Our pick of key compliance stories this month
- Former chief lobbyist blows the whistle on Uber
- KPMG fine reduced after admitting misconduct
- Morgan Stanley fined $200m for improper WhatsApp use
- Proposed DPDI Bill set to reduce compliance burdens on UK firms
- Ransomware attacks against US hospitals on the rise
- Family office broker fined £2m for money laundering
- Authorities reprimand airlines over poor consumer protection
- Ex-Coinbase manager charged with insider dealing
- UK fraud victims lost £1.3bn in 2021
- New UK sanctions against Belarus & Russian media
Former chief lobbyist blows the whistle on Uber
Uber's former chief lobbyist for Europe, the Middle East and Africa, Mark MacGann, has blown the whistle on Uber's unethical approach to company growth.
The leaked 124k documents implicate Uber in several allegations, including breaching laws, taxi regulations, exploiting violence against drivers, and lobbying politicians and oligarchs in an unscrupulous attempt to fast-track global expansion.
The files cover five years between 2013 and 2017, when the company was run by Travis Kalanick, one of Uber's co-founders. Uber's response to the leak admits to "mistakes and missteps" but asserts that company values and culture have been transformed since 2017 under new leadership.
In light of these leaks, politicians in various countries now face questions over the extent of their business dealing and relationships with Uber executives.
- A healthy company conduct culture is the bedrock of a business that conducts its operations in an ethical manner
- Poor leadership from management can lead to extensive compliance and legal risks for the company in the short and long term
- Time and time again, whistleblowers illustrate the importance of speaking up and holding people, particularly those with significant power and authority in our companies and communities, accountable for their actions.
KPMG fine reduced after admitting misconduct
KPMG is to pay a fine of £14.4m after it owned up to providing false and misleading data to regulators during spot checks of firms Carillion and Regenersis.
The original fine was an eye-watering £20m. However, the fine was reduced since KPMG reported the incidents and cooperated with subsequent investigations.
Out of the five people directly involved in the misconduct, four received personal fines between £30k and £250k and were banned from the profession for seven and 10 years. A fifth person was severely reprimanded but managed to escape a fine.
Since the incidents, KPMG claims to be working hard and with complete transparency to ensure that the behaviour of the individuals concerned does not reflect the firm's wider culture.
Morgan Stanley fined $200m for WhatsApp use
Morgan Stanley is to pay $200m over "the use of unapproved personal devices" and substandard record-keeping requirements.
This fine comes only months after regulators in the US imposed a similar penalty on rival bank JPMorgan. In that case, managing directors and other senior employees tried to escape regulatory scrutiny by using WhatsApp and personal email addresses for business-related conversations.
"As technology changes, it's even more important that registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight," said SEC Chair Gary Gensler.
Citigroup is also facing a fine for using "unapproved electronic messaging channels".
- Never use a personal device or a non-approved communication channel to discuss any in-scope activities
- Separate your personal life from your work life - keep work stuff on work systems, and personal stuff on personal devices
- Never suggest that a business conversation moves off a recorded system or use jargon to try and avoid surveillance.
Proposed DPDI Bill to reduce compliance burdens
The UK government has introduced a new Data Protection and Digital Information Bill (DPDI) to Parliament. This legislation aims to create a UK-centric and independent data protection framework. Essentially, the Bill is a proposed replacement for GDPR post-Brexit.
The Bill will establish new rules on web cookies and digital identity that simultaneously protect users' rights while reducing the compliance burden on UK firms, particularly small businesses.
However, some of the Bill's provisions increase compliance requirements, particularly those related to using personal data for research and unlawful direct marketing. The maximum fines for breaching regulations are also expected to increase significantly.
The DPDI Bill is part of a wider move towards regulating data, information and personal rights in a digital world. Apart from the DPDI Bill, the UK government has also set a new AI rulebook to ensure the future regulation of artificial intelligence.
Increased ransomware attacks against US hospitals
The US government has warned that many hospitals across the country are being subjected to a ransomware campaign. Attacks are said to have increased by 94% from 2021 to 2022, with state actors from North Korea being the prime suspects.
Since the 1990s, concerns about ransomware hacks, in which hackers encrypt computer networks and demand payment to restore their functionality, have grown in both the public and private sectors. However, they have become alarmingly common in the healthcare sector, where even brief periods of downtime can have fatal consequences.
Hospitals are typically advised against paying ransoms, but they often feel they have no choice since lives are literally at stake. In 2021, 61% of the attacked healthcare organisations ended up paying the ransom - the highest percentage of any industry sector.
Family broker fined £2m for money-laundering
The FCA has fined a family office broking company, TJM Partnership, £2m for failing to ensure it had effective systems and controls in place to identify the risk of financial crime in its business.
The firm has also been charged with engaging in illegal trading on behalf of clients of Bermuda-based Solo Group to facilitate the organisation of withholding tax claims in Denmark and Belgium.
According to reports, TJM, formerly Neovision Global Capital, earned £1.4m in commission from the cum-dividend trades it made on £59bn worth of Danish stocks and £20bn worth of Belgian stocks.
The FCA said the company also ignored money-laundering red flags on transactions worth £3.7m with no apparent economic purpose, in addition to accepting third-party payments without proper due diligence.
Airlines reprimanded for poor consumer protection
The Competition and Markets Authority (CMA) and Civil Aviation Authority (CAA) have written a joint letter to airlines, highlighting poor practices and processes in consumer protection.
The letter emphasises the importance of airlines' responsibilities to follow legal obligations under the UK Regulation on compensation and assistance to passengers in the event of flight delays or cancellations, as well as under general consumer protection law.
The two authorities note specific concerns in light of a busy summer 2022 period. The key concerns listed are:
- Airlines selling more tickets than can be feasibly supplied
- Not warning customers about cancellation risk
- Not satisfying legal obligations to offer customers re-routing options in the case of a cancellation
- Failing to give customers transparent information about their rights if their flight is cancelled
Both the CMA and CAA are expected to review the evidence surrounding these issues and will continue monitoring the situation.
Ex-Coinbase manager charged with insider dealing
A former product manager at Coinbase, one of the largest global cryptocurrency exchanges, has been charged in the US over insider trading. His brother and a close friend are also facing charges.
The case marks the first legal case of insider dealing related to cryptocurrencies.
Prosecutors allege that Ishan Wahi shared confidential, inside information on upcoming announcements of cryptocurrency assets Coinbase was expecting to list on its exchange in the near future. Wahi, his brother and a friend allegedly traded over ten times before these announcements went public between June 2021 and April 2022.
The accused parties used the inside information to buy cryptocurrencies in question ahead of them being listed on Coinbase and then selling them for a profit when they were indeed listed, and their price went up.
Damian Williams, a US attorney, stated the following on this case: "Our message with these charges is clear: fraud is fraud, whether it occurs on the blockchain or on Wall Street."
- Except for the performance of job duties, disclosing material non-public information to anyone is a violation of UK Market Abuse regulations, regardless of the industry the company is in
- Authorities can charge for insider dealing in two instances: professionals working for the company, where the inside information was sourced, and contacts who knowingly acted or traded upon acquiring inside information.
UK fraud victims lost £1.3bn in 2021
UK Finance research data has shown that payment scams rose by a staggering 40% in 2021, resulting in over £1.3bn in stolen funds. The figures continued to rise sharply, even as the government eased Covid-19 pandemic restrictions.
Criminals often pose as trustworthy contacts from organisations like government departments, the NHS, banks and representatives from IT support companies. They use phone calls, texts, emails, fake websites and social media messages on unsuspecting victims.
The scams often involve tricking victims into directly paying the criminals' accounts or providing information that gives criminals access to their funds.
Firms aren't immune either. The data shows that the type of fraud that has grown the most in terms of financial loss is CEO fraud, with a total of £12.7m lost to such scams. In this type of fraud, criminals email accounting or management departments, pretending to be senior staff members or suppliers.
They ask for an urgent payment to their accounts. The payees might not notice that the invoice request is illegitimate, resulting in severe potential financial losses.
Users can report suspected scam calls, emails or text messages by following the UK government's guidance.
New UK sanctions against Belarus & Russian media
The UK government has announced new trade, economic and transport sanctions against Belarus due to its support of the Russian invasion. Additionally, six Russians associated with websites spreading disinformation have also been sanctioned.
The Belarus sanctions include export and import bans on luxury products, advanced technology components, oil refining goods, and Belarusian iron and steel.
The UK government said that "the Belarus regime has actively facilitated Putin's invasion, letting Russia use its territory to pincer Ukraine - launching troops and missiles from their border and flying Russian jets through their airspace."
Under the sanctions, UK financial firms need to immediately freeze any assets they hold on behalf of sanctioned persons or firms and report them to the government.
Looking for more compliance insights?
We have created a series of comprehensive roadmaps to help you plan and execute compliance in your organisation.
We also have 80+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
If you'd like to stay up to date with compliance learning best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.
Last but not least, you can interact in person with thought leaders and your peers at one of our popular live webinars and face-to-face events.
If you've any questions or concerns about compliance or e-learning, please get in touch.
We're happy to help!