Key compliance news including eBook price fixing, BA's £3bn settlement, Twitter's GDPR data breach, the Lloyds race pay gap, the JPMorgan Chase hacker's prison sentence and more.
Our pick of key compliance stories this month
- Record £23m fine for MT Global's AML breaches
- French bank to pay $8.6m over Syria sanctions breaches
- JPMorgan Chase hacker jailed for 12 years
- Amazon and "Big Five" publishers accused of eBook price-fixing
- Black Lloyds employees paid 20% less than their peers
- British Airways planning £3bn data breach settlement
- Deutsche Bank to pay almost $125m over bribery and metals charges
- Twitter fined €450k over GDPR breach
Record £23m fine for MT Global's AML breaches
MT Global Limited, which has been subjected to the biggest ever fine issued by HMRC, for considerable AML breaches between July 2017 and December 2019 relating to:
- fundamental customer due diligence measures
- risk assessments and record-keeping
- controls, policies and procedures
This penalty is three times as high the previous record penalty of £7.8 million handed out by HMRC last year to a London money service bureau.
According to Nick Sharp, Deputy Director of Economic Crime, Fraud Investigation Service, HMRC, "We're here to help businesses protect themselves from those who would prey on their services. That includes taking action against the minority who fail to meet their legal obligations under the regulations as this record fine clearly shows."
French bank to pay $8.6m over Syria sanctions breaches
The US Treasury Department has issued an $8.6m fine to the French bank, Union de Banques Arabes et Françaises SA, that allegedly processed payments for numerous blacklisted Syrian financial institutions.
The majority of the breaches took place in late 2011 following an executive order that considerably expanded US sanctions against Syria. Most of the violations pertained to internal transfers on behalf of Syrian entities which were then followed by further transfers through a US bank. The Paris-based bank was found to have processed a total of 127 transactions amounting to $2.08 billion, in violation of the executive order.
The sanctions watchdog said that the violations show UBAF’s "reckless disregard" for its compliance obligations. It also issued a warning to other financial institutions to tread lightly when processing US dollar-denominated transactions on behalf of clients in countries that are subject to US sanctions.
- Be vigilant and proactive - don't just rely solely on automated screening software to flag up name or target matches.
- Keep up to date with any changes to global sanction lists and compliance technologies.
- Watch out for attempts to add, alter, delete or omit payment information in instruction lines to evade sanctions.
- Report any concerns, including actual or potential sanctions violations, to the relevant authorities immediately and cooperate fully with any investigations.
JPMorgan Chase hacker jailed for 12 years
A Russian hacker who was a key player in one of the largest customer data thefts in history from a single financial institution has been handed a 12-year prison sentence.
Moscow resident Andrei Tyurin was part of an international hacking group who illegally accessed the systems of leading financial institutions, news agencies, brokerage companies and other firms to steal data.
Out of the many companies that Tyurin breached, the 2014 JPMorgan Chase data breach is the most infamous, and was widely recognised at the time as one of the largest data breaches in history.
To carry out his illegal activities, Tyurin made use of a computer network with roots in five separate continents, all of which he controlled from his home. Apart from spending 12 years in jail, Tyurin will also be required to pay a forfeiture to the tune of $19.2m.
Amazon & "Big Five" publishers accused of eBook price-fixing
Amazon and the "Big Five" book publishers - Macmillan, HarperCollins, Penguin Random House, Hachette, and Simon & Schuster - have been accused of colluding to fix eBook prices. As a result, a class action lawsuit has been filed against them by the same law company that successfully sued the Big Five and Apple on the same charge a decade ago.
The lawsuit alleges that Amazon and the "Big Five" use a clause called the "Most Favored Nations" (MFN) in order to keep eBook prices artificially high. Such a clause is said to allow them to agree on price restraints which force consumers to pay higher prices for eBooks bought on retail platforms other than Amazon.com. Allegedly, almost nine out of ten eBooks sold in the US are purchased via Amazon, in addition to more than half of all physical books.
The lawsuit also claims that eBook prices fell in 2013 and 2014 after Apple and the "Big Five" were sued for conspiring to fix eBook prices, but increased again after Amazon renegotiated their contracts in 2015.
Through the lawsuit, compensation is being sought for all consumers who bought eBooks through Amazon's competitors in addition to damages and injunctive relief which would require Amazon and the "Big Five" to "stop enforcing anti-competitive price restraints".
- Never discuss or enter into agreements with competitors regarding prices, margins, market shares or production volumes.
- Never discuss future pricing plans and promotions with suppliers or discuss RRPs with retailers.
- Don't impose price, territorial or online sales restrictions on suppliers or distributors unless you are absolutely certain that it is legally permissible to do so in that instance.
- Don't act in a way that restricts competition in markets where you enjoy a dominant position by for instance refusing to supply, prohibiting discounting, imposing exclusive obligations or entering "pay-for-delay" deals.
Black Lloyds employees paid 20% less than their peers
Lloyds has disclosed that its black employees earn almost 20% less than their peers, making it the first big UK bank to reveal its black pay gap to the public.
Britain’s largest high street lender claims that this gap is caused by a lack of black staff in senior roles, which typically come with more generous salaries and bonuses. Figures released alongside its wider race action plan revealed that the median pay gap between black staff and their peers was 19.7%. What's more, the bonus gap stood at a staggering 37.6%.
Black staff members account for 1.5% of Lloyds staff, yet only hold 0.6% of the top positions at the bank. Lloyds recently made a pledge to increase the number of black employees in senior positions to 3% by 2024. This would bring it in line with the black population in England and Wales, in response to Black Lives Matter protests.
British Airways planning £3bn data breach settlement
British Airways is allegedly planning to commence settlement discussions which could see fliers who became the victims of a data breach receive a collective payout of up to £3bn in compensation, with each affected customer entitled to as much as £6,000.
BA customers were impacted by two data breaches back in 2018. Between April and July 2018, approximately 185,000 British Airways customers were informed that their personal data and financial information had been compromised. What's more, it was also revealed that an additional 380,000 users of the British Airways website and app had their information exposed between August and September 2018.
Personal information compromised included full names, email addresses, and home addresses. Payment card information, including full credit card numbers, expiry dates, and even CVV security codes, were also exposed, however, no passport details were found to have been stolen.
- Implement suitable controls to minimise the chance of a personal data breach ever occurring within your company
- Don't put people's personal information at risk by using it in ways that they wouldn't reasonably expect
- Inform the DPO immediately of any data breach or incident within your company
- Keep a record of all data breaches and any action that you took, as a result, to provide an audit trail, and identify trends and weaknesses
Deutsche Bank to pay $125m over bribery & metals charges
Deutsche Bank AG is to pay close to $125m to avoid being prosecuted in the States on charges of being involved in foreign bribery schemes and manipulating precious metals markets, the latest blow to a bank trying to rebound from a series of scandals.
The German bank agreed to the payout as it entered into a three-year deferred prosecution agreement with the US DoJ, as well as a civil settlement with the US SEC.
The vast majority of the payout is connected to charges regarding Deutsche Bank's violation of the federal Foreign Corrupt Practices Act (FCPA) over its dealings in Italy Saudi Arabia, China and Abu Dhabi court papers show. Almost two-thirds of the payout is a criminal fine.
According to Acting US Attorney Seth DuCharme, "Deutsche Bank engaged in a criminal scheme to conceal payments to so-called consultants worldwide who served as conduits for bribes to foreign officials and others," in order to win and retain "lucrative business projects."
Twitter fined €450k over GDPR breach
Ireland’s Data Protection Commission (DPC) has fined Twitter €450,000 for failing to promptly declare and suitably document a data breach under GDPR.
This fine is noteworthy as it is the first such cross-border GDPR decision by the Irish watchdog, which is the primary EU privacy supervisor for many tech firms, including Apple, LinkedIn, Google, Facebook and WhatsApp.
The regulator has commented that "The DPC’s investigation commenced in January, 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach. The DPC has imposed an administrative fine of €450,000 on Twitter as an effective, proportionate and dissuasive measure."
The GDPR requires personal data breaches to be notified within 72 hours of the becoming aware of the breach. Additionally, the data involved in the breach as well as details of the firm's response need to be included. In this case, Twitter was found to have failed on all such counts.
Looking for more compliance insights?
If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news subscribe to Skillcast Compliance Bulletin.
To help you navigate the compliance landscape we have collated searchable glossaries of key terms and definitions across complex topics including GDPR, Equality, Financial Crime and SMCR. We also track the biggest compliance fines, explaining what drives them and how to avoid them.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!