AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

News round-up: January 2023 A&R magazine Jan Feb 23

FCA proposes rules to prevent greenwashing

The Financial Conduct Authority (FCA) has proposed a series of measures to prevent greenwashing by financial services firms. These particularly concern the way firms use terms such as “ESG” (environmental, social and governance), “green” and “sustainable” to sell products and services that do not measure up to such claims. 

The measures are among several potential rules intended to protect consumers and improve trust in sustainable investment products under the FCA’s ESG strategy and business plan.

The FCA is proposing to create different categories of sustainable investment products – for example, one would identify products that are improving their sustainability over time. It also intends to limit the use of sustainability terms to products that qualify under these definitions.

In addition, it wants a general anti-greenwashing rule to apply to all regulated firms to prevent misleading product marketing. It said it wants disclosures to be more informative and simple to understand, so that consumers can easily view the main sustainability credentials of an investment product without having to delve into more detailed disclosures aimed at institutional investors.

The FCA intends to publish the final version of the new rules before July 2023. 

FRC finds few corporate governance disclosures meet highest standards

Reporting against the UK’s Corporate Governance Code has improved year on year, but there are “few companies whose disclosures meet the highest standards”, according to the latest Annual Review of Corporate Governance Reporting from the Financial Reporting Council (FRC).

It found that while companies are being more transparent and disclosing more – particularly where they depart from the code – they generally fail to provide meaningful reasons for choosing to explain rather than comply. Many also fail to disclose enough about the outcomes and impacts of company policies and practices to demonstrate how governance has improved. 

Over half of the companies provided a statement confirming that their risk management and internal control systems are effective, or that no weaknesses or inefficiencies have been identified. However, many of these do not explain how they assessed the effectiveness of their systems.

Others provided good insight into their processes to identify and mitigate risks, but did not reveal the frequency of actions, such as how regularly directors review principal risks, how often senior managers meet representatives from the risk committee or review the risk register, or whether the chief risk officer reports to the board quarterly. This information could indicate ways to improve their risk management.

The FRC also highlighted risk topics where many company reports lacked detail. For instance, only 43 companies identified at least one emerging risk, and only 25 of these explained what these risks were. 



Insurer ranks climate change risk above cyber risk

Climate change has overtaken cyber risk, the pandemic and geopolitical risk to become the top ranking risk in insurer Axa’s latest Future Risks report.

Energy-related risks had risen to fourth place from 17th place last year. The top ten rankings also included three economic risks: financial instability; macroeconomic deterioration; and monetary and fiscal stress.

The report highlighted that inflation is becoming a more important concern among insurance professionals and the general public. 

ICO issues guidance on monitoring employees

The Information Commissioner’s Office (ICO), the UK’s data regulator, has issued draft guidance to help ensure employers’ monitoring of staff performance does not become surveillance or harassment.

The UK General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) do not prevent employers from monitoring employees, but the ICO guidance reminds companies that employers must make workers aware of the nature, extent and reasons for the monitoring. Covert monitoring may happen only in “exceptional” circumstances – for example, if there is a suspicion that an employee is engaged in criminal activity. 

Employers must be clear about the purpose of monitoring and should carry out a data protection impact assessment (DPIA) to see whether it impinges on employees’ right to privacy.

The guidance emphasises that employee monitoring should be proportionate and not intrusive: “Just because a form of monitoring is available, it does not mean it is the best way to achieve your aims.” 



Prepare for supply chain breaches

Only two per cent of global organisations did not suffer a supply chain breach last year, according to security firm BlueVoyant’s State of Supply Chain Defense: Annual Global Insights Report 2022. Despite this, the researchers found that many companies do not understand how their suppliers manage cyber security or know whether these suppliers have been hacked.

Although 53 per cent of organisations said they audited or reported on supplier security more than twice annually, 40 per cent said they rely on their suppliers to ensure that they have adequate security and are unaware when an issue arises.

If they do discover an issue in their supply chain, 42 per cent said that they cannot verify whether the issue was resolved. 


Decline in overseas bribery law enforcement

Countries are doing too little to tackle bribery overseas, and enforcement is at its lowest level since 2009, according to anti-corruption campaigner Transparency International (TI). It found that only the US and Switzerland can be considered “active enforcers” when judged by their efforts to investigate, charge criminals and impose meaningful sanctions.

TI’s Exporting Corruption 2022 report found that most countries impose limited sanctions or do not penalise overseas bribery at all. These countries included China, the world’s largest exporter, and India, which does not criminalise bribery overseas. Other countries with no case histories since 2018 include Russia and Mexico.

In 38 of the 47 countries in the survey (which account for 55 per cent of global exports) TI found that foreign bribery abuses go unpunished. Few countries publish sufficient information about ongoing, pending or completed foreign bribery cases.

The report tracks the decline in enforcing overseas bribery laws to 2018. It blames this on “serious inadequacies” in the laws and justice systems in all countries, alongside a lack of resources, training and independence for law enforcement and investigative agencies, and few effective whistleblower protection mechanisms. 


Tech, healthcare and FS most at risk of data loss

Big tech firms, healthcare providers and financial services firms are the most likely types of organisation to lose personal data in a data breach, according to a survey by cyber security company VPN Overview.

There have been 53 data breaches in the online tech sector since 2004, amounting to over five billion pieces of data lost. Around 81 per cent of these breaches were caused by hacking, followed by accidental publication (7.4 per cent) and poor security (3.8 per cent). 


Use risk tolerance to support enterprise strategy

New free guidance has been issued to help enterprises improve understanding, communication and application of risk terms so they can improve their risk tolerance management. In Using Risk Tolerance to Support Enterprise Strategy, security standard-setter ISACA says that effective approaches to implementing risk tolerance provide transparency around the risk-management process and strengthen understanding of the enterprise’s risk profile.

It identifies the key benefits of risk tolerance as: supporting conscious and informed risk taking; promoting consistent risk management practices; and structuring the executive conversation around risk taking. 


Sustainability protects organisations from disruption

Sustainability is an investment that protects organisations from disruption, according to 86 per cent of business leaders surveyed by consultancy Gartner. Additionally, 83 per cent of respondents said sustainability programme activities directly create both short- and long-term value for their organisations, and 80 per cent indicated that sustainability helps their organisation to optimise and reduce costs.

The main areas where sustainability programmes are seen to mitigate cost increases were energy consumption, business travel and customer transactions.

Over half of the business leaders surveyed in 2022 Sustainability Survey: Use Sustainability to Drive Value and Mitigate Disruption said their enterprise sustainability programme has a strong link to their income statement, and 42 per cent of respondents said they use their sustainability activities to drive innovation, differentiation and enterprise growth through sustainable products. 


This article was published in January 2023.