Compliance Essentials News - October 2019
This month's round-up of key compliance news includes fashion modern slavery, Chinese bribery, sanctions growth, AML fines, new EU whistle-blowing rules and more...
Our pick of the most informative compliance news this month
- Fashion victim: Lululemon investigates supplier
- Rebel without a cause: Chinese officials wooed with crystal, trips and $4k wine
- Growing sanctions risk expected in 2020
- Estate agents may be forced to hand over suspects' details
- Gambling Commission fines Betfred £322k for AML failures
- Don't shoot the messenger: New EU whistle-blowing rules from 2021
- Brakes on broker incentives in car finance crackdown
Lululemon, the popular athleisure brand, is investigating after workers at a factory in its supply chain have spoken out about the conditions they are forced to endure.
Female workers at Youngone Corporation, a Bangladeshi factory, claim they face physical violence, assault and regular humiliation - with managers calling them "prostitutes" and "whores" - if they break workplace rules. There is also intense pressure to meet targets.
Yet, textile workers are paid 9,100 Taka (£85) a month, well below the 16,000 Taka living wage that unions expect. That's less than the retail price of a single pair of Lululemon leggings.
"A responsible supply chain starts with us and we are committed to upholding ethical sourcing practices globally. Our Vendor Code of Ethics consists of best in class industry standards. We require that all vendors share our values and uphold a consistent set of policies that live up to our Code. We do not tolerate any violation of this Code. Upon learning of the reports about a facility in Bangladesh, we immediately launched an investigation. There are currently no orders planned for this factory, and we will take appropriate action based upon the findings of our investigation."
The Canadian company recently launched a partnership with the United Nations committing $1m to promote the mental health of aid workers. But it's not the first time the brand has come under fire. In 2013 it faced a backlash for being slow to sign the Bangladesh Safety Accord, introduced after 1,000 people were killed when a factory collapsed.
- Get the message right "from the Crown down" - send a clear message that your company puts principles before profits
- Identify risks - conduct a risk assessment of your entire operations to identify specific vulnerabilities, whether in parts of the supply chain, business areas, workers or jurisdictions
- Carry out comprehensive due diligence checks - know your business and its supply chains to better understand your overall exposure
- Carry out spot checks and regular audits on suppliers - adopt a risk-based approach, so more spot checks and audits are carried out on suppliers or categories that pose the most risk
- Think about unintended consequences as you plan work - excessive production targets may inevitably lead to cut corners or intolerable working conditions; consider what else you might do to address this
- Empower and engage - create networks of "champions" both within supply chains and with external stakeholders and NGOs, who may have expert knowledge of the local climate, help identify risks and draw attention to issues of worker exploitation
- Make it safe to speak up - especially in countries where communications may be monitored or where cultural norms may make this difficult
- Don't try to justify bad behaviour - we should not make excuses ("It's the way business is here") or be tempted to cover up problems; if there are no sanctions for breaking the code, we all look complicit and everyone is implicated
So it's worse than we thought. Deutsche Bank (DB), the so-called "poster child for misconduct in the finance industry", has done it again.
In the early 1990's the bank had almost no presence in China, according to the New York Times. Yet by 2011, it emerged as the main player for IPOs in China and the rest of Asia.
How did it pull off this remarkable transformation? Easy. Internal documents prepared by the bank and its lawyers reveal the plan - and were shared with German newspaper Süddeutsche Zeitung (the same publication that broke the Panama Papers story).
- In total, $200k was spent on lavish gifts for Wen Jiabao, the Chinese president and his family. These included...a crystal tiger and Bang & Olufsen sound system worth $18k, Louis Vuitton luggage, Cashmere overcoats, a $15k crystal horse, a $10k golf trip, a trip to Las Vegas, a $4k Château Lafite Rothschild (vintage 1945).
- Over $14m paid to seven consultants to set up meetings to help win business
- More than 100 relatives of the Community Party's ruling elite were hired, despite many being under-qualified - an email described one as "probably one of the worst candidates"
This isn't news. In August 2019, the bank agreed to pay the US regulator $16m over its use of corrupt payments to win business. But even US regulators underestimated the true scale of its corruption. Indeed, the bank's own lawyers had warned them to expect a $250 m penalty for wrongdoing in China, having calculated that 19 of its hires brought in $189 m in revenue.
Speaking to the New York Times, Josef Ackermann - the bank's CEO until 2012 - said, "This was part of doing business in this country. At the time, this was the way things were done." He also added, "It's a relationship country. Of course we cultivated these people."
He didn't recall any personal wrongdoing but admitted everyone thought it was a good idea, claiming: "They said that's what Goldman and JPMorgan are doing, so we should do it." Partly true. JPMorgan was fined $264.4 million over its Princelings programme in 2016, while Goldman Sachs is not accused of wrongdoing in China.
We can expect to keep seeing Deutsche Bank in the headlines for some time yet.
- Embed Anti-bribery and Anti-corruption (ABAC) principles in corporate culture by referring to ABAC in company handbooks, reports, and training. Include ABAC clauses in all supplier contracts, along with appropriate termination clauses for suspected breaches.
- The "tone from the top" matters - senior managers are expected to "walk the talk"; if they don't, the ABAC message is completely undermined
- Spread the word, crime doesn't pay - don't buy the line that "We have to do it to compete" or "because our competitors will". A study of 480 multinationals, rated on anti-corruption systems by Transparency International, compared their performance and financial data between 2007-2010. It found that those with poor anti-corruption ratings had just 5% higher sales growth than those with good ratings but tellingly also had lower profitability. Whisper it, but could this be due to lost revenue as a result of paying bribes? There was also a 28% higher chance of facing a scandal in the media.
- Don't ignore red flags - in the DB case, both the head of compliance in Hong Kong and the head of Investment Banking raised concerns about payments ("scared of how [named person] was doing business and whether there was money being passed around in envelopes"), yet the payments continued. Why?
- Insist on difficult decisions being made in teams - this can reduce the impact of "bad apples", promote honest discussions, and create a better culture so the company's reputation does not hang on the choices made by one person acting alone in a difficult situation. Remember though that group-think works best when there are positive role models and strong leaders around!
- Admit past errors - encourage people to speak openly about past mistakes, allow them to express their opinions candidly and be honest about the integrity challenges they face. Closing down discussions, failing to acknowledge integrity issues and leaving misunderstandings unchallenged can undermine your compliance effort.
- Learn lessons from other breaches - including internally and within your sector. This often provides important insight and is a powerful way to deliver change. As Siemen's CEO Peter Löscher said, "Never miss the opportunities that come from a good crisis". After Siemens and SNC-Lavalin were charged with bribery, subsequent audits found that the profits on contracts where bribes were paid were remarkably low - due to the cost of paying bribes (10% of the contract value). So while the $189 million revenue boost to DB might have looked good back then, it will look less so once all the penalties have been totted up. And, as for its "poster child" image, well that could be harder to shed.
A report by risk consultancy Control Risks is predicting that sanctions risks will rise in 2020 and stresses the need for companies to stay vigilant to avoid violations.
The report lists five major trends that are shaping the sanctions landscape:
- The United States willingness to use sanctions
- Divergence between the US and EU in respect of sanctions (for example, with Iran),
- Increasing willingness of individual regimes to impose their own sanctions (such as the Gulf States),
- The growing use of sanctions targeting individuals.
- Five countries to watch - Iran, North Korea, Russia, Venezuela and Syria, it encourages organisations to be alert to the risks posed by dealing with non-sanctioned countries that trade with them - such as China with North Korea, and Turkey with Iran.
Co-author Harry Smith urged companies to "conduct due diligence beyond immediate counter-parties. Recent enforcement actions by the US authorities demonstrate the need to consider sanctions exposure throughout your value chain - suppliers through to customers and all that is in-between".
- Keep your knowledge of sanctions up-to-date - by regularly checking guidance issued by Office of Foreign Assets Control (OFAC), EU sanctions and UK sanctions including HMT and OFSI guidance.
- Learn lessons from published violations and enforcement action - checking current cases can help you understand your compliance obligations, how violations occur, how regulators will interpret your actions, and what remedial action that is expected
- Understand the sanctions landscape - sanctions don't just apply to financial transactions and the freezing of assets. There can also be restrictions on the supply of services (such as giving advice) and trade (such as the supply of arms, diamonds, etc). New sanctions regimes - including Chemical Weapons and Cyber Attacks have also recently been introduced.
- Conduct due diligence on third parties - in particular, agents, distributors, customers and suppliers that trade with or border sanctioned countries to assess exposure. Ignorance is no excuse. Don't just look at your customer but also your customer's customer when carrying out risk assessments. Who are the beneficial owners?
- Take a holistic view of your company's entire risk exposure - while most of your team should easily recognise jurisdictions where sanctions apply, they may not necessarily foresee risks when dealing with non-sanctioned countries that trade directly with them (such as China with North Korea) or share a border with them (such as Turkey and Iran). Countries such as Iraq and UAE can also be used by entities to bypass sanctions. Would front-line staff recognise these risks and, crucially, know how to handle this kind of exposure?
Anti-corruption campaigners have long campaigned about the amount of UK property being bought with illicit wealth (£4.4 billion). Earlier this year we covered the HMRC's crackdown on money laundering.
Now, in a further move, estate agents may be forced to hand over the vendor and buyer personal and bank details of high-end properties in exclusive parts of London to the National Crime Agency. Similar disclosures would be required where property is used for organised crime.
Ministers are assessing whether 'geographical tactical orders', used in the United States to gather intelligence about the purchasers of high-end properties for cash in Palm Beach and Manhattan, would work here.
Companies specialising in selling exclusive properties are warning the move would adversely impact sales. But could it work?
The UK Gambling Commission (UKGC) has fined Petfre Ltd (operating as Betfred) £322,000 for failing to carry out sufficient Source Of Funds (SOF) checks on one of its customers.
The customer deposited £210,000 and lost £140,000 over a 12-day period in November 2017. This led to a request to provide SOF, which the customer ignored, raising "significant concerns regarding the effectiveness of [its] policies and procedures" according to the UKGC.
In fact, the money that the customer spent with Betfred (and other operators) was stolen and they have since been convicted of a £2m fraud.
Online and land-based operators need to ensure they are complying with their AML obligations.
Last month, the UKGC also fined Silverbond Enterprises £1.8m for social responsibility and AML failings at its Park Lane Club.
Edward Snowden. Katharine Gun. Antoine Deltour. John Doe. Bradley Birkenfeld. Howard Wilkinson. History shows that whistle-blowers rarely get the thanks they deserve.
Yet without them, we might never know about the United States surveillance program (PRISM), the tax deals struck by multinationals (LuxLeaks), the lengths the rich and famous go to conceal their wealth (Panama Papers) or countless other misdemeanours.
No surprise then that for every person who speaks out, many more choose to remain silent - fearing retaliation or reprisal.
- Research by Eugene Soltes found that while 46% of workers were likely to report theft of company property and 41% fraudulent accounting whilst only 27% would report inappropriate gift giving.
- 20% of whistle-blowing hotlines do not function properly or allow whistle-blowers to maintain anonymity.
Just ten EU countries currently have comprehensive laws to protect whistle-blowers and legislation is often limited to specific sectors (e.g. financial services). However, the EU has now adopted new rules to enhance protections for whistle-blowers. So what can we expect and how should businesses get ready?
Companies will need to:
- Provide a hierarchy of safe channels for reporting for companies with over 50 employees - with reports to be made in the first instance within the organisation and then via external channels, which public authorities are obliged to set up. Note that anyone who chooses to report externally will not lose any of the protections.
- Prepare for the widening scope - as new rules will cover financial services, public procurement, prevention of money laundering, product and transport safety, nuclear safety, consumer and data protection.
- Introduce a number of measures to support and protect whistle-blowers from retaliation - Such as suspension, demotion and intimidation. Measures include independent information and advice, assistance from competent authorities, as well as legal aid in criminal and cross-border proceedings and financial support. Colleagues and relatives must be protected too.
- Follow up whistle-blower reports within three months
There are also provisions to protect whistle-blowers from liability - so companies cannot misuse other legislation such as copyright, defamation, copyright or insider dealing to silence or threaten them. Member States have two years to transpose the new rules into law.
Whistle-blowing charity Protect (formerly Public Concern At Work) wants new UK legislation to ensure whistle-blowers get the same rights.
Facebook's plans to launch a new global digital currency (Libra) have suffered a setback after major payment firms backed out.
PayPal, Ebay, Stripe, Mercado Pago, Visa and Mastercard have all stepped away, leaving mostly non-profits, venture capitalists, telecommunications and tech companies - Uber, Spotify, Lyft and Vodafone - left in the consortium.
Facebook announced its intention to create its own currency earlier in the year but has encountered intense criticism on both sides of the Atlantic, with France, Italy and Germany insisting they would block the currency in Europe.
Bruno Le Maire, France's finance minister, put it best, "I don't see why we should dedicate so much effort to combating money laundering and terrorist financing for so many years to see a digital currency like Libra completely escape those regulatory efforts."
The Federal Reserve and US senators promised that the project would face intense scrutiny and could not proceed until concerns about money laundering, privacy, financial stability and consumer protection had been addressed.
Hands up anyone who still thinks regulation is a bad thing?
Bought a new car recently? If so, look away now if you paid for it on finance.
The Financial Conduct Authority is clamping down on the way car retailers and brokers in the motor finance sector receive commission, saving drivers around £165m a year.
The watchdog found evidence that brokers received commission linked to the interest rate that customers pay. Since the retailer and broker are free to set that rate, the FCA said "the widespread use of this types of commission creates an incentive for brokers to act against the customers' interests".
"We have seen evidence that customers are losing out due to the way in which some lenders are rewarding those who sell motor finance. By banning this type of commission, we believe we will see increased competition in the market which will ultimately save customers money."
It is also investigating how customers are told about commission following a two-year investigation of the motor finance sector.
- Focus on the tone from the top - do you empower your team to make the right decisions with customers? Or do you insist they put profit before principles?
- Examine current policies and procedures - are you confident that customers are being treated fairly and you consistently act in their best interests?
- Check your provision for vulnerable customers - what measures are in place to protect vulnerable customers (eg those already in debt)? How do you check affordability at the time of purchase? What more should you do?
- Meet the Treating Customers Fairly (TCF) principle - e.g. what disclosures do you make about commission and fees at the time of purchase to ensure transparency? How do you manage conflicts of interest?
Looking for more Compliance news?
We also publish our pick of the biggest news in Financial Services compliance every month in FCA Compliance News.
Why not subscribe to our Compliance Bulletin which delivers a round-up email of all of this month's best practices, expert opinions, industry insights, key trends in regulatory compliance training, digital learning, EdTech and RegTech news.