Compliance Essentials News - January 2020
This month's round-up of key compliance news includes Travelex ransomware, data protection issues, BBC equal pay, sexual harassment policies, AML & art, due diligence & competition law...
Our pick of the most informative compliance news this month
- BBC pay practices under scrutiny after Ahmed ruling
- EHRC: 'Dramatic shift in workplace cultures' needed to combat harassment
- Travelex ransomware attack: Still no breach reported
- Calling time on bribery: Why watches make the best bribes
- Currys PC World & Dixon's Travel fined £500k for historic breach
- Anti-"Monet" laundering: Art world faces a stricter regime
- Making Client Due Diligence child's play
- France fines Google $150m for anti-competitive behaviour
- Flash Crash Hound of Hounslow atonement pays off
How much for a "glint in the eye"? BBC pay practices under scrutiny after Ahmed ruling
Firms are being urged to check their current pay and reward practices following BBC presenter Samira Ahmed's successful claim for equal pay.
According to evidence heard at the London Central Employment Tribunal, two BBC presenters -Jeremy Vine and Samira Ahmed - were paid vastly different amounts (£3,000 versus £440 per episode respectively) despite doing broadly similar work. Both presented a 15-minute current affairs programme, with audience feedback, where the presenters read from an autocue.
The BBC said that Vine's show was entertainment, not current affairs, relying on humour and a "glint in the eye", requiring additional skills and experience. But the tribunal was unconvinced, judging the roles to be "virtually the same".
Employment lawyers are now urging companies to check that their own reward processes are clear and transparent. The Fawcett Society is repeating its call for an enforceable right to know what colleagues earn, with the TUC also calling for a ban on pay secrecy after a survey found that 1 in 5 workers had been told not to discuss pay with colleagues.
50 years on from the Equal Pay Act, it's remarkable that firms are still struggling with this.
'Dramatic shift in workplace cultures' needed to combat harassment, says EHRC
Companies need to do much more to tackle harassment in the workplace, according to the head of the UK's equality watchdog - the Equality and Human Rights Commission (EHRC).
Rebecca Hilsenrath has written to the CEOs of 400 top companies demanding action.
Launching new guidance on tackling sexual harassment at work, Hilsenrath said there was an "overwhelming" need for tougher action.
Report contributor, Gemma McCall of Culture Shift, said, "Employers must adopt a victim-first mentality to tackle harassment in the workplace, recognise the barriers to reporting and take all steps to remove them".
Lawyers also note that while the guidance is not yet legally binding, it's likely that tribunals will use it to determine whether something is good or bad practice.
An effective anti-harassment policy should:
- Explain how workers should make a complaint
- Offer multiple reporting channels for people to report harassment - so they do not need to report incidents to the perpetrator or anyone who may not be objective.
- Provide a range of approaches for dealing with harassment
- Clearly state appropriate consequences and sanctions for harassment or victimisation
- Make clear that victimisation or retaliation against complainants won't be tolerated
- Provide information about support and advice services to both the complainant and the alleged harasser - including employee assistance programmes, internal contact points, local and national support organisations, the Equality Advisory and Support Service, Protect (the whistleblowing charity), advice centres and helplines.
Travelex ransomware attack: Still no breach reported
Capital One bank has admitted that personal data belonging to 106 million of its customers has been stolen, after a tech worker accessed personal information held on credit card applications in March 2019.
Find out more about the recent Travelex ransomware attack, how to reduce the risk of such attacks, and what to do should the worst happen in our ransomware blog.
Calling time on bribery: Why watches make the best bribes
One luxury item shows up time and again in asset seizures - watches.
Not your average timepieces, no. But luxury wrist watches with hefty price tags.
- In June 2018, as part of its 1MDB probe Malaysian police seized £207m of assets from the former PM Najib Razak, including 423 wrist watches worth $19m (Rolex, Richard Mille and Chopard)
- In September 2018, Brazilian police seized 20 luxury watches worth $16m from the VP of Equatorial Guinea, Teodoro (Teddy) Nguema Obiang Mangue.
In 2016, commentators even linked the decline in Swiss watch exports to China to the crackdown on bribes.
So what is it with watches?
Well, they are small, easy to conceal and transport without raising alarm (ha!), expensive (with some models worth over £24 million) and they hold their value, making them marketable commodities.
Ideal for bribes and shifting assets across borders. We can expect to see watches at the centre of many more cases to come.
Currys PC World & Dixon's Travel fined £500k for historic breach
While most companies have cleaned up their act when it comes to data protection, there are plenty who still fall foul of the law and are being investigated and fined accordingly.
Our recent blog recounted the worst GDPR fines of 2019.
We are only a couple of weeks into 2019 and the Information Commissioner's Office (ICO) is already demonstrating its resolution to tackle data breaches. Whilst not a GDPR fine - a bullet dodged for sure - the ICO has handed out a $500k fine to DSG Retail Limited for an historic data breach dating back to 2018. Find out more in our article on the biggest GDPR fines of 2020.
Anti-"Monet" laundering: Art world faces a stricter regime
This month the Fifth Money Laundering Directive (5MLD) came into effect. It means that art dealers, auction houses and freeports storing luxury items will now need to carry out Know Your Customer checks on transactions over €10,000 and report suspicious activity.
- The UK is home to the second biggest art market in the world with $14 billion sales in 2018.
- However, experts caution that unlike the bigger auction houses, many small and medium-sized galleries are not ready.
- If you're a high-value dealer, register your business - the HMRC deadline is 10 January 2021.
- Appoint a Money Laundering Reporting Officer (MLRO) and Senior Manager with responsibility for AML compliance
- Conduct risk-based due diligence - on all customers, associates, consultants and third parties. (The higher the risk, the higher the level of due diligence is required.)
- Don't process transactions or take payment - until appropriate due diligence checks are complete. If art works are being bought by an entity, you need to establish the beneficial owner.
- Check what documents you need for identification & verification checks - by downloading the guidance from the Responsible Art Market.
- Don’t assume that, because someone has a UK bank account, they are "safe" and no checks are required - you are required to carry out your own independent checks and document the findings.
- Remember that Know Your Customer checks must also be carried out for a series of smaller transactions with the same person which together exceed €10,000
- Update your documentation - e.g. contracts, GDPR privacy notices, etc to reference the due diligence checks and to explain how personal data will be used.
- Use screening software - to help identify high-risk individuals - eg those subject to sanctions or politically-exposed persons (PEPs).
- Watch out for red flags - i.e. anything that's unusual or suspicious. Pay particular attention to unusual behaviour (e.g. the purchaser of a high-value work of art not asking questions you would expect), high-risk structures (e.g. opaque company structures, offshore trusts), unusual transactions (e.g. electronic currency transfers), high-risk individuals (e.g. PEPs, agents acting for undisclosed buyers and sellers) and high-risk jurisdictions (i.e. countries linked to corruption or subject to sanctions). Use Transparency International's Corruption index to check geographical areas.
- Avoid tipping off anyone suspected of money laundering or terrorist financing that an investigation has been launched - there's a two-year penalty if you break the rules.
- Immediately report any concerns, knowledge or suspicions immediately - relating to money laundering, terrorist financing, and Politically Exposed Persons (PEPs) to our MLRO.
Get up-to-speed with the new money laundering directive with the help of our free training aid.
Making Client Due Diligence child's play...
Anti-money laundering experts are in short supply everywhere. We get that. But we were taken aback to learn about the cunning plan devised by Dutch banks to carry out client due diligence (CDD) checks - to recruit school leavers, with no experience, to do the job, by promising starting salaries of €3,000 plus a "focus on personal growth".
CDD expert Jaan-Jan Deverschot said, "Banks are only just realising that checking for money laundering has become a key activity".
So how is everyone coping amid such a dearth of CDD skills? Inevitably, some are turning to technology, hoping AI will fill the void. Despite the technology still being in its infancy.
Others are investing in training, with one - Rabobank - setting up its own CDD academy.
France fines Google $150m for anti-competitive behaviour
The French competition watchdog has fined Google $150m for abusing its dominant position in the online search advertising market.
It has criticised the tech giant for its "brutal and unjustified" suspension of accounts, "opaque and difficult to understand operating rules" relating to Google Ads and for applying them in "an unfair and random manner" after complaints by firms that had their accounts suspended without warning.
- Google plans to appeal, insisting that "People expect to be protected from exploitative and abusive ads and this is what our advertising policies are for".
But, while agreeing customer protection is "perfectly legitimate", the watchdog cautioned, "Google cannot suspend the account of an advertiser on the grounds that it would offer services that it considers contrary to the interests of the consumer, while agreeing to reference and accompany on its advertising platform sites that sell similar services".
Flash Crash Hound of Hounslow atonement pays off
Finally, we are all human and get things wrong from time to time. So it's reassuring to know that there's still hope, a chance to turn things around and to make a new start after a criminal violation.
The US Department of Justice prosecutor confirmed last week that Navinder Singh Sarao - the trader thought to be responsible for the so-called "flash crash" is unlikely to face prison.
Sarao, dubbed the "Hound of Hounslow", was extradited to the US in 2016 where he pleaded guilty to wire fraud and spoofing, after reportedly making over £45m.
So why the leniency? After all, according to the FT's report at that time, Sarao "placed bogus orders that were deliberately designed to create the illusion of substantial supply and demand, thus moving prices" - behaviour that is prohibited.
The answer lies, it seems, in atonement. Michael O'Neill of the US Department of Justice said, "The defendant's keen insights and explanations regarding both general and specific patterns of deceptive and manipulative trading have illuminated the government's understanding of similar spoofing. As a result, he has substantially assisted and informed the government's nationwide efforts to detect, investigate, and prosecute these crimes."
Looking for more Compliance news?
We also publish our pick of the biggest news in Financial Services compliance every month in FCA Compliance News.
Why not subscribe to our Compliance Bulletin which delivers a round-up email of all of this month's best practices, expert opinions, industry insights, key trends in regulatory compliance training, digital learning, EdTech and RegTech news.