Justin Muscolino joins GRC Solutions’ US operations 

GRC Solutions is pleased to announce that Justin Muscolino has joined our New York operations as Head of Compliance Training Operations in North America.

Justin draws on his longstanding experience in compliance, training and regulation for the banking sector. He was Macquarie Group’s Head of Americas Compliance Training and JP MorganChase’s Compliance Training Manager. More recently, he served as Head of Compliance Training at Bank of China.

Justin has also worked at the US regulator FINRA, where he helped create Examiner University, seeking to nurture and develop examiners’ skills to deal with financial institutions.

“I’m excited to join GRC after more than 20 years in corporate. After dealing with vendors throughout my career, I can lend my expertise to GRC on best practices when dealing with financial institutions,” Justin says.

“GRC is well-placed to provide premium quality compliance consulting and training to the financial services sector which attracted me to this opportunity.”

In January 2016 GRC Solutions opened our New York office with our unique adaptive e-learning technology. In Australia we have continued to win awards at the industry LearnX Awards for many years, including Best Compliance Program and Best Custom Project in 2018.

GRC Solutions was the recipient of a prestigious Brandon Hall Group’s Excellence Award and was a finalist at the Premier’s NSW Export Awards.

Three tips for your new year’s compliance checkup

Check list

January may signify the loss of sun-drenched beachside holidays as you readjust to business as usual, but it’s also an opportune time to refresh your organisation’s objectives and check in with staff to begin the year on a positive note. Setting ambitious sales targets and devising strategies for new clients may be top of the agenda, though it pays to do a compliance checkup along the way with these tips in mind:

1. Identify gaps in learning and compliance training

A training needs analysis may not seem like the most exhilarating activity at first glance. But it can go a long way towards ensuring that your training covers all the relevant areas and does more than just ‘tick a box’. Ensuring that company procedures are published and updated, and that staff at all levels have completed their relevant compliance training, will mean everyone is on the same page with common goals.

 2. Make your teams aware of compliance contacts and their responsibilities

Who can employees go to if they suspect an IT scam is making the rounds? What if simmering tensions between a few workers haven’t mended over the holiday break? It’s important that staff know what the Compliance Officer is responsible for and are comfortable enough to approach them or management when these types of issues arise. It goes back to establishing a culture that promotes clear lines of communication, but also the old saying that “prevention is better than cure”. This brings us to the third tip.

3. Review risk management procedures through assessing your workplace culture

“Risk management” and “due diligence” always come up when talking about compliance procedures. Your organisation’s workplace culture is where risk management starts – if employees are in an environment where their peers are acting with a compliance mindset, they’re more likely to follow suit. Implementing programs which demonstrate real-world scenarios that your employees can directly relate to is a great place to start. Bringing together multiple departments through workshops or discussion groups about their approaches to high-risk areas like fraud awareness are also a good way to check that your compliance policies are being adopted. Further training can then be adapted as required to fill any gaps in knowledge and embed compliance as a fundamental part of how workers carry out their everyday tasks.

Some key checkpoints:

  • Are new employees briefed on the importance of a collaborative and diligent workplace culture led by example?
  • Does your company have a fraud awareness plan and social media policy?
  • Do your meetings just focus on the numbers or is there also a focus on establishing good business ethics?

GRC Solutions provides a large library of award-winning online compliance training, as well as customisation and bespoke development services.

Top compliance tips for retailers over Christmas

compliance tips ChristmasIt’s that time of the year again. Christmas carols are in full swing, extended shopping hours provide the opportunity to grab those last-minute presents and sales are booming. For retailers, the festive season sees profits soar as consumers get into the gift-giving spirit. But there are areas businesses should watch out for to ensure they’re doing the right thing by their customers. From advertising products, selling on the front line or dealing with refunds, here are some top tips to remain legally compliant:

Advertising and marketing teams

While it’s common practice to use some fine print, there are rules which protect consumers against advertising that may be deceptive or misleading. If there are unfair exclusions to a promotion, or statements that contradict the main message of marketing materials, you may be in breach of the Australian Consumer Law. For example, it would be prohibited to make a representation of a ‘gift with every purchase’ when the fine print says ‘gift is at the additional cost of $10’.

Sales staff

Sales staff who are a retailer’s main point of contact with consumers should be well-informed of their basic legal obligations. There may be temptations to stretch the truth when closing a deal, particularly on those big-ticket items like electronics or sporting equipment. But if the salesperson tells a customer that electric scooter with “intuitive braking and a battery that lasts for a full day” will meet all those needs and it fails, the customer will be entitled to a refund.

Refunds and returns

It’s important to make sure that a store’s returns policy is clear and in line with the Australian Consumer Law. While retailers don’t have to refund for a ‘change of mind’, they are obligated to provide a remedy if a product is faulty or not fit for purpose. Signage at a store level is a key issue to consider – for example, a sign which says “no refunds on sale items” would be considered illegal because it undermines a consumer’s inherent statutory rights.

GRC Solutions creates award-winning training programs on a range of legal compliance areas. For more information on our Competition and Consumer Protection course, contact us today.

Why compliance professionals need more than just legal knowledge

As the Financial Services Royal Commission continues, it’s more important than ever that organisations implement compliance policies that go beyond ‘ticking boxes’ in order to comply with the law. Instilling in employees everyday work practices habits that aren’t just legally compliant but also ethically sound starts from the ground up.

Nowadays compliance teams are drawing on experiences from the fields of technology, governance and HR. To make these changes effective in the long term, compliance professionals are finding it useful to have interdisciplinary skills that extend outside the scope of a lawyer or accountant.

Compliance professionals stand to benefit from having a tech background that will help communicate their message to the company at large. Michelle East from Certainty Compliance states that “people that have really strong change management skills and information management skills” are particularly useful. Compliance staff don’t need to be IT experts, but a working knowledge of regtech – the intersection between regulation and technology – and how it improves the transparency of operations between different sections of the business will mean they can mitigate risks where they see them.

‘Soft skills’ such as emotional intelligence which directly influence organisational culture and the willingness of employees to adopt compliance programs are just as important. James Beck from Effective Governance writes that hiring compliance staff who can adopt “HR, organisational psychology, and governance” skills are better able to discern the ‘grey areas’ between legal and ethical compliance. For example, the need to make complex decisions can often arise during business transactions that challenge the balance between profits, stakeholders and community expectations. When this happens, a technical knowledge of the law combined with a thoughtful approach to ensuring employees know how to act will provide the most holistic response.

New regulations are being introduced and the burden of compliance requirements will continue to expand. As Commissioner Hayne puts it, “Culture and governance are affected by rules, systems and practices but in the end they depend upon people applying the right standards and doing their jobs properly.”

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses. Contact us today for more information.

Source: Sydney Morning Herald

Briefing Sessions for Boards and Senior Management

Does your Board, CEO and senior management understand their new accountability obligations under the new Banking Executive Accountability Regime (BEAR)? GRC Solutions offers face-to-face interactive presentations  to assist your directors and executives in their new role as ‘accountable persons’ as they meet the challenge of embedding the BEAR within your organisation. GRC Solutions’ interactive sessions will cover:

  • the scope and purpose of the BEA
  • your ADI’s accountability obligations
  • your ADI’s key personnel obligations
  • your accountable persons’ accountability obligations

Our face-to-face sessions will tell what you need to know if you are paying variable remuneration to your directors or other accountable persons and how and when you will have to deal with APRA.

The sessions will also offer practical guidance on how your board and senior executives can embed a culture of BEAR compliance within your ADI. Practical information, not available from the legislation, will guide your board  setting standards of conduct designed to reduce reputational and other risks to the prudential standing of your ADI.

Guy Griffin, Senior Lawyer

Guy specialises in financial services and credit licensing compliance . His other areas of practice include prudential risk and compliance for ADIs and advising on all aspects, legal and non-legal, of effective board governance for ADI directors.


Liam O'Brien, Senior Consultant. Liam is a vital member of the GRC Solutions team.Liam O’Brien, Senior Consultant

Liam is a highly regarded risk and compliance expert and workshop presenter. He helps organisations develop a successful risk and compliance program by converting a strategy into an operational program of work.


GRC Solutions is designing and facilitating learning and development solutions to assist you to understand the implications of BEAR and how to prepare for compliance with the new laws.

 Contact Guy Griffin, Senior Lawyer at GRC Solutions for further information: guy.griffin@grcsolutions.com.au

Compliance Forums – Save the date

GRC Solutions popular Compliance Forums will be held again next March. There will be a full analysis of the Financial Services Royal Commissions Final Report. AUSTRAC has also agreed to present on its review of AML/CTF risk in the mutual banking sector.

The tentative dates for the first round of GRC Solutions Compliance Forums for 2019 have now been advised: Compliance Forums

  • Thursday, 14 March – Brisbane
  • Friday, 15 March – Sydney
  • Thursday, 21 March – Adelaide
  • Friday, 22 March – Melbourne

Forums will cover key regulatory developments impacting the mutual banking industry, including a full analysis of the Final Report of the Financial Services Royal Commission, scheduled to be delivered to the Government on 1 February.

We are also pleased to announce that Austrac has agreed to again present to participants, following their successful involvement in the February/March 2018 round. AUSTRAC is currently consulting mutual sector stakeholders on the draft report of its Australia’s Mutual Banking Sector ML/TF Risk Assessment. It will use the Forums to engage with the sector on the Assessment Report post-publication.

Register your interest by emailing marketing@grcsolutions.com.au to receive a full agenda and location details for the March 2019 Compliance Forums in the New Year.




Sexual harassment at work: clear procedures for support and accountability

Sexual harassmentEveryday sexism and harassment has drawn increasing media attention in recent times. The existence of legislation protecting against sex-based discrimination in the workplace, set against the backdrop of initiatives such as the #Metoo movement, have brought the topic under the scrutiny of the public’s gaze. Despite these developments reflecting general community expectations, when incidents occur it is often the complainant left dissatisfied with how the situation was handled in their professional environment from the outset.

Employees face increased pressure to translate the legal protections under the Sex Discrimination Act into procedures at a grassroots level, and to know what practical avenues are available to them if they have experienced sexual harassment at work.

Employers must have adequate systems in place that genuinely acknowledge a complainant’s concerns. They should also provide viable steps towards holding perpetrators accountable. After landmark decisions such as the 2014 Richardson v Oracle Corporation Australia Pty Ltd case, the vicarious liability of employers and increased scope for payable damages places even greater emphasis on the need to acknowledge that sexual harassment exists in workplace cultures.

As many of these incidents remain unreported due to the stigma surrounding speaking out and complicit behaviour from fellow colleagues encouraging a ‘culture of silence’, clear boundaries need to be communicated on the line between well-meaning camaraderie and inappropriate advances. Fostering an open discussion and promoting effective internal avenues of redress are the first steps to cultivating a workplace that is safe, inclusive and respectful.

GRC Solutions offers a range of customisable training to ensure that employees are aware of policies in place about what constitutes sexual harassment in the workplace and how it can be prevented.

To learn more about our Diversity & Equality course and how it could benefit your organisation, contact us today.

Source: The Conversation

A snapshot of domestic violence

domestic violenceOne woman is killed every week by her partner in Australia. Around one in six female workers will be affected by domestic violence in their lifetime. These statistics paint a shocking picture of how prevalent the problem of domestic violence is today.

Domestic or family violence can occur between intimate partners (including same-sex couples), relatives, family members, carers and children.

GRC Solutions takes a look at how Australian workplaces can support and empower employees and colleagues.

Domestic violence and the workplace

Violence is more than a private or personal issue. The impacts can be seen and felt throughout the workplaces of those affected. It can also happen within the workplace.

A Human Rights Commission survey found that 25% of women had experienced sexual harassment in the workplace. It also identifies that intimate partner violence is the leading contributor to death, disability and illness in women aged 15 to 44 years in Australia. “Within the population of women who have experienced violence, or are currently experiencing violence, the Australian Bureau of Statistics estimates that between 55% and 70% are currently in the workforce.”

Going to work each day often offers no solace for domestic violence victims as the harassment can continue through phone calls, emails, text messages and even visits by the offender.

What can you do to help?

Firstly, it’s important to recognise the signs of abuse.

Abuse victims may hide their abuse from co-workers, but the following signs may be an indication that abuse is occurring:

  • Frequently missing work without a valid explanation
  • Wearing sunglasses indoors or long sleeves on a hot day
  • Frequently arriving to work very early or late
  • Avoiding social functions
  • Decreased productivity
  • Tension around receiving repeated personal phone calls

Secondly, respond to any concerns you identify. Speak up and voice your concerns in a sensitive and confidential manner to the victim. For example, “I’ve noticed you have been running late the past few weeks. I know it’s unlike you and I’m worried about you. Is everything okay?” While they may be defensive or not want to disclose any information, you should always remain supportive.

Thirdly, refer them to any support services available to them. Empower victims by providing them with emotional support as well as the resources to speak up.

Your organisation should provide a safe working environment in which staff can refer any concerns they have without fear of retribution or breach of confidentiality. It should also be clear to all employees that there is a zero-tolerance approach to violence.

Support services you could refer victims to include:

  • 1800RESPECT
  • Aboriginal Family Domestic Violence Hotline
  • Relationships Australia
  • Lifeline

White Ribbon Workplace Accreditation Program

Your organisation can take an active part in promoting respectful relationships and gender equality within the workplace and demonstrating a culture of zero tolerance of violence by joining the White Ribbon Workplace Accreditation Program.

For more information on the White Ribbon Workplace Accreditation Program, visit:  https://www.whiteribbon.org.au/stop-violence-against-women/get-workplace-involved/workplace-accreditation/

GRC Solutions develops training on violence prevention and awareness. Contact us today for more information.

Why be environmentally compliant?

In Australia, Commonwealth, state and territory legislation exists to protect consumers, the environment and the community. These laws are actively applied on both the Commonwealth and state level. For example, in the financial year 2016-17 the NSW Environmental Protection Authority (EPA) completed 103 prosecutions with a record $2,448,455 in financial penalties being imposed by the Courts. In addition, the NSW EPA issued 261 penalty notices, amounting to about $1.9 million in penalties.

What are the costs of non-compliance and more importantly, what are the benefits of compliance?

The Cost of Non-ComplianceEnvironmental Compliance

The Commonwealth’s Environment Protection and Biodiversity Conservation Act 1999 (EPBC Act) has a strong framework for enforcement. Mechanisms include:

  • Civil or criminal penalties that apply to individuals and corporations
  • Remediation orders and determinations to mitigate environmental damage caused by contravention of the Act, and
  • Enforceable undertakings

Meanwhile, in NSW under the Protection of the Environment Operations Act 1997 the worst offences can incur a penalty up to $5,000,000 for a corporation, or $1,000,000 or 7 years’ imprisonment for an individual.

These are just a few examples of the significant financial costs of non-compliance with environmental laws. Other costs must also be factored in when you are considering your liability, including the legal fees associated with enforcement proceedings, reputational costs (which can lead to significant loss of revenue) and loss of productivity.

The Benefits of Compliance

On the other side of the scales, there are significant benefits to be derived from proactive environmental planning: not just abstaining from breach, but actively planning to increase your sustainability.

“Going Green” can improve profitability and increase your reputation with customers.

Firstly there are the economic savings:

  • Efficient use of resources means:
    • Less unnecessary repurchasing and reduced energy and water bills, as well as
    • Reduced costs incurred by disposal of waste
  • Using sustainable resources means ensuring supply of those resources – unsustainable resources are finite, and will soon run out.

Then there are the opportunities for revenue generation and reputational rewards:

  • Recognition of your efforts through environmental awards – for example the Green Globe Awards
  • Developing a reputation for best practice within your industry
  • Emerging market opportunities for “green” goods and services

Engaging Environmental Management

What are the first steps? You could start by:

  • Researching your options in relation to sustainable resources,
  • Employing proper recycling methods, and
  • Researching ways to reduce your waste through more efficient use of resources

Conducting an Environmental Audit is a great way to assess your current position and identify target areas for improvement. Once the audit is complete, you can develop an Environmental Management System to implement some changes and draw some of the significant benefits of environmental compliance.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Environmental Compliance. Contact us today for more information.

Sources: Making your business environmentally friendly, Australian business and environment laws, The benefits of an environmentally friendly business, Compliance and enforcement, NSW EPA holds environmental offenders to account

How to stay on top of your compliance training

compliance training

If you’ve ever worked in compliance or in a compliance-adjacent role, you’ll know how this cliché applies: “You can lead a horse to water but you can’t make it drink”.

Regardless of how many opportunities you’ve created for staff in your business to learn about and meet their compliance obligations, at the end of the day, it can be difficult to make them physically take the training they’ve been assigned. “I don’t have the time!” is one of the most frequent objections. “I’m sure I’ve already done it. Why do I have to do it again?” is another. We’re all familiar with the wordless rumble that compliance training is boring and a bit of a chore.

Here are some tools for getting to that 100% completion rate and meeting those compliance goals in your organisation:

Modular learning

This is an anecdote we hear all the time: it’s becoming increasingly difficult for learners to carve time out of their week to sit down and knock out their compliance training. Even when they do, it can be daunting to see two or three hours’ worth of content waiting for them.

Modular learning is an instructional design approach that breaks larger topics into smaller independent segments. Instead of trying to find the time to do their whole two hours of Competition and Consumer Law training, learners could work their way through a series of modules, each about 20 minutes long, whenever they can fit them into your schedule. 20 minutes is the ideal amount of time to spend on a topic because that’s the average person’s attention span. Pretty soon, they’ll have completed all their training requirements without it ever feeling like a slog.

Pro tip

For those who want something even snappier and more to-the-point, there’s microlearning, which breaks topics down into short and sharp segments between 2 to 5 minutes.

Analytics and reporting

Most learning management systems these days come with some administrative functionality, but too few people take advantage of them. Your e-learning platform should be able to give you data on a wide range of things, including completion rates, average assessment scores and, if you’re curious, which topics the learners in your organisation struggle with the most. Whichever platform you chose for your business, make it work for you. Analytics and reporting can make it easier to keep track of who has yet to complete their training and even automate reminders for staff.

Pro tip

With so much data at your fingertips, why not get a little creative with your approaches to compliance? For example, some of our clients like to sort completion rates by department and encourage leader board-style competition between them: the first department to get all their employees to finish their training gets a reward of choice.

The cost of non-compliance

Having outlined some effective ways of encouraging your staff to complete their compliance training, you may be wondering whether it is worth the effort. In fact, a recent study by the Ponemon Institute has demonstrated that in fact the costs of non-compliance far exceed the cost of compliance: the costs of non-compliance were 2.71 times the costs associated with compliance including policy development, staff training and audits.

The study also found that there were several factors that could further lower the total cost of compliance. More compliance audits, for example, reduce the overall costs of compliance. The study found that organisations that conducted five or more internal compliance audits per year had the lowest total compliance costs, whereas the highest total compliance costs were incurred by the orgaisations that conducted only one or two internal audits per year.

GRC Solutions is a multi-award winning provider of online compliance training content and learning management systems. For more information about our off-the-shelf and bespoke courses, face-to-face workshops, training platforms and other services, contact us today.

Source: Ponemon Institute


Australian culture and workplace bullying

Last week Westmead Hospital’s ICU was stripped of its training accreditation in an unprecedented response to bullying and harassment allegations made against senior medical staff. The College of Intensive Care Medicine (CICM) revoked the hospital’s ICU training accreditation due to the hospital’s inability to provide an appropriate teaching environment for CICM trainee doctors.

Then while we were still processing the unveiling of bullying in our healthcare system, we were hit with another bullying blow. Following on from Cricket Australia’s ball tampering scandal, an independent review found that employees were reverting to “bullying tactics, or worse, ostracising” to get their way.

A cultural affairbullying

We’d like to think that Australia is progressive, yet studies show that workplace bullying is still so prevalent. Talk to anyone about the issue of bullying and they will swear black and blue that they would absolutely not stand for it. However, the reality is we do stand for it. We stand for it when we do not speak up and we stand for it when as a culture our attitude is that we should do whatever it takes to progress our careers – even if it includes the occasional intimidation or harassment. Just think of some of our Aussie politicians…

It’s ingrained in us from a young age that when we are bullied its’s ‘just kids being kids’ or it’s best to look the other way so that we don’t make things worse. Unfortunately, those kids grow up and enter the workforce.

Tackling workplace bullying

To truly stand up against bullying in the workplace, organisations must adopt a zero-tolerance policy. Managers need to lead by example and voice their stance. Ensure that policies and procedures regarding workplace bullying are communicated to both new and old employees and enforced.

Providing a safe workplace where employees can speak up against bullying without fear of ‘things getting worse’ or their complaint being swept under the rug is crucial.

Training staff

All staff need to be educated on what constitutes as bullying and be made aware that their workplace is a safe place for people of all walks of life. Any behaviour that threatens the positive workplace culture should be addressed immediately.

GRC Solutions’ Diversity and Equality’s module on workplace bullying looks in-depth at:

  • Workplace bullying and its consequences
  • Covert and overt bullying
  • Cyberbullying and the different types of accomplices
  • What to do in the event of bullying
  • The Fair Work Commission’s function and processes

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Diversity and Equality. Contact us today for more information.

References: ABC news; Study



An eventful October

October has been a very busy month for GRC Solutions. Starting with the ABA convention in New York and ending with a massive win at LearnX in Melbourne.

ABA convention

The ABA Annual Convention was held in New York on October 21-23. As the financial services premier event for CEOs, presidents and senior executives, GRC Solutions was pleased to exhibit among other experts on industry issues, political and economic trends and innovative leadership models. With innovation speakers and in-depth sessions, it was a great networking event for bankers from across the country.

SIBOS sibos convention

This year Sibos was in Sydney from October 22-25 and celebrated its 40th year. GRC Solutions was exhibiting as part of RegTech and visitors to GRC’s booth were provided with innovative tips on how to improve learning in the critical area of compliance. Managing Director Julian Fenwick joined a great panel discussion on “Hurdles to banking innovation” and joined other leaders, decision makers and topic experts from financial institutions, market infrastructures, multinational corporations, and technology partners to discuss business strategy, build networks and collectively shape the future of the financial industry.

COBA Convention 

From October 21-23, Melbourne was home to this year’s COBA convention themed ‘the Challenge of Change’. GRC Solutions was among other banking experts looking at new trends and why the customer owned banking model is poised to continue to grow. Customer owned banking is growing and is a competitive alternative for millions of Australians. It is clear consumers want a trusted banking institution which truly puts their customers first.


The month ended on a high with GRC Solutions taking home the platinum awards for Best Bespoke/Custom Model and Best Compliance Training Program. Held in Melbourne on October 30, GRC Solutions met with other learning and development professionals to network and attended some great sessions with renowned industry speakers.

A big November to come

Watch this space for some more exciting events to come! In November we will be in Singapore for the FinTech Festival and in Adelaide for the ASFA Conference – the superannuation industry’s premier event.



grc solutionsGRC Solutions won Best Compliance Training Project for a record 11th year at the LearnX Impact industry awards on Tuesday 30 October 2018.

The annual event took place this year at the Melbourne Convention & Exhibition Centre before an audience of Learning & Development professionals from around Australia.

GRC won for our collaboration with bcu (Bananacoast Credit Union) on a full suite of online compliance training courses.

We were also delighted to receive the award for Best Bespoke/Custom Project in recognition of our work with the Australian Maritime Safety Authority (AMSA), for whom we helped train coastal pilots to use the so-called Under Keel Clearance Management System (UKCM). For this highly technical, niche project, our designers built an interactive, visually compelling piece of e-learning that combined video simulations with audio narration and lateral movements representing pilots’ typical engagement with the UKCM.

A highlight of the night was a 40-minute presentation by the Australian explorer James Castrission, who, with his friend Justin Jones, completed the longest-ever unsupported polar expedition from the edge of Antarctica to the South Pole. Castrission inspired the audience, linking his arduous, record-breaking experience to a familiar theme for training and development professionals: finding empowerment and the will to achieve while navigating mental roadblocks.

GRC Solutions congratulates all the night’s winners, and looks forward to keep working with great clients as we continuously improve our online compliance training products and services.

Bullying – A detriment to workplace culture and productivity

Happy employees are an organisation’s greatest asset and keeping employees happy means maintaining a bully-free work culture.

According to research by the University of South Australia, when compared to 31 European countries, Australia ranked sixth highest for workplace bullying.

Bullying is a major issue facing organisations. Failure to manage the risk of workplace bullying can result in a breach of WHS laws, workplace stress and a major decrease in productivity.

Impact of workplace bullyingworkplace

According to Comcare, workplace bullying raises the following risks:

  • Stress, anxiety or sleep disturbance
  • Mental health issues such as depression
  • Reduced quality of family and home life
  • Increased absenteeism and staff turnover
  • Reduced work performance

Paying the ultimate price

In 2006 a young 19-year-old Brodie Panlock ended her life as a direct result of workplace bullying. The café worker was tormented by co-workers for over a year while the business owner did nothing to stop the bullying.

This case highlights the devastating effect that bullying can have when it continues seemingly tolerated by management.

How does bullying culture develop?

Workplace bullying is the repeated behaviour towards a worker or group that creates a risk to their health and safety. It often happens covertly – for example, eye rolling, snide comments or exclusion – so it goes unnoticed. This can lead to domino effect in which this type of behaviour is quickly adopted by others and normalised in the workplace.

A poor workplace culture, poor people management skills and lack of supportive leadership can often breed a bullying workplace culture.

Safe Work Australia warns that the longer the bullying behaviour continues, the harder it is to repair and the greater the risk to health and safety.

Examples of workplace bullying

Some examples of workplace bullying include:

  • Abusive, offensive or intimidating behaviour such as swearing
  • Humiliating or belittling others including name calling or eye rolling
  • Unjustified criticism or complaints
  • Excluding others from team lunches or meetings
  • Ignoring someone by purposely not greeting them or facing away each time they talk

Prevention and remedy

Management should always take a proactive approach against bullying by never tolerating or ignoring bad behaviour and ensuring employees know how to raise any bullying complaints.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Diversity and Equality. Contact us today for more information.

Sources: Comcare. Safe Work Australia, University of South Australia






GRC Solutions “Highly Commended” at the NSW Export Awards

NSW Export Awards

We are thrilled to announce that we received a “Highly Commended” award in the Education & Training category at the Premier’s NSW Export Awards ceremony. Other renowned companies in this category included the University of Wollongong, Australian Airline Pilot Academy and the Australian Institute of Company Directors.

The Australian Export Awards recognise the important contribution of businesses to the economy through job creation and increased prosperity for the community and the state. The awards honour and celebrate the nation’s top exporters.

In January 2016 GRC Solutions opened our New York office with our unique adaptive e-learning technology. The business previously launched in Singapore in 2014.

We’ve recently employed Irene Chua as our new Business Development Director in Asia where we have found a growing market for high-quality bespoke online training among financial services clients.

This year we have won two Platinum LearnX Awards for Best Compliance Program and Best Custom Development.

GRC Solutions is continuing to expand and savour ongoing opportunities to develop award-winning online compliance training.

Top Compliance Risks facing the Financial Services Industry

Compliance RisksIn a post-Banking Royal Commission World, compliance is a hot topic right now. In this evolving landscape, it is essential that organisations identify and adapt to the changing risks and challenges facing the financial services industry. From concerns about third-party relationships to the challenges business face in workforce management, risks and their impacts are more interconnected than ever before. GRC takes a look at the top compliance risks financial institutions should have on their radars.

Security and Cyber Risks

Cyber security continues to be a primary risk focus for financial institutions of all sizes. APRA warned earlier this year that a major cyber breach at an Australian financial institution was “probably inevitable” and urged banks, insurers and superannuation funds to be vigilant against the risks of cyber attacks. APRA’s Geoff Summerhayes warned, “APRA views cyber risk as an increasingly serious prudential threat to Australian financial institutions. To put it bluntly, it is easy to envisage a scenario in which a cyber breach could potentially damage an entity so badly it is forced out of business”.

While past efforts to handle cyber risks have looked primarily at how to mitigate vulnerabilities within an institution, recent cyber security breaches have demonstrated the broadened risk profile for many organisations. As threat vectors such as ransomware have become more frequent and potent, financial institutions have sought to improve their technology infrastructure. But new risks could arise as a result. Banks must ensure they have adequate controls in place and are vigilant against creating new entry points for cyber-criminals.

Knowing the Customer

The financial sector must also respond to increasing concerns about money laundering and terrorist financing. Even if a bank launders money unknowingly, it will still face huge repercussions from regulators. As a result, know your customer processes have become a priority for the industry. However, this puts huge pressure on staff processing this information manually. Errors can occur and information risks being mismanaged unless employees receive appropriate training and support. As such, it’s vital that staff are given the right tools to record client information appropriately.

Tightening Regulations and Increased Scrutiny

The Royal Commission into Banking will inevitably lead to increased scrutiny and a more heavily regulated banking and financial services industry, with a far less forgiving approach to compliance. UBS reported earlier this year that there were 15 major inquiries currently facing Australian banks. When combined with overseas regulatory trends in the financial services sector, it seems likely regulation will continue to increase in future.

With the passing of the new Banking Executive Accountability Regime (BEAR) earlier this year, it’s clear financial services will need to ensure that each new layer of regulation and new policy is rigorously applied. In a constantly changing regulatory environment, financial organisations must ensure they are fully compliant with the deadlines set by new regulations.

Training in risk management an ongoing challenge

Training on risk management and emerging risks remains an ongoing challenge for all financial institutions. Social engineering cyber attacks, for example, could affect any segment of the reporting structure. The scope of potential vulnerabilities is so broad that staff must act as the first line of defence. To best address the threat environment of tomorrow, financial institutions need to be forward-looking to identify risks before they become a reality. Compliance training continues to be a priority.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Cyber Security and Anti-Money Laundering. Contact us today for more information.


SMH; Banking Journal

Top 3 barriers to diversity and ways to overcome them


Promoting a culture of equality in the workplace can improve the way people work together. A harmonious work environment, free of offensive or intimidating behaviour, fosters diverse opinions, creativity and productivity. Employees are more likely remain loyal when they feel respected and valued for their unique contribution.

But despite all the accepted benefits of a diverse workplace, organisations still frequently complain of barriers to creating a diverse and inclusive workplace. Here are three commonly-encountered obstacles, and solutions to get around them:

1. Unconscious bias in hiring

Discriminating against employees in job adverts and in the interview process is a well-known no-no. But sometimes gate-keeping occurs in subtler ways, without us even realising it. For example, studies conducted by various universities in the US and Australia show that individuals from ethnic minority backgrounds who hid their race on their resumes (for example, by selecting a less “ethnic” name) had a higher chance of scoring job interviews. This doesn’t necessarily mean that the people reviewing the applications had an agenda of excluding persons of colour from the organisation. Rather, it indicates that these organisations are letting their staff members’ unconscious biases impact their decision-making, to the detriment of the organisation’s talent pool.

Solution: Set decision-making criteria ahead of time

One simple way to reduce the effect of unconscious biases on formal organisational decisions is to ensure that all decision-making criteria are set in advance. For example, when interviewing candidates for a position, clearly identify the requirements of the role before meeting and evaluating specific individuals. This helps ensure that the standard on which the decision is made is objective and that it will be applied to candidates fairly. In particular, you need to ensure that the evaluative criteria are relevant to the position.


Set in place accountability processes for explaining the rationale behind decisions. If someone can’t articulate in clear and rational terms how they arrived at a decision, that’s a good sign that there’s an unconscious bias at work.

2. Lack of accountability for poor behaviour

One of the main reasons people sometimes bully and exclude others in the workplace is because they think they can get away with it – that no one will speak up about the issue and even if they did, it wouldn’t result in any adverse consequences. Often, unfortunately, they’re right. Without effective whistleblowing procedures and clear ramifications, bad behaviour becomes rampant, leading to low organisational morale and, inevitably, a loss of valuable, diverse talent.

Solution: Clarify the availability of reporting mechanisms and ramifications for breaching standards of behaviour

It’s essential that your organisation has mechanisms for staff members to report misconduct, including an option for reporting anonymously. You should have set procedures for investigating and resolving any reports you receive. Your reporting mechanisms and investigation processes should be set out in your organisation’s policies, along with an outline of consequences staff members may face for misconduct.


In addition to any internal disciplinary action imposed on them, staff members could face legal liability and subsequent penalties for misconduct at work, for example, breaching anti-discrimination laws or being prosecuted for harassment.

3. Conflicting working styles

Different individuals bring with them different working styles and attitudes to work which are borne out of social and/or cultural values, as well as their distinct personalities. If not recognised and dealt with effectively, conflicting approaches to work can impede productivity and lower organisational morale. Too often, staff members lack the presence of mind to think carefully about both themselves and their audience when working in groups.

Solution: Don’t expect your employees to just know – show them how!

Train your staff members in constructive methods of addressing conflict, including prejudice and discrimination, as well as complaints from bullying or harassment. Employee training has the dual effect of equipping learners with the skills to handle negative outcomes appropriately, as well as teaching employees to self-monitor and empathise with their colleagues. Both these competencies can diffuse a potential conflict situation. The goal of diversity training is to help everyone feel included and understood, and to embrace the value of diversity in the workplace.

Need more tips on how to create a diverse and inclusive workplace? Contact GRC Solutions today for more information on our off-the-shelf and bespoke online training modules on topics such as Diversity and Equality and Unconscious Bias.

GRC’s Top 5 Tips to Overcome Diversity Challenges

Today, diversity is typical in most workplaces. With new technology, businesses can connect with clients and customers from all over the world. Internally, the business landscape is recognising the benefits of diversity including wealth of knowledge, experience and different perspectives. By embracing those differences, we can spark innovation, problem solving, insight and creativity.

While diversity may be the new norm, the possible challenges of diversity must be addressed. Neglecting deep-rooted stereotypes can lead to various workplace challenges including:Diversity

  • Communication issues stemming from the failure of different groups to understand one another
  • Increased tension and conflicts between different groups
  • The tendency for individuals from similar backgrounds to stick together, hire similar individuals and choose similar individuals to work on projects together
  • Discrimination and harassment in the workplace

These challenges can often snowball, lead to a decrease in productivity and in some cases legal consequences.

Here are some ways that will help overcome diversity challenges:

Take a look at your recruiting and hiring practices

Ensure job advertisements and job descriptions are neutral and bias free to attract a wide variety of candidates. Make sure candidates are interviewed by various individuals within the organisation.

Establish mentoring opportunities

Challenge preconceived notions by providing employees with the opportunity to be mentored by individuals from different cultures, backgrounds and ages to improve communication and build relationships.

Promote team work

Encourage employees to focus on each other’s strengths and create cross-functional teams so that individuals from different backgrounds can work together. For example, its important you work on eliminating generation gaps. Employers should encourage and support employees to ensure they feel that they have a voice and seat at the table.

Make inclusion a priority

It’s important for an employer to go beyond diversity and strive to have an inclusive workplace, where all employees feel their differences are respected and valued for their different skills and ideas. An employer can support inclusion by providing accommodations to employees’ cultural requirements, like prayer times or religious holidays.

Provide Diversity Training

Diversity training can go a long way in encouraging employees to be accepting of differences and value the opinions of others. Awareness training helps foster and strengthen diversity initiatives in the workplace.

Regardless of your business type, it’s important to keep an open mind. By doing so, you can find a common ground where everyone can respect and embrace diversity.

GRC Solutions offers Diversity and Equality online training for staff at all levels within an organisation – contact us today to find out how we can help.


https://www.wonolo.com/blog/challenges-of-cultural-diversity-in-the-workplace/ https://www.forbes.com/sites/lyndashaw/2016/03/20/7-ways-to-handle-diversity/#35d214486e9a

Fraud on the rise

Fraud In September a spokesperson from the Electronic Crime Section of South Australia’s police force said:

“Unfortunately, cybercrime continues to grow and criminals are constantly adopting new technologies and methodologies to undertake illegal activities”

This statement is borne out by the frequency of news reports of new scams, as well as reports of increased losses resulting from such schemes.

Scams result in heavy losses

ACORN (Australian Cybercrime Online Reporting Network) is an online self-reporting mechanism for cybercrime offences in Australia including online scams or fraud. Established in 2014, ACORN has received more than 65,000 reports from individuals in its first 18 months, 48% of which related to online scams and fraud.

More than AUD $340 million was reported lost by Australian victims of fraud schemes in 2017, an increase of AUD $40 million on the previous year. In 2017, investment scams and dating/romance scams resulted in the highest quantum of financial losses (AUD $51,858,054 from 5,760 reports), though they received fewer reports than many other categories including false billing, buying and selling scams, and upfront payment and advanced fee frauds, which received 32,322 reports.

New Methodologies

This growth in cybercrime is facilitated by the ever more ingenious methods used by scammers. One recent scam targets Chinese students in Australia. The scammers contact the students, impersonating someone from the Chinese Embassy or Consulate, telling them that they have been implicated in a serious crime in China or Taiwan. The students are instructed to co-operate fully with the investigation and temporarily cease contact with family and friends in China or Taiwan. Those family members then receive calls telling them their child had been kidnapped and a ransom demand is made.

Have you recently received a phone call from an unknown overseas number? This could be an overseas missed call scam (also called a Wangiri scam). An overseas scammer will purchase premium numbers, and use them to call their victims, letting the phone ring once, before hanging up. When the victim returns the call, the phone provider will be charged the normal rate as well as whatever the scammer has set as the premium charge. The scammers will keep their victims on the phone as long as possible, letting them run up the premium charges.

Fraud threats to your organisation

All organisations face some risk of fraud, regardless of size, industry or number of employees. Sources of fraud can vary, but generally the largest threats come through manipulation of financial records, fraudulent tendering and theft of cash, inventory and telecommunications services.

Your staff are frequently the first point of contact for scammers and therefore your first, best line of defence. As scammers devise new methodologies, you need to ensure your staff are trained in recognising the red flags of fraud both internally and externally. An alert staff member can limit or even prevent significant losses to your business.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Fraud Awareness. Contact us today for more information.

Sources: The Conversation, The Conversation, The Conversation, SBS News, ABC news

National Compliance Officer Day

National Compliance Officer DaySeptember 26th is National Compliance Officer Day, a day where we highlight the work of the compliance professionals in our organisation whose (often thankless) task it is to manage the business’ regulatory, governance and ethics risks.

Being a Compliance Officer often means working in the infinitesimal gap between a rock and a hard place, balancing the organisation’s operational needs and its momentum against the ever-shifting legal and regulatory structures that apply to specific industries and to businesses generally. Compliance professionals are a rare combination of technical knowledge of relevant laws; commercial awareness of what their business does, the industry in which it operates and the issues they face; and charisma and communication skills in promoting ethical behaviour and a culture of compliance to others.

Take the time today to recognise and say thank you for your compliance officers and the value they bring, both to your business and to the world generally, as they work towards building more ethical and honest organisations.

Child Protection

In 2012 the Royal Commission into Institutional Responses to Child Sexual Abuse heard over 8,000 personal accounts of sexual abuse, reported more than 2,500 allegations of sexual abuse to the police and made a total of 409 recommendations.

Every person has a legal and moral responsibility to be alert to the signs of child abuse and neglect, and to act swiftly and appropriately to protect the safety of a child.

Recognition Child Protection

Many children don’t report abuse the first time it happens – they may not understand what has happened, feel scared and powerless, or they may have been threatened with further abuse if they tell someone. In some cases, a child may make an indirect disclosure, for example, through drawings or stories, or asking hypothetical questions for “a friend”.

You should also be alert to any signs of grooming. Grooming refers to the way perpetrators manipulate others and their environment to enable or conceal child abuse. Red flags for grooming include:

  • Targeting children using age-appropriate games or toys
  • Testing personal boundaries, for example, by encouraging inappropriate contact
  • Isolating a child from their friends


In each Australian state or territory, the law requires individuals to report suspicions of child abuse and neglect. Mandatory reporting increases public awareness of child abuse within professional groups and the community at large. Generally, the mandatory obligation arises if a mandatory reporter knows or reasonable suspects, during the course of their work, that a child is suffering from, is at risk or has suffered abuse or neglect.

Reasonable grounds may include:

  • A child telling you that they have been abused
  • Physical signs of abuse or neglect for example unexplained injuries, unattended health problems
  • Behavioural signs or abuse or neglect aggressive behavior, irritability

If you suspect a child has been abused or neglected, you should contact the relevant state authority to make a report.

Child protection is a shared responsibility. You have a moral and legal obligation to identify and report child abuse. If you fail to report any reasonable belief or suspicion of child abuse, then you may be subject to a fine or imprisonment.

Child Protection training equips learners with practical awareness of how to recognise the signs of abuse and neglect, and how to respond when we learn or suspect a child is at risk of threats such as neglect or physical, sexual or emotional abuse.

GRC Solutions Child Protection course provides learners in all States and Territories with a comprehensive overview of what they need to do to build a stronger community and create safer environments for children. Contact us today for more information.

The BEAR Essentials!

The Banking Executive Accountability Regime – widely known as BEAR – has commenced!

BEAR EssentialsIf you’re a bank or other ADI, or a director or senior executive who works in one, BEAR requires you to deliver good prudential outcomes, and to improve your standards of behaviour and accountability.

The BEAR does not apply to regional banks and credit unions until 1 July 2019. However, the four major banks – NAB, Westpac, CBA and ANZ have had to fall into line with the new regime from 1 July this year.

As a senior and influential director or executive within a financial institution do you understand who is an ‘accountable person’ in your organisation?

 Do you understand your BEAR obligations to:
  • Take ‘reasonable steps’ to preserve your ADI’s prudential standing or reputation?
  • Deal with APRA in an open, constructive and cooperative way?
As an  ADI do you understand your BEAR obligations as to:
  • Identifying and registering your ‘accountable persons’?
  • Accountability statements and maps?
  • Deferred variable remuneration?
  • Notifications to APRA?

Under the BEAR your ADI will be required  to provide APRA with an accountability statement for each of your accountable persons, detailing that person’s responsibilities, as well as an accountability map that clearly shows the accountable persons for all aspects of your operations, and details of their reporting lines. If you offer variable remuneration to your  senior staff you’ll need to know whether you have to comply with the BEAR’s deferred remuneration rules.  In addition, there are significant on-going notification obligations concerning the dismissal or suspension of an accountable person, and reductions of variable remuneration.

In a recent speech APRA Chairman Wayne Byres said: “With respect to those ADIs that will be subject to the regime from the middle of next year, my advice is it would be a good idea to start your preparations now if you haven’t already done so. The obligations of BEAR are significant, so it’s important that you take time to get them right”

GRC Solutions is designing and facilitating learning and development solutions to assist you to understand the implications of BEAR and how to prepare for compliance with the new laws.

 Contact Guy Griffin, Senior Lawyer at GRC Solutions for further information: guy.griffin@grcsolutions.com.au


Top Tips to Strengthen Your Password Security

PasswordA password is a key to our online vault where we hold sensitive information including financial data. Yet, many of us fail to keep our passwords safe. Even tech gurus like Mark Zuckerberg, Sundar Pichai and Marissa Myer have had their online accounts hacked. Forbes reported that in Zuckerberg’s case the problem could have been the re-use of passwords – arguably a by-product of a condition referred to as ‘password fatigue’, when many people tend to re-use passwords.

Data breaches at one company can result in the loss of numerous usernames and passwords, which are then sold in the black market. A Google study has recently found that most individuals tend to re-use passwords which is why stolen passwords have a long-term benefit for the hackers.

Theft/loss of passwords have repercussions for organisations including data loss, financial loss due to ransomware, possible regulatory penalties for data breaches and reputational damage.

Below, we discuss some of the ways businesses can strengthen its employees’ password security:

1. Educate employees on the formulation of strong passwords

Some helpful tips for employees in formulating strong passwords include:

  • Avoiding common and obvious passwords, such as password!, abc123 and password1234
  • Avoiding using personal information, such as name and date of birth
  • Avoiding the most common substitutions, such as p@ssword and w!f!Guest
  • Avoiding consecutive keyboard combinations, such as qwerty and poiuyt
  • Using phrases to formulate longer passwords that can be easier to remember, such as Work2018MakesMe:)

2. Encourage employees to take due care to protect their passwords:

  • Discourage employees from using same password for multiple accounts
  • Encourage them to use multi-factor authentication
  • Discourage re-use and sharing of passwords
  • Educate them to avoid the risk of shoulder surfing when they enter passwords

3. Implement strategies to mitigate the risk of password theft by:

  • Having a mechanism whereby employees are required to change their passwords every two months
  • Identifying and restricting use of old passwords
  • Requiring multi-factor authentication for high risk activities – Note that this is one of the eight strategies developed by the Australian Cyber Security Centre to assist organisations in mitigating cyber security incidents
  • Implementing procedures to ensure employees log off electronic devices when not in use
  • Educating employees on social engineering techniques used to steal passwords

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Cybersecurity and Fraud Awareness. Contact us today for more information.

ACSC; Forbes; Google Study

National Child Protection Week

What is Child Protection Week? 

National Child Protection week was initiated by the National Association for Prevention of Child Abuse and Neglect (NAPCAN) and aims to raise awareness around all issues connected with child protection. It has been held annually across Australia since 1990 and this year it falls between Sunday 2 September and Saturday 8 September.

What can you do? Child Protection

Every year, more than 35,000 children are abused or neglected in Australia. The physical and mental pain that results from abuse and neglect can and often does last a lifetime.

NAPCAN and the Australian Federal Police (AFP) both make clear that government, businesses and communities all have a responsibility to promote the safety and well-being of children.

As an individual there are many things you can do to play your part including:

  • Look out for signs of abuse or neglect and if you suspect something, report it
  • Always ensure reports of abuse are taken seriously
  • Respect children and young people and listen to their needs

The AFP have an online form that can be used to report abuse and encourage anyone who have been abused or has any information relating to the abuse or exploitation of children to report it immediately.

What can your business do?

Many businesses manage staff, volunteers and contractors that may be in contact with children as part of their day-to-day work.

As a result, managers and recruiters have a responsibility to ensure that everyone involved in the business receives comprehensive training to ensure that they can recognise and report signs of abuse.

GRC Solutions Child Protection course provides learners in all States and Territories with a comprehensive overview of what they need to do to build a stronger community and create safer environments for children. Contact us today for more information.

Sources: NAPCAN, AFP, NSW Office of the Children’s Guardian

Top Tips to Encourage Ethical Behaviour in the Workplace

ethical behaviour The numerous scandals and fraudulent behaviour uncovered by the Royal Commission has led to an “ethics comeback” in the workplace.

Encouraging ethical behavior at work helps build a strong team and raise productivity. It helps an organisation maintain a reputation for strong values that directly align with its mission. Research shows that businesses with strong ethical cultures have shown a reduction in employee misconduct.

Here are 5 ways to create an ethnical workplace culture:

Set clear expectations

Your organisation’s Code of Conduct should define the expectations for employees’ behavior in clear and simple language. This should include how employees should interact with each other, customers, as well as what is and is not considered acceptable behaviour in the workplace. These expectations also serve as guidance for managers, setting out when they need to intervene and/or take disciplinary action. The Code of Conduct should be communicated to all employees.

Pro tip

Use the expectations in your Code of Conduct in the recruitment process to determine if an employee is likely to be a good fit.

Lead by example

Managers need to model the behaviour they expect to see in their staff. If employees can see others, particularly the roles they report to behaving ethically, the team is more likely adopt the same behavior and values.

Reward good behavior

Ethical behaviors, such as when an employee goes above and beyond to put his or her personal interests aside to always do what is best for the client, should be actively rewarded and held up as an example for others.

Pro tip

Incorporate ethical standards into employee performance reviews.

Feedback mechanisms

Fundamentally, ethical behaviour is about “doing the right thing”. Ensure there is a clear feedback mechanism in place through which employees can report any unethical behaviour they witness. These mechanisms should allow staff to make reports anonymously and without fear of any adverse action being taken against them.


Hold workshops and provide regular training on how to solve problems ethically. Use examples, case studies and role play to discuss tough decisions that may arise, and brainstorm solutions together.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, contact us today for more information.

Banking Royal Commission – where are we at?

A succinct summary provided by Shaun McGushin, Lawyer of Ash St. on where the Royal Commission is at and what the implications or consequences intended or unintended, may be for the banks and in particular the smaller customer owned or mutual banks.

Full article:  

Banking Royal Commission – where are we at? SHAUN MCGUSHIN, ASH ST.1


About the Author 

Shaun McGushin, Director, Projects & Finance

Shaun leads the Ash St. Projects and Finance team. He is one of Australia’s most experiences advisers on infrastructure and finance, including buying and selling infrastructure assets, public private partnership, project finance, corporate finance, acquisition finance, capital markets and workouts.

Ash St. is a boutique professional services form providing integrated multi-disciplinary advice, including legal and corporate advisory, to solve complete business problems using high capability talent and agile commercial models.

Find out more about Ash St. click here

The benefits of e-learning

Since the year 2000 the average attention span has dropped from 12 seconds to just eight. This 33% decline is in part attributable to the mobile revolution. Methods of learning need to undergo a parallel evolution. Let’s look at some of the advantages of online learning:

Immersive learning learning

Immersive learning incorporates scenarios that simulate real-life experience. This allows the learner to apply their new knowledge to a set of circumstances they are likely to encounter in the workplace. By being able to test-run their knowledge, learners can make mistakes online instead of on the job.

Increased learner engagement and motivation

eLearning can easily incorporate varying degrees of tailoring through case studies, up-to-date statistics and realistic scenarios. By keeping the material relevant and interesting you are more likely to hold the learner’s attention and interest. In particular, references to the latest studies and developments are far more likely to engage a learner who has completed similar training in previous years.

Interactive design

Design techniques can be used to deliver the material in an interesting and engaging manner. Rather than having the learner read slide after slide of dense text, the learner has control over their own learning as they move through the interactive space.

Encourages critical thinking and problem solving

eLearning uses quiz questions and scenarios to test the learner’s knowledge at various stages throughout the course. This method of testing both ensures the learner’s basic understanding of the material and encourages critical thinking and problem solving. Scenarios, for example, can create complex narratives, requiring the learner to analyse and adapt the material they have learned in order to be able to apply it to a realistic set of circumstances.

Our e-learning creators have the enthusiasm to embrace learners’ changing needs and expectations. Contact us today to learn more about our off-the-shelf and bespoke e-learning content and platforms.

Sources: Forbes, TIME Health, Training Journal

Privacy, cyber security and hacking risks in Australia’s health sector


Earlier this month Prime Minister Malcom Turnbull pledged to address the privacy concerns raised in relation to the government’s My Health Record system. Healthcare and privacy awareness groups have condemned the lack of privacy safeguards in the legislation governing the system, which could allow access by a broad range of government departments, including Centrelink, Medicare or the Australian Tax Office.

Acting Privacy Commissioner, Angelene Falk has said that Australians are “rightly” questioning the security of the controversial scheme.

With the privacy debate in full swing, let’s take a look at the top privacy concerns dominating Australia’s health sector.

The numbers on data breaches

The Office of the Australian Commissioner (OAIC) revealed that between April 1 and June 30 2018:

  • It received 242 notifications under the Notifiable Data Breaches (NDB) scheme
  • 25 percent of all reported data breaches involved health information – the healthcare industry had the most breaches reported
  • The most common causes of data breaches was malicious attacks
  • Human error accounted for 88 of the reported breaches

My Health Record security concerns

My Health Record will track Australians’ allergies, medical conditions, test results and other practitioner-uploaded documents and share it between medical service providers. Some doctors say it will improve the quality of care, but others are urging people to opt out due to privacy and cyber security concerns.

Privacy advocates say that even with the safeguards, the system takes too much information, stores it too simply and shares it too freely. Bernard Robertson-Dunn from the Australian Privacy Foundation warns that sensitive information could be shared with irrelevant people. For example, “an ex-partner or someone stalking a patient could get that health information. If you’re at risk from someone, that person might access data about you that identifies where you live or what doctor you’re using”.

University of Sydney cyber security expert Ralph Holz said the centralised nature of My Health Record also posed a problem: “It would be safe to assume that some attack is going to be successful. There will be some data loss. That is inevitable,” he said. Other experts have warned that a breach could start as something  as simple as a doctor leaving their PC unlocked and leaving the room.

The privacy problem

The debate over My Health Record comes in the wake of ongoing privacy concerns about medical practitioners using apps to take and circulate images of their patients’ injuries and symptoms with other colleagues. Studies show that an increasing number of doctors use their personal devices to take and share clinical images and then store the images on cloud email services such as Gmail and Hotmail.

Earlier this month, online patient booking platform HealthEngine reported that 75 of its users’ personal information had been subject to a data breach. The West Australian tech startup, funded by Telstra, Google, Seven West Media and others, is also under fire for sharing patient data with third parties, including personal injury lawyers.

Sensitivity to security issues

A 2017 OAIC report found that 85 percent of people are either “annoyed” by unsolicited marketing activity or concerned about where the marketer obtained their information. The health sector must balance the demand for the best and latest technology with appropriate privacy and cyber security protections.

Contact GRC Solutions today for more information about our off-the-shelf and custom compliance training topics, including Privacy, Health Privacy and Cyber Security.

Sources: ‘Doctors are urging people not to opt out of Australia’s new online health records system’,My health record: privacy cyber security and the hacking risk’,Australians are rightly questioning My Health Record, says Privacy Commissioner’, ‘Health Privacy in Australia – New OAIC Guidance Will Help Health Providers Navigate the Legal Landscape’.

GRC’s Top Tips to Avoid Being ‘Hooked’ by a Phishing Scam

What is phishing? 

Phishing Phishing refers to fraudsters posing as representatives from reputable companies, sending emails to individuals to induce them to reveal their personal information. Phishing is on the rise and it is costing businesses.

Phishing emails can appear in many different forms. They can be broad or targeted, they can also be delivered across several communication platforms. For example, an email may be followed up by a phone call. As awareness of phishing scams grows, their delivery has become more sophisticated.

The Australian Cyber Security Centre reported that in 2016-17 the Australian Cybercrime Online Reporting Network (ACORN) recorded losses of over $20 million due to business email compromised through targeted phishing emails. Concerningly, this represents a 230% increase from the previous year, when ACORN recorded $8.6 million in losses.

Whilst many people may have a general understanding of the threat posed by phishing, the growing sophistication of phishing emails requires a deeper understanding to avoid being hooked.

So, how can you avoid being caught? Here are 5 tips:

  1. Keep abreast of the news

Scammers are constantly coming up with new tricks and techniques. Stay up-to-date on the latest developments so you know what to look out for.

  1. Check twice before you click

Always beware of links in emails. Try hovering over the link before you click – is there anything suspicious about the address? If you are in any doubt, go directly to the provider’s website instead of clicking any suspicious links in the email.

  1. Never give out personal information

Many phishing emails pose as service providers asking you to confirm your personal details. They may include a link that will take you to a website that is very similar to the genuine service provider. Be particularly careful of emails that imply urgency – scammers may want to you act quickly before you notice anything suspicious.

  1. Double check attachments

Some phishing emails may include attachments that contain ransomware or other viruses. If you see an attachment you were not expecting or does not make sense, do not open it.

  1. Unknown sender

Check the sender’s name carefully – is that their usual address? Is their name spelled correctly? If anything looks out-of-place or suspicious, don’t open the email.


GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Cyber Security.

Sources: Australian Cyber Security Centre Threat Report, 10 Ways of avoid phishing scams, Phishing.org, Antiphishing.org

Common workplace hazards

workplace hazardsA Snapshot 

In 2016 there were 182 workplace fatalities in Australia, with 53 deaths occurring in New South Wales and 21 deaths occurring in South Australia.

Industry statistics:

  • 44 workplace deaths in the Agriculture, Forestry and Fishing Industry
  • 5 workplace deaths in Arts and Recreation Services
  • 4 workplace deaths in Administrative and Support Services
  • 4 workplace deaths in Retail

There were also 104,770 claims of serious injury, resulting in one week or more off work, across a diverse range of occupations including labourers, community workers, professionals and sales workers.

These statistics show that workplace hazards are not limited to any one industry or occupation.

Identifying hazards

A hazard is a situation or thing that has the potential to harm a person. Specific hazards can vary across industries but generally arise from one (or more) of the following:

  • Physical work environment
  • Equipment, materials and substances used
  • Performance of work tasks
  • Workplace design and management

Hazards in an office environment can include incorrect workstation set up, poor lighting and electrical and other equipment hazards. For example, poor ventilation in photocopying areas can result in the inhalation of chemicals from inks and toners with long term health effects. Repetitive actions, incorrect workstation set up and computer screen glare can all lead to physical stress and strain resulting in joint and muscle injury. Overloaded shelves, storing items at dangerous heights and inadequate maintenance of electrical equipment can also lead to serious physical injury and even death.

Risk prevention

A risk assessment involves identifying, assessing and managing potential risks. Once the hazards and risks are known, they can be eliminated and controlled. For example, increasing air flow in poorly ventilated areas, proper training in equipment use and storage of heavy items at appropriate heights can help reduce or eliminate injury, disease and death.

Hazards can come in many forms. While some problems can be fixed easily and immediately, others may require more effort and planning to resolve. While your employer has a responsibility to ensure a safe workplace, you also have a responsibility to stay alert. Prompt reporting and risk prevention will help to make sure you and your colleagues get home safely.

Contact GRC Solutions today for more information about our off-the-shelf and custom compliance training topics, including Work Health and Safety.

Sources: Safe Work Australia Health and Safety Statistics 2017; Safe Work Australia: Identify, assess and control hazards; UNSW Office Hazards and Risks

Top 3 data protection risks to the My Health Record system

data protectionAre you opting out?” is a phrase that’s been popping up a lot in casual conversation this week. It’s a reference, of course, to the My Health Record system – specifically, that we’ve all been given three months to decide whether we want to opt-out of having our details included in the federal electronic database of patients’ medical information.

Proponents of the My Health Record system have argued that it will grant patients and practitioners timely access to up-to-date test results and other medical information, provide a central access point for data and records for complex medical cases, and reduce the number of medication errors. But given the scale of the project and the amount of sensitive personal information at stake, it’s worth giving equal attention to the risks associated with the system.

Here are the top 3 information security and privacy risks that we’ve identified relating to My Health Record.

 1. Cyberattacks and other cybersecurity concerns

Just last week, authorities in Singapore revealed that one of its national healthcare databases had been hacked and the personal information of 1.5 million patients, including Prime Minister Lee Hsien Loong was compromised.

It all started with a single malware-infected computer owned by one of the nation’s major government healthcare groups. Having millions of individuals’ personal information in one spot may be more convenient for users, but it’s also more convenient for malicious third parties who want to gain unauthorised access to lots of data all at once. My Health Records will need a robust cybersecurity program, as well as internal policies and procedures, to protect users’ data from breaches.

 2. Disclosure of data to third parties

It’s one thing for an individual to consent to giving their details to one known entity, such as My Health Record, but there is still a lot of wariness about the disclosure of those details to third parties, vindicated perhaps by recent cases, such as the Facebook/Cambridge Analytica data breach scandal. And closer to home, the revelation earlier this month that Healthengine, a doctor appointment booking service and one of My Health Record’s partner apps, had been funnelling users’ personal information to law firms as part of a referral program.

It’s worth noting that even though Healthengine technically complied with its privacy law obligations and collected users’ consent to the disclosures, evidently many users still didn’t feel like they had control over who held their data and what was being done with it. My Health Record will need to be upfront about which third-party apps will be using patients’ data and what precautions are being taken to ensure the data is safe in their hands.

 3. Lack of user education

Under the My Health Records system, patients have sole control over who has access to medical information about themselves in the database – for example, they may be able to give doctors access to their whole record or just one document. But given that 65% of people don’t read privacy policies and half of us do not regularly adjust our privacy settings on social media, there remains a significant risk that users won’t be aware of the need to exercise fine control over their privacy and access settings, let alone proficient at it. It’s vital that My Health Records have campaigns to educate users about the level of agency they have under the system and how to exercise it, particularly if those privacy settings are off by default.

Want to learn more about data protection or information security risks? Contact GRC Solutions today for more information about our off-the-shelf and custom compliance training topics, including Privacy and Cybersecurity.

Consumer Data and Regulatory Reform

Big data – the accumulation of large amounts of consumer data – is changing the way businesses compete with each other and technology is increasingly being used to deliver improved customer services.

The latest development in this megatrend is the recognition of the Consumer Data Right (CDR).

What is the CDR?data protection
In November 2017, following a report from the Productivity Commission into Data Availability and Use, the Federal Government announced the intention to legislate for the creation of consumer rights to allow increased data sharing, to drive competition and improve consumer outcomes.

The CDR is an individual’s right to access and share their data with third parties. The right should encourage competition among service providers and allow consumers to make more informed decisions. The intention is that, by allowing customers to access and share their data with competing service providers and other third-party platforms, consumers will find it easier to compare different offers, and “make the switch”.

Open Banking
Legislation will be delivered sector-by-sector. The reforms will start in the banking sector, followed by the energy and telecommunications sectors. Reforms in the banking sector have come to be known as the Open Banking Reforms.

Under Open Banking, the CDR will enable customers to share their data, including transaction and product data, with third-party service providers. This will allow for more detailed comparisons of different banking products: Am I getting the best possible interest rate? How do the account keeping fees compare between banks?
Under proposed deadlines the major banks will be required to make data available on credit and debit cards, as well as deposit and transaction accounts by 1 July 2019. The remaining banks will be expected to follow suit 12 months later. Draft legislation to introduce Open Banking is expected to be released for public consultation soon.

The CDR and Open Banking is intended to improve customer outcomes, but the ability to share data does not mean an obligation to share data. Similarly, privacy protections will continue to develop in parallel to these reforms.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Privacy. Contact us today for more information.

Australians to own their own banking, energy, phone and internet data; ACCC Consumer data and regulatory reform; Productivity Commission Report

Developing learning that sticks

learningWhen we develop learning, the process we follow generally goes like this: we look at our risk profile – all types of conduct risk fall into this category – or we look at our obligations as a company and develop some learning accordingly – for example, onboarding. We then choose a mode of delivery (e-learning, blended, etc) and develop some training that directly targets the concern.

We often assume that the successful outcome of the training is a direct result of the mode of training we have chosen. While this is true to a degree, there are many factors that influence the successful outcome of training.

Combining learning modes

Having a combination of learning modes is the best way to ensure retention. Campaign-based learning is a prime example. Marketing specialists know how important it is that people retain a message – the better a message is retained, the more likely a consumer will remember a product and buy it next time they see it.

The same goes for learning. If you expose employees several times to a message, in different ways, it is more likely they will remember and act on it. Where a marketing campaign would, for example, opt for ads on billboards and social media, a learning campaign could include adaptive e-learning and microlearning, or blended learning, lunch and learn, face-to-face learning, seminars, etc.

What is microlearning?

Microlearning is a series of short, bite-sized learning snippets. They are designed to meet a specific learning outcome and reinforce these messages in a few minutes. For example, is cybersecurity an area of risk? Then have five-minute pieces of learning that focuses on email phishing. It can also encompass information that needs relaying throughout the year such as messages from the board or legal requirements that take effect.

These regular bursts of training must be short, to the point and can be created on the fly. Think of the new Privacy requirements, customer focus tips, business in the news – everything can be quickly created and communicated. Microlearning must have a short run length (2 to 5 minutes) and be 100% relevant to the employee and their job role.

It is great for offsetting the challenges of short attention spans, offer training on the job. The short length ensures high completion rates.

Developing relevant learning

The quickest way to disengage a learner is by giving them training content that is not relevant to their situation or their role. When developing learning, ask yourself the following:

  1. With everything you do ask yourself, does XX need to know this?
  2. Keep it simple (don’t confuse with easy!)
  3. Practical and timely
  4. Cognitive ease and familiarity in design

Nathalie presented a webinar on this topic on Tuesday 24 July at 2pm.

Feel free to view the live recording and download additional resources at your convenience.

View the webinar recording

View the webinar presentation

Jenny Craig’s ‘10kg for $10’ ad attracts penalty

In June 2018, Jenny Craig Weight Loss Centres Pty Ltd (Jenny Craig) paid a penalty of AUS$37,800 for its ‘10kg for $10’ ad. The penalty was imposed by the Australian Competition and Consumer Commission (ACCC) for alleged false or misleading representations made in the advertisement.

The alleged false or misleading advertisement

penaltyFrom December 2017 to February 2018, Jenny Craig ran a television advertisement representing that customers could lose 10kg for $10, to which the ACCC raised the following allegations:

  • The advertisement may have misled customers because the additional costs of food were not disclosed.
  • The testimonial given in the advertisement may have misled customers because it was not disclosed that the person who gave the testimonial was a Jenny Craig employee.

The ACCC further alleged that Jenny Craig, through its membership forms, made misrepresentations to consumers about their product guarantee rights. The regulator opined that it was false or misleading to claim that faulty goods had to be returned within 10 days.

What does the law say?

Under the Australian Consumer Law, organisations must not make representations that are false or likely to mislead. This limitation also applies to businesses during advertisements. It does not matter whether the customers were misled, or the business did not intend to mislead.

Misleading representation also includes giving a false or misleading testimonial. As the ACCC Commissioner Sarah Court stated, a testimonial given by an employee is not an independent review and is arguably false or misleading. In addition, customers have an automatic right to receive a refund, replacement or repair of purchased goods if the goods are faulty. This applies even if customers do not meet suppliers or service providers’ notice requirements. The ACCC alleged that requiring a 10 days’ notice in the membership form was also false or misleading.

Businesses be aware

Failure to comply with regulations can attract adverse publicity and lead to reputational damage. Organisations must understand the limitation on representations made in an advertisement by:

  • ensuring their representations are true or not misleading
  • recognising that misleading or false representation goes beyond advertising – for instance, during negotiations
  • being aware that false or misleading representation can go beyond words – for instance, use of untrue images can be misleading
  • providing full disclosure to avoid inference that statements are false or misleading
  • ensuring employees are aware of the limitations on representations and of consumer guarantee rights

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Competition and Consumer Protection. Contact us today for more information.

Source: ACCC, AustLII

Morgan Stanley pays penalty for employee fraud

On 29 June 2018, Morgan Stanley Smith Barney LLC (Morgan Stanley), an investment adviser and broker-dealer, agreed to pay US$3.6 million penalty for failing to prevent its employee from misappropriating funds from client accounts.

Background Fraud

Barry F. Connell, a financial adviser at Morgan Stanley, misappropriated $7 million from client accounts.

The theft was possible because Morgan Stanley permitted financial advisers like Connell to initiate third-party disbursements of up to $100,000. The only requirement for financial advisers was to provide a written attestation that they had received a verbal request from the client to incur the disbursements.

From December 2015, Connell began misappropriating funds from an elderly couple’s account by falsely representing the couple’s instructions to his assistant. Connell made it appear that the couple were requesting for a funds transfer to take place in the Morgan Stanley’s system.

Connell gave approximately 90 false attestations over a year until the clients questioned about the unauthorised transactions.

The consequences of fraud

Connell has been charged for committing fraud under both civil and criminal jurisdictions.

Morgan Stanley was also charged for failing to prevent the fraud. The company settled the charges with the US Securities and Exchange Commission (SEC) for $3.6 million and gave an undertaking to comply with its obligation under the Advisers Act to prevent fraud.

Morgan Stanley also agreed to pay the clients for the loss of their funds, plus interest.

To close the loophole, Morgan Stanley increased its anti-fraud expenditures and hired fraud operations personnel.

A proactive approach to fraud risk

In 2018, PWC reported that 52% of all frauds are committed by people within an organisation. The repercussions from fraud can be damaging. Organisations should take the following proactive approach to addressing the risk of fraud:

  • Implement policies and procedures that are reasonably designed to detect and prevent fraud. Morgan Stanley, in this instance, had the policies and procedures but according to the SEC, they were not reasonably designed to detect and prevent potential misconduct with client accounts.
  • Have a check and balance system for employees’ decision-makings. Do not authorise only one person to make the decision, particularly, in relation to money matters.
  • Encourage employees to ask questions when they suspect something at work.
  • Create awareness among employees about fraud and the ways to detect and prevent it.
  • Have policies and procedures to protect whistleblowers.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Fraud Awareness and Whistleblowing. Contact us today for more information.

Source: PWC, SEC

Regulatory Pressure: Policy Management

Regulatory pressure

The proliferation of laws and regulations worldwide has meant that compliance training is drawing increasing focus across many industries. Potential monetary fines, loss of revenue and reputational damage makes effective compliance training a top priority.

Companies face the need to incorporate all these obligations into a policy management framework. Moreover, they need to ensure that these policies are delivered to staff effectively. Simply having a policy available on an internal intranet is not enough – Senior Managers need to be certain that all staff know and understand their obligations.

Yet companies are often frustrated by the whole process – it can be expensive to manage, its effectiveness is not guaranteed and it can take up a great deal of time. In addition, it is often difficult for senior managers to gauge the extent to which staff have read and understood policy documents.

Fortunately, significant technological advancement has offered a new method of implementing policy management.

What does adaptive learning offer?

Online compliance training has the potential to adapt to the individual learner’s needs. eLearning can now be used to recognise individuals’ prior learning. Adaptive learning is named because it adapts the content to the learner’s current level of knowledge, bypassing elements of the lesson in which an individual can already demonstrate proficiency. This reduces the time it takes to repeat content that the learner already knows, and enables the learner to focus instead on their knowledge gaps.

Adaptive learning offers many advantages:

  • For senior managers, it confirms that employees have read and understood their policy obligations.
  • Staff receive a personalised learning experience ensuring they receive targeted training.
  • Targeted training can better hold staff’s attention, where they might otherwise get bored and frustrated.
  • By reducing the time spent training staff on areas of policy that are already familiar, businesses can operate more productively.
  • Senior managers can get more advanced visualisations, dashboards, and analytics on an organisational and individual level.

The result is a reduction in risk exposure and potentially compliance costs, where it replaces a time-consuming and ineffective means of policy delivery.

Ultimately, adaptive learning can help to implement policy management more effectively. In doing so, it increases compliance, drives positive culture and helps achieve organisational goals.

For more information check out GRC’s whitepapers: The five critical stages of policy management, The future of compliance training, Scientifically proven brain rules that work in training

Talk to GRC Solutions today about our Salt Adaptive eLearning and platform.

When bullying starts to snowball

Bullying awareness


What is workplace bullying? 

Generally, a manager is able to make decisions about the performance of their staff. They can control the way work is carried out, or if necessary, take appropriate disciplinary action.

But this behaviour must always be reasonable. A 2016 study by beyondblue found that nearly half of all Australian employees will experience workplace bullying during their careers.

Bullying occurs when a person repeatedly acts unreasonably towards another, and the behaviour creates a risk to mental or physical health and safety.

It can happen to anyone regardless of position, including permanent employees, casual staff and interns, and it can take many forms – verbal, physical and psychological. Examples include:

  • Hurtful remarks
  • Intimidation
  • Unreasonable work demands such as setting impossible deadlines, assigning pointless tasks or withholding important information
  • Pushing, shoving or other kinds of physical attacks

The cost of bullying

Workplace bullying has serious impacts on victims. It can result in loss of confidence, anxiety, stress and depression, as well as other physical signs of stress such as headaches and sleep problems.

Bullying costs workplaces too. Costs come through low staff morale and loss of productivity. In addition to increased absenteeism, productivity can decline due to presenteeism – where staff attend work, but low morale results in decline in work output. Safe Work Australia estimates that absenteeism and presenteeism resulting from depression caused by job strain and bullying, costs Australian employers around $AUD693 million per year. This figure does not factor in the costs of direct legal action against perpetrators and companies that fail to meet the duty of care they have to their employees.

What is the law?

Australia has national anti-bullying laws as well as corresponding Workplace Health and Safety laws in each state and territory. In addition, some bullying is a criminal offence – violence, assault, stalking – and be reported directly to the police.

What to do if you experience bullying

If you experience bullying, it is always important to reach out for support.

At work, you can start by checking your company’s bullying policy and complaints procedure. If you feel safe and confident you can also approach the bully and tell them their behaviour is unwanted and unacceptable.

If you are unable to resolve the issue internally there are external contacts available to you. The Fair Work Commission has an online eligibility quiz: https://www.fwc.gov.au/disputes-at-work/anti-bullying/eligibility. Alternatively, if you are not covered by the Fair Work Commission laws, you can contact the WHS body for your state or territory.

A final note for managers

Managers carry a responsibility to their employees. This includes the responsibility to provide and a safe and healthy workplace. Regular review of the company’s bullying policy will help ensure that complaints procedures operate as efficiently as possible. It is also important to set clear standards of acceptable behaviour.

Prevention and swift detection of bullying will play a key role in creating a healthy and productive workplace culture.

Sources: Australian Human Rights Commission, Fair Work Ombudsman, Safe Work Australia – Bullying, Safe Work Australia – Workplace barometer report, beyondblue


Importance of power balance – Board to the Frontline employees

LearnX HRX’s People & Culture Show took place  at the Rydges World Square on Thursday 21 June 2018. The event celebrated People & Culture @ Work Day 2018.

Michelle Gibbings, CEO of Change Meridian, spoke with GRC Solutions CEO Julian Fenwick to discuss the topic Power – The Missing Ingredient of a Healthy Culture.

In this wide-ranging talk, Michelle explored how the exercise of power can either create or destroy organisations. She cited different types of power – from legitimate to coercive to referent – and how they can manifest, for better or worse, in our workplaces.

Power and organisational success  balance organisational power

In organisations in which power gets exercised from the top down, people may feel unable to challenge the status quo or even ask a question.

This becomes especially problematic when things go wrong. The speakers considered how various public figures, including Malaysian ex-Prime Minister Najib Razak, Rodney Adler, Harvey Weinstein, Jeffrey Skilling and many more, were able to abuse their position of authority without penalty or critique from within their own organisations.

The discussion turned to situations in which organisational leaders might not be aware of the power that employees confer on them. This creates a power imbalance whereby employees are left to feel powerless.

Similarly, organisations may encourage employees to become whistleblowers if they witness evidence of corporate wrongdoings. But if employees don’t feel powerful enough, they may not speak up.

The speakers considered how power can be distributed within an organisation, and how employees, whatever their job role, might feel empowered enough to speak up.

Ensuring power balance within an organisation

The speakers shared several tips for creating a power balance among employees in an organisation:

  • Avoid a centralised power system. Have someone within your organisation challenge you or your team even when the team is successful. As Mr Fenwick stated, the board of Wells Fargo did not challenge its own success.
  • “The wise man does not challenge!” culture is a disastrous value system. Raise of the importance of feeling powerful at all job levels and functions.
  • Acknowledge your power. We all have some sort of power.
  • Be open minded if someone challenges you. Listen and consider the substance of what the person has to say.
  • Be alert to signs of power imbalance. For example, there may be red flags if:
    • People make decisions unilaterally
    • People don’t realise how much power they have.

If your employee never questions you, then it may be a sign that there is too much power on your side.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Corporate Governance, Whistleblowing and Fraud Awareness. Contact us today for more information.

LearnX Impact Awards – GRC Solutions wins again

GRC Solutions has won two Platinum awards at the LearnX Impact Awards 2018:

  • Best Compliance Training Program – with Bananacoast Community Credit Union (bcu)
  • Best Bespoke/Custom Model – with Australian Maritime Safety Association (AMSA)

Learnx platinum logo2018GRC has now won Best Compliance Training Program for a record 11 years. This year, our work with new client bcu showcased our ability to deliver a full program of online compliance training courses and materials over a year-long schedule. We listened to the client about its training goals and worked closely to meet these requirements.

This work enabled bcu to develop a strong foundation for its training culture. bcu is now looking to push the envelope with its learning & development, working with GRC to explore new ways to deliver an even larger and richer volume of training.

GRC worked with AMSA to create its Under Keel Clearance Management System (UKCMS) training course. The UKCMS is a navigational tool that helps ship pilots keep their keels free of the seabed and safe from harm.

AMSA sought to overhaul its two existing UKCMS courses, consolidating the content into one fresh, engaging training piece. The aim was to helped pilots attain competence in using the system while also recognising the need to prevent injury to human life and the destruction of maritime ecosystems.

GRC’s designers drew on their extensive custom content development capabilities to create the course. The team used as inspiration the kinds of epic ocean locations familiar to AMSA’s audience of pilots, and used powerful simulations, dynamic lateral movements and a high level of interactivity to demonstrate to learners what the UKCMS looks like and how to operate it.

Congratulations to our clients bcu and AMSA, and to our content, client services and account management teams, for their award-winning efforts.

The awards ceremony will take place on 30 October at the Melbourne Convention Centre.




5 Cyber Security trends to watch

Cyber security


It’s no surprise that cyber attacks are happening on a larger scale and at a higher volume than ever before. As companies strive to enrich their customer experience through a range of endpoints, the threats posed by cyber attacks have exponentially increased.

But with this ever-growing threat comes a proportionate increase in the impact that cyber attacks can have on companies and their customers.

Here are some of the cyber security trends that companies should be aware of when taking steps to plan, mitigate and manage the expanding impact of cyber risk.

1. Many companies will fail to comply with new GDPR regulations

The commencement of the General Data Protection Regulation (GDPR) on May 25 2018 has introduced important changes to the way that all EU based companies can handle and store customer’s information. However, a recent Forrester’s report found that 80 percent of companies will fail to comply with the GDPR. Interestingly, the report claims that 50 percent of these companies will choose not to comply, as they claim the cost of compliance outweighs the risks.

2. Be proactive about ransomware

By the end of 2017, the global costs for organisations of ransomware attacks was estimated at $5 billion –  a 400 percent increase from 2016. The WannaCry attack impacted over 300,000 people across 150 countries in under two days.

If the WannaCry attack taught us anything it’s that prevention is key. In fact, the attack was described as “relatively unsophisticated” and “easily preventable”. In the coming years, big companies will put an increasing focus on proactively securing their infrastructure – they simply won’t be able to afford not to.

3. The risk of the “insider”

Negligent and unaware employees, contractors, consultants and others with “insider” access to information systems and networks pose serious cyber-security threats. Despite this, in 2017 businesses continued to underinvest in proactive insider risk mitigation strategies. Technical controls and employee security training will be essential to combatting these internal threats.

4. The demand for cyber-security professionals will increase

SACA, a not-for-profit information security advocacy group, predicts that there’ll be a global shortage of two million cyber security professionals by 2019. This area is constantly growing, but it faces a skills shortage. The proliferation of ransomware and the incoming transparency of GDPR compliance means that government and private sector organisations must work together to meet the skills gap.

5. Cloud security becomes a top priority

As an increasing number of organisations move to a cloud-based data management system, it becomes more of a target for cyber security attacks. This means organisations will need to safeguard their personal and sensitive data, ensure they have robust security policies in place and implement more proactive measures to encrypt files and enhance authentication processes.

At a time when data has never been more valuable, yet data incidents seem to dominate new headlines, these five trends suggest businesses should have procedures in place to detect, identify and manage their cyber-security threats.

 GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Cyber Security. 

Source: AON’s 2018 Predictions: Trends in Cybersecurity; Integrity 360 7 Cyber Security trends to know about for 2018; https://go.forrester.com/2018-predictions/

Helping a government agency meet their compliance needs

government compliance training needed to be tailored

Regulators and courts have been resoundingly clear that businesses’ compliance training programs must be complete, up-to-date and relevant at both an organisational and employee level.

The following is a high-level example of the type of analysis needed to ensure we have a thorough understanding of our clients’ unique compliance risks and needs, and the benefits this process can bring.

Who is the client?

GRC Solutions recently worked with a state government agency whose mandate was to unlock opportunities for future growth by better using land located close to jobs, services and transport, both on behalf of other government agencies and the private sector.

What compliance challenges does the client face and what are its objectives?

Areas the client was particularly concerned about included:

  • The safety and wellbeing of its staff
  • Competition law issues arising out of working in partnership with industry in developing urban renewal sites

In particular, some states have slightly different work health and safety laws, and the client required training that addressed the relevant state’s nuances.

The client emphasised the importance of effective staff participation and tailoring the training to different job descriptions and levels of staff to maintain relevance.

We also noted that unlike many of our clients who operate wholly in either the public or private sector, this client’s operations were such that it faced compliance issues from both areas.

Solutions offered

We worked with the client to customise our existing Workplace Health & Safety, Diversity & Equality and Competition and Consumer Protection courses to accommodate their specific organisational risks.

We offered our cloud-based Salt Web system as a delivery platform. One of the key features of Salt Web is that it operates on a modular structure, meaning clients can build courses and curricula appropriate to different job roles in their organisation. Other benefits of Salt Web include compatibility with existing IT systems, and 24/7 access, making it ideal for training staff who are on the road or located outside the main office.

Salt Web also contains a reporting and notification system which helps HR and managers keep track of which employees have completed the training.

Outcomes achieved

Using Salt Web, the client was able to define different curricula for managers and employees and assign training based on each employee’s specific job description. This kept the training relevant to each staff member and reducing the amount of training they were required to complete and led to a cultural shift towards greater incorporation of compliance. Our client consistently found that staff who had completed the training could successfully demonstrate an understanding of the training material.

Salt automatically emailed weekly progress reports to the client’s Division Managers, which generated a level of friendly competition. Employees who had not completed received an automatic reminder notification. These factors led to a 100% completion rate of the program.

All organisations should have a compliance training program to ensure that staff are aware of their legal and compliance obligations and to minimise risk across the organisation. Contact us today for more information about purchasing or developing online training content and/or delivery systems.

What do you need to know about the GDPR

GDPR new rules for privacy

The GDPR regulates not just the usual private information

You may have noticed a flurry of privacy policy updates in your inbox in the last few weeks. There’s a good reason for that – the GDPR is here and it could apply to you.

What is the GDPR?

The EU’s General Data Protection Regulation (GDPR) commenced on May 25 2018, and its impacts are being felt worldwide. These new rules for data collection and storage apply to all EU based companies and residents as well as any businesses that handle their data. Basically, this means that if you do business with any EU companies, or market goods or services to EU residents, then the GPDR applies to you.

The GDPR contains 99 articles that define what data can be collected and stored and the conditions of that storage. In addition, there is a requirement of explicit, voluntary consent for data collection and an obligation to allow all individuals access to their data.

Are you compliant?

The GDPR regulates not just the usual private information – name, email address, street address – but also cookies, IP addresses and location information.

The broad application and detail in the GDPR means that you need to adapt your response to your business. Implementation may not be straightforward, and you will need to build your response into everyday work practice.

Under the GDPR you will have to clearly define the data you collect and how you store that information. Moreover, the requirement of explicit, voluntary consent means that you must communicate in plain language, avoiding any jargon or legalese, and the customer must have a genuine opportunity to opt out.

If you share that information with any third parties, you will have to include a Data Process Addendum (DPA) in any agreement. A DPA should define the type of data accessible to the third party and their obligation to comply with your privacy requirements.

GDPR readiness will require, among other actions, a revision of your privacy policy, staff training and a review of many of your customer communication forms – for example, your email opt-in and contact forms.

What is different about the GDPR?

GDPRs hold companies to a higher standard to protect the rights of individuals.

While a lot of privacy regulations focus on a company’s duty to protect its data from hackers, these regulations require the company to demonstrate responsible privacy management. In this context, absence of breach does not ensure compliance.

Compliance with these new regulations will require companies to achieve this higher standard. And with penalties of up to 4% of your annual revenue or over AUD$31 million, they need to adapt quickly.

Sources: Forbes: The Biggest GDPR Mistake U.S. Companies are Making, Security Intelligence: Getting Ready for GDPR, CSO: GDPR is live!-Now what?, Forbes: Is Your Business GDPR Compliant?

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Privacy. Contact us today for more information.

Workplace safety to face review

How safe is your workplace?

It is generally understood that all workers have a right to a safe and healthy work environment. However, several recent incidents, demonstrate that there are lessons yet to be learned. Could industrial manslaughter legislation play a role?

Western Australian Mining company fined AUD$35,000

In May 2018 a WA mining company was fined $35,000 for failing to provide a safe working environment after an incident in February 2015. A worker at the company’s Higginsville mine was injured after he was struck by a jib attachment on an integrated tool carrier.

Entirely foreseeable and easily avoidable incident leaves man permanently scarred

In March of the same year, Mineral Trans Pty Ltd, a WA transport company, was fined $58,000 when a worker’s hand was crushed between two shipping containers. At the time, the worker was operating a forklift without a proper licence.

Nearly four years later, the worker still experiences significant pain. The magistrate who delivered the fine called the incident “entirely foreseeable and easily avoidable”.

Quote for professionals too high leading to seriously injured worker

In April 2018 a Wholesale Joinery on NSW Central Coast received a quote to complete some building work at their Somersby factor, but considered it too expensive. Instead, they decided to undertake the work themselves.

The 55-year old employee had no specific training in high-risk construction work, or working at heights, when he fell 4.5m onto a concrete floor. The man had been trying to remove air conditioning ducting from the top of a cool room when the suspended ceiling gave way.

The employee fractured his wrist, elbow and knee cap. The company was fined $120,000 in the Sydney District Court.

The ACT introduced separate industrial manslaughter legislation in 2004. Penalties include imprisonment as well as heavy fines. The law says that prosecutors need only show that a corporate culture existed that directed, encouraged, tolerated or led noncompliance with the law. This means that any manager who presided over a culture of non-compliance could be sentenced to a prison term.

Queensland introduced its own industrial manslaughter legislation in 2017 after the deaths of four people at Dreamworld and two workers at Eagle Farm racecourse.

Victorian Premier Daniel Andrews has announced an intention to enact similar legislation in Victoria. The criminal offence will include greater fines and 20 years’ imprisonment for employers whose negligence causes the death of workers, visitors or passersby.

GRC Solutions offers a wide range of Salt Compliance e-learning options, including off-the-shelf and customised online training content. 

Sources: Safety Culture, Safety Culture, PS News, WA Today, The Conversation

Commonwealth Bank to pay a record $702.5 million to settle anti-money laundering case

Commonwealth Bank (CBA) has agreed to pay AUD$702.5 million to Australia’s financial intelligence agency, AUSTRAC, to settle the current proceedings against it for breaching national anti-money laundering and counter-terrorist financing (AML/CTF) laws.

This is also almost twice the sum the bank had initially accounted for when it made its half-year profit announcement back in February. If accepted, it will be biggest fine ever paid by an Australian business for AML/CTF law violations.

The case against CBA originated in August 2017 with a claim from AUSTRAC that the bank had committed 53,700 breaches of the AML/CTF regime. The bank originally defended the claim, blaming a coding error in the bank’s “intelligent deposit machines” for the bulk of the breaches.

As part of the settlement, however, CBA has admitted to most of the breaches. This includes the failure to adequately monitor over 778,000 accounts and to carry out proper AML/CTF risk assessments, as well as the late filing of over 53,500 suspicious matter reports.

“While not deliberate, we fully appreciate the seriousness of the mistakes we made,” CEO Matt Comyn said.

CBA’s regulatory and compliance woes continue, with both customers and regulators raising questions about the bank’s recent announcement that it may have lost personal information relating to almost 20 million accounts.

CBA also agreed to pay AUSTRAC’s legal costs as part of the settlement.

Contact GRC Solutions today for more information on our Anti-Money Laundering training and other generic and bespoke online compliance training offerings.

Sources: AFR, ABC News and Reuters.

Starbucks shuts stores for a day for anti-bias training

On 29 May 2018, Starbucks, one of the world’s largest coffeehouse chains, closed its business in the US for the day across 8000 stores to provide its employees with anti-bias and diversity training.


On 12 April 2018, six police officers in Philadelphia took two black men into custody at a Starbucks store after an employee made a complaint. The two men had not purchased anything, were reportedly waiting for another person and had refused to leave the store.

The incident was captured on video and watched by millions online. A public outcry followed. Questions were raised at Starbucks’ culture of racial bias against black men.

Starbucks response

Starbucks CEO Kevin Johnson released a statement on the same day promising to investigate the incident and make necessary changes to prevent it from happening in future.

The company then took the step of providing its 175,000 employees with implicit bias training.

Johnson says that the company is taking a long-term view of its commitment and that training costs would be “an important investment in the tens of millions”.

Implicit/Unconscious Bias

Implicit or unconscious bias means having a preconceived attitude or stereotype against someone which affects our understanding of, and conduct towards, others in an unconscious manner.

A US research association, the Perception Institute, states that studies have found that the incident in discussion is a common example of implicit bias where white people frequently associate criminality with black people without even realising that they are being biased.

What can business learn from it?

This incident has certainly impacted Starbucks with both negative publicity and financial consequences, given the settlement money that the company will be paying the victims of the arrest.

But the incident illustrates just one of several different examples of unconscious bias.

An important step in challenging the influence of unconscious biases within any business is to train employees on biases in general, and to promote a general culture of awareness.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Unconscious Bias and Diversity & Equality. Contact us today for more information.

Source: Starbucks, Perception Institute

Compliance training myths

Up-to-date and regular training forms an important part of businesses’ compliance programs.
Compliance training

Compliance training can and should be engaging

Compliance training is crucial to ensure your business and employees operate within the law. It can even yield economic benefits, saving organisations from breach-related fines, reputational damage and loss of revenue.

Compliance training can have a reputation for being boring, overly technical and unengaging. But this needn’t be the case.

Let’s dispel some common compliance training myths.

Training is unnecessary

Training ensures that your business can operate safely and efficiently. It is vital that all your employees and contractors understand what relevant laws and regulations apply, and how to follow them.

Training is boring

Compliance training can – and should – be engaging. It should keep learners invested in the content.

Content-wise, training should draw on relevant examples and case studies that apply to your industry and the role in job which the learner works. These asides help to place the key concepts in context, and make those concepts topical and fresh for learners.

Design-wise, there are many ways to develop online training. It’s important to keep in mind that online training, or e-learning, is more than just publishing a manual, policy or essay on the internet, with lots of text on a page. It should guide learners towards the key concepts, using visual cues to help place those concepts into context.

The visuals in compliance training shouldn’t distract from the text but rather bring it to life. Ideally, they should help learners understand what compliance breaches are and what the practical actions necessary to prevent or handle them look like.

One size fits all

Compliance training can be designed with your industry in mind. Your compliance trainer can design a course that covers all the relevant rules and regulations that apply to you and your business, leaving out any irrelevant information.

Training is often irrelevant

Training should be relevant to the learners and the organisations they work in. The easiest way to disengage learners from training is to provide them with content that doesn’t relate to them.

The same training content won’t necessarily apply to everybody.

This is where course customisation, or tailoring, comes in. Not only can your course be customised to specific industries, it can be customised to specific categories of employees.

This means that learners can focus on those aspects that are relevant to their work. And that means they are more likely to be engaged by the training.

 There is only one way to view online training

More and more training these days is mobile responsive, it can now be delivered on a range of devices including computer, tablet or phone, meaning more flexible access to training.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Fraud Awareness, Unconscious Bias, and Cyber Security. Contact us today for more information.

Source: PowerDMS

National Scams Awareness Week: Australians lost record $340m to scammers in 2017

Compliance training

Scammers don’t discriminate

Scammers stole AU$340 million from Australians in 2017 – the biggest loss ever recorded by the Australian Competition and Consumer Commission (ACCC).

Coinciding with National Scams Awareness Week 2018, the ACCC released its Targeting Scams Report this week reporting a $40 million increase compared to losses reported in 2016. This is the first time reported losses to scams have totaled more than $300 million and demonstrate the devastating and increasing impact of scams on Australian consumers and businesses.

Top scams by loss

  1. $64 million – the amount stolen by investment scams
  2. $42 million – the amount stolen by dating and romance scams
  3. 55-64 – the age range with the highest reported losses of $21.6 million

Types of scams targeting businesses  

Businesses were no exception, with Australian businesses losing nearly $4.7 million to scammers– a 23 percent increase compared to 2016. “Scammers don’t discriminate. They’ll use a variety of cons to swindle busy workers and it can be very devastating to a business’s bottom line,” ACCC Deputy Chair Michael Schaper said.

Businesses were most likely to be targeted with false billing claims, while employment and investment scams caused the most losses at nearly $1.7 million. 60 percent of business scams were delivered via email and money was sent to scammers via bank transfers 85 percent of the time.

Employment and investment scams

Scammers offer services commonly used by businesses such as web page development, search engine optimisation, small business loans and business directory listings. Busy businesses sign up to what seem like good deals at the time, only to later discover the offer was not legitimate.

False billing

Scammers often attempt to trick a business into paying fake invoices for directory listings, advertising, domain name renewals or office supplies that weren’t ordered.

Business email compromise scams

The ACCC reported combined losses of over $22.1 million relating to compromises of business emails.

The most complex scams involved hacking into a business, gaining access to its clients’ email addresses then contacting those clients to inform them that the business’s banking details had changed.

When the client attempted to pay the business, the money gets deposited into the scammer’s account.

What’s the impact of scams on businesses?

Cybercrime in Australia costs an estimated $1 billion each year and $3 trillion globally. Cybercrime is rated as the fifth biggest risk to business.

“It’s vital Australian businesses are aware that scammers are actively out there targeting them and to ensure they have strong processes in place to avoid becoming victims,” Dr Schaper said.

This year’s Scams Awareness Week asks Australians to consider one message: ‘Stop and check: is this for real?’ when they’re contacted by scammers and to follow these tips:

  • Never give out personal information
  • Double-check contact details through an independent source
  • Don’t be tempted to click on links
  • Hang up and call organisations back on a verified number

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Cyber Security and Fraud Awareness. Contact us today for more information.

Sources cited: https://www.accc.gov.au/system/files/F1240_Targeting%20scams%20report.PDF; https://www.scamwatch.gov.au/news/business-losses-to-scams-up-23-per-cent















Building a culture free from sexual harassment

Leading by example is crucial, by promoting gender diversity in the workplace from the top down
Workplace harassment impacts organisational culture

#MeToo has been a powerful in helping to raise awareness of sexual harassment

From Harvey Weinstein to Peter Paradise among many other cases worldwide, the issue of workplace sexual harassment has been prevalent in almost every sector – in Hollywood, law firms and media agencies, to just name a few.

The so-called #MeToo movement arguably marks the biggest social reform in history in encouraging the reporting of sexual harassment. In most but not all cases, women are the victims. So far 17.7million women have reported a sexual assault.

The Australian Human Rights Commission has commenced its fourth survey on workplace sexual harassment and estimates that 1 in 3 women will report workplace sexual harassment. In light of the United Nations’ annual event of World Day on Cultural Diversity on 21 May, it’s timely to explore strategies for building workplaces that are free from sexual harassment.

Sexual harassment

It’s important for us all to understand what constitutes sexual harassment.

Sexual harassment is any unwelcome conduct of a sexual nature that a reasonable person would think could make a person feel offended, humiliated or intimidated.

The laws surrounding sexual harassment have toughened, and public interest in and scrutiny of sexual harassment cases will continue to grow.

Sexual harassment and workplace diversity

As the Organisation for Economic Co-operation and Development (OECD) noted in its 2017 Gender Recommendation report, violence against women (VAM) remains a global problem and sexual harassment is a prime example of it. The OECD report observes that that these issues contribute to a gender power imbalance that makes women more vulnerable to sexual harassment.

 “Changing policies, changing minds”

Having a zero-tolerance policy against sexual harassment is a basic requirement and efforts must be made to implement such policies. Some OECD recommendations include:

  • Reducing stereotypes and promoting equal responsibilities, eg reducing pay gaps, creating work-life balance, instituting flexible working hours
  • Issuing strong statements about a zero-tolerance policy towards sexual harassment
  • Implementing a supportive complaint making and handling system
  • Training managerial level employees for a better response to complaints of sexual harassment
  • Having ancillary policies to encourage reporting of sexual harassment, such as whistleblowing policies
  • Raising awareness of gender stereotypes – the OECD reports that information regarding what constitutes sexual harassment have been helpful to employees in identifying what constitutes sexual harassment

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Diversity & Equality and Whistleblowing. Contact us today for more information.

Source: AHRC, OECD

GRC Solutions’ Top 5 Tips on Building a Diverse and Inclusive Workforce

Building a diverse and inclusive culture is more than just filling quotas. It’s a business imperative.

Diverse team

Organisations have realised the value in having a diverse workforce.The Word Day for Cultural Diversity for Dialogue and Development Day on 21 May provides an opportunity for organisations to reflect on how best to promote diversity and inclusion in the workplace.

Between President Donald Trump, Uber and Google, diversity and inclusion have dominated the headlines recently. In response, Facebook, Lyft and Netflix have released their diversity figures, and as many as 150 CEOs worldwide have publicly committed to diversity and inclusion efforts.

Yet discrimination, bullying and harassment in the workplace remain ongoing issues. While most business leaders now believe having a diverse and inclusive culture is critical to performance, they don’t always know how to achieve that goal. Here’s 5 helpful tips to help promote diversity and inclusion in the workplace.


1. Diversity without inclusion is not enough

What’s the difference?

  • A diverse workplace is one that includes people from different types of gender identity, age, language, ethnicity, cultural background, sexual orientation, religion, family responsibilities, education, socio-economic background and marital status.
  • An inclusive workplaceis one that encourages everyone to contribute their own individual skills, knowledge and background, and in which divergent perspectives can be discussed openly.

But diversity is little more than a checkbox without inclusive culture. To see significant improvements in performance and wellbeing, workplaces need to work on improving both their diversity and inclusiveness.

2. Take a holistic view to diversity

“The most innovative company must also be the most diverse,” says Apple Inc. Organisations must always ensure that workplaces are free from discrimination, but they also need to create workplaces that leverage diversity of thinking. Why? Because diversity of thinking promotes creativity and productivity, and enhances innovation by about 20 percent according to a recent Deloitte report.  It also enables groups to spot risks, reducing these by up to 30 percent.

3. Walk the talk – consciously model respect and inclusion

As David Morrison, former Chief of Army famously states in his YouTube video to all staff, “the standard of behavior you walk past is the standard you accept”. Leaders set the tone of culture, and team members have a responsibility to take action when they see exclusion happening.

4. Engage middle managers

While change needs to be driven from the top, middle management is vital to the success of an organisation’s diversity and inclusion strategy. As Jonathan Byrne of MIT observes, “Regardless of what high-potential initiative the CEO chooses for the company, the middle management team’s performance will determine whether it is a success or a failure.” Senior leaders can engage middle managers on the diversity and inclusion agenda by sharing their personal stories and having open conversations to address questions and concerns.

5. Reset the culture through training

Diversity and Equality training is an important first step in changing behavior. Training raises awareness, surfaces previously unspoken beliefs and unconscious biases, and creates a shared language to discuss diversity and inclusion on a day-to-day basis.

When unsure, ask for help. Whether or not you have received formal diversity and equality training, you may encounter some difficult situations that you are not prepared to handle. Don’t be afraid to look for help! Look for internal company resources or consider bringing in external help.

GRC Solutions offers Diversity and Equality training for staff at all levels within an organisation – both online learning courses that everyone take or tailored workshops for small groups or management. Contact us today to find out how we can help.