Slavery still exists in our modern society. Anti-Slavery Day on October 18th is a reminder to all businesses that they have an obligation, and indeed the power, to take action to improve the ability of employees, customers and suppliers to fight modern slavery.
So what is modern slavery?
Modern slavery is an umbrella term that encompasses the offences of human trafficking and slavery, servitude, forced labour or compulsory labour. According to the Global Slavery Index, an estimated 40.3 million people were victims of modern slavery in 2016. The International Labour Organisation ("ILO) reports human trafficking as the third largest illicit money making venture, generating around $150 billion annually, behind only drug dealing and the arms trade.
Evolving requirements in relation to Modern Slavery
In 2015, the UK Government introduced the UK Modern Slavery Act (MSA), which aims to eradicate slavery linked to UK markets. Part 6 (section 54) of the Act, relating to transparency in the supply chain, seeks to address the role of businesses in preventing modern slavery across their operations and supply chains through mandated reporting.
As a result of a 2018 Independent Review of the Act, the Government committed to updating its guidance for reporting companies. This is designed to improve the quality of statements, embed modern slavery reporting into business culture, and increase transparency. The updated guidance will:
A recommendation to make certain elements of the existing guidance mandatory was subject to public consultation held between July and September 2019. If adopted, this recommendation would require companies to report against six areas including organisation structure, business and supply chain, policies in relation to slavery and human trafficking, due diligence processes, risk assessment and results, effectiveness and training, all within their annual reports.
What should you be doing?
Businesses will face increasing regulatory obligations in the area of modern slavery, so we recommend reviewing your current approach against the proposed guidelines and leading practices for your industry. If you identify gaps, you should establish programmes that are specifically tailored to the risk faced by your organisation.
How can Deloitte help?
We are a team of experts specialising in human rights and modern slavery who work with clients to identify, assess and mitigate risks of modern slavery and other ethical risks within their operations and supply chain. We would be happy to have a discussion with you if you have questions about how to assess and manage modern slavery in your organisation.
For any further information, please contact:
Emily Cromwell
Director | Deloitte LLP
+44 20 7007 0825
ecromwell@deloitte.co.uk
Pip De Fonblanque
Manager | Deloitte LLP
+44 20 7303 3866
pdefonblanque@deloitte.co.uk
The final part of the HSE management – Comply, improve, excel series
How are your Health, Safety and Environment (HSE) plans formulated? Audit results, past incident history, a known legislative non-compliance issue that needs to be bridged?
These inputs can all point to a body of work sufficient to keep the organisation ‘busy’ on HSE – but will they move the needle in keeping people safe and healthy, and reducing impact on the planet? And whilst we’re talking about it, who designed those plans?
Stepping out of HSE management – let’s think about the Hotel Industry. Our strategy is to grow, we have some capital, and want to build a new hotel to generate more revenue. We know the outlay and can research average room rates for a given location, before we build our hotel and operate it against a planned P&L – in short, we can approach the project with a level of confidence, and measure it’s success.
Would you sign off the investment if you didn’t know how much you might be able to charge for a room, or what the staff costs to run the hotel might be? Further still, would you sign off the investment because an individual "specialist" told you it was the right thing to do?
These questions might sound a little daft – but for many organisations, it’s a fair reflection of how planning on HSE happens. HSE outcomes are notoriously difficult to measure, and often (likely unwillingly) the Head of HSE is tasked with coming up with a plan on behalf of the organisation, and trusted in their proposed plans because they’re the "specialist".
It would seem better for all concerned to bring a little science to the equation.
Measuring HSE success continues to challenge organisations; but away from hard measures, there are many opportunities to improve the analysis of HSE-related information. Advanced data analysis is being used throughout industry to learn more about what drives performance, and beyond learning – even extending into using that analysis to automate decision making.
On a less grand scale, but no less impressive, is the ability to use data to support effective planning and monitoring of HSE management. Combining disconnected data sources can reveal previously hidden correlations, which hold the potential to better target factors which contribute to increased HSE risk, with greater accuracy, and less ‘gut feel’.
In our fictitious hotel company, we might choose to combine data relating to accidents, audits, training information, occupation levels and online customer feedback reviews to help highlight statistically significant patterns. As illustration, we might learn that;
Hotels with declining customer feedback scores are more likely to have a spike in accident occurrences
Good audit scores may tally with a significantly lower incident frequency. However, when incidents do occur they tend to be much more severe in nature than average; or
Completion of current safety training has no statistically significant impact on audit scores or incident occurrence.
These illustrative insights might have previously existed as ‘hunches’, but few might be brave enough to step forward and declare that current safety training arrangements are ineffective – traditionally it’s easier to ‘do more’ HSE work rather than to challenge the effectiveness of what is in place already – the possibilities provided by data analytics could change that.
There are a number of ways that organisations could benefit from using analytics in making decisions around HSE; on its most basic level, it may be best used as a tool to:
Is your strategy going to deliver best impact?
Those responsible for HSE strategy generate the greatest impact by making good choices. Making the most of data to support consistently great choices can heighten individual impact, better prioritise organisation resources, and most importantly support a safer and healthier environment.
For any further information, please contact:
Callum Irvine
Director | Deloitte LLP
+44 20 7303 6277
cirvine@deloitte.co.uk
Part of the HSE management – Comply, improve, excel series
Some organisations have invested considerable resources in developing a granular, global, picture of their businesses’ Health, Safety and Environmental (HSE) legal compliance. Indeed, there are a number of niche service providers of this regulatory content, others have made little or no effort to formally recognise the detailed obligations placed on their businesses.
The fact that approaches can differ so considerably, suggests that the very detailed and potentially costly approach, isn’t universally effective or required – if it were, surely all organisation’s would be doing it by now?
There are several stages in developing a robust legal compliance framework; from identifying all applicable obligations, to translating those into meaningful business requirements, before evaluating current compliance levels and taking any action to address identified ‘gaps’.
It’s only this last action to address gaps, that has any real bearing on risk level – and in practice, many of those ‘gap closing’ activities may simply be about tick-box compliance, rather than addressing real risk – which if significant, would likely have been revealed elsewhere, already.
Those who’ve taken a detailed approach may look over the fence with frustration, wondering how their less well-structured peers are surviving without a detailed and granular process in place. We have seen a few factors in play:
Of course there is more to the story; ISO standards for HSE imply a need to document relevant legal requirements, many of the fundamental duties placed on business are common across multiple jurisdictions and so are familiar to most, and in some cases, organisation’s develop their own ‘ruleset’ which is seen to supersede specific local legal requirements; instead taking the most stringent local requirements and applying them globally.
Whilst there’s no clear answer, there absolutely is a case for all organisations to take stock of their approach to legal compliance, to understand where they sit between the coordinates of a granular register and ‘not knowing’, before asking whether they are where they need to be.
The place businesses ‘need to be’, invariably, is the place that enables them to best manage the risk of harm, with the finite resources available – a complex legal compliance programme may therefore be counter-productive for some.
Determining where you are, and should be
Answering some headline questions could be useful in framing the conversation for your organisation:
Complexity and strong performance are not inherently linked, and that’s almost certainly the case when managing HSE risks. There should be clear line of sight between any investment of effort, and a proportionate benefit to the organisation. Putting a scale to the benefit you expect to realise from investing in a HSE regulatory compliance programme should be core to determining type of approach will best fit your organisation.
Coming next: Bring some science to your HSE strategy
For any further information, please contact:
Callum Irvine
Director | Deloitte LLP
+44 20 7303 6277
cirvine@deloitte.co.uk
Many organisations continue to face challenges executing effective Health, Safety and Environmental (HSE) programmes, despite the widespread availability of digital systems intended to bring structured, user friendly and robust replacements for error prone ‘pen and paper’ approaches.
There is a strong case for reinvention of the way businesses achieve HSE outcomes. Many incumbent digital solutions were born in a time when the ambition was to replicate paper forms in digital format. Since this period of earlier adoption, the world around us has since progressed at an astonishing rate. Few organisations have explored the potential impact of today’s more innovative technologies on HSE – where a wholesale redesign is possible, rather than a simple ‘digitisation’ exercise (think of the leap to automated passenger recognition via CCTV rather than simply having a ‘digital boarding pass’ on your phone).
There are a number of clear examples where application of the right technology could free up time burned completing ‘HSE processes’, redistributing that effort to focus on managing an organisation’s most pressing HSE risks.
"A need for documentary, rather than documented evidence"
The recent publication of ISO 45001, the first globally recognised standard for health and safety management (replacing BS EN OHSAS 18001), brought a subtle but key change;– a need for documentary, rather than documented evidence – paving the way for organisations to demonstrate compliance beyond the constraints of the written word; video, photographs and audio will be pervasive forms of communication in the HSE management system of tomorrow.
Technology products that leverage ‘non-written’ media will be front and centre of the paradigm shift in HSE management. Solutions that are within our reach today include:
Making use of available technology to achieve HSE outcomes can help bridge the long-standing gap between business expectations and employee engagement levels on the topic; bringing simplification to users, reduce processing time and help make the outputs more impactful.
Are you ready for change?
Consider:
Confidence to succeed responsibly
Many of the most impactful opportunities facing businesses today require vision and confidence as they largely don’t exist as ‘off the shelf’ solutions. Technology is advancing rapidly and digitising processes in a business saves time and resources which can be allocated elsewhere in your business. In our current world, where HSE is an ever increasing importance for companies, technology can reduce the likelihood of incidents and in turn increase productivity and general morale for the company.
Coming next: Re-thinking your approach to HSE compliance
For any further information, please contact:
Callum Irvine
Director | Deloitte LLP
+44 20 7303 6277
cirvine@deloitte.co.uk
Over recent years, the range of subject matters that companies report on under the banner of ‘non-financial reporting’ has proliferated. No longer is non-financial information limited to select few environmental or social KPIs, such as carbon, energy, water, waste, and community investment. Companies are now reporting – both voluntarily and in line with increasing reporting requirements – a more holistic and diverse set of indicators, with subject matters including gender pay, occupational health, culture and corporate behaviours, board composition, and workforce diversity.
This diversity ultimately reflects the growing interest in, and importance of, non–financial information and the growing recognition that long term financial success is closely tied to non-financial performance. Each of the various subject matters will have their own evolution and back story on how they came to be reported on, when and why, but there is a common theme – they are issues that people have come to care about for one reason or another and they feel strongly enough that they want greater transparency on. Helping to drive the increased diversity of reporting there is:
The journey towards voluntary disclosure
For an issue to be reported externally by an organisation, there will generally be a level of awareness and maturity within the organisation around the issue, which is in turn normally driven by customer, employee or wider societal focus on, and interest in, the issue. It also needs to be “material”. Companies are encouraged to perform materiality assessments every couple of years to ensure they are reporting appropriately on the most relevant issues to them and their stakeholders.
Materiality has been a central component of the widely used GRI G4 Framework, and is a core part of the recently enacted EUNFRD and the FRC’s recent guidance on strategic reporting. Ultimately, what is being reported now needs to reflect the most up to date issues for the company and those that are going to directly influence its long term business success.
The new focus areas of reporting, exemplified by the frameworks, standards and reviews mentioned above, illustrate the journey which an issue takes from being something which isn’t reported on, to ultimately something that becomes a regulatory reporting requirement. Although each issue has its own context, the central aspect is that over time people have come to care about it and it has become part of the wider debate.
Whilst health and wellbeing hasn’t been spoken about regularly in the past, it is something that is increasingly relevant for society. People feel more comfortable to talk about the subject, greater funding and research is going into it, the media is taking a greater interest, people are beginning to recognise the costs poor health, including mental health poses on business and society[1], and there is a better understanding of how to link cause and effect. One example of this is the WELL Standard – launched in 2014 – which focuses on how design, operations and behaviours within the places where we live, work, learn and play can be optimised to advance human health and wellbeing.
The future for health and wellbeing
Occupational health and disease (in heavy industries) and more general health and safety reporting have been around for a number of years, but in general, occupational health, stress, wellbeing and other measures of the health and productivity of the workforce have lagged behind.
So where does health and wellbeing stand? You only get to a point when reporting is relevant and feasible when people are interested in the issue and are actively talking about it. It is clear we have got to that point now with health and wellbeing. However, this isn’t something that as yet we are seeing hit Audit Committees; the level at which an issue really begins to get real notice across an organisation. But does health and wellbeing have the ability to be the next ‘gender pay gap?’ In all likelihood, yes. However, the trajectory and journey may be different. Although mental health and wellbeing are increasingly in the spotlight, there is not currently a public or private sector drive for mandatory reporting. Some might say that if it were to become a mandatory reporting requirement, it would shine a light on how much (or just how little) is being spent centrally by government as well as by big business on the issue[2].
Although it may not be imminent, with growing awareness of mental health and wellbeing, even down to what is being taught in schools and universities, the attitudes around the issue are only going to improve and these set the direction of travel and show that at some point, mental health reporting will become part of the main non-financial reporting requirements. Although it is difficult to say when that will be, in order to stay ahead of the curve, now is the time for companies (and clients) to start thinking about what viable and valuable metrics look like, how information can be collected and reported, and how this can be used to demonstrate an awareness and active management of health and wellbeing in the workplace.
Alex Bexon
Manager | Deloitte LLP
+44 (0)20 7303 2383
[1] The Health and Safety Executive estimated the annual cost of workplace injury and illness in 2015/16 to be £14.9bn - http://www.hse.gov.uk/statistics/cost.htm
[2] Interestingly, although there has been a general decline in the number of days lost to sickness absence in 2003, an estimated 137.3 million working days were lost due to sickness or injury in the UK in 2016. Furthermore, public sector workers show significantly higher absence rates than private sector workers: public sector workers (2.9% versus 1.7% for private sector) - https://www.ons.gov.uk/employmentandlabourmarket/peopleinwork/labourproductivity/articles/sicknessabsenceinthelabourmarket/2016
In our recent blog – General Regulatory Outlook 2018, we pointed out that the “good corporate citizen” agenda is progressing and will be trending in 2018. This agenda will be even more relevant and topical for the consumer products and retail sectors who, partly due to their close and constant interaction with the public, are facing increasing investor and consumer pressure to act ethically.
At the same time, the digital era with the Internet of Things and other advances in products and services has brought a stream of new and revised regulations as governments try to protect consumers without hampering innovation.
We’ve pulled together the headlines on EU and UK developments, as a brief overview of what’s coming up across certain key themes:
If you’re interested in an item, you can click through here for a little more information and a timeline.
Gender Pay Gap Reporting: Large private and voluntary sector employers (with >250 employees) are due to publish the first annual report on gender pay gap by 4th April 2018. The report may require employers to carry out a substantial audit of their workforce. Some companies have already published the report and they are attracting significant publicity.
Waste Management: Both the EU and the UK government have put considerable effort recently to commit to reducing waste and encouraging recycling. Key measures, such as the EU plastic strategy which will likely be adopted by the UK, may transform the way producers and retailers package their goods.
Modern Slavery Statement: As the supply chain of the consumer products and retail sectors can be complex and often opaque, companies should consider whether they have conducted adequate due diligence on their suppliers to meet their desired ethical standards as the second Modern Slavery Statements become due.
Consumer Protection Directives: These won’t have to be transposed into UK law as they won’t come into effect before Brexit and the UK Consumer Rights Act 2015 is broadly aligned with the proposals, but any differences between the UK and EU law may result in increased compliance costs.
Payment Services Directive 2: This directive which came into effect on 13th January 2018, has an impact on a wide range of industries and sectors. Retailers, now banned from charging customers fees for the use of payment methods such as credit cards, may also need to notify the Financial Conduct Authority if they intend to use the exclusion for limited cards such as gift or fuel cards. Marketplaces / online platforms who connect buyers and sellers may no longer be able to use the commercial agent exclusion and need to either obtain a licence from the FCA or partner with an authorised payment service provider.
Geo-blocking Regulation: This is likely to apply only after Brexit, and will prevent online sellers from discriminating against customers from other EU countries.
Cross-border Parcel Delivery Regulation: Once this regulation comes into effect, parcel delivery providers (including retailers who operate an in-house delivery service) with more than 50 employees will have to provide clear information on prices and complaint procedures to their customers. They also need to report annually to the national authority on the number of employees, number of deliveries, etc.
Novel Foods Regulation: From 1st January 2018, suppliers need to verify whether the goods they intend to place on the market may fall within the widened scope of the regulation.
Organic Products Regulation: This regulation is expected to take effect after Brexit. UK producers will need to comply if they want to export to the EU market.
Spirit Drinks Regulation: Spirit drinks produced and placed on the market after the application date (yet to be finalised) will need to conform with the updated requirements on labelling and the geographical indications registration procedures.
Personal Protective Equipment (PPE) Regulation: From 21st April 2018, manufacturers will need to issue a Declaration of Conformity with each PPE and obtain compulsory EU Type Examination Certificates which last for maximum 5 years.
Gas Appliance Regulation (GAR): Revises the current framework and expands the scope to include air conditioning, laundry and alternative fuel sources. This regulation will come into effect from 21st April 2018 with the exception of Article 43(1) on penalties, which will apply from 21st March.
Compliance and Enforcement Regulation: Not yet finalised - requires appointment of a responsible person and market surveillance for numerous non-food products to the EU.
Draft UK Code of Practice on Corrective Actions and Product Recalls: Businesses need to ensure they have a plan in place to ensure effective monitoring, assessment, notification and correction of unsafe products. This is expected to be finalised in early 2018.
Draft E-Privacy Regulation: Aligned to the GDPR, this has a wide impact on retail sector, marketing and website owners. It includes changes to cookie consents and direct marketing requirements where retrospective consent may be required for existing users. Date of finalisation has not yet been confirmed.
Ban on sexual portrayal of under-18s and Rule on gender stereotypes in ads (ban in place; consultation on rule expected in spring 2018): recent movements such as Time’s Up or #MeToo have heightened public scrutiny and regulators’ expectations on sensitive and controversial issues which might have been overlooked in the past. A bad reputation on these issues may cost companies far more than the investment lost in the advertisement production.
Court ruling on distribution of luxury goods: A recent ruling by the European Court of Justice may support brand owners’ requests to stop their distributors from using 3rd party online platforms, such as Amazon or eBay, as this practice may be seen as damaging to the luxury goods status.
EU Trade Secret Directive: Coming into force on 9th June 2018, this Directive may not be adopted by the UK government as the substance has already been broadly in line with existing UK law. However, any differences may have an effect on UK manufacturers and retailers operating in the EU.
Ros, a former solicitor, leads the Deloitte Centre for Corporate Regulatory Insight. She has over 15 years’ experience, including City firms, working in-house at a FTSE 250 company and leading an advice and guidance team at a regulator. She helps clients navigate the complex web of regulation, turning legal requirements into plain English commercial advice.
Thuong's experience includes a unique combination of technical enablement, regulatory compliance monitoring and working with various alternative delivery models.
This blog is written in general terms and we recommend that you obtain professional advice before acting or refraining from acting on any of its contents. Deloitte LLP accepts no liability for any loss occasioned by any person acting or refraining from acting as a result of any material on this blog.
PSD2 removes the previous easy-to-use exemption for electronic communications providers. Instead, it introduces a much more limited exclusion – and if they want to exercise it, they must provide an annual independent audit opinion relating to it. If they are unable to use the new exemption, they may need a full Financial Conduct Authority (FCA) licence as a payment institution.
Most telcos seem to have concluded that the application and compliance costs of a full licence outweigh the benefits, as many have opted for the electronic communications exclusion (ECE) for now. There is recognition, however, that this may be a holding position until there is greater clarity around what will be covered in practice and what the FCA will expect.
Read more about PSD2 and next steps in our briefing here.
Ros, a former solicitor, leads the Deloitte Centre for Corporate Regulatory Insight. She has over 15 years’ experience, including City firms, working in-house at a FTSE 250 company and leading an advice and guidance team at a regulator. She helps clients navigate the complex web of regulation, turning legal requirements into plain English commercial advice.
Thuong's experience includes a unique combination of technical enablement, regulatory compliance monitoring and working with various alternative delivery models.
As electronic communication becomes ever faster and ever easier, and the EU ramps up its Digital Single Market Strategy, 2018 will see a steady stream of regulatory change for Telcos and online services providers beyond the GDPR. Key themes include security, consumer protection and competition management.
We’ve pulled together the headlines on EU and UK developments, as a brief overview of what’s coming up. If you want to know more, please click through here for our background document, including a timeline.
The Second Payment Services Directive (PSD2): Telcos must seek an exemption or become authorised by the FCA if they allow customers to charge goods and services to their bills, including premium voice services such as directory enquiries.
Draft E-Privacy Regulation: Intended to align to the GDPR, this has a wide scope across electronic communication services, marketing and website owners. It includes changes to cookie consents and direct marketing requirements.
Cross-border portability: Providers of online content subscription services will have to ensure the cross-border portability of services within EU member states, whilst free-of-charge providers can also choose to offer portable services provided they comply with the requirements.
Network and Information Security Directive: Market operators that are systemically important to a country, such as the health sector, will have to meet minimum standards for network and information security. Digital service providers will have lighter requirements. Telcos are not affected.
Spectrum co-ordination and 5G rollout: New market entrants may have access to new services and fibre, with broadcasting services maintaining priority for the highest frequencies until 2030.
Click for our background document and timeline
Electronic Communications Code: Sets out framework for national regulators to impose conditions on Telcos and provides for regulation of significant market power.
Cyber Security Package: May introduce an EU-wide cyber security certification scheme.
Consumer Protection Directives: Will not have to be transposed into UK law as they will not come into effect before Brexit, but discrepancies between the UK and EU law may result in increased compliance costs.
Significant Market Power Guidelines Review: Changes to these guidelines may formally incorporate case law, and could have a significant impact on competition within the industry.
Click for our background document and a timeline
Investigatory Powers Act 2006 and Codes of Practice: Communications service providers likely to need new technical capability to assist law enforcement authorities.
Digital Economy Act 2017: Penalties from Ofcom for failure to comply with licence commitments, a Universal Service Obligation for broadband and a new Electronic Communications Code.
Drone Bill: Yet to be published, but will mandate use of safety apps for drone users, and introduces licences. May introduce restricted flight zones and automatic blockers within drone GPS transmitters
Click for our background document and a timeline
A brief summary of Ofcom’s draft programme and BEREC’s confirmed programme.
Click for our background document and a timeline
Ros, a former solicitor, leads the Deloitte Centre for Corporate Regulatory Insight. She has over 15 years’ experience, including City firms, working in-house at a FTSE 250 company and leading an advice and guidance team at a regulator. She helps clients navigate the complex web of regulation, turning legal requirements into plain English commercial advice.
This blog is written in general terms and we recommend that you obtain professional advice before acting or refraining from acting on any of its contents. Deloitte LLP accepts no liability for any loss occasioned by any person acting or refraining from acting as a result of any material on this blog.
As 2018 begins to take shape, the regulatory outlook seems dominated by one particular area - data. As the value of the data held by organisations increases, so does the risk from cyber criminals and pressure from regulatory authorities. There is also increasing thought given on how to regulate social media such as Twitter, Facebook and WhatsApp.
However, there are other topics on the agenda – this update covers briefly:
The ‘good corporate citizen’ agenda is progressing, with ongoing first publications of payment practices and gender pay gap reports building on the tone set by the Modern Slavery Act 2015. The corporate offence of failure to prevent facilitation of tax evasion also came into force in autumn 2017, encouraging businesses to put in reasonable systems and procedures akin to the UK Bribery Act 2010.
Going forward, strategic reports published for financial years starting from 1 January 2017 will need to include information on the company’s policies, performance indicators and impact relating to environmental, social, employment and anti-bribery matters. The FRC is currently consulting on its revised code accommodating the changes (see below for more detail).
Businesses’ response to these requirements is still evolving and will continue to do so depending on investor, political and public reactions to their statements. As board level approval is required for all the recently introduced reports, it is likely that validating this information, and acting on identified issues, will rise further up the priority list.
US examples under similar modern slavery legislation show the risks of inadequate research. Class action law suits were filed because companies didn’t acknowledge that some products they were selling used fish from Thai slave ships, or cocoa farmed by children. The claims failed, but the publicity and associated legal costs inevitably had an impact on the companies that needed to defend their reputation.
It seems probable that over time businesses will formalise information gathering on ethical issues and test policy and process implementation through internal audits and reviews. Much information will apply to more than one topic – for example, supply chain due diligence processes can affect reporting on bribery, slavery, tax evasion and environmental impacts.
Taking an integrated, not topic-based, approach to reviews and updating frameworks will be important to embedding effective metrics for reporting while minimising administration and monitoring costs.
You can find more information on requirements through these links:
Failure to prevent facilitation of tax evasion
2017 saw the abolition of roaming charges in the EU and progress made towards cross-border portability of online content. The most significant activity, however, was preparation for GDPR ahead of the May 2018 enforcement date. For more information on GDPR see here. As critical as GDPR is, there are some other things happening this year:
The ePrivacy Regulation: replacing the current “cookie” e-Privacy directive, it will affect how cookies are allowed on web browsers and how digital marketing is conducted. It is currently in negotiation at EU level but expected to be in effect before the UK leaves the EU on 29th March 2019.
Payment Services Directive 2: building on the first Directive, it will narrow exemptions for electronic communications providers. It is being phased in from January 2018.
The Automated and Electric Vehicles Bill is paving the way for new tech by increasing charging points and clarifying insurance issues on automated cars.
The Modern Slavery (Transparency in Supply Chains) Bill aims to stop public contracts being awarded to those who should publish a modern slavery statement but have failed to do so.
A new UK Corporate Governance Code: As mentioned above, the Financial Reporting Council will publish a revised code following a consultation period, with a final draft due in summer 2018, to apply to accounting periods from January 2019. It will provide guidance on social and ethical reporting. For more information see Deloitte’s Governance in Brief publication here.
The Network Information and Security Directive is expected to be implemented in the UK later this year. It sets out minimum standards for operators in electricity, transport, water, energy, transport, health and digital infrastructure. It will also cover other threats affecting IT, such as power failures, hardware failures and environmental hazards. Consultation has now closed, with final regulations expected in the government’s response to it.
And finally, the June Bank Holiday (Creation) Bill seems likely to be popular even with those who don’t consider the referendum date of 23 June to be cause for celebration. Disappointingly, as a private member’s bill, it is highly unlikely to achieve more than a fun debate in the House of Commons at most!
As the details for the UK’s departure from the EU begin to emerge, areas of regulatory convergence and divergence will naturally develop. Whilst a two year transition period may provide a degree of certainty, it is unclear how EU legislative packages which straddle the Brexit period will be handled. In the event that the UK does not adopt EU law, there is potential for immediate regulatory divergence, and we will be looking in more detail at some of these as they emerge over the next year.
Potential net annual cost savings of £250,000 or more should be music to corporate ears. Those ears however seem resistant to the siren song of plain language for regulatory compliance communications.
Evidence shows that small investments in clearer messages save significant time (and therefore money), and improve reader understanding and compliance. For example, in the US Federal Express revised its ground operations manuals, which staff had to search for an average of 5 minutes to find information, with only 53% then finding the right answer. Average search times with the new manuals fell to 3.6 minutes, with an 80% success rate and conservatively estimated annual savings of $400,000. [1]
Overlooking the value of clarity could not only result in missed efficiency savings but also become expensive in its own right. Legislators, regulators and courts are all now looking at how businesses embed culture and compliance. Producing a written policy with a flourish is no longer the rabbit-from-a-hat it once was. The point is less about whether you have sent a message, but whether that message has been received, understood and applied.
This is an inevitable result of the ongoing modernisation of law to make corporates criminally and/or financially liable for ineffective compliance processes. The aim of having good processes is of course to avoid expensive and reputation-damaging enforcement completely, but even where something has gone awry, they can substantially reduce penalties. Enforcement of the ‘failure to prevent’ offence under the UK Bribery Act 2010 shows that in mitigation weight is given not only to whether training and communication have happened, but also whether employees have understood and can apply it in practice.[2] Similarly, sentencing guidelines for offences under health and safety and environmental legislation take into account reasonable procedures.[3]
Processes that are adequate in theory can often fail in practice because people do not understand what they need to do. This can happen when policies and manuals are difficult to read or where the right information is hard to find. As the estimated average reading age in the UK is 9, it is easy to see how compliance can fail despite volumes of policies and procedures – especially when you combine this with busy people trying to get things done in the shortest possible time without wading through masses of text.
Internal policies and procedures often use the same wording and even sentences as the legislation, which is written to meet the needs of lawyers and courts, not those of businesses and their staff.
For example, bribery policies may contain something like this - ‘It is not acceptable for you (or someone on your behalf) to give, promise to give, or offer, a payment, gift or hospitality with the expectation or hope that a business advantage will be received, or to reward a business advantage already given’. Using various testing methods such as the Gunning Fog Index and SMOG[4], this type of text comes out as ‘difficult to read’ and requiring university level skills.
This is neither ideal nor necessary for simple statements of principle that you want people to digest and apply quickly. A clearer version would be ‘You must not offer or take bribes at any time. This includes any gifts or lavish hospitality that could be seen as meaning to influence someone’.
Nor does it make sense for operational procedures to be anything other than simple and clear. In US, a study assessed how the way a general memo was written affected reading time and comprehension amongst naval officers, about half of whom were based at the Pentagon. The officers took 17-23% less time to read a memo written for high impact than one in the traditional style, and half as many felt the need to reread it. Potential savings across the US Navy if all personnel read plain documents were estimated at $250-350 million per year.[5]
Yet it is comparatively rare to find a corporate policy or process relating to regulation that has been boiled down to plain language focused on what actual business needs are. There can, of course, be many reasons for this, but key amongst them is the assumption that anyone can write simply, clearly and confidently, or can learn to in a two hour workshop. It is however a skill that takes time and practice to learn, and is increasingly a profession in its own right. Also, the writer needs to be able to understand not just the regulation but how this impacts the business, and what user groups need to know in order to be compliant.
Small investments in this skill set or in specialist advice can bring significant benefits in efficiency and compliance, and as regulators shift their focus from checklists to outcomes, not doing so may well become a cost in itself.
Ros, a former solicitor, leads our newly-founded Centre for Corporate Regulatory Insight. She has over 15 years’ experience in the public and private sectors, including City firms, working in-house at a FTSE 250 company and leading an advice and guidance team at a regulator. She helps clients navigate the complex web of regulation, turning legal requirements into plain English commercial advice.
[1] Writing for Dollars, Writing to Please, Joseph Kimble, category 1 - 6 http://www.impact-information.com/impactinfo/dollars.htm
[2] See in particular SFO v Standard Bank plc 30 November 2015 at para 20 together with the Statement of Facts
[3] https://www.sentencingcouncil.org.uk/wp-content/uploads/HS-offences-definitive-guideline-FINAL-web1.pdf http://www.sentencingcouncil.org.uk/offences/item/organisations-illegal-discharges-to-air-land-and-water-unauthorised-or-harmful-deposit-treatment-or-disposal-etc-of-waste/
[4] See for example http://www.readabilityformulas.com/free-readability-formula-tests.php
[5] Writing for Dollars, Writing to Please, Joseph Kimble, Category 1 -3 and Category 2 - 8 http://www.impact-information.com/impactinfo/dollars.htm