Directors' know how is a monthly article, which highlights key rule changes, proposed changes and market updates so that you know what is coming down the track.
ICAEW considers the future of corporate reporting
The Institute of Chartered Accountants in England and Wales (ICAEW) has published a report assessing the future of corporate reporting.
Having spoken to a range of stakeholders including companies, investor organisations, academia, regulators and standard-setters, the report examines the current state of affairs and identifies key areas where decisions will need to be taken, in order to increase the quality and usefulness of reports, with a particular focus on non-financial reporting.
The ICAEW identifies four critical policy areas that require addressing in order to increase reporting quality and usefulness:
- Balancing the needs of investors with other stakeholder groups – This is particularly salient with regards to the format of annual reports. An assessment will need to be made as to whether separate reporting outside of the annual report – subject to appropriate safeguards and without undermining the usefulness of the annual report to investors – should be encouraged, or whether retaining a single, comprehensive report is the most effective corporate communication for the widest range of stakeholders.
- Encouraging consistency to maintain and uphold credibility – Stakeholders should consider whether they should commit to a converging global approach to non-financial reporting through a high-level framework, developed and coordinated internationally by a global umbrella organisation, or to accept that standardising approaches holds back experimentation and innovation.
- Addressing the intangibles problem – Specifically, stakeholders should address whether standard-setters should prioritise the ways and means of bringing a much wider range of intangibles onto the balance sheet or accept that intangibles will not be resolved through financial reporting change and focus on a broader approach to reporting that looks beyond historical financial performance.
- Harnessing data and technology effectively – Technology specialists and those with an interest in better corporate reporting need to come to a consensus as to the extent they wish to co-ordinate and accelerate the progress in the use of technology as a corporate reporting tool.
Get ready for the General Data Protection Regulation in May 2018
Significant advances in information technology and change in how people communicate and share information with one another led the European Commission, Parliament and Council to agree legislation that updated the 1995 Data Protection Directive by harmonising data protection laws between the 28 EU member states in May 2016 – the General Data Protection Regulation (GDPR).
Businesses and organisations operating in the European Union will have to comply with its provisions by 25 May 2018. Despite the UK’s vote to leave the European Union in June 2016, the UK government has since confirmed that it would implement the GDPR.
Make sure your business is ready to comply with the regulation by taking the following steps:
- Develop a clear procedure so that your company is ready to detect, report and notify data security breaches to the supervisory authority within 72 hours. Consider who will be designated specific roles and responsibilities and prepare template notifications.
- Consider whether you need to appoint a data protection officer. Only companies that are data controllers and processors with core activities consisting of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offences require one.
- Ensure that the new data protection requirements are embedded into any new technology, product or service that requires the processing of personal data from inception.
- Ensure your company is ready to respond to data access requests within one month from the date of receipt of requests.
- Ensure that your company is able to uphold data subjects’ rights to data portability – the right to obtain a copy of their personal data from the data controller in a commonly used and machine-readable format and have the right to transmit those data to another controller – and the right to erasure – the right to request that businesses delete their personal data.
- Consider whether your company needs to profile individuals; they will have the right to object to their personal data being processed. This is particularly relevant for advertising, marketing or social media companies.
- Consider the “one-stop shop”. As companies will be able to deal with a single supervisory authority as their "lead supervisory authority" across the EU, they should start to determine which supervisory authority will be their lead authority.
- Understand the stricter sanctions for non-compliance. Companies will be able to be fined up to 2% of annual worldwide turnover of the preceding financial year or €10 million (whichever is the greater) for violations relating to internal record keeping, data processor contracts, data security and breach notification, data protection officers, and data protection by design and default.
Alternatively, they could be fined up to 4% of annual worldwide turnover of the preceding financial year or €20 million (whichever is the greater) for violations relating to breaches of the data protection principles, conditions for consent, data subjects rights and international data transfers.
- Ensure that your company has legitimate reasons for transferring personal data to jurisdictions that are not recognised as having adequate data protection regulation.