Our pick of the top 10 compliance stories of 2022
- Theranos founder convicted of fraud
- Azerbaijani 'laundromat' family to hand over £5.6m
- Block reports data breach concerning 8 million users
- Clearview AI Inc fined over £7.5m
- Green investment scheme scammers jailed
- Morgan Stanley fined $200m for WhatsApp use
- Tokyo Olympics executive arrested for bribery
- Modern slavery increases as global poverty surges
- HSBC climate ads banned by UK watchdog
- Creditors owed $3.1bn after FTX collapse
Take a look at our summary of key compliance fines in 2022 too!
Theranos founder convicted of fraud
Elizabeth Holmes, the former CEO and founder of a medical biotech start-up, Theranos, has been found guilty of four counts of conspiracy and fraud. Her sentencing will be finalised in late 2022, and it is expected to include jail time.
Holmes's company claimed it could revolutionise blood testing by supposedly running hundreds of medical tests using just one drop of blood and one machine. This innovation would have had a massive impact on the healthcare industry by making diagnostics cheaper and more accessible. The concept attracted scores of investors, and at one point, Theranos was valued at £6.6bn and raised over £530m in capital from unsuspecting investors.
In reality, Theranos did not have the technology to run this type of efficient testing. Nearly all the tests Theranos ran were carried out using third-party machines that were not its own technology. Of the tests that were carried out in-house, many produced false results. Regardless, Holmes proceeded with her project and false claims.
Holmes' elaborate plot unravelled when whistleblowers exposed Theranos' false claims.
- All business decisions and investments should be based on sound research, due diligence and proven records.
- Careful attention should be paid to investor relations to ensure all communications are honest, fair and based on the truth.
- Companies must have working whistleblowing hotlines and systems in place to ensure fraud and other forms of crime can be safely and anonymously reported, particularly in situations where employees fear retaliation.
Azerbaijani 'laundromat' family to hand over £5.6m
A multimillionaire Azerbaijani politician and his relatives have to turn over millions in suspicious funds brought into the UK through a complex money-laundering scheme known as the "Azerbaijani laundromat."
After ruling that the funds "arise from criminal conduct" and "money laundering," a judge ordered Javanshir Feyziyev and his family to forfeit £5.63 million held in various bank accounts.
This grand scheme was exposed in 2017 when the Danish newspaper Berlingske and numerous other media partners received leaked secret bank records. The data showed that the Azerbaijani leadership had made over 16,000 secret transactions between 2012 and 2014. These transactions were worth approximately $3m a day.
Andy Lewis, head of civil recovery at the National Crime Agency (NCA), said, "This is a substantial forfeiture of money laundered through the Azerbaijan laundromat, and our success highlights the risk to anyone who uses these schemes. We could recover these millions without proving the exact nature of the original criminal activity. We will continue to use civil powers to target money entering the UK via illegitimate means."
Block reports data breach concerning 8 million users
Block, formerly known as Square Inc., an American financial services and digital payments company, has reported a cybersecurity and data breach concerning information on more than eight million customers. The breach occurred when a former employee downloaded corporate reports after leaving the company.
The firm stated that: "Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm […]. We know how these reports were accessed, and we have notified law enforcement."
The exposed data contained information on users who used Cash App's investing products. The data included customers' names and Cash App brokerage account numbers. Some of the data also included portfolio value, holdings, and trading activity details on some customers. The breach did not include usernames, passwords, social security numbers or data that could identify a person.
- The largest threat of a cybersecurity incident or information/data security breach comes from insiders in many cases. This incident reminds us of this fact.
- Companies should ensure they have external access to employee accounts and disable them immediately upon termination of employment before an employee leaves to safeguard customer and company data.
Clearview AI Inc fined over £7.5m
The Information Commissioner's Office (ICO) has found Clearview AI Inc, a facial recognition database company, over £7.5m. The company provides a service that allows customers, including law enforcement members, to upload an image of a person on the company's app, which is then cross-checked with Clearview AI Inc's database for potential image matches.
The customer is then provided with links to where the images were taken from, such as social media. This way, customers could trace a person's full name and particulars through the publically available information on social media sites from an image.
Authorities found the company breached the UK General Data Protection Regulation (GDPR) for collecting over 20 billion public images of people's faces. Even though the company collected image data from publicly available sources such as social media, the subjects were not informed that their images were being harvested and used by Clearview AI Inc.
The UK Information Commissioner noted that:
"The company not only enables identification of […] people, but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable. That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice."
- Firms should never collect personal or special category data or use it for different purposes without first making sure they comply with the UK GDPR.
- Publicly available information, such as data found on social media, is still subject to GDPR. Namely, firms or individuals cannot harvest personal data from public sites and use it for commercial purposes.
Green investment scheme scammers jailed
Following the SFO's successful investigation and prosecution, Andrew Nathaniel Skeene and Junie Conrad Omari Bowers have been sentenced at Southwark Crown Court to 11 years' imprisonment.
Bowers and Skeene were the masterminds behind Global Forestry Investments, a fraudulent green investment scheme that defrauded around 2,000 victims from their savings and pensions.
The con artists persuaded victims to put money into three Brazilian teak tree plantations. They told them they were safe, ethical investments that would support local communities and maintain the Amazon rainforest. In actuality, not much was happening, and the couple used their money to enrich themselves
Skeene and Bowers collectively withdrew about £750k in cash during the schemes' operation and spent an additional £2m on shopping, luxuries, and entertainment. Additionally, Skeene paid for his opulent wedding with money from investors, while Bowers purchased a Bentley Continental GT.
"The investors believed that they were buying into an ethical investment scheme which would yield a safe and steady income. But the reality was that you wrote or said things about the schemes which were either false or misleading at the outset or became so, and you failed to correct them." The Judge highlighted the "serious detrimental impact" the scam had on investors, including some victims being prevented from retiring and suffering "prolonged distress and mental anguish".
Morgan Stanley fined $200m for WhatsApp use
Morgan Stanley is to pay $200m over "the use of unapproved personal devices" and substandard record-keeping requirements.
This fine comes only months after regulators in the US imposed a similar penalty on rival bank JPMorgan. In that case, managing directors and other senior employees tried to escape regulatory scrutiny by using WhatsApp and personal email addresses for business-related conversations.
"As technology changes, it's even more important that registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight," said SEC Chair Gary Gensler.
Citigroup is also facing a fine for using "unapproved electronic messaging channels".
- Never use a personal device or a non-approved communication channel to discuss any in-scope activities
- Separate your personal life from your work life - keep work stuff on work systems, and personal stuff on personal devices
- Never suggest that a business conversation moves off a recorded system or use jargon to try and avoid surveillance.
Tokyo Olympics executive arrested for bribery
A Tokyo Olympics board member has been arrested on suspicion of taking bribes, along with three other men connected to the scandal.
According to the prosecutor's office, Haruyuki Takahashi, 78, a former executive at the advertising firm Dentsu, is suspected of accepting bribes from the former CEO of Aoki Holdings Inc. and two other company workers.
The alleged bribes, amounting to 51m yen (£315,800), were deposited into a bank account of Takahashi's firm from October 2017 to March 2022 and are believed to be for sponsorship and products related to the Olympic Games.
Takahashi is credited with landing more than £2.5bn in local sponsorships for the Tokyo Olympics. Dentsu is a major player in many huge Japanese events, including the Olympic Games.
- Never offer or accept cash or anything of monetary value in return for improper performance of any function
- Conduct initial and ongoing due diligence of third parties, and comply with any other third-party procedures necessary
- Make sure that gifts, hospitality, donations, sponsorship and expenses are proportionate and in line with agreed policies and thresholds
- Report any knowledge or suspicion of bribery immediately
Modern slavery increases as global poverty surges
The UN International Labour Organisation (ILO) stated that modern slavery has increased by a fifth in the past few years. It is estimated that there are currently 50 million people who are victims of modern slavery and forced labour.
The ILO said around half the people were forced to work against their will. At the same time, the other half were forced into marriage. Both situations and contexts fall under the ILO's definition of modern slavery, where a person "cannot refuse or cannot leave because of threats, violence, deception, abuse of power or other forms of coercion."
The overall situation has worsened with increasing poverty rates due to crises like the COVID-19 pandemic, armed conflicts, climate change, global instability and decreased supply of essential goods like staple foodstuffs and construction/manufacturing materials.
HSBC climate ads banned by UK watchdog
A Tesla factory worker has filed a lawsuit over alleged sexual discrimination on the factory floor. Jessica Barraza claims that months after she started work at a Californian Tesla factory, she started experiencing near-daily harassment, including vulgar comments and inappropriate sexual advances from colleagues.
She claims the work environment became so toxic that it led to a diagnosis of post-traumatic stress disorder following three years of working at the factory. Barraza filed her complaints to Tesla HR in September and October, but they did nothing to tackle the harassment, and it is unclear whether the complaints were even acknowledged internally.
Tesla includes a mandatory arbitration clause in the contracts that mandate employees to settle disputes outside of court. This type of dispute is, therefore, rare. However, Baraza's attorneys claim that this clause is illegal.
Since Barraza has filed the lawsuit, other employees are coming forward with sexual harassment claims. The case remains ongoing, with the official charges citing sexual harassment and failure to prevent sexual harassment at the workplace.
- Establish a zero-tolerance policy on discrimination and harassment of any kind at the workplace and nurture a culture of good conduct.
- Ensure all policies and procedures are legal and compliant with Employment Law, including contracts and complaint procedures, are legal and compliant with Employment Law.
Creditors owed $3.1bn after FTX collapse
Court filings reveal that almost $3.1 billion is owed to creditors after the FTX cryptocurrency exchange collapse.
FTX, once valued at $32bn, enabled people to buy bitcoin and was one of the biggest global exchanges. Before its collapse, FTX had secured big-name backing from the likes of Sequoia Capital, Temasek, BlackRock and Tiger Global.
Concerns were raised after an online document leak showed its sister company Alameda Research was unstable and had been loaned $10bn from FTX, sparking a run on withdrawals. Over a million investors – 80,000 of them in the UK – are believed to have lost their money. The true scale of losses is still unknown, largely due to poor record keeping.
Sam Bankman-Fried (SBF), its unconventional founder who allegedly played video games in pitch meetings, apologised to FTX employees. Many of them were paid in FTX's FTT token, which has dropped 80% in value.
John Ray III, who oversaw the Enron bankruptcy, has replaced him as chief executive. His assessment was damning, "Never in my career have I seen such a complete failure of corporate controls and a complete absence of trustworthy financial information as occurred here."
- Conduct due diligence and Know Your Customer – but don't be blinkered when assessing the findings. Bain's due diligence of FTX flagged SBF's oversight of FTX-linked entities as a key risk
- Watch out for confirmation bias – the tendency to seek information that supports your beliefs
- Don't ignore red flags – if actions go against norms, don't dismiss this as 'unconventional', 'maverick' or 'genius'
- Keep proper records – they provide an audit trail of your decisions and due diligence and can be vital court evidence
Looking for more compliance insights?
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.