Compliance Essentials News - March 2020
This month's round-up of key compliance news includes fines for Cathay Pacific, Betway and Apple, Starbucks/Nespresso child labour, Coronavirus preparation and more...
Our pick of the most informative compliance news this month
- Drugs firms fined £3.4m for illegal activity
- Apple fined €1.1bn over French sales
- Cathay Pacific fined £500k for failing to secure customer data
- Bitter taste: Child labour in Starbucks & Nespresso supply chain
- Game over: Record £11.6m fine for Betway
- 40% of firms have no contingency plan to manage Coronavirus
Drugs firms fined £3.4m for illegal activity
Good news, at last. The NHS is to get an extra £1m boost, thanks to the Competition and Markets Authority. Four drugs companies have also been fined over £3.4m for breaching competition laws.
King and Auden Mckenzie agreed that one of them would only supply 10mg tablets of the anti-depressant nortriptyline, while the other would only supply it in 25mg tablets. They also fixed quantities and prices. Accord-UK Ltd took control of Auden Mckenzie's nortriptyline business so is being held responsible for its illegal conduct. The CMA fined Accord-UK Ltd £1.9m and King £76k for market sharing.
King, Alissa and Lexon also exchanged competitively sensitive information on prices, volumes and entry plans to keep the price of the drug artificially high. The three firms were fined £76k, £175k and £1.2m respectively.
Geoff Steadman of the CMA said, "If pharmaceutical companies get together to restrict competition for the supply of a drug, this can lead to the NHS - and ultimately the UK taxpayer - paying over the odds for what are often essential medical treatments".
King and Auden Mckenzie also agreed to pay £1m to the NHS in connection with the case. It is the second time the CMA has secured such a payout.
- Make it easy your team to speak out right away if they witness collusion or anti-competitive behaviour - it matters because the first company to do so can escape prosecution under the leniency rules.
- If you make a mistake, own it - Compare the respective fines for King, Alissa and Lexon - £76k, £175k and £1.2m. Notice anything. King and Alissa both admitted breaking the law, whereas Lexon did not. It shows.
- Don't underestimate the power of the regulator - as seen here, the CMA has extensive powers to recover money lost by the NHS as a result of anti-competitive practice. Factor in the fines, loss of licence, and potential class action brought by individuals and other firms who lost out, and this could be a costly mistake indeed.
Apple fined €1.1bn over French sales
French antitrust regulator has given Apple a record €1.1bn fine for anti-competitive selling practices relating to its non-iPhone products in France.
France's Autorité de la Concurrence accused Apple of colluding with two wholesalers, Tech Data and Ingram Micro, effectively preventing competition for its Apple Mac computers and other non-iPhone products.
The investigation was prompted after a complaint by eBizcuss an Apple premium reseller. Antitrust officials say Apple forced premium resellers to match prices on the Apple Store and contracts restricted them to almost only selling Apple products despite stock being withheld.
Apple plans to appeal. The two firms - Tech Data and Ingram Micro - were also fined €76.1m and €63m respectively.
Cathay Pacific fined £500k for failing to secure customer data
International airline Cathay Pacific has been fined £500k - the maximum allowed under earlier data protection laws - for failing to secure customers' personal data.
The personal data of 9.4 million customers worldwide (111,578 of them in the UK) was compromised between October 2014 and May 2018. The airline's inadequate system security meant hackers could access travellers' personal data, including name, passport and identity details, date of birth, contact and historical travel data.
If it all sounds familiar, that's because it's almost a carbon copy of the British Airways case that landed them that record £183m fine.
The ICO found a stack of basic errors from unprotected backup files, unpatched internet-facing servers, inadequate virus protection to operating systems that were no longer supported and poor anti-virus protection.
Suspicious activity came to light in March 2018 when Cathay Pacific systems were targeted in a brute force attack.
- Ensure there are appropriate technical or organisational measures in place to safeguard personal data - keep anti-virus and developer software up-to-date and download any patches immediately
- Ensure there is sufficient oversight and monitoring of the data landscape - at the latest, data breaches must be notified within 72 hours. Don't delay while you get all the facts.
- Remember the ICO has the power to impose fines of up to €20 million or 4% of global annual turnover -the fine is lenient as this was based on the pre-GDPR regime. The BA fine puts airlines and everyone else on notice that this leniency is coming to an end.
Bitter taste: Child labour in Starbucks & Nespresso supply chain
Global coffee retailers Starbucks and Nespresso are facing tough questions after a TV exposé showed children under 13 working in their supply chain.
Channel 4's Dispatches visited seven farms linked to Nespresso and five with links to Starbucks in Guatemala and filmed children working on all of them.
Some worked up to 40 hours a week, carrying heavy sacks full of beans, earning not much more a day than… er, the price of a frothy cappuccino - a clear breach of the regulations set out by the UN's International Labour Organization.
After being confronted with the allegations, Starbucks and Nespresso were suitably appalled and launched immediate investigations.
George Clooney, who is on Nespresso's sustainability advisory board and appears in its adverts, said, "I was surprised and saddened to see this story. Clearly this board and this company still have work to do."
But Channel 4 reporter Antony Barnett said, "It's great that George Clooney supports our investigation but if he is serious about sorting out this issue, he needs to make sure Nespresso puts its money where its mouth is. It’s far too easy to announce an investigation and halt supplies from these regions but this will further punish the farmers and desperately poor families who rely on them. The reason these kids are working is that their parents – and the farms they work on – are not paid enough."
- Carry out unannounced spot checks and audits on suppliers - adopt a risk-based approach, so more checks are carried out on suppliers or parts of the business that pose the most risk
- Don't impose unreasonable demands on suppliers - excessive production targets or squeezed margins makes it more tempting for suppliers to cut corners or tolerate child labour
- Commit to fair and sustainable trade - it's not just about profitability. Remember we have social and environmental obligations too. It's possible to be both profitable and principled.
- Appoint local champions - both within supply chains and with external stakeholders and NGOs, who may have expert knowledge of the local climate, identify risks and highlight worker exploitation
Game over: Record £11.6m fine for Betway
Online gambling company Betway received a record £11.6m fine by the Gambling Commission for not doing enough to protect vulnerable customers and for money laundering failures.
Its investigation found that one "VIP" customer had deposited £8m and lost more than £4m over a four-year period. Another lost £187,000 in two days after Betway failed to carry out any social responsibility checks.
In total, the firm allowed £5.8m to pass through its business which was found, or could reasonably be suspected, to be proceeds of crime.
Richard Watson, executive director of the Gambling Commission said, "The actions of Betway suggest there was little regard for the welfare of its VIP customers or the impact on those around them."
However, campaigners say fines like these do not go far enough and are calling for operators to have their licences suspended for such systemic failures.
- Conduct risk-based due diligence - as part of the on-boarding process and at regular intervals to verify identity and assess how people fund their bets (Source of Funds/Wealth)
- Remember that Know Your Customer checks must also be carried out for a series of smaller transactions with the same person that in total exceed €10,000
- Don’t assume that, because someone has a UK bank account, they are "safe" and no further checks are needed - you are required to carry out your own independent checks and document the findings
- Be vigilant and take action to safeguard vulnerable individuals - e.g. by asking common-sense questions regarding affordability. How can someone who is unemployed afford to deposit £1.6m and lose £700k on gambling?
- Remember, we have a duty of care towards at-risk groups and individuals - consider what other measures might be implemented (eg self-exclusion, debt advice, etc)
- Immediately report any concerns, knowledge or suspicions - relating to money laundering, terrorist financing, and Politically Exposed Persons (PEPs) to your MLRO
40% of firms have no contingency plan to manage Coronavirus
The CIPD and People Management magazine have surveyed 640 HR professionals to assess their firms' level of coronavirus preparedness.
- Contingency planning: 39% of them had no business contingency plan in place to deal with the outbreak; half reported a comprehensive level of pandemic preparedness, but 21% said their level of preparedness was non-existent
- Communication: 1 in 10 companies had yet to send out any communications about the virus; for the majority (71%) who had sent one or two communications, they were trying to avoid causing undue alarm
- Sickness: A third of them have no plan in the event that someone in the team tests positive for Coronavirus, with a fifth yet to decide what to pay staff who are self-isolating
- Disruption: While most (60%) were encouraging "business as usual", 34% had cancelled non-essential external meetings, 23% had cancelled large external events (e.g. conferences) and 13% were cancelling internal events (e.g. town halls)
Experts warn firms against being "distracted by trying to become medical experts" and say they should instead focus on being adaptive, flexible and using different media to advise people on best practice.
A follow-up survey of 390 employers found that staff anxiety was now the single biggest challenge employers face (63%).
Advice to companies for supporting their teams
- Step up communication with your team - you can do this via virtual social sessions, virtual coffee breaks, arranging daily check-ins and wellbeing sessions, to support their mental health
- Reassure and stick to the facts - avoid using inflammatory language (e.g. victims); instead stick to more neutral language (such as "people being treated for…").
Visit People management for further advice on supporting staff.
- Consider business-critical functions - do staff have transferable skills that can be deployed in parts of the business that are currently under pressure? What training is available for people who may need to temporarily step up at the last minute?
- Check internal documentation is up-to-date for all internal processes - how prepared are you if there needs to be a rapid handover? Would your team members know what to do? Now is a good time to revisit core processes and make handover notes should a fast transition be needed.
Looking for more compliance insights?
Why not subscribe to our Compliance Bulletin which delivers a round-up email of all of this month's best practices, expert opinions, industry insights, key trends in regulatory compliance training, digital learning, EdTech and RegTech news.
Skillcast has partnered with YouGov to conduct primary research into compliance issues, attitudes and risk perceptions in the UK workplace to produce a series of Insights Blogs.
We also have 50+ free compliance training aids, including a selection of desk-aids, eBooks, guides, handouts, posters, training presentations and even free e-learning modules!