Compliance News | June 2022

Posted by

David Mangion

on 28 Jun 2022

This month's key compliance news includes the UK Data Reform Bill, the Flagstar data breach, Glencore bribery convictions, new Instagram verification processes, and more.

Compliance News | June 2022

Our pick of key compliance stories this month

New data laws to boost British business

A UK Data Reform Bill has been announced, which aims to strengthen the UK's high data protection standards. The Bill aims to reduce burdens on businesses by removing the UK GDPR's prescriptive requirements related to data risks, saving businesses over £1bn over the next decade.

An additional goal is to modernise the Information Commissioner's Office (ICO), the data regulator, so it can better help businesses comply with the law.
The Bill will also increase financial penalties for those pestering people with nuisance calls and minimise the number of annoying cookie pop-ups people see on the internet.

Under the new Bill, fines for violations of the UK's existing Privacy and Electronic Communications Regulations (PECR), which aim to prevent companies from contacting people for marketing purposes without consent, will be increased substantially.

The fines will increase from the current maximum of £500k to align with current UK GDPR penalties, which are up to 4% global turnover or £17.5 million, whichever is greater.

Key takeaways:

  • The Data Reform Bill is expected to restructure the ICO and business' responsibilities concerning information and data compliance. Firms will need to keep themselves updated on the eventual passing of the Bill to ensure they fulfil their regulatory obligations.
  • Firms will need to up the compliance risk linked to PECR violations to be in line with GDPR violations.
    GDPR Compliance Roadmap

UK joins other nations & bans Russian gold imports

One of the latest UK sanctions on Russia now includes a ban on Russian gold imports in an attempt to limit the country's ability to sell assets and fund the ongoing conflict in Ukraine.

In 2021, Russian gold exports accounted for a hefty £12.6bn. Gold's importance as an asset has increased in 2022 as Russian oligarchs rush to invest in gold bullion to protect the value of their assets. The UK, US, Canada and Japan have all confirmed the sanctions, with more G7 countries expected to follow suit.

The UK government clarified that the sanctions would apply to newly minted or refined gold. It will not impact gold exported from Russia in the past.

Free Sanctions Training PresentationBanking fraud victims to be compensated £3m

According to a source familiar with a proposed agreement likely to be disclosed later this week, victims of one of Britain's largest financial frauds will be handed compensation packages worth £3m.

This comes in response to a major banking scam run by a group of bankers at Halifax Bank of Scotland (HBOS), now a part of Lloyds Banking Group. The scam drained the bank and small businesses of about £245m and left hundreds of individuals and businesses in severe financial difficulties.

A panel led by the retired high court judge, Sir David Foskett, will make the reimbursement offer to approximately 200 people if it is determined that they suffered financial losses due to the crime.

Business owners who qualify will have the option of accepting the packages rather than participating in a re-evaluation of their cases, which would result in a longer delay for compensation.

If every applicant is found eligible and the offers are accepted, Lloyds may have to pay about £600 million in compensation.

Free Internal Fraud Training PresentationData breach at Flagstar affects 1.5m clients

Flagstar Bank has alerted more than 1.5m customers that hackers have compromised their personal information. The breach occurred in December 2021 when hackers managed to access Flagstar's intranet. However, it was only six months after an inquiry that the bank learned that the hackers had accessed clients' personal data.

"Upon learning of the incident, we promptly activated our incident response plan, engaged external cybersecurity professionals experienced in handling these types of incidents, and reported the matter to federal law enforcement. We have no evidence that any of the information has been misused."

 Flagstar Bank

The bank is offering affected customers two years of free identity monitoring and protection services.

This is not the first serious incident that Flagstar has experienced in recent years. In January 2021, a ransomware group compromised the bank, releasing samples of stolen data, including names, SSNs, addresses, tax information, and phone numbers.

Free Cyber Security Training Presentation

Credit Suisse Global Head leaves over WhatsApp use

Anthony Kontoleon, former Head of Equity Capital Markets at Credit Suisse, has left his position after he was found to be communicating with clients using WhatsApp, an unauthorised messaging service.

Regulators have recently clamped down on financial professionals' use of personal email and messaging services for work-related tasks and communication. This practice could skirt lenders' regulatory requirements to monitor and record employees' communication with clients.

An internal investigation at the firm showed that Kontoleon hadn't shared inappropriate information via WhatsApp, but using the unauthorised app was sufficient grounds for his removal.

Key takeaways:

  • Unauthorised use of communication apps is enough to warrant disciplinary action, even if no inappropriate or confidential data is shared.
  • Firms need to pay particular attention to their regulatory requirements concerning online or digital communication, particularly in a world where online communication and hybrid/remote working have become the norm.
    Data Security Tips on the Move

Instagram to ramp up efforts to verify age of teens

Instagram, the Meta-owned social media app, is currently trialling ways to verify new users' age to ensure all new sign-ups comply with the 13+ age rule. The tech company has faced extensive criticism over the past few months over teen and child safety on its platforms, particularly in light of the information revealed by Facebook whistleblower Frances Haugen.

The new age verification methods include an ID upload, a video selfie, or having three adult Instagram users vouch for them. Currently, Instagram already uses video selfies as one method to help account holders verify identity and ownership of their account should they get locked out.

The director of the UK Safer Internet Centre notes that Instagram's trials are encouraging and that "the potential is there to try and help protect children from content which isn't for them and make their internet experience more age-appropriate."

About Age of Consent

Ex-construction company director sentenced & fined

Two former directors of Keebar Construction, a construction company, have been sentenced and fined by the HSE for failing to prevent exposure to asbestos-containing materials (ACMs).

The Court heard how a demolition and refurbishment project at the former Joplings Department Store in Sunderland resulted in disturbed ACMs. The project took place over several months, where ACMs were broken up using sledgehammers and brute force.

This resulted in asbestos fibres that spread over five floors inside the building and outside in a central area. When the HSE intervened, it found over 1,300 square metres of contaminated waste inside the department store.

Keebar Construction's two former directors, Alan Barraclough and James Keegan, both received a 14-month sentence, suspended for two years and ordered 120 hours of unpaid community work. They were suspended from being directors for ten years and fined over £44k each.

"Asbestos is responsible for the premature deaths of over 5,000 people each year. […] Exposure to asbestos can cause four main diseases - Mesothelioma (a cancer of the lining of the lungs), asbestos-related lung cancer, Asbestosis (a scarring of the lungs); and Diffuse pleural thickening (a thickening of the membrane surrounding the lungs, which can restrict lung expansion leading to breathlessness)."

HSE inspector Phil Chester

Health & Safety Compliance Roadmap

Ghana International Bank fined £5.8m

The FCA has fined Ghana International Bank (GHIB) £5.8m for failings in anti-money laundering controls. The main reason for the fine was the bank's practice of providing correspondent banking services to other lenders, which enabled them to provide products and payment services they would otherwise be unable to.

Authorities found the bank unable to identify and assess risks posed by its correspondent bank customers. Furthermore, they failed to properly scrutinise transactions worth £9.5bn processed on their behalf.

According to the FCA, "No evidence of actual money laundering was detected, though the risk of money laundering as a result of these deficient systems was significant," adding that GHIB has agreed to an early settlement and not to dispute the findings.

Key takeaways:

  • Conduct initial and ongoing customer due diligence using a risk-based approach.
  • Look out for anything suspicious, paying particular attention to high-risk customers and jurisdictions.
  • Report any knowledge or suspicion of money laundering immediately.
  • Exercise extreme care to avoid tipping off anyone who has been reported for money laundering or terrorist financing.

AML Risk Assessment Tips

SFO convicts Glencore on seven counts of bribery

The Serious Fraud Office (SFO) has found Glencore Energy (UK) Ltd guilty of all seven counts of bribery brought against it. The business pleaded guilty to several counts of bribery to gain access to oil and make illegal gains.

The SFO's investigation revealed that Glencore paid over $28m (£22.2m) in bribes through its employees and agents in exchange for preferential access to oil, including larger cargoes, more valuable oil grades, and preferred delivery dates. The firm gave the go-ahead for these activities across its oil operations in South Sudan, Equatorial Guinea, Nigeria, Cameroon, and the Ivory Coast.

Glencore's sentencing is scheduled for November 2nd and 3rd of this year.

Bribery Prevention Training Presentation

Green investment scheme scammers jailed

Following the SFO's successful investigation and prosecution, Andrew Nathaniel Skeene and Junie Conrad Omari Bowers have been sentenced at Southwark Crown Court to 11 years' imprisonment.

Bowers and Skeene were the masterminds behind Global Forestry Investments, a fraudulent green investment scheme that defrauded around 2,000 victims from their savings and pensions.

The con artists persuaded victims to put money into three Brazilian teak tree plantations. They told them they were safe, ethical investments that would support local communities and maintain the Amazon rainforest. In actuality, not much was happening, and the couple used their money to enrich themselves.

Skeene and Bowers collectively withdrew about £750k in cash during the schemes' operation and spent an additional £2m on shopping, luxuries, and entertainment. Additionally, Skeene paid for his opulent wedding with money from investors, while Bowers purchased a Bentley Continental GT.

"The investors believed that they were buying into an ethical investment scheme which would yield a safe and steady income. But the reality was that you wrote or said things about the schemes which were either false or misleading at the outset or became so, and you failed to correct them." The Judge highlighted the "serious detrimental impact" the scam had on investors, including some victims being prevented from retiring and suffering "prolonged distress and mental anguish".

His Honour Judge Pegden QC

Fraud Prevention Good Practice Guide

Looking for more compliance insights?

We have created a series of comprehensive roadmaps to help you plan and execute compliance in your organisation.

Our best-selling Compliance Essentials Library and award-winning LMS provide a one-stop compliance training solution, including compliance refresher courses.

And our searchable compliance glossaries explain key terms and regularly report on learnings from the largest compliance fines resulting from regulatory breaches.

We also have 80+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!

If you'd like to stay up to date with compliance learning best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.

Last but not least, you can interact in person with thought leaders and your peers at one of our popular live webinars and face-to-face events.

If you've any questions or concerns about compliance or e-learning, please get in touch.

We're happy to help!

Compliance Essentials

Compliance Essentials Library is our best-selling comprehensive corporate training solution.

100+ e-learning and microlearning courses that help companies from SMEs to multinationals achieve compliance success.

Start a Free Trial