<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Get started

    Compliance Essentials News - January 2019

    Published on 30 Jan 2019 by Vivek Dodd

    In this first update of the year, we have for you an analysis of Google's GDPR fine as well as several other compliance developments and points to ponder.

    This blog is dedicated to bringing you the news that touches the people dimension of regulatory compliance. It's not only about regulations, policies, procedures, and systems. We're trying to understand what leads individuals and companies to make errors of judgement, and in some cases, to act in brazen disregard of the rules - resulting in harsh consequences.

    Here's the selection of news stories that we've found most informative. Select the links or scroll down for more details.

    Google fined €50 million for GDPR infringements. Which rule did it break?

    Let's start with the big news of the month. On 21 January 2019, Commission nationale de l'informatique et des libertés (CNIL), France's data protection regulatory authority, fined Google a record fifty million (50,000,000) euros - the largest and most high-profile fine for violation of the General Data Protection Regulation (GDPR).

    Although the size of this fine is eye-catching, what's more interesting for us is what exactly it is for and what can other companies learn from this for their own GDPR compliance.

    The fine was purportedly for Google's lack of transparency, inadequate information and lack of valid consent regarding the ads personalisation. The CNIL pointed out three key breaches:

    1. Breach of the Right to be informed

    The GDPR specifies eight individual rights of which the first is the data subjects' right to be informed about the essential details of the data processing.

    The CNIL noted that Google had dispersed essential information, such as the categories of personal data, the purpose of the processing, and the data storage periods for data used for ads personalisation across several web pages such that a user would have to click around several links to be able to get all the information. On this basis, CNIL concluded that the information was not easily accessible.

    2. Lack of transparency

    The first of the six principles of the GDPR is Lawfulness, Fairness and Transparency. Companies need to be clear, open, and honest with people about how you will use their personal data.

    But the CNIL found that the information Google provided was not always clear or comprehensive, making it difficult or impossible for users to understand the content.

    3. Invalid consent

    Under the GDPR, Consent, if chosen as a lawful basis, must be 'informed', 'freely given, 'unambiguous', and 'specific'.

    Google states that it relies on consent as the lawful basis for ads personalisation, but the consent it had obtained was neither “specific” or “unambiguous”, nor was it sufficiently 'informed'. For instance, the “I agree with Google’s terms of service” tick-box was presented to users ahead of boxes with more detailed options.

    Lawyer jailed for money laundering

    Solicitor Ross McKay has been jailed for seven years for three money laundering offences.

    An investigation by Greater Manchester Police's Economic Crime Unit (Operation Isidor) found he helped a criminal group launder the proceeds of crime, including tax evasion and mortgage fraud, by providing conveyancing for at least 80 property transactions, disguising the true source of funds and wildly exaggerating income to secure the loans.

    Adrian Ladkin of GMP's Economic Crime Unit said, "McKay was fully aware that the purpose of the transactions was to launder criminal proceeds and he was deliberately dishonest in facilitating them. As a solicitor, McKay was in a position of trust, but he spectacularly failed in his legal duties through his corrupt and unlawful actions."

    Lawyer fined for failing to identify PEP

    Khalid Mohammed Sharif, a lawyer and partner at Child & Child, has been fined £45,000 by the Solicitors Disciplinary Tribunal (SDT) for failing to conduct adequate due diligence on wealthy clients and not identifying politically exposed persons (PEPs) in accordance with the Money Laundering Regulations.

    The Solicitors Regulation Authority said Sharif, who was also a Money Laundering Reporting Officer, didn't do anything to establish whether clients were politically exposed persons, despite being instructed in the purchase of flats in Knightsbridge worth £60m on his clients' behalf.

    Clients' PEP status continued to go unnoticed despite source of funds checks on deposits of £14m. And again, when Child & Child allegedly assisted the same clients - thought to be related to the president of Azerbaijan - by instructing Mossack Fonseca, the law firm at the centre of the Panama Papers breach, to set up a company in the British Virgin Islands on their behalf.

    Sharif was also ordered to pay £40,000 in costs but has not been struck off.

    Fed gets involved in the Danske Bank money laundering scandal

    As the investigation into suspected $230 billion of money laundering at Danske Bank intensifies, the US Federal Reserve has started probing Deutsche Bank's role in this scandal. The regulator is looking at whether the bank's US operations did enough to scrutinise clients and transactions from Danske's Estonian branch after the Danske whistleblower implicated the German bank in evidence.

    Meanwhile, Deutsche Bank's CEO Christian Sewing confirmed it was re-examining the bank's role as a correspondent bank for Danske, but has found no evidence of wrongdoing yet. Yet the probe illustrates the compliance risks in an interconnected world of financial services.

    Is whistleblowing the antidote to internal fraud?

    • Patisserie Valerie is left battling after uncovering £40m internal fraud.
    • DJI, one of the world's biggest drone makers has confirmed it faces a loss of $150m after it unearthed fraud involving up to 45 workers who overinflated parts costs for personal gain.

    Internal fraud is a widespread problem as the two cases above illustrate. One prevention measure that is gaining popularity to fight internal fraud is whistleblowing, i.e. channels for employees to submit confidential and anonymous reports of misconduct. Research shows that whistleblowing is far more effective at uncovering fraud than audits. "While professional auditors were only able to detect 19% of the frauds on private corporations, whistleblowers exposed 43%."

    Santander branch closures spell bad news for everyone

    Santander has announced that it is closing a fifth of its UK branches, citing changes in the way we bank as the reason for the closures. Over the last three years, digital transactions have risen 99% while in-branch transactions have dropped 23%. However, this news is bad not only for staff but also for vulnerable consumers. According to the UK Government's Digital Inclusion Strategy, 10% of adults have never used the internet and the same number (10%) have no internet access.

    While there is no doubt about the benefits of 24/7 flexibility of technology, the Financial Conduct Authority requires financial institutions to continue to meet the needs of people who are vulnerable in line with the Treating Customers Fairly principle.

    Divine intervention

    Money laundering at domestic and foreign banks were also weighing heavy on Felix Hufeld, the president of German regulator BaFin when he made his New Year address.

    As he urged financial institutions to ensure that they had appropriate systems to combat money laundering in a speech in Frankfurt, he said, "Money laundering prevention is an urgent priority, and I would like it to be evident from the way that all institutions conduct business that it is a very high priority for them, too. True to the phrase in the Bible: "You will know them by what they do."

    Leave a comment


    eBook: Essential Uncovered

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Download now

    10 Worst Cyber Crimes Analysed

    Cyber crime creates a huge financial drain on the UK economy every single year. Nearly half of UK businesses reported a cyber attack, according to specialist insurer Hiscox. According to recent ...

    Read More
    Six of the Best Books on Governance, Risk Management & Compliance

    We didn't become compliance learning experts overnight. We stand on the shoulders of some great minds in the Governance, Risk Management and Compliance (GRC) community. Our Pick of the Best Books on ...

    Read More
    5MLD is Coming: Threat or Opportunity?

    Many cryptocurrency firms will feel that more money-laundering regulations are a hindrance to their agile business models, but perhaps they should try and see the opportunities too? The appeal of ...

    Read More
    Skillcast Giving Back

    Skillcast promotes ethical behaviour not only to our customers but to society in general. We do this through education, charitable donations and managing our impact on the environment. We help ...

    Read More