This months's news that touches the people dimension of regulatory compliance. It's not only about regulations, policies, procedures and systems.
Money Laundering at Danske Bank
In the minds of many, money laundering conjures up images of drug barons from Latin America, blood diamond smugglers from Africa, and arms dealers from Asia. Well, prepare to be disabused of such notions. Possibly the largest ever money-laundering scandal in history is unfolding here in the European Union!
It turns out that the Estonian branch of the Danske Bank from Denmark had thousands of suspicious customers and may have laundered up to €200bn over a nine-year period.
The scandal - which involved over 32 currencies and companies in Cyprus, the Seychelles, British Virgin Islands and the UK - lead to the resignation of its CEO Thomas Borgen, although he has protested that he did everything he was legally required to do.
Incidentally, Denmark is ranked the second best country in the world on Transparency International's Corruption Perceptions Index 2017. Yet it has no whistleblowing legislation, which may have brought the Danske case to light earlier. And in 2013, the OECD pointed out that it had "serious concerns about the lack of enforcement" of bribery paid by Danish companies abroad.
UK Authorities Hit Back With UWOs
The UK's National Crime Agency has recently developed a taste for unexplained wealth orders. Zamira Hajiyeva - the wife of jailed Azerbaijani banker who spent £16m at Harrods and owns luxury properties including a £11.5m Knightsbridge home - has been forced to explain the source of her wealth.
UWOs came into force in January as part of the Criminal Finances Act 2017. This requires targets to account for their source of funds. If they cannot prove a legitimate source - and crucially the burden is on them to do so - then their assets and property can be seized.
Still, there's a lot further for the authorities to go. Transparency International has claimed that £4.4bn worth of property in London that has been bought with suspicious wealth is linked to politically-exposed persons and criminals.
A Chairman's Fall from Grace
Carlos Ghosn has not just been at the helm of Renault Nissan but is a true legend in the global car industry for the way he saved Nissan from bankruptcy in 1999 and nursed it back to rude health. He's the only person to have run two Fortune Global 500 companies (Renault and Nissan) simultaneously. And for years he was one of the top five most respected business leaders in the world.
So, it came as a shock to many when he was dismissed by Nissan and arrested in Japan facing prosecution for alleged financial misconduct.
An investigation was launched following a tip-off by a whistleblower, who accused Ghosn of misappropriating funds for personal use. Allegedly Nissan spent millions of dollars to purchase and renovate luxury homes in Brazil, Lebanon, France and the Netherlands without legitimate business justifications. This could open Ghosn up to charges of professional embezzlement as well as tax evasion for not reporting this benefit in his income tax returns.
Prosecutors also claim that Ghosn arranged for himself future compensation to the tune of 8 billion yen ($70.5 million) that was not reported on Nissan's annual report - in contravention of Japanese securities regulations.
Finally, Ghosn is also facing charges of corruption for dubious consultation fees paid by Nissan to his older sister, although the company is unable to confirm whether she has actually performed any work for which she was paid.
All of the above are presently allegations and charges that need to be proven, but they ring a warning bell for top executives, no matter how illustrious, against using their companies as a piggy bank to fund their lifestyle.
New Guidance on Passwords and Encryption from the ICO
The ICO has reminded companies that given the availability of low-cost encryption solutions, they are expected to use encryption when storing or transmitting personal data. If it is important for you to have an encryption policy, be sure to train your staff in its use and importance, but remember the residual risks to the data remain even after encryption.
Although there is no specific mention of passwords in GDPR, the security principle requires organisations to implement appropriate measures to prevent unauthorised processing of personal data. The guidance has advice on authentication schemes, good practice and defending against brute force and other attacks. Again, there's a need to train your employees to embed good practice in your operations.
State of Whistleblowing
The FCA recently published its review of whistleblowing arrangements by firms in the UK financial services sector. It claims that the new rules introduced in 2017 have spurred firms into implementing whistleblowing arrangements and managing concerns fairly, consistently, and in a way which protects the individual whistleblower. Non-exec directors (NEDs) are providing independent oversight and accountability and helping to raise the profile of whistleblowing. However, the report has also identified key areas requiring improvement, most notably in the provision of whistleblowing training to staff, preparation of whistleblowing annual reports, and the need for better documentation as well as practical arrangements for protecting whistleblowers against victimisation.
Expect more protection for whistleblowers by the way of a Whistleblowing Directive that's making its way through the European Commission and the European Parliament.
What's the Cost of Compliance?
At Skillcast, we pride ourselves for not only helping our clients create a culture of ethics, integrity, and compliance. But also for doing so at relatively low costs (£5 and £100 per employee for a complete compliance training solution). So, imagine our shock when we recently came across the following estimates for the cost of financial crime compliance by very credible sources.
Bob Wigley, Chair of UK Finance, claimed at a UK Government symposium that "Banks spend over £5 billion a year fighting economic crime".
Meanwhile, LexisNexis Risk Solutions' 2018 True Cost of AML Compliance report found that the cost of AML compliance across US financial services firms amounts to $25.3 billion per year. This is based on survey responses from more than 150 decision-makers at banks, investment, asset management and insurance firms.
But, then if you think compliance is expensive - try non-compliance!
Looking for more compliance insights?
If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news subscribe to Skillcast Compliance Bulletin.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
And last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, desk-aids, checklists, eBooks, games, guides, handouts, posters, training presentations and even free digital learning modules!