This month's key compliance news includes Apple's trade secrets theft, Meta's record fine, bribery in the pharma sector, and more.
Cryptocurrency exchange Poloniex has agreed to pay $7.6 million for violations of US sanctions, according to the Office of Foreign Assets Control (OFAC).
Around 66,000 transactions worth over $15 million were made by Poloniex for five years with individuals in Iran, Sudan, Syria, Cuba, and Crimea. Poloniex had failed to put systems and controls in place to stop customers in sanctioned countries from accessing its services.
In addition, it did not have an effective anti-money laundering program in place until May 2015, despite launching in 2014. This lack of due caution and care was an aggravating factor. Despite giving addresses in sanctioned jurisdictions, customers were able to keep using Poloniex's platform, OFAC said.
“Poloniex also began monitoring IP address data in May 2015 to detect logins from sanctioned jurisdictions. Poloniex conducted additional diligence on such logins, including contacting the owner of the relevant account, and closed certain accounts based on that diligence. Poloniex did not begin implementing a block on such IP addresses until June 2017”
- OFAC
Poloniex could have been fined more, but it was credited for “substantial cooperation” and the remedial measures taken by Circle, which acquired it in 2018.
The Department of Justice (DoJ) has charged a former Apple engineer who's accused of stealing Apple's trade secrets relating to autonomous systems, including self-driving.
Weibao Wang was hired by Apple in 2016. But, he took a job with a Chinese company based in the US in 2017 to develop self-driving cars, something he only made known to Apple four months later.
According to the DoJ, Wang, "accessed large amounts of sensitive proprietary and confidential information in the days leading up to his departure from Apple". Large quantities of Apple's data were found at his home after a search by officials. Wang fled to China to work for a competitor shortly after that.
The charge is one of five initial cases involving the Disruptive Technology Strike Force, which was set up to protect critical technology assets from nation-state adversaries.
Five banks unlawfully shared competitively sensitive information between 2009 and 2013, according to a provisional finding by the Competition and Markets Authority.
A group of traders from Citi, Deutsche Bank, HSBC, Morgan Stanley, and Royal Bank of Canada participated in one-to-one conversations in Bloomberg chatrooms related to the buying and selling of UK government bonds.
The conversations specifically related to gilts and gilt asset swaps, including details on pricing and other aspects of trading strategies, including:
Deutsche Bank notified the CMA about its participation in alleged unlawful behaviour under leniency rules, and Citi also applied for leniency during the CMA investigation. This means Deutsche Bank will not be fined and any fines received by Citi will be discounted, subject to continued cooperation.
"Our provisional decision has found that, in the aftermath of the global financial crisis, 5 global banks broke competition law by taking part in a series of one-to-one online exchanges of competitively sensitive information on pricing and other aspects of their trading strategies on UK bonds. This could have denied taxpayers, pension savers and financial institutions the benefits of full competition for these products, including the minimisation of borrowing costs,"
- Michael Grenfell, Director of Enforcement, CMA
The CMA’s investigation is ongoing, and it stressed that no assumptions should be made about law-breaking at this point.
An FX boss has been convicted of a £70m investment scam following a seven-week trial in London. Anthony Constantinou of Capital World Markets (CWM FX) had promised exceptional returns of 60% on allegedly risk-free foreign exchange (FX) markets.
Investors were recruited through word-of-mouth via investment seminars, initially with a minimum investment of £50,000, which later rose to £100,000. They were told that only 10% of the capital was risked, with the rest held in a ‘segregated account’ in Germany. It would be further protected with matching funds by CWM.
However, in reality, it was a Ponzi-type scheme. The significant funds raised from 250 known investors were used to bankroll Constantinou's luxury lifestyle instead - with around £2.5m splurged on his own wedding, £70k on his child's first birthday party, and a luxury CWM launch party.
CWM operated from late 2013 to early 2015 and was based in Heron Tower. It sponsored sports teams, including Chelsea FC, and boxing events. Constantinou did not attend the later stages of the hearing, and an international arrest warrant was issued to find him. He will be sentenced next month.
"This has been a long-running and complex investigation. Anthony Constantinou is a career criminal who is out to make as much money for himself as possible, with no regard for anyone else. Throughout this lengthy investigation, Constantinou has continued to try to deceive officers and deny any wrongdoing. In a further move to deny any involvement in this case, he decided to stop attending his trial. We are glad that the jury has seen through his lies and unanimously found him guilty."
- DI Nichola Meghji, City of London Police
There's been a sharp rise in the number of potential victims of modern slavery over the last year, according to figures released by the charity Unseen. Calls to the helpline have more than doubled, with 6,516 potential victims identified, a rise of 116%.
Based on an analysis of those calls, there were significant increases in forced labour, sexual exploitation, and domestic servitude, with the care sector showing a huge increase (1,024%) in potential victims.
Exploitation of Indian, Nigerian, and Zimbabwean workers was especially prevalent, which - the report points out - is likely due to low levels of pay and an overreliance on temporary workers in the sector.
In one case outlined in the report, workers were brought into the UK on student visas and worked in care homes through an agency. The agency charged the care homes for the work but did not pay the workers. They had worked 14-hour shifts for five days with no pay.
Eleven cases in the report related to the Homes for Ukraine scheme, and one involved organ harvesting. Earlier this month, Ike Ekweremadu – a senior politician from Nigeria, his wife, and a doctor were found guilty of organ trafficking, the first case of its kind under the Modern Slavery Act. Together, they were sentenced to almost 25 years.
“To be serious about tackling modern slavery in the UK, we need much more awareness of the true size of the problem, better support for victims, and get many more resources going into targeting the criminals behind the exploitation. Instead, the UK is bringing in new migration laws that criminalise some victims of modern slavery, forcing them underground and keeping them vulnerable to traffickers. We should be doing more to expose the extent of slavery, not driving it further into the shadows."
- Justine Carter, Director, Unseen.
A record $279m has been paid to a whistleblower – the biggest award to date, the Securities and Exchange Commission has revealed. The figure is more than double its $114m award that was paid in October 2020.
It has been confirmed that this award relates to a bribery case against the telecommunications company Ericsson. The whistleblower gave multiple interviews and written submissions to the regulator and expanded the scope of the misconduct charges substantially.
"The size of today’s award… not only incentivises whistleblowers to come forward with accurate information about potential securities law violations but also reflects the tremendous success of our whistleblower program. This success directly benefits investors, as whistleblower tips have contributed to enforcement actions resulting in orders requiring bad actors to disgorge more than $4 billion in ill-gotten gains and interest. As this award shows, there is a significant incentive for whistleblowers to come forward with accurate information about potential securities law violations."
- Gurbir Grewal, Director of Enforcement, SEC
The payments are made out of an investor protection fund, and no money is taken from investors harmed by the misconduct. Awards can range from 10-30% of the money collected when sanctions exceed $1 million. The SEC offers more information on the whistleblower program and how to report a tip.
Clearview AI has been fined €5.2 million for not complying with an earlier order issued by CNIL, France’s data protection agency.
The company, which scrapes selfies from the internet and uses people’s personal data for its facial recognition tool, has fallen foul of data protection rules in countless EU countries, gathering millions of fines along the way.
In October 2022, it was given the maximum fine (€20 million) by CNIL for three main breaches and ordered to stop collecting photographs of French residents.
However, so far Clearview AI has failed to cooperate with regulators, which has resulted in fresh non-compliance penalties. In a statement, a spokesperson for the company said:
"Clearview AI does not have a place of business in France or the EU, it does not have any customers in France or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR."
Notably, it does not say that it has never processed European users' data. Its stance prevents law enforcement authorities in the bloc from using their tools because they risk being fined, like Sweden's police authority.
CNIL is now holding talks with the Federal Trade Commission, its American counterpart, to resolve the matter.
Meta has received a record €1.2 billion fine from Ireland’s Data Protection Commission (DPC) for breaching data protection rules, specifically on international data transfers.
Meta, which owns Facebook and WhatsApp, has been ordered to suspend all transfers of personal data from the EU to the United States. This means users' personal data will need to be removed from Facebook's servers. It has six months to comply.
The DPC accused Meta of failing to comply with a European Court of Justice ruling in 2020, which required the company to have robust protection when data is transferred outside the EU.
The sanction relates to the case brought by Max Schrems, the Austrian privacy campaigner. Following the Snowden revelations, Schrems raised concerns about EU users’ data not being protected from US intelligence agencies when it was transferred to the United States.
While Facebook uses standard contractual clauses (SCCs) to cover the transfer, the DPC said these “did not address the risks to the fundamental rights and freedoms of data subjects that were identified by the [court of justice] in its judgment”.
"We are … disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe. This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US."
- Nick Clegg, spokesperson, Meta
Dutch-based medical device company Koninklijke Philips has agreed to pay $62m over alleged bribery in China.
According to the SEC, for five years, Philips’ representatives “engaged in improper conduct to influence foreign officials in connection with tender specifications in certain public tenders to increase the likelihood that Philips’ products were selected”.
It is Philips' second FCPA action in ten years. In 2013, the company paid $4.5 million for records and controls offences relating to similar practices in Poland.
Our comprehensive compliance roadmaps help you navigate compliance. We also have searchable compliance glossaries for those new to the topic, and we regularly report on key compliance fines.
If you'd like to stay up to date with compliance best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
For a one-stop compliance training solution, try our best-selling Compliance Essentials Course Library and award-winning LMS.
Last but not least, we have 100+ free compliance training aids, including best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations, webinars and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!