable to themselves, their stakeholders, and the public. Sometimes called “corporate citizenship,” corporate social responsibility helps organisations be conscious of the impact they have on society, including economic, social, and environmental factors. A CSR policy template helps organisations that don’t have their own company policies in place by providing a model that can be used as an example and adapted to the individual needs of each organisation.

CSR Policy Template

What should be included in a CSR policy?

Here is some guidance on what to include in your corporate social responsibility policy:

Introduction

Begin the policy by acknowledging that the way your business is run affects society. While organisations have a responsibility towards their staff, clients and contractors, they must also consider the wider community in which they operate. The introduction should also state your organisation’s commitments to CSR.

continue reading

Microsoft ends support for Internet Explorer 8 today – January 12, 2016

Today, January 12, is the last time Microsoft will deliver security updates to users that are still using Internet Explorer 8 as well as most users that are still on versions 9 or 10.

From now on, only the most recent version of Internet Explorer available for a supported operating system will receive technical support and security updates. For example, customers using Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 on Windows 7 SP1 must migrate to Internet Explorer 11 to continue receiving security updates and technical support. continue reading

Five key risks that probably aren’t in your risk register, but should be there

The risk experts at VinciWorks have conducted multiple off-the-record conversations with various COLPs, COFAs and risk officers to discuss the risks they are examining in their firms. In addition, we researched multiple online risk resources and the SRA’s own public statements on risk and OFR.

This list features five key risks that you should focus on when compiling your risk register and conducting risk strategy sessions. Our recommendations are by no means exhaustive, nor should they be construed as legal advice. If you would like to learn more about our comprehensive risk advisory service, risk workshops and risk management service, click here to download the brochure.

And now to the risks:

1. Bogus firms

The risk

This is a new risk the SRA has added to its risk outlook for 2014/2015. The term ‘bogus firm’ is used to describe situations in which criminals take on the identity of a law firm in order to steal money or access information. Reports of bogus firms to the SRA increased by 50% between 2013 and 2014; and it is likely that 2014 will exceed the 548 reports from 2013. The majority of bogus firm reports relate to situations where the identity of an existing firm has been used; and according to the SRA, both small and large firms are susceptible.

The control

This is a serious risk to your firm, and you are vulnerable, even if you are not aware that someone is masquerading as you. For example, in Lloyds TSB Bank PLC v Markandan and Uddin [2012] EWCA Civ 65, the firm that was said to be the victim of the fraud was still held liable for breach of trust in paying away mortgage monies.

Here are some practical things the SRA recommends that you regularly do:

  1. Search your firm’s name on the internet from time to time, since that might bring up a false office. It may be worth considering doing the same with the names of some of your partners or staff.
  2. Check your firm and individual details on the Law Society’s find a solicitor web page, in case someone has misused your name to set up a false practice.
  3. Be alert to suspicious incidents such as transactions that others seem to think your firm is dealing with when you are not.
  4. Look out for alerts and warnings on the SRA website about bogus firms.

2. Money laundering

The risk

Money laundering is a serious concern for law firms that handle client money and can make attractive targets for those wishing to launder the proceeds of crime or otherwise disguise improper transfers of money. It is estimated that money laundering in the UK has an annual value of up to £57b. As such, the SRA has identified money laundering as a key risk it will be regulating in 2015.

Between October 2012 and September 2013, solicitors made 3,615 suspicious activity reports (SARs) to the National Crime Agency (NCA). The majority of these were consent SARs, where a professional seeks consent to continue with a transaction. An NCA analysis of these reports found a high proportion received from the legal sector were of poor quality. Many did not contain enough information about the suspicious activity for the NCA to be able to make a decision about whether the transaction should proceed.

We have heard from many of our clients that the SRA is conducting audits of their AML procedures and training and the SRA has indicated that this activity will continue in 2015.

The control

It is imperative to engage every relevant member of your staff in mitigation. Anybody at your firm could inadvertently find themselves embroiled in a money laundering transaction that could ruin your firm’s reputation or expose it to liability.

This control starts with education. Every member of your firm must undergo regular training to understand what behaviour is expected of them. AML has been singled out in the new SRA competency framework as an area in which a solicitor must maintain proper training.

In line with the SRA’s guidance, VinciWorks has redesigned its entire suite of AML training to offer appropriate training for every member of staff.

3. Microsoft products that are no longer supported

The risk

Many IT departments are slow to upgrade their firms to the latest versions of Microsoft Windows, Office and Internet Explorer. They do this for a variety of reasons including high costs, complicated technical deployments and the need to retrain staff. Some firms cannot upgrade because a business-critical application can only run on a previous version of Windows. For example, some bespoke matter management software requires Windows XP or Internet Explorer 7.

This is a grave concern for law firms. Microsoft ended support for Windows XP on 8th April 2014. That means it will no longer produce security patches for critical vulnerabilities in the operating system. As time goes on, more and more critical security holes will be found, and attackers will have free reign to exploit them. If your firm is running unsupported software, you could be exposed to liability under the Data Protection Act; especially in a case where you are storing personal data on those computers. In addition, the increased chance of hacking into your firm’s computers could open up the firm to a variety of risks including compromised information security, reputational risks and bogus firms.

Currently over 15% of our clients are still using IE7 or IE8 on at least some of their computers. From 12th January 2016 Microsoft will only support the most current version of Internet Explorer available for a supported operating system. That means that in less than a year, firms will have to upgrade to at least IE9 (on Windows Vista) or IE11 (on Windows 7 and up) or risk exposure to security flaws.

The control

It is strongly recommended that all organisations using Windows XP, Office 2003, Windows Server 2003, Exchange 2003 and Sharepoint 2003 should upgrade to supported software as soon as possible. If this is not possible, the UK government recommends some short-term mitigations to minimise exposure. These include the upgrade of high-risk user devices, such as devices used for corporate remote access, as they will be subject to greater physical threat and be more susceptible to network-borne attacks. Devices that can access more sensitive information or services, including personal data, should also be prioritised.

Firms running IE7 or IE8 should discuss an upgrade plan and budget with their IT departments before the looming 12th January 2016 deadline.

To learn more see the CESG guidance on the matter.

4. Referendum on UK membership in the EU

The risk

In January 2013, Prime Minister David Cameron promised an ‘in/out’ referendum on British membership of the European Union in 2017, if the Conservative Party wins an outright majority at the next general election. Recent opinion polls have shown that a majority of the population favour such a move. This could have severe implications for the practice of law in the UK.

Currently firms in the UK benefit from the EU single market which enables solicitors to cross borders and practise across the EU. If the UK leaves there will be negative consequences to the open market.

In that scenario, firms that represent high net worth individuals from Europe could potentially see their business go elsewhere if the referendum passes. Larger firms with an international practice and firms that represent multinationals could find operating throughout Europe to be too costly, or could find their clients looking for European representation.

The management of client money and its transfer across borders could also potentially be affected by an EU exit.

The control

Firms must start by assessing the areas of their business that could be affected by an EU exit and prepare a contingency plan. Regular communication with at-risk clients could mitigate the risk and larger firms should consider whether to invest in lobbying or public policy initiatives.

5. Misuse of money or assets

The risk

Like AML and bogus firms, misuse of money or assets is a key risk for the SRA in 2015. The SRA has identified a trend of increased cases of misuse. Some of these cases are caused by poor systems and controls, whilst other cases involve unethical conduct.

In the twelve months to August 2014, the SRA received over 140 reports of misuse of money or assets per month.

The control

Many times the misuse of funds is the result of a cash flow deficit. Firms should ensure that they have adequate credit lines and should extend overdraft authority to partners.

In addition, a properly maintained incidents register can ensure that material breaches are reported on time, cashiers are held accountable for mistakes, and risk teams can analyse trends of improper use of funds.

Finally, all employees who deal with client funds should receive regular training on the SRA Accounts Rules. In line with the SRA’s risk outlook, VinciWorks will be producing an SRA Accounts Rules Practical Overview in 2015 to complement its current SRA Accounts Rules course.