Compliance News | Jan 2022

Our pick of key compliance stories this month

• HSBC fined £63.9m by the FCA over anti-money laundering system failings
• Western nations ready to implement "unprecedented" Russian sanctions
• Airbus faces £250m lawsuit in the Netherlands over alleged misconduct
• Swedbank ex-chief charged with money laundering
• Riot Games settles on £74m fine over a gender discrimination lawsuit
• Construction firm and director sentenced over H&S failings
• Credit Suisse chairman breaks the law to attend Wimbledon
• Theranos founder, Elizabeth Holmes, convicted of fraud
• Red Cross hack victimises the most vulnerable
• Treasury writes off £4.3bn in fraudulent Covid payments
• Rewe Group subsidiary fined £6.6m fine over GDPR violations

HSBC fines £63.9m over AML system failures

HSBC, the largest bank in Europe, has been fined over £60m after failing to heed repeated warnings that its safeguards to prevent financial crime were inadequate. The FCA noted that there had been an "inadequate monitoring of money laundering and terrorist financing scenarios until 2014, and poor risk assessment of new scenarios." HSBC's failings span eight years, between 2010 and 2018.

More specifically, the lack of safeguards include:

• Poor transaction monitoring procedures and systems.
• HSBC's failure to spot and report suspicious activity, including unusual transactions made by a customer with a criminal record and setting up fake companies to process laundered funds by a company director.

The initial penalty was £91m, but since the bank did not dispute the findings and agreed to settle, the fine got reduced to £63.9m.

This is also not a first for HSBC. In 2012, the US Department of Justice fined the bank £1.4bn after it found the bank failed to prevent the laundering of funds by Mexican drug cartels. HSBC agreed to US regulatory monitoring for five years, apart from the fine.

In response to the news of an agreed settlement with the FCA, HSBC stated that they are "deeply committed to combatting financial crime and protecting the integrity of the global financial system."

Key takeaways:

• Financial crime prevention starts with the right due diligence policies and procedures.
• Educating staff on conducting due diligence and regulatory obligations is crucial to preventing company failings in this regard.
• Companies must also have a conduct culture that encourages employees to speak up and escalate their suspicions.
  

Russia face "unprecedented" sanctions

The ongoing border conflict between Russia and Ukraine has escalated over the first few weeks of 2022. Both NATO (The North Atlantic Treaty Organisation) and Russia have increased military presence on either side of the Ukrainian border. Diplomatic relations have soured, and tensions have increased rapidly amidst claims that Russian President, Vladimir Putin, is planning an invasion into Ukraine.

Downing Street stated that NATO leaders have agreed that "should a further Russian incursion into Ukraine happen, allies must enact swift retributive responses including an unprecedented package of sanctions." The issue remains complex, particularly since Russia supplied about 40% of the EU's natural gas supplies.

Airbus faces £250m lawsuit in the Netherlands

A hundred institutional investors are suing Airbus in the Netherlands for over £250m worth of losses they allegedly incurred due to company misconduct.

Specifically, the lawsuit claims that Airbus withheld crucial information on company conduct and corruption cases from investors. The latter purchased Airbus shares without this knowledge and suffered significant losses once the news became public and affected the share price.

The filing has noted that additional investors are expected to join the lawsuit against Airbus, thus increasing the amount it seeks to reclaim.

In 2020, the plane manufacturer reached a settlement fine of £2.9bn with the UK, US and French authorities over a three-year investigation concerning bribery and corruption in the company.

Swedbank ex-chief charged with money laundering

Swedbank's former CEO, Birgitte Bonnesen, has been charged with market manipulation, fraud, and misusing inside information. These charges follow an investigation into a major money-laundering operation in the Baltics.

Bonnesen, fired two years ago when the scandal first came to light, "repeatedly spread misleading information" that Swedbank had no AML shortcomings in Estonia, according to Sweden's Economic Crime Authority. She spread this information despite her access to unpublished data that showed "extensive and serious shortcomings" about the system and information on "extensive suspicious transactions/customers".

A report commissioned by Swedbank discovered that the bank had processed €37bn (£30bn) of transactions with a high risk of money laundering over five years.

Investigation head, Thomas Langrot, said, "I have chosen to prosecute for gross fraud primarily, but there is a secondary claim regarding gross market manipulation." Additionally, "the misleading information gave a false impression that Swedbank did not have, or had, problems with AML processes in the bank's operations in Estonia."

Riot Games agrees to pay £74m settlement

Riot Games has agreed to pay £74m to Californian state agencies over a gender discrimination lawsuit. The case, concerning one of the world's most popular video game creators, was brought forward by over 2,000 former and current female employees over alleged unequal pay, harassment and retaliation against female employees who spoke up.

The settlement is hailed as a historic moment in the tech and gaming industry. It sends a clear message to the leadership of such companies. All employees, regardless of gender, have the right to equity and fair treatment in the workplace.

In addition to the settlement, Riot Games has agreed to implement a swathe of workplace reforms, subject to monitoring by a third party for three years. The company has also committed to paying transparency and educating staff on subjectivity and bias to limit their interference in the hiring and selection processes.

Key takeaways:

• It is the responsibility of all management and people in leadership roles to foster a company culture that treats all employees fairly and equally.
• Human Resources policies and processes must be reviewed frequently by companies to ensure none are discriminatory.
• Pay transparency is fast becoming expected behaviour in the workplace. Companies that commit to transparency will likely establish a better reputation, possibly gaining access to more talent and improving relations with existing employees.

Construction firm & director guilty of H&S failings

An Irvine-based construction company, Stable Homes Limited, and its director have been sentenced after being found guilty of numerous health and safety failures on a building site in Irvine.

Over several months, three inspections were carried out by the HSE, and consequently, a number of prohibition and improvement notices were served. These were for various failings, including unsafe electrics, unsafe scaffolding, lack of general fire precautions, inadequate welfare, unsafe traffic management, and poor site tidiness.

According to the HSE, as client and major contractor, Stable Homes Limited had failed to put in place a sufficient strategy to supervise and monitor the building phase of the project, resulting in considerable hazards on site. They also did not take sufficient steps to correct the problems and comply with the enforcement warnings.

The HSE investigation also discovered that the firm's director, Ravinder Singh, was working as site manager and was therefore directly involved in the firm's failures.

Stable Homes Limited pleaded guilty to seven charges under health and safety regulations and was fined a total of £35,332. Singh pleaded guilty to six charges under Section 37(1) of the Health and Safety at Work etc. Act 1974 for the offences by the firm being committed with his consent or attributable to his neglect. He was sentenced to 166 hours community payback order and was disqualified from acting as a director for two years.

Credit Suisse chair breaks law to go to Wimbledon

Antonio Horta-Osório, Credit Suisse chairman, has once again broken Covid restrictions and may have even committed a criminal offence to attend the Wimbledon tennis finals in London in July.

The Portuguese banker had flown in from Switzerland, which was on the UK government's amber list of nations where arrivals were required to be quarantined for ten days. According to UK government guidance, breaching quarantine rules is a criminal offence, with police able to issue offenders with fines starting from £1,000 and rising to £10,000 for repeat offences.

A government spokesperson explained that breaches might also result in jail sentences in some cases. "Passengers are responsible for ensuring they comply with all travel rules, including providing accurate information on their passenger locator form, and failure to do so could lead to a fine or imprisonment."

This news comes just weeks after Horta-Osório admitted to breaching Covid rules in Switzerland at the end of November, having flown out of the country within three days of his arrival, despite being required to self-isolate for 10 days. For this, he could face a fine of up to 5,000 Swiss francs (£4,000).

Theranos founder convicted of fraud

Elizabeth Holmes, the former CEO and founder of a medical biotech start-up, Theranos, has been found guilty of four counts of conspiracy and fraud. Her sentencing will be finalised in late 2022, and it is expected to include jail time.

Holmes's company claimed it could revolutionise blood testing by supposedly running hundreds of medical tests using just one drop of blood and one machine. This innovation would have had a massive impact on the healthcare industry by making diagnostics cheaper and more accessible. The concept attracted scores of investors, and at one point, Theranos was valued at £6.6bn and raised over £530m in capital from unsuspecting investors.

In reality, Theranos did not have the technology to run this type of efficient testing. Nearly all the tests Theranos ran were carried out using third-party machines that were not its own technology. Of the tests that were carried out in-house, many produced false results. Regardless, Holmes proceeded with her project and false claims.

Holmes' elaborate plot unravelled when whistleblowers exposed Theranos' false claims.

Key takeaways:

• All business decisions and investments should be based on sound research, due diligence and proven records.
• Careful attention should be paid to investor relations to ensure all communications are honest, fair and based on the truth.
• Companies must have working whistleblowing hotlines and systems in place to ensure fraud and other forms of crime can be safely and anonymously reported, particularly in situations where employees fear retaliation.
  

Red Cross hack victimises the most vulnerable

A huge cyberattack on the International Committee of the Red Cross (ICRC) demonstrates how hacking can jeopardise life-saving humanitarian efforts.

According to the Red Cross, the breach exposed the personal information of over 500,000 Red Cross recipients, including victims of conflict and violence. The hacked systems belonged to the organisation's Restoring Family Links service, which focuses on reuniting loved ones who have been separated due to war or other causes.

This raises the possibility of those people being targeted again by hackers, who could take their online identities or share their personal information with parties that may wish them harm.

"We are appealing to whoever is responsible: The real people, the real families behind the information you now have are among the world's least powerful," Director-General of the ICRC Robert Mardini said in a rare public appeal to the hackers to not do anything with their bounty.

In addition to data from separated people, the breach compromised login information for around 2,000 employees and volunteers. So far, the hackers haven't revealed their identities or demanded a ransom.

Treasury write off £4.3bn in fraud Covid payments 

The Treasury has revealed that its anti-fraud team plans to write off £4.3 billion in COVID-19 payments that were lost due to fraud during the pandemic. A total of £5.8 billion is thought to have been taken illegally. The Treasury has stated that it will only be able to recoup £1 for every £4 stolen by scammers.

This includes money taken from emergency schemes such as the Self Employment Income Support Scheme (SEISS), the furlough programme, and eat out to help out, which was set up to help reopen restaurants in 2020.

The data, which suggest that only around a quarter of the money will be collected, were quietly posted on the HMRC site last week.

The department claimed it recovered £500 million in overpayments in the 2020-21 tax year and that its taskforce anticipated to recover between £800 million and £1 billion more by 2023, for a total of £1.5 billion.

Around 8.7% of furlough payments were either accidental or made to fraudsters. The same applies to 8.5% of payments to the eat out to help out scheme and 2.5% of cash handed to freelancers and entrepreneurs as part of the self-employed income support payments.

Rewe Group subsidiary fined £6.6m

The jö Bonus Club, a subsidiary of Rewe International AG, has been fined €8m (£6.6m) over General Data Protection Regulation (GDPR) violations. The fined company is run independently from Rewe International, but representatives of jö Bonus Club assert that Rewe should also be held liable for the GDPR violations.

Regulators state that jö Bonus Club failed to adequately protect and secure the personal data of two million customers, whose information was used improperly without prior notification. This is not the first time the company was fined over GDPR breaches. In 2021, regulators fined the jö Bonus Club €2m (£1.6m) over GDPR non-compliance.

Want to learn more about compliance?

Our comprehensive compliance roadmaps help you navigate compliance. We also have searchable compliance glossaries for those new to the topic, and we regularly report on key compliance fines.

If you'd like to stay up to date with compliance best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.

You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.

For a one-stop compliance training solution, try our best-selling Compliance Essentials Course Library and award-winning LMS.

Last but not least, we have 80+ free compliance training aids, including best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations, webinars and even e-learning modules!

If you've any questions or concerns about compliance or e-learning, please get in touch.

We are happy to help!