Cyber Security and Modern Slavery

With ever increasing compliance and day to day challenges for businesses of all sizes to deal with, our newly appointed technical partner Sophie Parkhouse looks at some key areas that may affect your business Cyber Security and Modern Slavery.

CYBER SECURITY

Cyber crime continues to be a growing area of risk for all businesses.

In a recent government survey, 60% of medium businesses (50 - 249 employees) had experienced a cyber breach or attack in the last 12 months, with those losing money, losing an average of £9,270. Of these businesses, 23% lost files or network access and 12% had software or systems corrupted or damaged. Social engineering has always been a popular method of attack however more complex attacks are on the rise, with fraudsters spending more time targeting individual businesses.

Previously simple methods such as emails purporting to be from an MD/FD have been made more difficult to spot. Monitoring of the person in question on social media used to create a more believable story. Picking times when less people are around to question the request, and even installing software on computers to monitor the tone and content of emails to ensure that a fraudulent email looks like a genuine one, are methods now often used.

We would always recommend that if you are unsure of any transaction that you are asked to make, seek verbal confirmation. We would also recommend regular training and updates are provided to staff so that they feel able to raise any concerns. Please see the Cyber Essentials website (run by the National Cyber Security Centre): https://www.cyberessentials.ncsc.gov.uk/

for more help and resources.

THE MODERN SLAVERY ACT 2015

Section 54 of the Modern Slavery Act 2015 requires any business in the UK with a turnover of £36 million or above to prepare a slavery and human trafficking statement for each financial year commencing with periods ending from 31 March 2016 onwards.

To whom does it apply?

The act applies to bodies corporate, partnerships and group companies, that carry on business in the UK, supply goods and services and have an annual turnover (being turnover from goods and services less trade discounts, VAT and other taxes based on turnover) of £36million or more.

It is recommended that once a business has produced a statement for one year that it should continue to be maintained and updated in future years even when turnover falls below the £36million limit.

WHAT SHOULD THE STATEMENT INCLUDE?

The legislation does not state the exact content required within the transparency statement. Instead it states that the statement must set out the steps that the business has taken in order to ensure that modern slavery is not present within its own organisation or its supply chains. The statement should also include relevant publications, documents and policies of the organisation with regard to slavery and human trafficking. This may be done by way of a link rather than inclusion of the full policies and documents. A further requirement is that the statement is easy to read. It is therefore important that the statement is written in plain English and is succinct.

Even where there have not been any steps taken in order to ensure that modern slavery is prevented within the business and its supply chains, a statement to this affect must be provided.

When should the statement be produced?

The statement should be produced annually, to cover the full financial year, for each reporting period ending on or after 31 March 2016 and should be made available as soon as practicably possible after the end of the reporting period. This is deemed to mean within 6 months of the end of the reporting period.

The statement is required to be approved and signed by an appropriate senior person with the business, such as a director for a company, a designated member for and LLP or a general partner for a Limited Partnership.

Where should the statement be published?

The slavery and human trafficking statement must be published on the organisations website and a prominent link provided on the homepage. Where the organisation does not have a website the statement must be provided to a requestor within 30 days of receipt of a request.

What are the consequences of non-compliance?

Where a business fails to comply with the statutory provisions of the act the Secretary of State may seek an injunction through the High Court which will require the organisation to comply. If the business does not become compliant there this will result in an unlimited fine.

What action should I take now?

If your business is affected by this legislation and you have not produced a modern slavery and human trafficking statement, it would be advisable to start to review your business and its supply chains in order to identify any areas of risk with regard to modern slavery and to start putting together your statement.