Issue 33, Summer 2013 Commercial eSpeaking

Managing email, internet and social media

IT policies for your business

Does your company have an information technology (IT) policy? If so, when did you last update it and do your

employees know it exists? This article looks at the pros and cons of your employees internet access and what you can

do to develop a policy around this.

Benefits and pitfalls

Do you provide your employees with portable devices such as iPhones, iPads, Blackberries or laptops? Do you allow

your employees to access your business network using their own portable devices? Does your IT policy adequately

address the security risks arising from your employees using portable devices?

We have all heard or read of horror stories about emails written in anger and sent in haste (occasionally these

end up plastered across the front page of the New Zealand Herald). Does your IT policy set out what is and what

isnt acceptable when sending internal and external communications (including emails, texts and communications

on letterhead)?

Social media sites such as Facebook, Twitter, YouTube, Pinterest and LinkedIn, amongst others, provide a myriad of

marketing and networking opportunities for some businesses. Various issues can arise, however, from employees

misuse of company email, internet and social media; these could include:

Loss of productivity

Increased internet connection costs

Reduction of internet speed due to high use/downloading which can affect business ef?ciency

Inadvertent or intentional disclosure of con?dential and/or commercially sensitive information

Damage to your business reputation as a result of negative comments made by employees in emails

or on social media sites, and

Allegations of bullying or harassment as a result of derogatory comments posted on social media sites

by one employee about another employee.

What does a good IT policy contain?

A good policy will:

State your business position on your employees personal use of work email, work devices such as computers

and smart phones, internet and social media sites stipulating what level of personal use (if any) is acceptable

Set out the types of behaviour which are deemed unacceptable, for instance, making intimidating or derogatory

comments about other employees or clients, or disclosing con?dential information

Address security risks, for example, the use and disclosure of passwords, and protection of con?dential information

Con?rm that your business owns any equipment/portable devices provided to employees and all information

contained on them

Advise whether your employees can access your business network via their own portable devices/home computers

and, if so, the limitations you wish to place around that

Set out the steps you take to monitor your employees business and personal use of work email, work devices such

as computers and smart phones, and their internet use. If you allow employees to access your network via personal

devices then you should stipulate the steps you can take to monitor their use of personal devices to do that

Specify the extent to which (if at all) its acceptable for employees to refer to your business or other employees

in blogs or on social media sites. Point out to employees that information posted on social media sites may not

be private

If you require employees to maintain company blogs, or social media sites, set guidelines for the type of content

thats appropriate, and

State what steps may be taken if an employee breaches your IT policy.

The key to any good policy is that it should reflect the culture of your business, should be easy to understand and

accessible to all your employees.

The start of the year provides a good opportunity for all businesses to review, update or implement an enduring

and robust IT policy. A good policy can be proactively used to manage risk while maximising the bene?ts that email,

portable devices, the internet and social media can deliver to your business.

Anti-Money Laundering Deadline Looms

Five months remain to get organised

One of the key items on this years to do list for all affected businesses will be getting ready for the main provisions

of the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 that come into effect from

30 June 2013. Given the extent of whats required in order to comply, theres not a lot of time left. Those whove yet

to make much progress in getting ready would be well advised to plan for the incoming regime as soon as possible.

AML/CFT is an issue that New Zealand has paid some attention to over the years, but just not enough. Its big

business internationally. The International Monetary Fund and World Bank estimate that US$2 trillion to US$3 trillion

is laundered around the world each year. Regulators arent afraid to take action and impose substantial penalties for

failing to comply with AML/CFT laws. For example, global bank HSBC has been under investigation over allegedly

allowing clients to transfer potentially illicit funds from countries such as Mexico, Iran and Syria. Late last year the bank

agreed to pay US$1.92 billion in ?nes to US authorities as a result of those investigations and, as part of its settlement,

will be subject to independent monitoring and assessment against various measures directed at improving the banks

structure, controls and procedures.

New Zealands regime

International audits have revealed signi?cant de?ciencies in New Zealands AML/CFT regime. The Act is intended

to address a number of these de?ciencies. If we dont get it right, credit ratings and trade relationships with other

countries could be negatively affected, which will ultimately hurt us all directly or indirectly.

So, who does the Act apply to? The Act applies to reporting entities, a term which includes banks, life insurers,

?nance companies, building societies, credit unions, issuers of securities, trustee companies, futures dealers, brokers,

certain ?nancial advisers, casinos, money service businesses, those involved in ?nancial leasing, safe deposit businesses

the list goes on. There are a range of exclusions and exemptions for businesses that might otherwise be caught, such

as accommodation providers that provide guests with safety deposit boxes, accountants, real estate agents, pawn

brokers and lawyers.

Reporting entities will need:

A written risk assessment of the money laundering and ?nancing of terrorism that could be expected

in their business

An AML/CFT programme that includes procedures to detect, deter, manage and mitigate money laundering

and the ?nancing of terrorism

A compliance of?cer appointed to administer and maintain the AML/CFT programme

Customer due diligence processes based on their risk assessment including customer identi?cation and

veri?cation of identity, and

Suspicious transaction reporting, record-keeping, auditing and annual reporting systems and processes.

Guidelines have been issued

The regulatory bodies that are responsible for supervising the new regime (the Reserve Bank of New Zealand, the

Financial Markets Authority and the Department of Internal Affairs) have issued guidelines on various topics to assist

businesses to comply with the new regime. The topics covered so far include points of interpretation in determining

whether a business is a reporting entity and therefore caught by the Act, the required risk assessment and AML/CFT

programme, as well as the territorial scope of the Act (including the extent to which it applies to overseas entities).

For customers of reporting entities the impact of the Act will largely be felt through the customer due diligence that

will need to be done on them. This will generally involve customers having to provide more information which, in

some cases, will include needing to provide information on the source of funds and wealth. Trusts in particular will

come under close scrutiny, as they can be an easy way to hide the bene?cial ownership of funds.

For reporting entities that dont comply with the Act, the consequences can be signi?cant. The Act provides

for a range of sanctions for non-compliance, ranging from formal warnings to injunctions, substantial ?nes and

imprisonment.

Business Briefs

Further changes ahead for the Employment Relations Act 2000

Looking at the year ahead, were likely to see further reforms to the Employment Relations Act 2000, with the

proposed changes anticipated to come into effect in the second half of the year.

One area of the proposed reforms aims to further clarify Part 6A of the Act, which deals with vulnerable workers

whose work is affected by restructuring. The proposed changes include:

Exempting incoming employers with fewer than 20 employees from complying with Part 6A

Requiring outgoing employers to forward individual employee information to the incoming employer

Detailing a process to help outgoing and incoming employers to agree how to apportion accrued

service-related entitlements of employees, and

Adding additional penalties and compliance orders for non-compliance with Part 6A.

Amendments to the collective bargaining regime are also expected, including changes to:

Empower the Employment Relations Authority to declare the end of collective bargaining in certain circumstances

Allow employers to opt-out of multi-employer bargaining

Allow partial pay reductions in cases of partial strike action, and

Remove the requirement for non-union members to be employed under the terms and conditions of a collective

agreement (where one is in force which covers their work) for the ?rst 30 days of employment.

Other changes include amending the duty of good faith in section 4 to align it more closely with the privacy principles

in the Privacy Act 1983, and extending the right to request flexible working arrangements to all employees, from their

?rst day of employment.

More details on the proposed changes can be found at www.dol.govt.nz

Employees Facebook fallacy

Social networking forums have become the modus operandi of connecting, meeting and communicating for billions of

people worldwide. Employees, however, need to realise that what is said in a supposedly private setting online often

isnt as private as intended, as has been highlighted in the recent case of Taiapa v Te Runanga o Turanganui A Kiwa

After requesting one weeks leave without pay to attend a sporting championship and being granted only three

days by his employer, Mr Taiapa reported in sick claiming he had damaged his calf muscle and was un?t for

work. Regrettably for Mr Taiapa, a colleague saw him leaving town with his family and his employer became aware

of a photograph on Facebook showing Mr Taiapa smiling and giving the thumbs up with a large female sitting on

his knee.

After an investigation and based on a number of factors, Mr Taiapa was dismissed for serious misconduct by

dishonestly taking sick leave. The Employment Relations Authority concluded it was open to a fair and reasonable

employer to view Mr Taiapas actions as dishonest and that they undermined the necessary trust and con?dence

required in the employment relationship.