This month’s key compliance news includes Russian cyber sanctions, Samsung’s chip secrets leak, Amigo’s fine, NHS fraud, ITG’s recidivism, and more.
Seven Russian nationals have been sanctioned for their involvement in ransomware attacks. The UK's Foreign Office – in partnership with the US – has frozen their assets and imposed travel bans on the men, who are suspected members of the hacking group Trickbot.
An estimated £27m in ransoms has been extorted from 149 UK victims and businesses. Conti and Ryuk ransomware strains were behind recent attacks on hospitals, schools, businesses, and local authorities (including the Scottish Environment Protection Agency).
Ransomware is classed as a tier-one national security threat by the UK government. In 2021 alone, the group behind Conti extorted $180 million in ransomware, according to Chainalysis.
“This is a hugely significant moment for the UK and our collaborative efforts with the US to disrupt international cyber criminals. The sanctions are the first of their kind for the UK and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies."
Graeme Biggar, Director-General, National Crime Agency
Seven former Samsung employees have been jailed in South Korea for illegally stealing semiconductor-related technology and sharing it with overseas companies.
The employees - who worked for Samsung’s subsidiary SEMES, South Korea’s biggest semiconductor manufacturer – stole equipment design blueprints and components lists over a two-year period.
One in the group, identified as Nam, used the information to set up a rival company making semiconductor cleaning equipment. In total, 14 cleaning machines were manufactured and sold to Chinese companies, netting Nam’s company $59.8 million. Nam also entered a joint venture and signed over the technology, including 24 equipment cleaning blueprints.
Nam was sentenced to four years imprisonment, while each of his accomplices face up to two-and-a-half-year jail terms. Nam’s company was fined $768,000.
A BBC investigation has found evidence of sexual exploitation at tea farms in Kenya. More than 70 women said they had experienced sexual abuse or harassment by their supervisors on farms supplying some of the UK’s biggest brands, such as Lipton, PG Tips and Sainsbury’s Red Label. One woman claimed that she had been infected with HIV by her supervisor.
Secret filming at a plantation owned by James Finlay & Co showed a manager pressuring the undercover reporter for sex.
At another plantation owned by Unilever, at a job induction, a manager talked of the company’s zero-tolerance approach to sexual harassment. However, the same reporter was later invited by him to a hotel bar, where she was again pressured for sex. When she was later assigned to the weeding team, the reporter was offered an easier assignment in exchange for sex.
James Finlay & Co confirmed that its employee had been suspended and reported to the police. The company - which supplies Tesco, Sainsbury’s and Starbucks - also said it was investigating whether there was “an endemic issue with sexual violence” at its Kenyan operations.
Responding to the allegations, Sainsbury’s said, “These horrific allegations have no place in our supply chain.” Tesco said it was taking the matter “extremely seriously”. In a statement, Starbucks said it was “deeply concerned” and had suspended purchases from James Finlay.
It’s not the first time that Unilever has faced allegations of sexual harassment. Concerns were raised 10 years ago which resulted in the company launching a ‘zero-tolerance approach’ and a new reporting system.
Yet, the women claim that their allegations are being ignored. Unilever sold the plantation as filming took place but said it was “deeply shocked and saddened” by the matter. Its new owners have suspended those responsible and is investigating.
Sub-prime lender Amigo has been censured by the Financial Conduct Authority for failing to conduct adequate affordability checks on its customers and guarantors.
The regulator claimed that between November 2018 and March 2020, the company did not have adequate processes to assess the borrower and guarantor’s circumstances before approving loans. The company relied too heavily on automated IT systems and had inadequate controls in place. Staff also failed to conduct proper checks when the system flagged up concerns.
This resulted in a high risk of consumer harm, particularly for vulnerable customers. It also meant that guarantors were more likely to have to step in, with one in four guarantors being expected to repay the loan.
The company was accused of “prioritising [its] commercial interests over the obligation to comply with the rules and safeguard customers from unaffordable loans”.
The FCA had planned to impose a fine of £72.9 million, but the penalty was waived after Amigo demonstrated it would cause “serious financial hardship” and threaten its ability to fulfil a High Court compensation scheme to repay unfairly treated customers.
McDonald’s has entered a legally binding agreement with the Equality and Human Rights Commission (EHRC). It follows reports about sexual harassment by workers in its restaurants and concerns about how the fast-food giant has managed allegations in the past.
Under the Section 23 agreement (so-called after the relevant section of the Equality Act), McDonald’s has agreed to:
“We are pleased that McDonald’s has signed this agreement to signal their intent to make their restaurants safe places to work. The improvements they put in place can set an example for others to follow, whether in the hospitality industry or elsewhere. There should be zero tolerance of sexual harassment in every organisation. It can devastate people’s lives and create a toxic working environment for all.”
- Baroness Kishwer Falkner, EHRC chairwoman
According to the Bakers, Food and Allied Workers Union (BFAWU), which has received over 1,000 complaints from its staff, McDonald’s has used non-disclosure agreements (NDAs) to conceal cases.
The new Workers Protection Bill outlaws NDAs and will also introduce a new duty on employers to protect workers from sexual harassment.
An NHS ‘psychiatrist’ has been convicted of a “deliberate and wicked deception”. The court heard that Zholia Alemi forged her medical degree certificate, allowing her to practise in the NHS for twenty years.
In 1995, Alemi sent a forged certificate to the General Medical Council claiming that she had qualified at the University of Auckland in New Zealand. In fact, she had repeatedly failed her exams there and was asked to leave the course after failing resits.
Between 1998 and 2017, Alemi practised all over the country, working in hospitals with “potentially very vulnerable people over a long period of time”. She is thought to have earned over £1m from the NHS over twenty years.
The court also heard that in 2018, Alemi was found guilty of forging an 84-year woman’s will and sentenced to five years. The prosecution described her as “a most accomplished forger and fraudster”. She will be sentenced on 28 February and now faces a prison term “of some substantial length”.
The UK Gambling Commission (UKGC) has fined an online gaming operator £6.1m for social responsibility and money laundering failings.
In Touch Games – which operates 11 online gaming platforms in the UK – failed to interact with a customer for seven weeks, although erratic play patterns and extended play periods were flagged. It also accepted a customer’s claim that they earned £6,000 a month without seeking evidence, even when red flags were raised.
Its anti-money laundering failings included:
“Considering this operator’s history of failings, we expected to see significant improvement when we carried out our planned compliance assessment. Disappointingly, although many improvements had been made, there was still more to do. This £6.1m fine shows that we will take escalating enforcement action where failures are repeated, and all licensees should be acutely aware of this.”
- Kay Roberts, Executive Director of Operations, UKGC
Three ex-bankers have been found guilty of fraud by abuse of position and received jail sentences for their role in an $8.45 million fraud.
Two French nationals, Marino and Bessot set up an investment company FM Capital Partners (FMCP), in order to invest the funds of the Libyan Sovereign Wealth Fund. But, instead of managing the investment, the pair - with the help of Ohmura - sought investments that maximised their own returns to the fund’s detriment.
Finder fees were laundered by Marino and Bessot through shell companies in the Seychelles and the Cayman Islands. This resulted in losses of $8.45 million between 2009 and 2014.
Concerns were raised in 2014 by Libyan board members of FMCP, who brought in auditors. Marino walked out of his formal interview with auditors and escaped to Norway. “These sentences send a clear message to anyone in the financial sector about the consequences of abusing their position. The NCA is committed to tackling fraud and those who abuse the UK’s financial centre to facilitate their crimes,” said Richard Harrison of the NCA
“These three fraudsters were calculating and opportunistic in committing offences that left the people of Libya out of pocket by approximately $8.45 million for purely selfish and greedy purposes to fund their lavish lifestyles. They showed a complete disregard for the important position they held to make investments work for their clients who were looking to diversify away from solely oil revenues.”
- Andrew West,the CPS
All three were found guilty of fraud by abuse of position. Frederic Marino, Yoshiki Ohmura and Aurelien Bessot were sentenced to 7.5 years, 3.5 years and 15 months, respectively. An arrest warrant has been issued for Marino, the ex-JP Morgan fugitive.
Fintech Revolut is warning its customers to be vigilant after hundreds complained of scam text messages. Customers were asked to verify their details or risk having their accounts frozen. They were then redirected to a fake Revolut site where they were asked to confirm their pin. Money was then transferred to a crypto account.
“It’s important to be aware of how to spot suspicious online activity. […] These text messages can appear genuine and often come from an existing business number. They can even appear within existing message threads.”
- Aaron Elliott-Gross, head of financial crime and fraud, Revolut
Revolut, described by its co-founder Nikolay Storonsky as the “Amazon of banking”, has yet to secure a banking licence in the UK since applying more than two years ago.
The regulator’s delays may be justified. Revolut has faced a host of challenges, including late filing of accounts, EU fines and breaches, concerns about its corporate culture, money laundering failings, and more. The Financial Times reports that the fintech will finally sign off its overdue accounts for 2021 next week.
HSBC has confirmed that it will sell its assets in Russia to Expobank in the first half of 2023, subject to regulatory approval. Its corporate banking division provides loans and investment banking services to domestic and international clients.
According to HSBC’s annual report, the divestment of its Russian business will result in a $300m loss.
However, it’s unclear whether the deal will be approved as its Deputy Finance Minister Alexei Moiseyev has said that the sale of assets by foreign banks is paused and applications will be rejected.
Many corporations have exited or curtailed their operations in Russia following the invasion of Ukraine, but banks have faced uncertainty.
Our comprehensive compliance roadmaps help you navigate compliance. We also have searchable compliance glossaries for those new to the topic, and we regularly report on key compliance fines.
If you'd like to stay up to date with compliance best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
For a one-stop compliance training solution, try our best-selling Compliance Essentials Course Library and award-winning LMS.
Last but not least, we have 100+ free compliance training aids, including best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations, webinars and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!