Compliance news - February 2019
This blog is dedicated to bringing you the news that touches the people dimension of regulatory compliance. For us compliance is not just about regulations, policies, procedures, and systems - but human factors that lead individuals and organisations to make errors of judgement, and in some cases, to act in brazen disregard of the rules.
Here's the selection of news stories that we've found most informative.
- Brown envelopes, red envelopes, e-wallets
- Brexit and data protection
- Danske Bank shutdown in Estonia
- Another Hundred Million Fine for Financial Crime
- Firms pause YouTube to protect brand
- Taxman scores again!
- Banks need to build operational resilience
- Son of former PM in asset seizure
Brown envelopes, red envelopes, e-wallets
While much of the world associates brown envelopes with cash-for-favours, in China they come in the colour red! Chinese New Year is an occasion when friends and families exchange 'red envelopes', often containing cash, to bestow good fortune for the year ahead. Obviously, this presents an opportunity for unscrupulous operators to offer cash to officials, customers, and suppliers to gain influence (or 'guanxi' in Chinese).
And while officials and compliance officers battle the physical envelopes, a new headache is emerging as the red envelopes are offered electronically via apps like AliPay and WeChat Pay. The ease of such payments raises fresh concerns about how much transparency and oversight firms have of payments made by employees on personal devices, leaving many hurriedly checking IT acceptable use policies.
Of course, bribery doesn't always come in the form of cash in envelopes of any colour. Most often it is in the form of gifts, hospitality, and a variety of favours such as offering jobs and internships!
Happy Chinese New Year Everyone!
Brexit and data protection
As the clock ticks closer to 31 March 2019, the Information Commissioner's Office is urging companies to check whether they need to introduce additional safeguards if the UK leaves the European Unit without a deal.
According to the ICO, firms should review current personal data flows, which are unrestricted for as long as the UK remains a member of the EU, but may not be lawful in the event of no deal. (Note: Existing arrangements may continue until 2020 if the proposed EU Withdrawal Agreement is rubberstamped until a long-term agreement is reached.)
It also recommends the following action:
- Map data flows so you know exactly where personal data you're responsible for is going - remember, while personal data may continue to flow from the UK to the EEA without further measures after the leaving date, transfers from the EEA to the UK may be impacted.
- Check what lawful basis you're relying on - if EU citizens freely share their information with you, then you won't need to introduce new measures or stop processing it.
- Review the privacy information you currently provide to data subjects - does this need to be updated in the event of no deal?
- Don't assume you can rely on an adequacy decision in the event of a no deal - The ICO says, "An assessment of adequacy can only take place once the UK has left the EU". Until then you'll need specific legal arrangements (e.g. standard contractual clauses) covering personal data transfers from the EEA to the UK.
- Don't expect to rely on current arrangements with say, a European parent company - Check whether you need to introduce other mechanisms (e.g. standard contractual clauses) or are able to rely on binding corporate rules (to be confirmed by the European Data Protection Board or EDPB) to legitimise personal data transfers to the EEA.
- If the ICO is your lead authority but you have operations throughout Europe, think about whether the ICO can continue to act as the One-Stop Shop after 31 March 2019.
The standard contractual clauses provided by the ICO are very useful for firms operating and processing data in the UK and the EU (as we in Skillcast do ourselves). They offer continuity, simplicity, and certainty in your data processing activity irrespective of the flavour of Brexit we get.
Danske Bank shutdown in Estonia
You may recall our coverage of the €200bn money laundering scandal involving Danske Bank's operations in Estonia. This case illustrates the financial crime risks that exist inside the EU itself, while it designates high-risk jurisdictions around the world!
In a new development in this saga - the Estonian Financial Supervision Authority, the watchdog under whose supervision the money laundering operation flourished - has ordered Danske Bank's branch in Tallinn to close within eight months.
Critical of the bank, the regulator said: "Danske Bank violated anti-money laundering regulations for many years by operating high-risk money-laundering clients to make suspicious transactions through the bank. In addition, Danske Bank misled the Estonian public authorities by providing them with inadequate information and thus actually hampered their activities."
Acknowledging the negative impact the scandal has had on Estonian society, Jesper Nielsen, Danske's Interim CEO, said, "We are sorry to be leaving Estonia against this background, but we understand the severity with which the Estonian FSA looks at this case, and we will close down our remaining activities as requested."
Danske Bank had around 27,000 loan and deposit customers in Estonia at the end of 2018. It announced that it will also close its operations in Latvia, Russia and Lithuania.
This is by no means the end of the case as the US Securities and Exchange Commission joins the growing list of regulators investigating the bank, with SwedBank also implicated, after claims 40 billion Swedish crowns ($4.3bn) was transferred between SwedBank and Danske accounts.
Did someone blow the whistle?
Lawyer Stephen Kohn, who is representing Howard Wilkinson - the British trader-turned-whistleblower who exposed wrongdoing, said, "This is a lesson to corporate banks. All of the banks responsible for this historic money-laundering scandal, not just Danske, must be investigated by regulators and held fully accountable."
What are the key takeaways here? This case illustrates how easy it is to destroy a company's reputation if no-one speaks out about wrongdoing. Culture is paramount and is "widely accepted as a key root cause of the major conduct failings."
Another Hundred Million Pound Fine for Financial Crime
The Financial Conduct Authority has fined Standard Chartered £102.2m for poor financial crime controls. The bank has further set aside $900m to cover both US and UK probes into US sanctions violations and currency trading issues, effectively wiping out its profits for the last half of 2018.
It has faced multiple investigations over its dealings with Iran and agreed to pay $667m in 2012 for sanctions breaches. The bank was also fined $40m last month by New York's financial watchdog (DFS) for rigging foreign exchange transactions between 2007 and 2013.
Firms pause YouTube to protect brand
AT&T, Epic Games (makers of best-selling game Fortnite), Hasbro, Nestle and Disney have all paused their advertising on YouTube, the video-sharing platform, amid concerns about their ads being shown alongside inappropriate content.
An AT&T spokesman said, "Until Google can protect our brand from offensive content of any kind, we are removing all advertising from YouTube".
This exemplifies the dilemma many companies face - how to balance the need to appear edgy and tech-savvy while simultaneously protecting their reputation and brand. We address this in our course on the Responsible Use of Social Media.
Taxman scores again!
In the ongoing saga of people in football being chased down for tax evasion, this month it's the turn of José Mourinho.
Mourinho was fined £1.9m (€2.2m) and received a one-year suspended prison sentence to settle charges of tax evasion. Spanish prosecutors alleged the former Real Madrid and Manchester United manager defrauded tax authorities of €3.3m by failing to declare money for image rights between 2011 and 2012. Like Ronaldo, he used companies in BVI, Ireland and New Zealand to "hide the profits from his image rights".
Banks need to build operational resilience
Research by consumer group Which? found almost two-thirds of banks and building society branches have closed in the last 30 years. Last month, we reported that Santander and other high-street banks are closing branches, due to the rapid uptake in online banking and mobile apps.
No-one's denying the convenience of 24/7 banking but, if branches close, it's more important than ever that consumers can access their money when needed.
Confidence has taken a bit of a nosedive this month. We've seen many of the big banks, including Wells Fargo, TSB (yup, again) Lloyds, and Barclays, dogged by IT problems, with customers effectively locked out of their accounts due to outages in their mobile and internet banking services.
Operational resilience isn't a new concept. It's attracted attention from UK financial regulators before, with firms being urged to ensure preparedness in the wake of cybersecurity incidents.
If banks are to continue safeguarding vulnerable people and prevent financial exclusion, it's vital that they strike the right balance between banking innovation and maintaining availability of services, so customers are truly at the heart of the business.
Skillcast offers an e-learning course on Safeguarding Vulnerable Customers in financial services that incorporates FCA guidance in our FCA Compliance library.
Son of former PM in asset seizure
The NCA's international corruption unit has ordered Vlad Luca Filat, the son of the former prime minister of Moldova, to hand over almost £500,000 after he was unable to "demonstrate a legitimate source for the money".
His father, Vladimir Filat, was jailed for nine years in June 2016 after $1bn was stolen from three Moldovan banks. When Luca came to the UK to study in July 2016, he paid £400k upfront to rent a penthouse in Knightsbridge, £200k for a Bentley Bentayga, and bought other designer goods all funded from offshore accounts.
The judge concluded, "I am satisfied on the balance of probabilities that the cash was derived from his father's criminal conduct in Moldova".
This verdict immediately switches the focus to the bank, the university, the estate agent, and the car dealer who transacted with Luca Filat. Anti-corruption campaigners Global Witness are already calling for scrutiny of such entities:
"This kid is the son of a former prime minister imprisoned for an abuse of power related to a billion-dollar scandal, driving to uni in a Bentley, renting a penthouse that costs more each day than most students pay a month. The NCA should now be asking the bank, the university, the estate agent and the car dealer what checks they made on this suspicious spender and his Cayman Island companies."
Looking for more compliance insights?
Skillcast has partnered with YouGov to conduct primary research into compliance issues, attitudes and risk perceptions in the UK workplace to produce a series of Insights Blogs.
We also have 50+ free compliance training aids, including a selection of desk-aids, eBooks, guides, handouts, posters, training presentations and even free e-learning modules!
And why not subscribe to our Compliance Bulletin which delivers a round-up email of all of this month's best practices, expert opinions, industry insights, key trends in regulatory compliance training, digital learning, EdTech and RegTech news.