Business risk services

Business risk services (BRS) technical bulletins

The Criminal Finances Act holds organisations criminally liable for failing to prevent their employees or any other associated persons from facilitating tax evasion. (June 2017)

Employers’ Liability Register – independent audit (PDF 228kb) - February 2018  [ 228 kb ]

Meeting your independent assurance needs for the Financial Conduct Authority (FCA) Employers’ Liability Register annual audit.”

WannaCry - Ransomware - A Cyber Security Update (PDF 354kb) - May 2017 [ 354 kb ]
Following last Friday’s global cyber-attack, which was by far the largest such attack ever, Grant Thornton’s Head of Cyber Security, Manu Sharma says clients should be looking to resist, rather than submit to, the demands of cyber-criminals. The WannaCry Ransomware attack will further raise awareness of the need to continual review cyber security but how well protected are companies from increasingly aggressive cyber-attacks?

Client assets and client money - Keeping your clients’ money safe (PDF 411kb) - March 2017 [ 384 kb ]
The application and enforcement of the Client Assets and Client Money (CASS) rules became a centre of controversy following the financial crash. It raised key concerns about accountability for non-compliance and led to the implementation of PS14/09. Our CASS specialists can support firms through internal audit, advisory and external audit to help protect client assets and ensure regulatory compliance.

SWIFT Assurance and security services (PDF 263kb) - April 2017 [ 143 kb ]
As SWIFT registered partners, Grant Thornton are uniquely positioned to support clients and the SWIFT community in implementing, assessing and attesting to the mandatory controls. As a result of the recent cyber security breaches across multiple global financial institutions, the new security standard has been introduced to establish baseline security requirements across the community. Participants will need to demonstrate their compliance using the different levels of self-attestations, Internal Audit and 3rd party review.

Cyber incident management services - Avoiding chaos in a crisis (PDF 215kb) [ 214 kb ]  [ 214 kb ]- March 2017
Cyber based services touch almost every part of our professional and private lives, with ever increasing dependency. As our reliance grows, so does the requirement for cyber resilience. Supporting systems and networks will sometimes fail through malicious attack, human error or technical failure. We need to be prepared for the impact of those outages. The challenges in managing cyber incidents should not be under estimated - especially if they have occurred within a service from by a third party or cloud based service provider.

Managing operational risk capital: a change in direction (PDF 255kb) - February 2017 [ 265 kb ]
Banks should choose capital measures which are appropriate to their operational risks, but internal models often reduce regulatory capital, but don’t necessarily address these risks. Regulators have responded with a prescriptive approach to managing operational risk capital, impacting the way many banks manage their operational risk controls.

Implementing the standardised approach for counterparty credit risk (PDF 274kb) - February 2017 [ 279 kb ]
Financial institutions using the current exposure or the standard method to calculate regulatory capital for counterparty credit risk are faced with a significant effort to meet the standardised approach for counterparty credit risk (SA CCR) requirement. This impacts the calculation and reporting of exposures and regulatory capital requirements.

ISO 37001 - The first international standard on Anti-Bribery Systems (PDF 180kb) - February 2017 [ 211 kb ]
Bribery and corruption continues to be one of the highest-priority risks for organisations, attracting substantial fines and penalties in multiple jurisdictions as well as considerable public and media attention.

4th & 5th EU Money Laundering Directive (PDF 246kb) - February 2017 [ 276 kb ]
The European Commission have released its proposals for a 4th and now 5th EU Money Laundering Directive. They are in response to changes to the requirements issued by the Financial Action Taskforce (FATF) in February 2012, and a review by the Commission of the implementation of the 3rd EU Money Laundering Directive (issued in October 2005).

Criminal Finances Bill (PDF 209kb)- February 2017 [ 233 kb ]
The Government's strategic response to money laundering is founded upon a risk-based approach and new legislation, namely the new Criminal Finances Bill, which is intended to assist in tackling corruption, money laundering and tax evasion.

Employers' Liability Register independent audit (PDF 182 kb) - February 2017 [ 181 kb ]
Meeting your independent assurance needs for the Financial Conduct Authority (FCA) Employers’ Liability Register annual audit.

IFRS 9 and the 2017 ICAAP (PDF 336 kb) - December 2016 [ 336 kb ]
A new regulatory requirement for ICAAPs from January 2017 onwards clarifies how firms should incorporate IFRS 9 impairment impacts into their stress testing and capital planning processes.