by John McCarthy Consulting Ltd. | Sep 9, 2018 | News
When you consider the volume of data that an accountancy firm or an individual practitioner possesses, you can understand why they have become an attractive target for hackers.
Accountants are regarded as custodians of people’s most sensitive information. It’s everything about them and their family. And there’s an expectation that every appropriate measure is being taken to safeguard that information according to best practice.
One tax return alone includes the name and PPS numbers of a taxpayer, spouse, and dependent children. Clients’ files include addresses, phone numbers, and bank account numbers.
Banks may have a lot of similar information, but they often have sophisticated cybersecurity controls because they are so heavily regulated. And many times, an accountancy firm’s valuable data are held by small firms or solo practitioners who may lack resources or expertise for setting up and maintaining the latest cyber controls However, size alone does not absolve them from the responsibility to put substantial effort into guarding their systems and data.
An increased risk factor is that the Accountancy Regulatory bodies do not currently include data protection in their inspection visits to firms, leaving it up to the Data Protection Commission, so firm’s may be severely lacking an up to date means of benchmarking themselves against best practice.
It may be helpful to understand the types of scams that hackers are perpetrating which include:
- Ransomware. Hackers can install software that blocks access to your system, crippling your firm’s ability to do work for clients. Upon payment of a ransom in bitcoin, the hacker will restore your system’s capabilities. Ransomware has grown in popularity with hackers because each successful individual attack can force payment of a large sum. Perpetrators with limited technological knowledge can even purchase “ransomware-as-a- service” and unleash it on potential victims. It’s obviously of extreme importance that firms have a stringently enforced habit of backing up their servers daily, which in the case of at least one US firm, helped ward off two ransomware attacks.
- ACH (Automated Clearing House) fraud. Thieves who manage to steal a current account number and a client’s banking details can use this information to steal money directly from victims’ bank accounts, or to route money in various other ways. This information also can be used to commit other crimes.
- Credit card theft. Hackers can use a stolen credit card number to make purchases, or they can use an identity that they have stolen to open new credit cards to be used for purchases. Sophisticated detection systems used by credit card companies have limited the effectiveness of these schemes in recent years.
To hear more about the ongoing requirements of the GDPR, come to our next CPD course, GDPR for Accountants on Tuesday 25 September 2018 in the Talbot Hotel Stillorgan, Dublin, at 9:30am until 12.30pm.
All delegates will receive a GDPR ‘Get Started Checklist’, the GDPR law itself, along with other support materials. More information and booking details: here
by John McCarthy Consulting Ltd. | Aug 3, 2018 | News
In the two months since the implementation of the new EU General Data Protection Regulation, which came into force on the 25th May, there has been a dramatic increase in the number of data breaches reported to the Data Protection Commission.
A recent news article revealed that there have been 1,184 reports of data breaches received by the Data Protection Commission since 25 May 2018. Of the data breaches received, the new GDPR regulation applied in 953 cases.
These figures mark a 154% increase in the monthly average number of data breaches reported in 2017 and a 69% increase in the number of complaints received. See charts below.
This is the first indication of the impact of the new GDPR regulation which introduced mandatory reporting of data breaches in certain cases.
To hear more about the ongoing requirements of the GDPR, come to our next CPD course, GDPR for Accountants on Tuesday 25 September 2018 in the Talbot Hotel Stillorgan, Dublin, at 9:30am until 12.30pm.
All delegates will receive a GDPR ‘Get Started Checklist’, the GDPR law itself, along with other support materials. More information and booking details: here
by John McCarthy Consulting Ltd. | Jul 27, 2018 | News
In a recent sanction by the Central Bank, attention is being drawn to the fact that anti-money laundering (AML) training needs to be focused, specific and ongoing. In the sanction report, a financial services firm was fined €443,000 in June 2018 for failures that included lack of appropriate AML training.
The sanctions report reads: ‘it had inadequate policies and procedures to monitor transactions, detect and report money laundering and provide its staff with appropriate training’.
In addition, the Central Bank found that the company:
- failed in many areas to provide the appropriate amount, level, and accuracy of training for its staff;
- training was not focused on the specific roles and responsibilities of staff (especially at Money Laundering Reporting Officer (MLRO) level;
- training did not amount to a sufficient amount of time to train them on how to identify suspicious activity;
- the entity failed to provide training to all client facing staff; and
- there was a failure to ensure staff were instructed on AML and counter financing of terrorism (CFT)-related law, and a failure to provide ongoing training.
From 15 July 2010 to 10 September 2012, the firm breached section 54(6) of the Criminal Justice (Money Laundering and Terrorist Financing) Act, 2010, because it failed to train anyone involved in the conduct of its business in AML/CFT law or provide on-going instruction on identifying suspicious activity.
Over a three-year period, the firm had held one-hour annual AML/CFT training session for staff. The Central Bank stated the ‘training was sufficient to introduce staff to AML/CFT law but in further breach of section 54(6), it was insufficient to train them to identify suspicious activity. In addition, the scope of the training was not tailored to specific roles, including the Firm’s MLRO’.
To hear more about the AML requirements that must be applied by accounting firms, including a suggested spreadsheet to control all the main topics, come to our next AML seminar on Tuesday 25 September 2018 at the Talbot Hotel Stillorgan, County Dublin.
Booking is here via our website. Cost is €105 per delegate or €280 for three delegates from the same office.
by John McCarthy Consulting Ltd. | Jul 18, 2018 | News
The General Data Protection Regulation (GDPR) finally took effect at the end of May across the EU. Many organisations are still struggling with the amount of changes and work required. A recent survey carried out by the UK branch of the Institute of Chartered Secretaries and Administrators (ICSA) revealed that only half of those interviewed were ‘fully compliant’ on the enforcement date of 25 May, with roughly a quarter (27%) not fully compliant and the rest (23%) unsure.
One suspects that a similar response would be found in Ireland if such a survey were conducted here.
Some of the views reflected in the survey were:
• Compliance is continuous, firms find it challenging to be 100% compliant at all times;
• Basics are easier to put in place, but additional processing is essential;
• Lack of clarity on some of the rules and requirements was a problem as some guidance was only finalised in the weeks
leading up to the GDPR enforcement date on 25 May, which caused plans to be delayed or changed for many organisations; and
• A lot of training and awareness was needed to decrease anxiety among staff who feared doing something wrong.
GDPR is undoubtedly a major challenge for most organisations. We are providing readers of this blog with a free checklist of questions which are intended to help you assess how well your data security and usage controls compare to the GDPR requirements and help identify areas for improvement. Checklist available here
To hear more about the ongoing requirements of the GDPR, come to our next CPD course, GDPR for Accountants on Tuesday 25 September 2018 in the Talbot Hotel Stillorgan, Dublin, at 9:30am.
All delegates will receive a GDPR get started checklist, the GDPR law itself, along with other support materials.
More information and booking details: here
Watch for our forthcoming GDPR Data Protection Procedures Manual coming soon.
by John McCarthy Consulting Ltd. | May 4, 2018 | News
It seems a good time to launch a new website.
After nine years in business, it was time to give the site a refresh. We have:
- added a shopping facility to our website to allow you download and pay for template engagement letters, letters of representation and various manuals. See more at this link; and
- changed the layout of the site to make everything available more visible and accessible from the client’s point of view.
We hope we have succeeded and we always appreciate your feedback
All our template letters have been GDPR (The General Data Protection Regulation) proofed in time for you and your clients to be compliant by the deadline of 25 May 2018.
GDPR Training Events
For more practical hints and tips on data protection and to examine how you may continue to remain compliant into the future, come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Stillorgan Park Hotel, Stillorgan, County Dublin
At a recent course, delegates said: ‘….It is very practice directed, which helps us implement it’; ‘all aspects were covered’; ‘practical and geared to the specific issues raised by accountants’; ‘the speaker was interested in his topic and interesting to listen to’; ‘clear concise and scary’.
After all our courses delegates will receive, free of charge, a link to valuable additional materials including a GDPR checklist and the GDPR legislation itself, to save you research time.
Anti-Money Laundering Training Events
After all our courses delegates will receive, free of charge, a link to valuable additional materials including an AML Client Control checklist and the AML legislation, along with the latest industry guidance, to save you research time.
All our courses are available in-house. Call us for a quotation to arrange training at a time and venue that suits you and your team.
by John McCarthy Consulting Ltd. | Mar 12, 2018 | News
Helping you with your GDPR implementation, here are some final steps every accountancy firm can take to ensure they are GDPR compliant by 25 May 2018.
What to do next
- Update documentation and put procedures in place to ensure you’re compliant and can cope with data requests, the right to be forgotten and data breaches. Data breaches are now reportable to the Data Protection Commissioner’s Office within 72 hours, if the breach is likely to cause a detrimental effect on an individual – whether to reputation or financial loss.
- Consider deleting any information you don’t need to hold to remove the risk.
- Monitor systems and procedures on an on-going basis. GDPR is not a one-off exercise. It needs to become embedded in every firm’s culture and day to day operations.
- Consider how the change in regulation will affect your clients and how you can help them through it.
Clients may look to you for advice and, depending on their business, implementation could require considerable time and monetary investment on their part to ensure that they are compliant. Clients can benefit from your own implementation experiences.
For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Talbot Hotel, Stillorgan, County Dublin on one of the following dates:
Wednesday 18 April 2018 2pm to 5pm
Wednesday 30 May 10am to 1pm
For more information on our other upcoming courses click here
