Looking for summer reading? This month's key compliance news includes the Monzo fine, sibling sentences for insider trading, the landmark harassment trial of Ubisoft's former executives, Louis Vuitton's cyberattack, the first-ever financial market infrastructure fine, and more.
Monzo Bank is the latest challenger bank to be fined for compliance breaches, following recent fines for Starling Bank and Revolut. Monzo will pay £21m for inadequate anti-financial crime systems and controls between October 2018 and August 2020.
The FCA said that Monzo's customer base grew rapidly with a ten-fold increase in customers from 600,000 to over 5.8 million by 2022, but its financial crime controls had failed to keep pace. The bank had "failed to design, implement and maintain adequate customer onboarding, customer risk assessment and transaction monitoring systems to mitigate the risk of financial crime".
As a result, the FCA ordered a comprehensive independent review of its financial crime framework in August 2020. This included a voluntary requirement (VREQ) that prevented it from opening new accounts for high-risk customers. However, Monzo repeatedly breaching this VREQ, signing up an estimated 34,000 high-risk customers between August 2020 and June 2022.
Customers were onboarded with high-profile London landmarks, such as '10 Downing Street' and 'Buckingham Palace', as well as PO boxes and Monzo's own office, as their registered address.
"Banks are a vital line of defence in the collective fight against financial crime. They must have the systems in place to prevent the flow of ill-gotten gains into the financial system. Monzo fell far short of what we, and society, expect. Monzo onboarded customers on the basis of limited, and in some cases, obviously implausible information – such as customers using well known London landmarks as an address. This illustrates how lacking Monzo's financial crime controls were. This was compounded by its inability to properly comply with the requirement not to onboard high-risk customers."
-Therese Chambers, FCA Joint Executive Director of Enforcement and Market Oversight
Monzo's CEO TS Anil said that the bank has since made "substantial improvements" and the problems "have been resolved and are firmly in the past". It is committed to preventing financial crime.
Ex-Janus Henderson analyst Redinel Korfuzi and his sister Oerta Korfuzi have been jailed for six years and five years respectively, following their convictions for insider dealing and money laundering.
In his role as a research analyst, Redinel Korfuzi obtained confidential information on companies, including Daimler, Jet2 and THG. He then shared this inside information with his sister and flat-mate Oerta, who used it "to rig the system and make money".
Between 17 December 2019 and 25 March 2021, together the siblings generating profits of almost a million pounds, trading in 11 companies' shares through accounts held in his sister's name. The FCA detected suspicious patterns of trading and analysed large sets of trading data to uncover the crime.
On sentencing, Judge Alexander Milne said the pair were "intelligent and financially aware individuals" and their actions were a "betrayal of trust".
"The Korfuzis exploited their privileged position and the confidential inside information they had access to. They rigged the system to satisfy their greed. We're committed to working with our law enforcement partners to fight financial crime and taking forceful action against individuals who undermine the integrity of our markets."
-Steve Smart, FCA Joint Executive Director of Enforcement and Market Oversight
Janus Henderson was not involved in the case and cooperated fully with the investigation.
"The protection of confidential information is extremely important to Janus Henderson and the firm treats any actual or suspected misuse of confidential information with the utmost seriousness."
-Janus Henderson
Seven housebuilders - Barratt Redrow, Bellway, Berkeley Group, Bloor Homes, Persimmon, Taylor Wimpey and Vistry - have agreed to pay £100m, which will go towards affordable housing schemes.
It follows an investigation by the competition watchdog into information sharing. The CMA claimed that the seven housing developers exchanged details about sales, including pricing, number of property viewings and incentives offered to buyers, such as upgraded kitchens and stamp duty contributions.
Under the proposed commitments, the housebuilders will:
If the proposals are accepted, these commitments will be legally binding and mean that the CMA will not need to decide whether they broke competition law.
"Housing is a critical sector for the UK economy and housing costs are a substantial part of people's monthly spend, so it's essential that competition works well. This keeps prices as low as possible and increases choice. As a result of the CMA's investigation, housebuilders are taking clear and comprehensive steps to ensure they comply with the law and don't share competitively sensitive information with their rivals."
- Sarah Cardell, CMA's Chief Executive
The US Office of Financial Assets Control (OFAC) has fined Interactive Brokers LLB almost $12m for multiple violations of sanctions.
Interactive Brokers, a global electronic broker-dealer, provides brokerage and investment services to individuals and institutional investors via its online platform. As part of a self-initiated compliance review, it identified 12,367 violations across four categories:
The firm had failed to exercise due care, allowing the violations to go undetected for eight years. But the OFAC took into account several mitigating factors, such as its $10 million investment in its compliance program to address deficiencies, the fact that the violations compromised less than 0.0001% of its revenue, and its voluntary self-disclosure. It said that Interactive Brokers' conduct was 'non-egregious' and imposed a fine of $11,832,136.
Three former executives at Ubisoft have been found guilty of enabling a culture of sexual and psychological harassment in a landmark ruling.
A French court heard that the three executives - Thomas François, Serge Hascoët, and Guillaume Patrux - used their positions to bully or sexually harass staff.
Employees faced hazing and regular public humiliation at the video games creator, the company behind Assassin's Creed, Far Cry and Just Dance.
Former staff said that over a ten-year period, Ubisoft's offices were run like "a boys' club above the law" with a "toxic culture of bullying and sexism". Many were afraid to speak out openly, fearing reprisals in the video games industry.
Thomas François, former VP of editorial and creative services, was accused of systematic psychological and sexual harassment at the company offices in Montreuil.
He watched pornography in its open-plan office and made personal comments about female colleagues, ordering a newly hired employee to do a headstand in a skirt, tying her to a chair and sending her to another floor in an elevator, making her attend a meeting after he drew felt-tip pen on her face, and forcibly kissing another at a Christmas party while colleagues held her down.
In a report seen by Agence France-Presse (AFP), François encouraged "his subordinates to act in the same way".
"He was my superior and I was afraid of him. He made me do handstands. I did it to get it over with and get rid of him."
-Court testimony
François told the court, "I never tried to harm anyone."
He was found guilty of sexual harassment, psychological harassment and attempted sexual harassment. He received a suspended three-year prison sentence and was fined €30,000.
Serge Hascoët, Ubisoft's former chief creative officer, bullied employees making them go to his home to wait for parcel deliveries, asked intrusive questions of a sexual nature and made racist comments, asking a Muslim employee if she agreed with the Islamic State group, changing the computer desktop background to bacon sandwiches and placing food on the desk of someone during the Islamic fasting month of Ramadan.
He told the court, "I have never wanted to harass anyone, and I don't think I have."
Hascoët was found guilty of psychological harassment and complicity in sexual harassment. He received an 18-month suspended sentence and was fined €45,000.
Guillaume Patrux, Ubisoft's former game director, punched walls, mimed hitting staff, threw office furniture, cracked a whip near employees' faces, and even set a man's beard alight. His bullying was described as "smaller scale" but "particularly intense".
Patrux was found guilty of psychological harassment. He received a 12-month suspended sentence and was fined €10,000.
None of the executives were ever disciplined by Ubisoft but the firm's own internal audit found there was "no HR policy until 2020". Lawyer for the plaintiffs, Maude Beckers said the convictions were "a very good decision today, and for the future".
"For all companies, it means that when there is toxic management, managers must be held accountable and employers can no longer let it slide."
-Maude Beckers
Louis Vuitton, the leading brand of French luxury group LVMH, has said that it has suffered a cyberattack resulting in the theft of UK customers' data.
The luxury brand retailer confirmed that an unauthorised third party accessed its UK systems and customer data, including names, contact details and purchase history.
According to Bloomberg, the hack took place on 2 July. It is the third such breach of LVMH's systems in as many months, with Christian Dior Couture and Tiffany targeted in similar attacks.
In an email, the brand said, "While we have no evidence that your data has been misused to date, phishing attempts, fraud attempts, or unauthorised use of your information may occur."
It reassured customers that their financial data, including bank details, were not taken.
Louis Vuitton is the latest retailer to have been targeted by hackers, following cyberattacks in recent months on Marks and Spencer, the Co-op, and Harrods.
Shirine Khoury-Haq, chief executive of the Co-op, confirmed this week that 6.5 million of its members had their data stolen in a cyberattack in April.
Speaking to MPs, Archie Norman, chair of Marks and Spencer, described the experience as "traumatic" and claimed that two major cyberattacks on British companies had gone unreported. He described the attack as "sophisticated", involving impersonation and a third-party contractor, but declined to say whether a ransom had been paid.
"There have been media reports [of] M&S leaving the back door open. We didn't."
-Archie Norman, M&S Chair
Four people - a 20-year-old woman and three males, aged 17-19 years old - have been arrested in the UK on suspicion of extortion, Computer Misuse Act offences, money laundering and participating in the activities of an organised crime group.
When Irish airline Aer Lingus experienced "significant stock loss" from two of its aircraft at Manchester Airport, secret cameras were installed to identify the cause.
Footage showed contract aircraft cleaners helping themselves to cigarettes, alcohol, snacks, and perfume. Workers broke open storage containers and cut through security seals.
Ten workers were charged with the theft of €1,290.10 worth of goods between July and August 2023, as captured on camera.
However, the court heard that the estimated total losses were thought to be as much as €200,000, with the thefts occurring over a much longer period.
Despite the clear evidence obtained here, experts warn that the use of covert surveillance is risky.
"Employers should ensure that they are meeting their obligations under GDPR, and should not be recording covertly unless they have a strong suspicion of serious wrongdoing. It must be a proportionate step, taken for a limited time, or it will not be considered justified and legal."
-Kathleen McAdams, AlbanyHR in People Management
Even when there is overwhelming evidence of wrongdoing, dismissal may not be considered "reasonable". Firms will need to follow a fair disciplinary process that is ACAS compliant, or they may risk claims of unfair dismissal.
This includes:
"It is clear from an overview of the evidence in this case, that really what was happening is that nearly everybody seemed to be at it, and when individuals saw that others were involved in theft, they became involved too. This is serious offending because of the level of trust invested in you."
-Judge Nicholas Dean KC
Ten workers received 12-month community orders and were ordered to carry out community work.
The Bank of England has fined Vocalink £11.9 million for a compliance failure under section 196 of the Banking Act 2009. It's the first time that a financial market infrastructure firm has been fined.
Vocalink, the Mastercard-owned company, operates the technical infrastructure that processes automated payments on behalf of the Bankers' Automated Clearing System (BACS), responsible for over 90% of salaries and 98% of state benefit payments, as well as powering 47,000 machines across the ATM network.
In 2021, Vocalink was asked by the central bank to remediate issues and weaknesses in its systems and controls under section 191 of the Act. It had until February 2022 to comply.
However, Vocalink failed to comply in full:
"Vocalink fell short of its obligation to have adequate risk management and governance arrangements when responding to the Bank's Direction. Its failure to comply with that Direction in full has resulted in a significant fine."
- Sarah Breeden, Deputy Governor for Financial Stability
If you're still here, then now is a good time to remind you of the importance of annual leave.
Many of us struggle to take time off. Will it be seen as a lack of commitment? We may worry about the impact on career advancement, on finances, or simply dread that overflowing inbox or all the backed-up work on our return.
A study by Breathe's Holiday Burnout Report 2024 found that:
However, annual leave increases productivity by 45%, it reduces sickness absence by 28%, and also increases creativity and mental health.
So, go now… Do something different. Or, do nothing at all. We'll be right here when you get back. Happy holidays!
We have created a series of comprehensive roadmaps to help you navigate the compliance landscape, supported by e-learning in our Essentials Library.