Compliance News | May 2023

Posted by

Lynne Callister

on 30 May 2023

This month's key compliance news includes Apple's trade secrets theft, Meta's record fine, bribery in the pharma sector, and more.

May 2023

Our pick of key compliance stories this month

Poloniex pays $7.6m for sanctions violations

Cryptocurrency exchange Poloniex has agreed to pay $7.6 million for violations of US sanctions, according to the Office of Foreign Assets Control (OFAC).

Around 66,000 transactions worth over $15 million were made by Poloniex for five years with individuals in Iran, Sudan, Syria, Cuba, and Crimea. Poloniex had failed to put systems and controls in place to stop customers in sanctioned countries from accessing its services.

In addition, it did not have an effective anti-money laundering program in place until May 2015, despite launching in 2014. This lack of due caution and care was an aggravating factor. Despite giving addresses in sanctioned jurisdictions, customers were able to keep using Poloniex's platform, OFAC said.

“Poloniex also began monitoring IP address data in May 2015 to detect logins from sanctioned jurisdictions. Poloniex conducted additional diligence on such logins, including contacting the owner of the relevant account, and closed certain accounts based on that diligence. Poloniex did not begin implementing a block on such IP addresses until June 2017”


Poloniex could have been fined more, but it was credited for “substantial cooperation” and the remedial measures taken by Circle, which acquired it in 2018.

Key takeaways:

  • Keep your knowledge of sanctions up-to-date – so you understand what's expected of you. Remember, sanctions can change quickly, so check regularly for updates.
  • Put systems and controls in place to comply with sanctions obligations – such as identifying individuals or territories subject to sanctions, conducting risk-based due diligence, blocking IP addresses in sanctioned jurisdictions etc.
  • Maintain effective monitoring and oversight of any third parties providing due diligence or screening tools

Free Sanctions Training Presentation

Former Apple engineer guilty of trade secrets theft

The Department of Justice (DoJ) has charged a former Apple engineer who's accused of stealing Apple's trade secrets relating to autonomous systems, including self-driving.

Weibao Wang was hired by Apple in 2016. But, he took a job with a Chinese company based in the US in 2017 to develop self-driving cars, something he only made known to Apple four months later.

According to the DoJ, Wang, "accessed large amounts of sensitive proprietary and confidential information in the days leading up to his departure from Apple". Large quantities of Apple's data were found at his home after a search by officials. Wang fled to China to work for a competitor shortly after that.

The charge is one of five initial cases involving the Disruptive Technology Strike Force, which was set up to protect critical technology assets from nation-state adversaries.

6 Tips for Personal Data Compliance

Five banks broke competition law on UK bonds

Five banks unlawfully shared competitively sensitive information between 2009 and 2013, according to a provisional finding by the Competition and Markets Authority.

A group of traders from Citi, Deutsche Bank, HSBC, Morgan Stanley, and Royal Bank of Canada participated in one-to-one conversations in Bloomberg chatrooms related to the buying and selling of UK government bonds.

The conversations specifically related to gilts and gilt asset swaps, including details on pricing and other aspects of trading strategies, including:

  • The sale of gilts by the UK Debt Management Office via auctions on behalf of HM Treasury
  • The subsequent buying and selling of gilts and gilts asset swaps
  • Buy-back auctions of gilts by the Bank of England, e.g., for quantitative easing (not including Deutsche Bank and HSBC)

Deutsche Bank notified the CMA about its participation in alleged unlawful behaviour under leniency rules, and Citi also applied for leniency during the CMA investigation. This means Deutsche Bank will not be fined and any fines received by Citi will be discounted, subject to continued cooperation.

"Our provisional decision has found that, in the aftermath of the global financial crisis, 5 global banks broke competition law by taking part in a series of one-to-one online exchanges of competitively sensitive information on pricing and other aspects of their trading strategies on UK bonds. This could have denied taxpayers, pension savers and financial institutions the benefits of full competition for these products, including the minimisation of borrowing costs,"

- Michael Grenfell, Director of Enforcement, CMA

The CMA’s investigation is ongoing, and it stressed that no assumptions should be made about law-breaking at this point.

Free Cyber Security Training Presentation

FX executive convicted of £70m investment fraud

An FX boss has been convicted of a £70m investment scam following a seven-week trial in London. Anthony Constantinou of Capital World Markets (CWM FX) had promised exceptional returns of 60% on allegedly risk-free foreign exchange (FX) markets.

Investors were recruited through word-of-mouth via investment seminars, initially with a minimum investment of £50,000, which later rose to £100,000. They were told that only 10% of the capital was risked, with the rest held in a ‘segregated account’ in Germany. It would be further protected with matching funds by CWM.

However, in reality, it was a Ponzi-type scheme. The significant funds raised from 250 known investors were used to bankroll Constantinou's luxury lifestyle instead - with around £2.5m splurged on his own wedding, £70k on his child's first birthday party, and a luxury CWM launch party.

CWM operated from late 2013 to early 2015 and was based in Heron Tower. It sponsored sports teams, including Chelsea FC, and boxing events. Constantinou did not attend the later stages of the hearing, and an international arrest warrant was issued to find him. He will be sentenced next month.

"This has been a long-running and complex investigation. Anthony Constantinou is a career criminal who is out to make as much money for himself as possible, with no regard for anyone else. Throughout this lengthy investigation, Constantinou has continued to try to deceive officers and deny any wrongdoing. In a further move to deny any involvement in this case, he decided to stop attending his trial. We are glad that the jury has seen through his lies and unanimously found him guilty."

- DI Nichola Meghji, City of London Police

Free Fraud Prevention Good Practice Guide

Alarming rise in modern slavery cases

There's been a sharp rise in the number of potential victims of modern slavery over the last year, according to figures released by the charity Unseen. Calls to the helpline have more than doubled, with 6,516 potential victims identified, a rise of 116%.

Based on an analysis of those calls, there were significant increases in forced labour, sexual exploitation, and domestic servitude, with the care sector showing a huge increase (1,024%) in potential victims.

Exploitation of Indian, Nigerian, and Zimbabwean workers was especially prevalent, which - the report points out - is likely due to low levels of pay and an overreliance on temporary workers in the sector.

In one case outlined in the report, workers were brought into the UK on student visas and worked in care homes through an agency. The agency charged the care homes for the work but did not pay the workers. They had worked 14-hour shifts for five days with no pay.

Eleven cases in the report related to the Homes for Ukraine scheme, and one involved organ harvesting. Earlier this month, Ike Ekweremadu – a senior politician from Nigeria, his wife, and a doctor were found guilty of organ trafficking, the first case of its kind under the Modern Slavery Act. Together, they were sentenced to almost 25 years.

“To be serious about tackling modern slavery in the UK, we need much more awareness of the true size of the problem, better support for victims, and get many more resources going into targeting the criminals behind the exploitation. Instead, the UK is bringing in new migration laws that criminalise some victims of modern slavery, forcing them underground and keeping them vulnerable to traffickers. We should be doing more to expose the extent of slavery, not driving it further into the shadows."

- Justine Carter, Director, Unseen.

Free Modern Slavery Statement Template

SEC pays a record $279m to whistleblower

A record $279m has been paid to a whistleblower – the biggest award to date, the Securities and Exchange Commission has revealed. The figure is more than double its $114m award that was paid in October 2020.

It has been confirmed that this award relates to a bribery case against the telecommunications company Ericsson. The whistleblower gave multiple interviews and written submissions to the regulator and expanded the scope of the misconduct charges substantially.

"The size of today’s award… not only incentivises whistleblowers to come forward with accurate information about potential securities law violations but also reflects the tremendous success of our whistleblower program. This success directly benefits investors, as whistleblower tips have contributed to enforcement actions resulting in orders requiring bad actors to disgorge more than $4 billion in ill-gotten gains and interest. As this award shows, there is a significant incentive for whistleblowers to come forward with accurate information about potential securities law violations."

- Gurbir Grewal, Director of Enforcement, SEC

The payments are made out of an investor protection fund, and no money is taken from investors harmed by the misconduct. Awards can range from 10-30% of the money collected when sanctions exceed $1 million. The SEC offers more information on the whistleblower program and how to report a tip.

Free Whistleblowing Training Presentation

CNIL issues Clearview AI with a fresh €5.2m fine

Clearview AI has been fined €5.2 million for not complying with an earlier order issued by CNIL, France’s data protection agency.

The company, which scrapes selfies from the internet and uses people’s personal data for its facial recognition tool, has fallen foul of data protection rules in countless EU countries, gathering millions of fines along the way.

In October 2022, it was given the maximum fine (€20 million) by CNIL for three main breaches and ordered to stop collecting photographs of French residents.

However, so far Clearview AI has failed to cooperate with regulators, which has resulted in fresh non-compliance penalties. In a statement, a spokesperson for the company said:

"Clearview AI does not have a place of business in France or the EU, it does not have any customers in France or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR."

Notably, it does not say that it has never processed European users' data. Its stance prevents law enforcement authorities in the bloc from using their tools because they risk being fined, like Sweden's police authority.

CNIL is now holding talks with the Federal Trade Commission, its American counterpart, to resolve the matter.

Data Sharing Compliance Tips

Meta fined €1.2bn over personal data transfers

Meta has received a record €1.2 billion fine from Ireland’s Data Protection Commission (DPC) for breaching data protection rules, specifically on international data transfers.

Meta, which owns Facebook and WhatsApp, has been ordered to suspend all transfers of personal data from the EU to the United States. This means users' personal data will need to be removed from Facebook's servers. It has six months to comply.

The DPC accused Meta of failing to comply with a European Court of Justice ruling in 2020, which required the company to have robust protection when data is transferred outside the EU.

The sanction relates to the case brought by Max Schrems, the Austrian privacy campaigner. Following the Snowden revelations, Schrems raised concerns about EU users’ data not being protected from US intelligence agencies when it was transferred to the United States.

While Facebook uses standard contractual clauses (SCCs) to cover the transfer, the DPC said these “did not address the risks to the fundamental rights and freedoms of data subjects that were identified by the [court of justice] in its judgment”.

"We are … disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe. This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US."

- Nick Clegg, spokesperson, Meta

Key takeaways:

  • Be clear about the data protection rules governing international data transfers – train your team so they know what transfers are allowed and what are not, which jurisdictions have ‘adequacy’ arrangements, and what checks are required before making international data transfers.
  • Review the ‘current state’ – for example, what personal data do you currently transfer to the US? Do you use SSCs to cover this? What other measures or safeguards (if any) could be adopted to address the risks?
  • Check data retention policies and ensure appropriate oversight – for example, is personal data currently processed or stored on servers outside the UK or EU? How long is personal data stored, and what procedures are in place to minimise this? What other options could be explored?
  • Use the 4Ts model (Terminate, Tolerate, Treat, and Transfer) to mitigate the risk – for example, you might switch to a cloud provider based in the UK or EU or consider suspending all international data transfers as a precaution.

Data Protection Principles Checklist

Recidivist Philips to pay $62m for alleged bribery

Dutch-based medical device company Koninklijke Philips has agreed to pay $62m over alleged bribery in China.

According to the SEC, for five years, Philips’ representatives “engaged in improper conduct to influence foreign officials in connection with tender specifications in certain public tenders to increase the likelihood that Philips’ products were selected”.

  • Its subsidiaries also engaged in “improper bidding practices” with state-owned hospitals – for example, by tailoring the technical specifications in the tender to match Philips’ products. In addition, Philips prepared its own bids, as well as fake bids describing other companies’ products, to “give the appearance of legitimacy” and satisfy China’s three-bid criteria.
  • Philips’ subsidiaries also used “special price discounts” with distributors of its medical diagnostic imaging equipment in China, which were then used “to fund improper payments to employees of government-owned hospitals”.
  • In Hainan Province, a sales manager reportedly took $14,500 in local currency to the home of the director of a hospital’s radiology department and subsequently won sales for two devices worth $4.6 million.

It is Philips' second FCPA action in ten years. In 2013, the company paid $4.5 million for records and controls offences relating to similar practices in Poland.

Key takeaways:

  • Have a Gifts and Hospitality policy – make sure you know what is and is not acceptable. What are the limits and thresholds? What should you do if you are offered anything beyond this? Where are the red lines?
  • Remember, many anti-bribery laws (including the UK Bribery Act) have extra-territorial reach – meaning you can be prosecuted for bribes paid anywhere in the world.
  • Arrange proper oversight of third parties and intermediaries – we can be found guilty of bribes paid by consultants and intermediaries, even without our knowledge.
  • Take extra care in all dealings with foreign public officials – including state-owned entities.
  • Declare any gifts and hospitality you receive – in line with our policy and rules.
  • Talk to Compliance or Legal first – if you feel there are legitimate reasons to accept or offer anything outside these limits or thresholds.
  • Practise how to decline graciously - use roleplays so your team doesn't feel tempted to accept due to embarrassment or coercion.
  • Learn from your mistakes – this is crucial as regulators (such as the DOJ) have promised to get tough on corporate repeat offenders.

Anti-bribery Training Tips

Want to learn more about compliance?

Our comprehensive compliance roadmaps help you navigate compliance. We also have searchable compliance glossaries for those new to the topic, and we regularly report on key compliance fines.

If you'd like to stay up to date with compliance best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.

You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.

For a one-stop compliance training solution, try our best-selling Compliance Essentials Course Library and award-winning LMS.

Last but not least, we have 100+ free compliance training aids, including best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations, webinars and even e-learning modules!

If you've any questions or concerns about compliance or e-learning, please get in touch.

We are happy to help!

Compliance Bulletin

Compliance Bulletin

Our monthly email provides best practices, expert opinions, industry insights, news and key trends in regulatory compliance training, digital learning, EdTech and RegTech.