Financial Services: Why Compliance Matters

market study published by the Financial Conduct Authority (FCA) has concluded that around six million customers ended up paying high prices and are not getting a good deal on their home or motor insurance. It is estimated that customers are paying on average £200 too much on premiums.

As has been evident in recent times, the FCA is continuing to scrutinize a number of industry practices, whilst issuing fines to firms failing to comply with regulation and becoming a key driver for change in the way firms treat their customers.

Role of the FCA

There are a number of strategic goals which the FCA is aiming to fulfil; these include protecting customers, enhancing the integrity of the UK financial services industry, and promoting healthy competition between financial services providers within the best interest of customers.

For firms, promoting a culture of compliance isn’t just about meeting regulatory obligations and avoiding substantial fines. It’s about raising your reputation in a competitive market based on the relationships that you build with your customers.

So which scenarios should firms consider wherein their conduct is subject to compliance and can affect their relationship with customers?

Dealing with Vulnerable Customers

As revealed by the market study conducted by the FCA, one in three customers who paid high prices showed at least one characteristic of vulnerability, such as having low financial resilience or capability. Protecting vulnerable customers has always been a key priority for the FCA. The FCA’s approach is based on the principle that firms do the right thing for the customer. The FCA’s Principles for Businesses require firms to treat customers with vulnerabilities fairly and to communicate with them in a clear, fair and non-misleading way.

The industry is responding well with a survey revealing that 94% of firms reported that the issue of vulnerable persons is being treated quite seriously or very seriously by their business.

Handling Customers’ Complaints

In June this year, we wrote about how poor complaints handling was costing firms within financial services, who paid out £2.75bn to compensate unhappy customers. Unhappy customers are also more likely to switch providers in a competitive market and leave bad reviews that can affect firms’ reputations.

To prepare for complaints from customers, firms must have a robust complaint handling process so they can deal with unhappy customers as per the guidelines set by the FCA. When the complaint process has been exhausted and failed to resolve the customer’s complaint to their satisfaction, the customer has the option to refer the complaint to the FOS – which could result in compensation awarded to the customer.

This means that firms must focus on alleviating the effect of customer complaints while ensuring compliance with the FCA regulation and keeping the complaint from being referred to the FOS.

Treating Customers Fairly

In recent times, the reputation of the Financial Services industry has taken a hit because firms have put profits before customer needs. Examples include mis-selling customer policies such as PPI or writing and publishing misleading policies.

The FCA requires that customers should be treated fairly at all times, especially when dealing with any firm who is regulated and authorised by them. Any firm found not to be treating its customers fairly can be subject to heavy financial penalties. The formal requirements laid down by the FCA are guided by six key Treating Customers Fairly (TCF) principles and include explicit and implicit guidance on the fair treatment of customers.

The FCA also recommends using customer feedback to help identify areas where firms and their advisers are or are not treating customers fairly and therefore areas where improvements are needed.

How can we help?

Training your staff to understand the significance of FCA regulations around dealing with customers is vital not only for compliance but also key in maintaining good relationships with customers.

Visit our website to find out how we can help you comply with FCA regulations.

Workplace stress- what’s the answer?

Stress is a big problem for people at work. And the cost to employers is enormous. A few shocking statistics summarise the size of this problem:

  • 440,000 people in the UK reported that work-related stress was making them ill (according to the Health and Safety Executive)
  • 11.7 million working days were lost in 2015/16 due to stress
  • 23.9 days are lost, on average, for every stressed employee
  • 45% of all working days lost to illness are due to stress

Clearly, stress is a huge problem for working people and their employers. But what exactly is stress, and what can employers do about it?

One definition of stress is ‘an adverse reaction to excessive pressures and demands’. Stress is felt when someone is struggling under the weight of expectations, rather than thriving under pressure. Stress can result in a wide range of symptoms, including a racing heart, palpitations, loss of appetite, trouble sleeping and depression.

Stress can be triggered by a wide range of factors, but common causes include overwork, lack of support, intimidation, bullying and a hostile working environment.

For some individuals, stress becomes a problem when things change at work, such as when their team changes, or when their workload increases. A sense of instability or unclear expectations can leave employees feeling unsupported and anxious.

Unsurprisingly, given the enormous cost of stressed employees, many organisations look for ways to reduce the risk. So what can employers do to support their teams?

A positive first step is to discuss the issues with senior managers, and ensure that they understand the causes and treatments of stress. Training is important, in part because stress can be difficult to identify, difficult to understand and difficult to treat. Senior buy-in helps ensure that a positive, supportive environment permeates down from the top.

Employers can encourage people to talk about stress and acknowledge that sometimes, situations at work can lead us to feel stressed. Employees should be given advice on coping with stress and training to help them spot potential causes. This can help people sidestep potential dangers before they become overwhelming. For example, an individual who is becoming overworked might recognise the beginnings of stress and decide to raise their concerns with their line manager. Together, the pair might agree to delegate some work to a colleague, and perhaps take a short break from work.

For some colleagues, time management training may help them manage their workload differently and prevent feeling stressed. For others, resilience training may help people to cope with stresses at work. This might mean changing their lifestyle, diet or exercise routines to help them relieve the stress they encounter at work. It might also mean taking a break from work, or turning to friends and family for support in times of stress. By learning how to become more resilient, people can gather tools to use when times are difficult.

So while stress might seem like an enormous, inescapable challenge for working people, evidence suggests that there are solutions, and that a little training can go a long way in preventing stress-related absences from work. By simply making employees feel supported, aware of the dangers of stress and capable of developing their own resilience, employers can reduce the impact of stress on their workforce.

VinciWorks provide a number of resources dedicated to identifying stress and managing stress both on an individual level and within a team.

Online Stress Management courses include:

Managing your Personal Stress
Identifying Stress in your team
Managing Stress in your team

Are your employees equipped to use the Internet and email securely?

How certain are you that your employees understand the risks posed by their use of the Internet? And do you trust that your employees know how to minimise risks – and what to do when they discover a threat?

We all rely on the Internet and email for marketing, communications and essential business operations – but how often do we step back and assess the risks?

Evolving risks

Hackers and fraudsters are constantly looking for vulnerabilities. Businesses are regularly assailed by financially-motivated agents, as well as state-funded hackers in search of intellectual property and the disruption of commercial activity.

The threat from within

In recent years, organisations have discovered that digital security and processes are not enough to prevent hacks, malware and data loss, because even the most robust systems can be swiftly neutered by an untrained (or disgruntled) employee. This has brought a renewed focus on employee training and the need to defend against internal threats. So, what can your organisation do to help employees use the Internet and email securely?

Assess your technology risks

Before you consider what kind of training your employees require, you must evaluate the potential threats to your business. For example, you might have a database of customer data, precious intellectual property or product designs, vital systems, online resources or costly digital infrastructure. Does your business have any compliance requirements? Are these being met – and protected? Once you have identified the threats, you can devise a strategy for mitigating and managing risks.

Security policy

Does your organisation have an up-to-date security policy? It’s important that your employees read the policy and understand everything it covers, such as:

  • Safe IT usage
  • Acceptable software
  • BYOD – can employees use their own devices?
  • Data protection and sharing
  • Removable media – can employees use USB drives and other media?
  • Password practices
  • Dealing with suspicious emails and content
  • Keeping back ups
  • Digital vigilance and reporting

Training is clearly a core component of modern digital security. Your employees represent a significant risk – whether intentional or accidental – and regular training is the best way to ensure that every individual recognises the threats and their role in preventing a security breach. Training should be mandatory and regularly refreshed to cope with the changing nature of digital security. Employee training programmes should form the core of a comprehensive security setup.

General Data Protection Regulation 2018 – a primer

The General Data Protection Regulation (GDPR) is the new EU-wide law that comes into force from 25 May 2016. As this is a piece of EU legislation, there is now uncertainty about whether the regulation will be adopted in the UK, or whether the UK government will produce its own version.

But even if the regulation is ignored by UK authorities, all British companies that trade with EU countries must abide by the legislation. So what is the General Data Protection Regulation (GDPR) – and what impact will it have on UK organisations?

GDPR in a nutshell

The GDPR has been created by the European Commission to strengthen data protection for individuals within the EU. A key aim is to give citizens control of their personal data and to simplify the regulations for international businesses. The new regulation replaces the data protection directive (95/46/EC) and was adopted on 27 April 2016, entering application on 25 May 2018.

The GDPR applies to both controllers and processors of data. Controllers are organisations that determine how and why personal data is processed; the processor acts under the controller’s guidance.

Data protection rights for individuals

Individuals’ rights have been expanded under the GDPR. Key rights for individuals include:

  • Right to be informed – of how their data will be processed and used
  • Right of access – to their personal data
  • Right of rectification – if data is incomplete or incorrect
  • Right to erasure – also known as the right to be forgotten
  • Right to restrict processing – gives people to the right to block processing of their data
  • Right to data portability – people can move, copy or transfer the data
  • Right to object – to their personal data being processed
  • Rights related to automated decision making and profiling – gives people the right to not be subject to a decision based on automated decision making (i.e. not involving human intervention)

Obligations for data controllers and processors

GDPR also expands protections for individuals by increasing the requirements for organisations that control and process personal data:

Accountability and governance – “You are expected to put into place comprehensive but proportionate governance measures. Good practice tools that the ICO has championed for a long time such as privacy impact assessments and privacy by design are now legally required in certain circumstances.” – Information Commissioner’s Office

Breach notification – under GDPR, organisations will be obliged to notify relevant authorities of certain types of data breaches.

Transfer of data – GDPR includes a restriction on the transfer of personal data to countries outside the EU. This ensures that the protection of the GDPR is not undermined.

Is your organisation prepared to meet the requirements of GDPR, and do your employees understand the implications of the new legislation? Will the new rules create new work for your organisation – or will you be able to meet the new standards with ease?

You can find out by taking our FREE GDPR online training course. This GDPR eLearning module provides answers to questions including:

  • What does the GDPR mean for you?
  • How does it apply to the UK post Brexit?
  • Will the DPA change?
  • What will you need to do differently?

Are we winning the battle against bribery?

Are we winning the battle against bribery?

Ernst & Young released their Global Fraud Survey at the end of 2016. What can we learn from this research into 2,800 senior executives, spanning 62 countries?

The good news is that most respondents view fighting corruption as a priority, with 91% stating that it’s important to know the ‘ultimate beneficial ownership of the entities they do business with’. And 83% support the trend towards prosecuting individual executives for corporate corruption, believing that this is an effective deterrent.

However, fraud and corruption still appears to be widespread – 39% consider both to happen widely in their country.

Respondents justify unethical behaviour

Remarkably, a significant minority of executives (36%) believe that unethical behaviour can be justified if it improves their company’s performance. One third would be willing to justify unethical behaviour during an economic downturn. An alarming number of CFOs and finance directors would justify unethical conduct such as offering entertainment, gifts or cash bribes. This admission may alarm many organisations who might view their financial leaders as ‘safe hands’ – the least likely to put the company at risk. And while these results vary regionally, the data is a worrying reminder that organisations must never be complacent.

Prosecutions target responsible individuals

The Global Fraud Survey reminds us that board members and senior managers are increasingly in the spotlight, and are likely to be held accountable for issues that once would have been blamed on the company. It’s becoming much harder for executives to hide behind the walls of their employers, with legislators now going after culpable individuals.

Yates Memo

This view is reinforced by the Yates Memo, written by Deputy Attorney General of the United States, Sally Yates: “One of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing. Such accountability is important for several reasons: it deters future illegal activity, it incentivizes changes in corporate behaviour, it ensures that the proper parties are held responsible for their actions, and it promotes the public’s confidence in our justice system.”

This means that board members and senior executives must be confident in their procedures for preventing and detecting fraud, and confident in their ability to demonstrate these processes.

Whistleblower’s reluctance

Hotlines for whistleblowing are commonly available (55%) but the research suggests that many employees are reluctant to use these services, with 37% citing loyalty to their colleagues, or loyalty to the company, as reasons for not reporting incidents of fraud, bribery and corruption.

While the Ernst & Young survey offers some signs of hope, it also brings a stark reminder of the powerful forces that can tempt good people to make bad decisions. It’s a timely reminder of the need to remain vigilant – even when fraud and corruption seem like other people’s problems.

Compliance: the state of the industry in 2016

Compliance: the state of the industry in 2016

Compliance is one of the most fast-moving divisions in the corporate world. The rapidly-evolving demands on our function is driven by a whirlwind of ever-changing technology, risks and regulations. So where do we find ourselves in 2016? And what are the biggest challenges facing compliance professionals?

PwC recently released their State of Compliance Study 2016. Let’s explore their findings and see what we can learn from their global survey of 800 executives – including chief compliance officers, chief ethics and compliance officers (CECO), chief legal officers, general counsels and chief audit executives.

The report focuses on business strategy, and how well this is aligned with compliance management. Compliance success starts with the board, and how well senior leaders set the tone and focus attention on ethics and compliance.

Compliance is key, but not always prioritized

The report suggests that this, in general, is happening; 98% of respondents have senior leaders who are committed to ethics and compliance. But this commitment does not always translate into hands-on ownership: 55% claim that senior leaders provide only ad hoc oversight – or delegate many of their compliance and ethics oversight activities.

How to strengthen the ‘tone at the top’

PwC recommend a range of measures for clarifying the tone at the top, including regular communications about the importance of ethical and compliant behaviour, recognition of employees who embody these virtues, and disciplinary action against ethics and compliance violations. They also recommend that organisations aim for a 95% completion rate for compliance and ethics training within three months of deployment.

The report finds that compliance and ethics teams are aligning with other assurance functions, but greater coordination can be achieved: 54% conduct compliance and ethics-specific risk assessment activities beyond traditional risk management efforts. Organisations might be missing out on insights from people on the ground: only 21% use employee surveys to gather information on risk assessments.

The strain of regulation

While organisations recognise the importance of compliance, many CEOs view these demands as a burden. In PwC’s 19th Annual Global CEO Survey, 79% of CEOs cite over-regulation as a threat to their growth prospects. Could this frustration with regulation make life harder for compliance professionals? It could explain why so few compliance divisions (36%) claim to be ‘inherently integrated’ in their organisations’ strategic planning.

Perhaps the biggest challenge facing compliance and ethics professionals is the puzzle of how to get greater participation from the C-suite, and to encourage them to set the ‘tone at the top’ – when those same professionals are growing to resent what they perceive as ‘over-regulation’.

Compliance training from VinciWorks

VinciWorks provides convenient, online training for compliance professionals. Browse our compliance training now.