Compliance Essentials News - August 2019
Our pick of the most informative compliance news stories this month:
This month's round-up of key compliance news includes Foxconn's modern slavery scandal, game maker's tax evasion, Capital One data breach, teen money laundering, IFF bribery and more...
- 'Alexa, what is modern slavery?'
- Game over? HMRC urged to investigate Rockstar North & Activision Blizzard profits
- Capital One breach raises concerns of cloud security
- Former banker fined €500k and jailed over €1.6bn tax fraud
- Biggest ever freezing orders granted
- Student paid £300 for laundering £2.5m
- Bribery allegations leave sour taste for flavour company
- Standard Chartered braced for £10m+ fine
- EDF offers Hinkley Point workers extra mental health support
- The Laundromat, coming to a cinema near you...
Amazon is investigating after allegations by China Labor Watch that hundreds of teenagers were being pressured to work excessive hours to produce Echo devices at the Hengyang factory run by its supplier Foxconn.
The report says teenagers between 16-18 years old are drafted in from vocational colleges, working up to 60 hours a week (including night shift), supervised by teachers, to fulfil demand for the smart devices.
Foxconn has admitted violating Chinese labour laws but shifted the blame on to local managers. In 2017, another of its factories making Apple iPhone Xs used illegal overtime to meet production targets.
An Amazon spokesperson said, "We are urgently investigating these allegations and addressing this with Foxconn at the most senior level. Additional teams of specialists arrived on-site yesterday to investigate, and we've initiated weekly audits of this issue".
Key action points:
- Check your Modern Slavery statement - is it up-to-date, published on the homepage of your website and signed off by the Board?
- Identify risks - have you carried out a recent risk assessment of all your operations? Do you know which parts of your supply chain, business areas, workers or geographies are most vulnerable? Do you know which products and services are more prone to modern slavery?
- Conduct audits on third parties - have you requested a copy of suppliers' Modern Slavery statements and do you conduct regular audits on those that fall into high-risk categories? (Was Amazon proactive enough, given Foxconn's previous violation in 2017?) Remember too that if production targets are excessive, suppliers may be tempted to cut corners.
- Perform due diligence - on your business and global supply chain to better understand potential areas of exposure or key risks in your operations. Engage with stakeholders in other locations, who may have specific awareness of the local operating environment, help identify risks and draw attention to issues of worker exploitation
- Review existing policies and attitudes - misunderstandings can create confusion, at best - or at worst result in non-compliance.
Even if you're not into video gaming, the chances are that you can still name many of the bestsellers, such is their influence in popular culture. From the Candy Crush Saga - downloaded 2.7 billion times and a favourite with some politicians - to Call of Duty and Grand Theft Auto.
However, despite their success, a report by thinktank TaxWatch UK has claimed that Edinburgh-based Rockstar North paid no corporation tax between 2009-2018, even though its bestseller Grand Theft Auto V netted an estimated $6bn in sales since 2013 for its parent company TakeTwo Interactive.
What's more, the company has claimed £42m in Video Games Tax Relief (VGTR) under a scheme introduced in 2014 that was designed to offer support for games that were "culturally British".
While it is legally entitled to allocate profits in this way, TaxWatch argues it's time that HMRC looked into such blatant gaming of the VGTR system.
This follows the news that tax authorities in the UK, France and Sweden are investigating Activision Blizzard - publisher of Candy Crush, Call of Duty, and World of Warcraft - amid claims it shifted €5bn to Barbados and Bermuda.
Capital One bank has admitted that personal data belonging to 106 million of its customers has been stolen, after a tech worker accessed personal information held on credit card applications in March 2019.
The hacker - a former Amazon tech worker - allegedly accessed the data on cloud servers via a misconfigured firewall. Worryingly, the breach only came to light in July after she bragged about it online. The Department of Justice has said it had so far found no evidence of attempts to sell the information.
The case raises concerns about the security of cloud storage solutions and has left other firms bracing themselves for bad news, amid claims that around 30 other companies may also be affected.
Meanwhile, Canadian bank Desjardins has also revealed it spent C$70m after the personal information of its 2.9 million customers had been exposed. It will provide identity theft insurance and credit monitoring to those affected for the next five years.
- Know your data landscape - what cloud solutions are used by your own organisation? Are they managed internally or by third parties on your behalf? (The Capital One case illustrates how just one rogue worker off-site can wreak havoc.)
- Assess the risks - what personal information or special category data is stored in cloud solutions? Is that really the best option? Is access granted on a 'need to know' basis?
- Don't be complacent - are all steps being taken in the company to ensure cyber-security gets the resources it needs? (Auditors, HR and senior executives at Capital One were all allegedly warned about high staff turnover and lax controls before the incident)
- Develop an incident response plan - remember under GDPR, companies must have adequate organisational and technical measures to detect and prevent data breaches - notifications of serious breaches must be made within 72 hours
The former head of HSBC's Private Bank (Switzerland) Peter Braunwalder has been fined €500k and been given a one-year suspended sentence for his role in helping clients hide €1.6bn of their wealth from tax authorities.
Braunwalder, who retired from the bank over a decade ago, had helped French residents evade taxes by setting up offshore trusts and opening Swiss bank accounts.
HSBC agreed to pay €300m to settle the same case in November 2017, which came to light after a whistleblower leaked the information and the subsequent ICIJ's SwissLeaks investigation.
The National Crime Agency has successfully frozen over £100m after being granted Account Freezing Orders (AFOs) on eight bank accounts.
The money - thought to be the proceeds of overseas bribery and corruption - is the largest amount ever frozen since the powers were introduced under the Criminal Finances Act 2017.
The NCA now needs to establish whether the funds are derived from unlawful conduct.
It's not the first time such powers have been used. Around £20m was similarly frozen in December 2018. And, separately, seizures were made from the son of the Moldova's prime minister and on illicit cash in an account used by the niece of the Syrian President, Bashar al Assad.
A spokesman said, "…the NCA has used new powers such as Unexplained Wealth Orders and Account Freezing Orders to target suspected illicit assets, and we are already seeing some far reaching impact of this activity".
A Belfast university student has appeared in court over his suspected involvement in a £16 million money laundering case.
The court was told that the 28-year old Queen's student was 'paid £300' in return for opening a bank account into which £2.5 million in laundered cash was paid. The student - who was approached about a 'business transaction' - made several deposits of £10,000 and also shared his PIN with others.
The National Crime Agency and PSNI are investigating 8,000 transactions from 22 separate accounts, where deposits were made via ATM before being forwarded to 3,500 other accounts. Almost £16m was paid through the various accounts.
Now police forces are warning students and young people - who are often approached on social media to help launder the proceeds of crime - of the risks of acting as money mules and engaging in 'squaring'. Young people risk being denied banking services for up to 6 years.
- Assess the risks - thinking about your own business operations, who might potentially be an enabler to money laundering?
- Identify red flags - do your colleagues know what signs to look out for? For example, young people under 16 who claim to work for companies, sudden unexplained wealth or source of funds, the street language that is used (eg Natty square, 5k drop) on social media, etc
- Implement controls - what additional measures might you introduce to detect and prevent young people being drawn into money laundering?
New-York based International Flavor and Fragrances is counting the cost after it reported potentially improper payments at Frutarom Industries, a subsidiary it acquired for $6.4bn last year.
The company believes that potential bribes were paid in Russia and Ukraine with the knowledge of its key executives.
IFF's share price dropped 15% on Wall Street and continued dropping on the Tel Aviv Stock Exchange following the company's announcement.
- Third party due diligence - The case illustrates the importance of adequate due diligence, especially prior to mergers and acquisitions, to protect your reputation.
The Office of Financial Sanctions Implementation (OFSI) has notified Standard Chartered of its intention to fine it in the coming weeks for its failure to prevent sanctions violations.
The lender - which sponsors Premier League runners-up Liverpool - can expect to pay more than £10m. It has already faced penalties of £800m in the US and UK for violating sanctions against Iran.
The FCA said that it had opened accounts in the Middle East "with little evidence that the origin of the funds had been investigated" and accused it of failing to gather intelligence about customers exporting products with military applications. Its oversight controls were "slow, narrow and reactive".
How healthy is your workforce? Although we're all encouraged to believe that "It's okay not to be okay" and to talk more about mental health, it's not always easy to talk about personal issues candidly.
Construction is a high-risk sector, with construction workers the most likely to take their own lives, according to ONS statistics cited in The Guardian.
- Over 1,400 workers in construction took their own lives between 2011 and 2015
- In 2016, there were 450 cases - three times the national average
The reasons are complex but risk factors include loneliness - possibly due to working away from home for long periods, which may be exacerbated by alcohol and gambling problems, high pressure work and job insecurity.
This month, the Unite union expressed alarm after hearing of at least 10 suicide attempts in Q1 of 2019 at the Hinkley Point C nuclear power station, which is currently under construction.
While the figures are disputed, to their credit Électricité de France (EDF) executives have responded by appointing 200 mental health buddies, "time to talk" rooms, an onsite GP, even inviting former boxer Frank Bruno to discuss mental health with contractors.
It's a cliché but people really are your greatest asset. The holidays are upon us so let's make sure everyone gets some precious downtime. It's going to be a busy Autumn…
Enjoying the last week of summer? It's tough when compliance is everywhere.
- If you're quick, there's still time to catch up with The Lehman Trilogy on the stage
- Or how about holding out for Meryl Streep in The Laundromat, a film based on the Panama Papers?
You know compliance matters when there are West End shows and Hollywood blockbusters sharing your passion.