Our pick of key compliance stories this month
- Match Group wins court battle over its trademark
- Block reports data breach concerning 8 million users
- New rules ban celebrities from advertising gambling
- Coca-Cola boss admits receiving £1.5m in bribes
- Former Goldman Sachs banker guilty of conspiracy
- Further Russian sanctions announced by UK and US
- PPE regulations amended after 30 years
- Home Office apologises for visa service data breach
- UK Chemical firm fined £480k after worker injured
- FCA sends warning to illegal crypto ATM operators
- Robeco fined £2m for AML compliance failure
Match Group wins court battle over its trademark
US tech company Match Group, which runs the world's largest portfolio of dating apps, including Tinder, OkCupid, Hinge and Match.com, has won a court battle against the UK dating app Muzmatch.
Muzmatch, based in the UK, is the world's largest Muslim dating site, but it could now lose the right to use its name following the court case.
The UK intellectual property and enterprise court ruled that Muzmatch infringed the Match Group trademark. Match Group accused Muzmatch of "piggybacking on established dating brands" by using "match" in its brand name. This meant that Muzmatch's six million users could have been misled into thinking the app was owned and run by Match Group.
A spokesperson for Match Group stated the following: "We are pleased that the court recognised what we have known to be true: that Muzmatch has unfairly benefited from Match Group's reputation and investment in its brand and was riding Match Group's coattails for undeserved gain in this highly competitive market. We have and will always protect our employees' work, creativity, and innovations."
Block reports data breach concerning 8 million users
Block, formerly known as Square Inc., an American financial services and digital payments company, has reported a cybersecurity and data breach concerning information on more than eight million customers. The breach occurred when a former employee downloaded corporate reports after leaving the company.
The firm stated that: "Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm […]. We know how these reports were accessed, and we have notified law enforcement."
The exposed data contained information on users who used Cash App's investing products. The data included customers' names and Cash App brokerage account numbers. Some of the data also included portfolio value, holdings, and trading activity details on some customers. The breach did not include usernames, passwords, social security numbers or data that could identify a person.
Key takeaways:
- The largest threat of a cybersecurity incident or information/data security breach comes from insiders in many cases. This incident reminds us of this fact.
- Companies should ensure they have external access to employee accounts and disable them immediately upon termination of employment before an employee leaves to safeguard customer and company data.
New rules ban celebrities from advertising gambling
From October 2022, gambling, lottery, and betting companies will not be allowed to promote their products, services and gaming platforms via celebrities and sports stars. The change in gambling and advertising legislation is being implemented to safeguard under-18s, young adults, and vulnerable audiences.
The Betting and Gaming Council stated that the measure is intended to "drive up standards and ensure further protections in advertising".
The new rules have been positively received by politicians, parents, and groups that campaign for awareness of gambling addiction, particularly in light of growing concerns over the impact of gambling on the general population, especially on young people.
Coca-Cola boss admits receiving £1.5m in bribes
Former Coca-Cola manager Noel Corry has admitted to receiving over £1.5m in bribes in exchange for helping specific companies win contracts over nine years.
Between 2004 and 2013, Corry provided Boulting Group with confidential company data so they could gain an edge over rivals in contract bids. He also issued fake contracts that were never fulfilled, pocketing the payments for himself. In some cases, he also had companies pay over the stipulated contractual amount and then kept the difference. The accepted bribes also included tickets to expensive entertainment events. In one case, a bribe payment consisted of more than £11k worth of Manchester season tickets paid for by the bribing companies.
In court, Corry admitted to five counts of corruption and was handed a 20-month suspended sentence. The companies that handed over the bribes were fined, and multiple directors at these companies were also fined and handed suspended sentences.
Key takeaways:
- Contracting companies, suppliers, and third parties need to ensure they have the necessary compliance measures to prevent financial crime, including bribery and money laundering - this includes adequate internal systems and compliance training for all employees
- Bribes can take many shapes and forms, from outright cash payments to expensive gifts or favours
Former Goldman Sachs banker guilty of conspiracy
Once Goldman Sachs' top investment banker in Malaysia, Roger Ng has been found guilty by US courts for conspiracy and money laundering under US foreign anti-corruption laws.
Ng helped former boss Tim Leissner embezzle money via the sovereign 1Malaysia Development Berhad (1MDB) initiative. This initiative was established to drive strategic long-term economic development in Malaysia to aid its economy and stimulate direct foreign investment. The 1MDB fund was connected to Malaysia's then prime minister.
The charges against Ng and his boss, Leissner, arose from a scheme in which Goldman Sachs' Malaysian unit helped 1MDB raise $6.5bn (£5bn) through three bond sales. But $4.5bn (£3.4bn) was diverted to government officials, bankers, and associates between 2009 and 2015 in bribes and payouts. It is estimated that Ng received $35m (£26.7m) in kickbacks for his role in the scheme.
This means that the embezzled monies were laundered through the fund and then used for bribes and personal profit by the accused.
Leissner faced similar charges to Ng in 2018, while Ng's verdict came through this month. As a result of the case, Goldman Sachs paid nearly $3bn (£2.3bn) in fines in 2020 after its Malaysian unit pled guilty to the corporate charges levelled against it.
Further Russian sanctions announced by UK and US
The US and UK governments have announced a new set of sanctions on Russia following its invasion of Ukraine. These measures are intended to harm the Russian economy and punish Putin, numerous high-ranking officials and others who have benefited from his regime.
Among the US's latest sanctions are:
- Economic measures to prohibit new investment in Russia
- Harsh sanctions on two particular Russian financial institutions - Alfa Bank and Sberbank
- Sanctions on major state-owned enterprises
- Sanctions on Russian government officials and their family members, including President Putin's children and relatives of Foreign Minister Sergei Lavrov
Meanwhile, the UK has committed to ending all imports of Russian coal and oil by the end of 2022 and has imposed sanctions on Sberbank, Russia's largest bank.
Key takeaways:
- Keep your knowledge of changes to country sanctions current - pay extra attention to Russia for the time being
- Report any concerns, including actual or potential sanctions violations immediately
- Never bypass sanctions screening or encourage, help or advise clients to so
PPE regulations amended after 30 years
On 6 April 2022, the Personal Protective Equipment at Work (Amendment) Regulations 2022 (PPER 2022) came into effect, amending the 1992 Regulations (PPER 1992). These amendments extend employers' and employees' duties when it comes to personal protective equipment (PPE) to limb (b) workers (casual workers or those who work under a contract for service).
PPER 1992 places a duty on every employer in the UK to make sure that suitable PPE is given to employees who could be exposed to health and safety risks while working.
Since PPER 2022 has come into force, employers need to carefully consider whether the changes apply to them and their workforce and make the necessary preparations to comply.
Home Office apologises for visa service data breach
The Home Office's visa service has apologised for a data breach in which more than 170 people's email addresses were accidentally copied into an email sent out recently.
On 7 April, over 170 email addresses were inadvertently copied into a message from the UK Visa and Citizenship Application Service requesting a change of location for a visa appointment. Some of the email addresses were personal Gmail accounts, while others belonged to solicitors from various companies.
A Home Office spokesperson said, "We take data protection extremely seriously, and there are robust processes in place to prevent breaches. On the rare occasion, they do occur, data incidents which meet the appropriate threshold are reported to the Information Commissioner's Office. Our data protection officer is reviewing this incident to determine whether this threshold has been met."
Key takeaways:
- Take care to safeguard recipients' personal information when sending emails - always double-check the list of recipients before sending
- Protect personal information to ensure appropriate security and safeguard it against unauthorised or unlawful processing, accidental loss, destruction or damage
- Don't conceal or cover up data losses or breaches - report mistakes and violations promptly so that you can limit the damage
UK Chemical firm fined £480k after worker injured
Robert McBride Ltd of Hornscroft Park has been sentenced for safety breaches after one of its workers suffered 13% superficial burns to his arm and hand due to the ignition of flammable vapours at its site.
Beverley Magistrates' Court heard that the worker was adding powder to a large mixing vessel at the time of the incident. As this process was underway, flammable vapours leaving the vessel via the lid ignited, briefly engulfing his upper torso.
The HSE's investigation revealed that the vessel's extraction system was insufficient to prevent a build-up of a flammable atmosphere, and a more suitable one should have been installed. As a result, the firm was fined £480,000 and ordered to pay costs of £13,441.80.
FCA sends warning to illegal crypto ATM operators
The FCA has warned operators of crypto ATMs in the UK to shut their machines down or be prepared to face enforcement action.
In order for ATMs in the UK to be able to provide crypto asset exchange services, they need to be registered with the FCA and comply fully with the UK Money Laundering Regulations (MLR).
However, there are currently no FCA-registered crypto asset companies that have been approved to offer crypto ATM services, meaning that any of them operating in the UK are illegal, and consumers should avoid making use of them.
Recently, the Upper Tribunal ruled against Gidiplus, a company offering crypto ATM services, which wanted to continue trading, pending the Upper Tribunal's determination of its appeal against the FCA refusing its application for registration under the MLRs. The judge concluded there was a "lack of evidence as to how Gidiplus would undertake its business in a broadly compliant fashion".
Robeco fined €2m for AML compliance failure
AFM, the financial regulator in the Netherlands, has issued a €2m fine to Robeco for failing to sufficiently check its clients for money laundering.
It is a requirement for Dutch financial institutions to report suspected transactions to the Financial Intelligence Unit (FIU). However, Robeco, along with its subsidiaries, reported only a few such transactions when compared with other firms.
Only two out of Robeco’s over 250,000 clients, only two clients had received the risk classification “provisionally unacceptable”. These clients opened their accounts in 1986 and 1994.
This raised suspicion with the regulator AFM. Upon investigation, they found that there were significant shortcomings in the company's client checks and transactions.
Looking for more compliance insights?
We have created a series of comprehensive roadmaps to help you plan and execute compliance in your organisation.
Our best-selling Compliance Essentials Library and award-winning LMS provide a one-stop compliance training solution, including compliance refresher courses.
And our searchable compliance glossaries explain key terms and regularly report on learnings from the largest compliance fines resulting from regulatory breaches.
We also have 80+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
If you'd like to stay up to date with compliance learning best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.
Last but not least, you can interact in person with thought leaders and your peers at one of our popular live webinars and face-to-face events.
If you've any questions or concerns about compliance or e-learning, please get in touch.
We're happy to help!
