Compliance Essentials News - August 2020
This month's key compliance news including Experian data breach, PL tax avoidance, TikTok GDPR, spoofed websites, Curtiss-Wright's sanctions violations, pandemic fraud and more...
Our pick of the most informative compliance news this month
- Aberdeen oil chief jailed for bribery
- Experian data breach affects 24 million customers
- $21.7 million fine for disguising bribes as 'scholarships'
- 246 footballers being investigated for tax affairs
- Bank fraud plaguing the industry amid COVID-19 lockdown
- Curtiss-Wright reveal possible Russia sanctions violations
- Banks starting to target compliance teams for job cuts
- European banks urged to stop funding Amazon oil trade
- TikTok under GDPR scrutiny over data misuse accusations
- Online firms in hot water over financial crime controls
- Spoofed websites impersonating real brokers on the rise
Aberdeen oil chief jailed for bribery
Stephen Whiteley, who was vice-president of SBM Offshore and Unaoil’s territory manager in Iraq, has been sentenced to three years in jail after he was found guilty of paying over £400k in bribes. A four-year investigation by the Serious Fraud Office found that Whiteley had bribed numerous public officials at the South Oil Company to secure contracts for Unaoil and its clients to build offshore mooring buoys in the Persian Gulf.
A jury found Whiteley guilty of conspiring to give corrupt payments in exchange for £43 million in contracts. One of Whiteley's co-conspirators, Ziad Akle, was also handed a five-year fail term for two connected charges.
These sentences follow the downfall of another co-conspirator, Basil Al Jarah, who pleaded guilty to his part in the scheme last July. Al Jarah revealed to investigators that he had issued bribes worth over £4.7 million to secure contracts worth more than £630 million for the supply of offshore mooring buoys and oil pipelines.
Experian data breach affects 24 million customers
Experian has been struck by a huge personal data breach, affecting approximately 24 million South African customers and close to 800,000 companies. The credit reporting agency issued a statement claiming that an individual fraudulently representing one of their clients requested 'services' from the firm, prompting the release of the data.
Experian attempted to downplay the gravity of the breach by claiming that this data "is provided in the ordinary course of business or which is publicly available." However, it failed to clarify which customer records were taken, only claiming that it did not contain customer credit or financial information.
"The compromise of personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts," said SABRIC CEO, Nischal Mewalall. "However, criminals can use this information to trick you into disclosing your confidential banking details."
- Implement suitable controls to minimise the chance of a personal data breach ever occurring within your company
- Don't put people's personal information at risk by using it in ways that they wouldn't reasonably expect
- Inform the DPO immediately of any data breach or incident within your company
- Keep a record of all data breaches and any action that you took as a result to provide an audit trail, and identify trends and weaknesses
$21.7 million fine for disguising bribes as 'scholarships'
The World Acceptance Corporation (WAC) has agreed to pay the SEC $21.7 million in penalties and disgorgement in order to resolve FCPA offenses in Mexico. What happened is that one of WAC's Mexican subsidiaries was found to have paid $4.1 million in bribes to Mexican government officials and union workers to obtain or keep business.
Of the $4.1 million in bribes, no less than $1.5 million was handed to government officials, $580,000 to union officials, and $480,000 to third-party intermediaries who used parts of it to bribe government and union officials. Due to insufficient record keeping, it is "unclear how the remaining $1.5 million in payments were split," the SEC said.
What is particularly noteworthy is the way in which WAC attempted to disguise these bribes. WAC Mexico transferred money into accounts connected to officials and used an intermediary to "distribute large bags of cash" among the officials. According to the SEC, the payments were referred to as "scholarships", "royalty payments" or "support".
- Never attempt to disguise a bribe as something legitimate, such as a 'scholarship' or 'royalty payment'
- Never offer money or anything of value in return for improper performance of any function
- Make sure that gifts and hospitality are proportionate and in line with industry-standard policies and thresholds
- Never make facilitation payments to speed up processes or 'jump the queue' unless you are in immediate physical danger
- Make sure you report any suspicion or knowledge of bribery to the relevant authorities immediately
246 footballers being investigated for tax affairs
The number of HMRC investigations into footballers' finances rose dramatically in the tax year 2019-20, increasing from 87 to 246 cases, according to research by the accountancy firm UHY Hacker Young. The figures show footballers' image rights have come under particular scrutiny as UK tax authorities begin to clamp down on loopholes in the way footballers are paid.
Image rights permit a footballer's likeness and name to be used by a club to sell and promote the club's own merchandise, as well as those of their sponsors. However, in the Premier League and Championship, footballers' wages are levied with a 45% income tax charge, while image rights are only subject to a 19% corporation tax rate, making it a significantly more profitable mode of payment for UK footballers.
Elliot Buss, a partner at UHY Hacker Young said, "HMRC believes that lots of lesser-known footballers are effectively avoiding tax by getting paid huge sums for image rights that HMRC views as overpriced.
"The image rights of the likes of Paul Pogba and Mohamed Salah are undoubtedly worth millions of pounds a year. However, if you are second-choice left back in the Championship getting paid a great deal in image-rights payments, then this is likely to trigger an investigation by the taxman. You may have to make a robust argument to HMRC to show how the value of the image rights has been arrived at."
Bank fraud plaguing the industry amid COVID-19 lockdown
Barclays has revealed that fraud reports among its customers have increased by nearly sixfold within just one year, with the spike in reports still steadily on the rise. The bank says that they received 465 reports of fraud in July 2019 compared with 2,699 cases in July 2020.
Head of fraud at Barclays, Jim Winters, said "There has been a bounce-back effect from fraudsters kicking into action after lockdown ended. They have taken the time to reorganise themselves and to work out what the opportunities are."
Customers could be distracted by changing workplace arrangements or childcare commitments, and could be at an increased risk due to lacking their regular family and friend support systems.
Scammers are encouraging customers concerned about low interest rates on savings accounts to invest their savings into cryptocurrencies, unscrupulous private companies, and unregulated products like graphene, diamonds and gold.
Curtiss-Wright reveal possible Russia sanctions violations
Curtiss-Wright Corp., American manufacturer and service provider, has disclosed possible US sanctions violations on Russia. This comes after a company on the US blacklist acquired two of its longstanding customers in 2019. Curtiss-Wright claim that this happened without their knowledge, which is why they voluntarily disclosed the matter to the US Treasury Department's Office of Foreign Asset Controls.
Curtiss-Wright's investigation found that the two customers weren't initially captured under sanctions imposed on Russia in 2014 when it annexed the Crimea region of Ukraine. "Change of ownership resulted in beneficial ownership sanctions now capturing our two longtime customers," the firm said.
Curtiss-Wright's banks failed to halt transactions with the blacklisted company which acquired the customers due to the individual actions of a contracts administrator. This administrator is said to have altered the credit terms of invoices for products which had already been shipped so that banks would not interfere with any of the transactions.
The contracts administrator in question has since been fired by Curtiss-Wright, and the company is now working to uncover the root cause of the infraction and implement suitable control measures.
- Keep up to date with any changes to global sanction lists and compliance technologies - otherwise you risk making the same mistake that Curtiss-Wright made
- Be vigilant and proactive - don't just rely solely on automated screening software to flag up names or target matches
- Watch out for attempts to add, alter, delete or omit payment information in instruction lines to evade sanctions
- Report any concerns, including actual or potential sanctions violations, to the relevant authorities immediately
Banks starting to target compliance teams for job cuts
According to a new study, banking giants may start cutting their London compliance departments by up to 25% within the next year. The main reasons for this are threefold - the COVID-19 pandemic, the looming recession, and Brexit, and the banking industry is unfortunately not the first to suffer the consequences.
HSBC and Credit Suisse are among companies confirmed to be looking to reduce compliance staff as part of broader restructuring plans. Credit Suisse have stated that employees affected would "have the opportunity to explore a broader range of internal career moves within the combined function". HSBC have claimed that they were continuing "to restructure and review the roles required to transform the bank".
Worryingly, the pandemic has prompted a "don’t let a good crisis pass you by" mentality amongst certain bank bosses. This means that bosses who had been looking for a good reason to make drastic cuts now finally have one, at least for the time being.
Yet, successive regulators have stressed the importance of having properly resourced compliance teams. Cutting compliance to the bone may prove a costly mistake.
European banks urged to stop funding Amazon oil trade
Indigenous people living at the Amazon's headwaters are calling on European banks and urging them to cease financing oil development in the region, claiming this poses a threat to their livelihoods and harms the surrounding ecosystem. This comes after a report uncovered $10 billion in previously undisclosed funding for oil in the area.
Plenty of European banks have promised to stop or significantly reduce the finance they provide to fossil fuel projects but this report highlights a grey area - instead of project finance, the authors looked at trade finance. Project finance is used to create and maintain oil wells, pipelines, refineries, and fossil fuel extraction, but trade finance is used to move the gas and oil from production to refineries.
The president of the Confederation of Indigenous Nationalities of the Ecuadorian Amazon, Marlon Vargas, said, "I wonder if the executives of banks in Europe know the real cost of their financing. How can they possibly sleep peacefully knowing their money leaves thousands of indigenous peoples and communities without water, without food and in devastating health conditions due to the pollution of the Coca and Napo rivers? It is time for the banks, companies and consumers of the oil extracted in the Ecuadorian Amazon to acknowledge how their businesses affect our territories and way of life."
Many banks mentioned in the report confirmed that trade finance did not fall under their sustainable lending pledges, but said they were actively trying to reduce their environmental impact.
TikTok under GDPR scrutiny over data misuse accusations
According to Dutch privacy organisation SOMI, TikTok is failing to protect minors who use the app and likely gathers and shares their personal information with unknown third parties, some of which are based in China, in violation of the GDPR. This comes after French authorities also recently launched an investigation into a similar matter.
"Europe has created the GDPR to give consumers control over their personal data and to protect minors in the digital world," said Cor Wijtvliet, SOMI co-founder. "TikTok consistently violates similar standards in countries outside the EU on several counts. That is a major cause for concern; not only because it happens without the user’s consent or even their knowledge, but especially because the company is known to have committed such offences in the past."
SOMI’s primary concern is that TikTok has not taken any significant action after being warned that children are not being suitably protected against online contact with adults who they have never met. The app's aggressive and potentially unlawful data collection practices only serve to further aggravate this issue.
Online firms in hot water over financial crime controls
Popular online estate agency, Purplebricks, has been issued a fine of over £260,000 for breaking UK anti-money laundering laws. HMRC stated that the firm was guilty of "failures in having the correct policies, controls and procedures, conducting due diligence and timing of verification". Purplebricks has not been given the chance to appeal.
Similarly, the digital bank Monzo is undertaking a review of its financial crime controls, and has issued a warning that the outcome may significantly impact its finances. Monzo's annual report did not highlight any specifics over what is likely to change. Monzo has recently been closing and freezing accounts in order to comply with anti-money laundering regulations, a move which has provoked anger among some customers. Its annual accounts for the year to the end of February showed that losses increased from £47 million to £114 million, despite also demonstrating significant growth in its customer base and revenues.
- Make sure to always conduct initial and on-going client due diligence using a risk-based approach
- Look out for anything about any customers or transactions that are unusual or suspicious - pay particular attention to high-risk customers and jurisdictions
- Exercise extreme care to avoid tipping off anyone who has been reported for money laundering, terrorist financing or any other financial crime
- Report any knowledge or suspicion of any form of financial crime to the relevant authorities immediately
Spoofed websites impersonating real brokers on the rise
FINRA has issued a warning that scammers are using registered brokers' names and personal information to set up 'imposter websites' which appear to be the representatives' personal websites, and are also phoning and directing potential customers to these sites. These scammers are likely using these sites to gather personal data with the end goal of committing financial fraud.
Common features of imposter websites include:
- Using an image purporting to be the registered broker
- Using the registered broker's real name as all or part of the website's domain name
- Providing personal information such as employment history, including prior employers' CRD numbers and examination history
- Asking individuals to fill out contact forms which include personal information
Looking for more compliance insights?
Skillcast has partnered with YouGov to conduct primary research into compliance issues, attitudes and risk perceptions in the UK workplace to produce a series of Insights Blogs.
We also have 50+ free compliance training aids, including a selection of desk-aids, eBooks, guides, handouts, posters, training presentations and even free e-learning modules!
And why not subscribe to our Compliance Bulletin which delivers a round-up email of all of this month's best practices, expert opinions, industry insights, key trends in regulatory compliance training, digital learning, EdTech and RegTech news.