Compliance News | May 2024

Posted by

Lynne Callister

on 30 May 2024

This month's key compliance news includes TD Bank's fine, the City's excessive working hours culture, Citi's 'fat finger' fine, Christie's cyberattack, and more.

May 2024

Our pick of key compliance stories this month

TD Bank gets Canada's biggest ever $6.7m AML fine

TD Bank has been handed Canada's biggest-ever fine of $6.7 million for a series of anti-money laundering failures, according to its watchdog. The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) claimed Toronto-Dominion Bank had:

  • Failed to submit suspicious activity reports where there were reasonable grounds to suspect transactions were linked to money laundering or terrorist financing activity
  • Failed to assess and document money laundering and terrorist activity risks adequately
  • Failed to take prescribed special measures for high-risk customers and conduct ongoing monitoring of business relationships
  • Failed to keep proper records of the measures being taken and information obtained when conducting ongoing monitoring.

    It comes days after the bank confirmed it had set aside $450 million to resolve three other AML investigations in the US. Last month, TD Bank's CEO Bharat Masrani admitted that its "AML program was not where it needed to be, and we are addressing it".

Separately, the US Justice Department is also investigating whether Chinese crime groups and drug traffickers were using the Canadian bank to launder the proceeds of US fentanyl sales. It follows charges and a subsequent guilty plea by Da Ying Sze after prosecutors brought a case in New Jersey.

Under surveillance, Sze and his associates paid money in at three different TD branches. It is also claimed that at least two TD employees were given gift cards and other bribes totalling $57,000 to help launder the proceeds.

Key takeaways:

  • Report any suspicions or concerns immediately to your MLRO - if you think your business is being used for money laundering or terrorist financing
  • Conduct proportionate due diligence - such as simplified, standard, or enhanced checks
  • Don't tip off anyone suspected of money laundering - you could be prosecuted as this is illegal
  • Don't be complicit or bypass your company's internal controls for any reason - they are designed to protect everyone from money laundering and terrorist financing risks
  • Remember, money laundering is not a victimless crime - the real victims are those whose lives are ruined by drugs like fentanyl. Money laundering has a devastating impact on society.

AML Compliance & Mitigating Risk Webinar

Spotlight on excessive working hours

As we mark Mental Health Week this month, the spotlight has been placed on the excessive culture of excessive working hours across Wall Street and the City. The focus has intensified following the death of a 35-year-old Bank of America investment banker, who allegedly worked 120-hour weeks on a live deal in the Financial Institutions Group (FIG) sector before his death.

A Bank of America spokesperson denied this, saying the bank's records did not support the claim. According to Business Insider, Bank of America has systems to flag excessive working hours, with HR contacting anyone working over 100 hours a week to check their well-being.

The cause of death was later confirmed as "acute coronary artery thrombus". While the associate died of natural causes, a specialist recruiter for the financial services sector confirmed that the 35-year-old had contacted them, looking to switch jobs because of the extreme hours he worked.

Bank of America said, "We are very saddened by the loss of our teammate. We continue to focus on doing whatever we can to support the family and our team, especially those who worked closely with him."

Just a few weeks later, a second BoA trader died suddenly after a suspected cardiac arrest while playing football at an industry event. The 25-year-old worked in the bank's global markets unit in the London office. Once again, a spokesperson expressed the bank's condolences.

In 2018, Business Insider investigated the frequency of heart conditions in young people working in banking.

“In investment banking, I think whatever they [the banks] say… the hours and the pressure that is put on these guys is huge. So as much as they may be doing things to improve — I don’t think it’s changed at all,”

- Syed Ahsan, cardiologist in Canary Wharf.

Cardiologists believe the immune system can be weakened due to a combination of an unhealthy lifestyle and fatigue. With two deaths in a few weeks, it's a reminder that nobody's invincible and we should all take work-life balance issues more seriously.

Mental Health at Work E-learning Course

Citigroup fined for £1.1 bn' fat finger' error

Citigroup has been fined £62m by UK regulators after a 'fat finger' error by one of its traders working on the London Delta 1 desk caused a 'flash crash'. On 2 May 2022, the trader had intended to sell a basket of equities to the value of $58m. But, due to an inputting error when entering the basket in the order management system, a basket for $444bn was created instead.

Citigroup's controls blocked $225bn of the basket, but the remaining $189bn was sent to a trading algorithm designed to sell the remaining shares over the rest of the day. A total of $1.4bn equities were sold across European exchanges before the trader cancelled the trade 15 minutes later. This coincided with a significant short-term drop in European markets of a few minutes.

Regulators said the order generated 711 alerts, but the trader could manually override them by clicking through. Only the first 18 lines of this were visible, and there was no need to scroll down to view them all.

Some primary controls were absent or deficient. There was no hard block to reject the entire order and stop it from reaching the market. In addition, the bank's real-time monitoring was 'ineffective', meaning it was 'too slow' to escalate alerts.

The FCA's final notice also mentions understaffing. It happened on a bank holiday when those usually monitoring trades on CitiSmart, the bank's algorithmic trading system, were on leave. Responsibility for monitoring was passed to the Electronic Execution (EE) desk, which did not recognise the seriousness of the mistake.

The post-trade monitoring team, the E-Trading Risk and Controls Team (ETRC) team, initially failed to escalate the error because their monitoring system filtered out all but eight of the alerts. Nobody responded when the ETRC team flagged it to the EE desk 20 minutes after the trader cancelled the order. A follow-up email was sent four hours later.

In addition, the bank had compliance shortages. One of its roles had remained unfilled for a year, resulting in "insufficient staffing levels within EMEA with the requisite skills and experience that was performing that monitoring".

"We are pleased to resolve this matter from more than two years ago, which arose from an individual error identified and corrected within minutes. We immediately took steps to strengthen our systems and controls and remain committed to ensuring full regulatory compliance," said a Citi spokeswoman.

However, far from being a one-off incident, the PRA noted that "the Firm's breaches persisted over a period of 4 years". Worryingly, equities derivatives traders made 985 changes to Citi's pre-trade validation checks between January 2020 and February 2021 without risk and compliance council (RCC) approval.

Imposing a £28m fine, the FCA said, "The FCA expects firms engaged in trading activities, including those using algorithmic trading, to have effective systems and controls in place to stop errors like this occurring."

"These failings led to over a billion pounds of erroneous orders being executed and risked creating a disorderly market. We expect firms to look at their own controls and ensure that they are appropriate given the speed and complexity of financial markets."

- Steve Smart, The FCA

The Prudential Regulation Authority (PRA) also imposed a £34m fine. The fines qualified for a 30% discount because the bank did not dispute the findings and agreed to settle. Citigroup lost $48m as a result of the error.

Market Abuse Regulation E-learning Course

'Finfluencers' face charges for financial promotions

A number of reality TV star 'finfluencers' are facing charges for promoting an unauthorised trading scheme on social media.

The Financial Conduct Authority said that the influencers promoted the unauthorised scheme on Instagram.

It claims that, between May 2018 and April 2021, Emmanuel Nwanze and Holly Thompson used the Instagram account @holly_fxtrends to provide advice on buying and selling Contracts For Difference (CFD), which they were not authorised to do.

CFDs are high-risk products used to bet on the price of an asset - in this case, the price of foreign currencies. The FCA alleges that Mr Nwanze paid Biggs Chris, Jamie Clayton, Lauren Goodger, Rebecca Gormley, Yazmin Oukhellou, Scott Timlin and Eva Zapico to promote the @holly_fxtrends Instagram account to all their followers.

Nwanze faces charges of running an unauthorised investment scheme and issuing unauthorised financial promotions. Each of the others faces one count of unauthorised communications of financial promotions. They are due to appear in court on 13 June 2024.

The FCA recently finalised its guidance on financial promotions on social media, which includes 'finfluencers'.

Key takeaways:

  • Plan in advance - so that all advertisements and promotions are properly reviewed by Compliance before release
  • Don't use social media or ephemeral messaging apps - including to give advice or promote your business' products
  • Only use authorised channels to communicate with clients - all communications must be fully captured and recorded to comply with regulations. Remember, this protects you and the company in the event of claims
  • Make sure all your claims are fair, clear and not misleading - watch out for 'greenwashing' and 'AI washing', and record evidence to back up any claims you make
  • Don't speak on behalf of your company on social media - unless it is your job to do so
  • Check out the FCA's updated guidance on financial promotions on social media - is it time for a training refresher?

Tips for Social Media Policies

Christie's makes $94.6m despite cyberattack

Auction house Christie's has shown resilience by making $114.7m in two major sales despite a cyberattack shutting down parts of its website.

The "technology security issue" was executed on 9 May. It threatened to hamper art sales and other high-value items in its spring auction, as prospective buyers could not view the lots online.

Christie's Live, its online bidding platform, was unaffected. However, the website was still down before the auction, leading to fears among commentators that the financial data of wealthy collectors was at risk.

Lots in the sale included artworks by Vincent van Gogh, Pablo Picasso, Georgia O'Keefe and Andy Warhol. However, a sale of rare watches - including some owned by Michael Schumacher - was delayed.

Following the sale, Christie's chief executive Guillaume Cerutti described the results as "very solid under the circumstances" and confirmed that the auction house had taken down its website as "a security measure."

"In these circumstances, communication is key. You have to be very measured in how you communicate. The words you choose, the information you give, everything has to be done step-by-step to make sure you recover from the incident, to regain the confidence of your clients,"
- Guillaume Cerutti, Chief Executive, Christie's

He praised his team for how they responded to the situation. "When something like this happens, you have to react very quickly. That's what we have done. Otherwise, we would not have been able to continue what we've done this week."

"Tonight was a strong performance… The best is still to come…"
In the coming weeks, over 1,700 artworks will be auctioned by Christie's, Phillips and Sotheby's, worth between $1.2bn and $1.8bn.

Understanding FCA Operational Resilience

Google Cloud deletes £125bn pension fund account

Around 620,000 UniSuper fund members had no access to their pension fund accounts after they were accidentally deleted. The financial services provider's private cloud account was deleted because of a set-up 'misconfiguration'.

Services were eventually restored more than a week after the outage. UniSuper's CEO Peter Chun confirmed that the outage was not due to a cyberattack and no personal data had been compromised.

In a joint statement, Chun and Google Cloud's CEO Thomas Kurian apologised and said, "This incident is an exceptional and singular occurrence that has not happened with any client of Google Cloud on a global scale before."

The pair acknowledged that it had been "extremely frustrating and disappointing" for members due to a "one-of-a-kind occurrence". The outage occurred when UniSuper's Private Cloud services were set up incorrectly, causing the fund's subscription to be cancelled.

"Google Cloud CEO, Thomas Kurian has confirmed that the disruption arose from an unprecedented sequence of events whereby an inadvertent misconfiguration during provisioning of UniSuper's Private Cloud services ultimately resulted in the deletion of UniSuper's Private Cloud subscription," the statement said.

"Google Cloud has identified the events that led to this disruption and taken measures to ensure this does not happen again."

Although the pension fund had duplication in two different locations, in case of system outage or loss so services could be restored, when the subscription was deleted, it resulted in removal across both locations. Services were restored because UniSuper also had backups with another cloud provider.

"These backups have minimised data loss and significantly improved the ability of UniSuper and Google Cloud to complete the restoration," the statement said.
"The dedication and collaboration between UniSuper and Google Cloud has led to an extensive recovery of our Private Cloud, which includes hundreds of virtual machines, databases and applications."

The outage should prompt firms to continually assess their operational resilience, especially for outsourced IT and cloud facilities.

Third-Party Risk E-learning Course

EC plans competition charges against Microsoft

The European Commission, Europe's anti-trust watchdog, is planning to bring fresh charges against Microsoft over its Teams software, according to the Financial Times.

An investigation was launched in July 2023 to determine whether the technology giant breached competition rules by tying or bundling its Teams video conferencing software to its Office 365 and Microsoft 365 suites.

Microsoft announced last month that it planned to unbundle its collaboration app and sell it separately from Microsoft Office worldwide. This extended its decision to unbundle Teams across the EEA and Switzerland previously. But it seems that this may not be enough to satisfy the watchdog.

The probe into Microsoft's dominance dates back to July 2020 after the collaboration app Slack filed a formal complaint. It claimed that Microsoft engaged in the "illegal and anti-competitive practice of abusing its market dominance to extinguish competition in breach of European Union competition law" by "force installing it for millions, blocking its removal, and hiding the true cost to enterprise customers".

Regardless of its unbundling, competitors are concerned that the tech giant will ensure Teams runs seamlessly on its software rather than theirs. They also worry about data portability, making it harder for existing Teams users to switch to their apps.

The consequences may be serious, as companies can face fines of up to 10% of global turnover for breaches of competition law. Over the last decade, Microsoft has faced fines of €2.2 billion for tying and bundling products in ways that were seen as anti-competitive.

Key takeaways:

  • Be clear about whether your company has a dominant position - for example, a market share of more than 40%, a significant financial or technological edge, and so on
  • Take extra care if the company has a dominant position - especially in situations where your company's conduct may result in artificially high prices or significantly reduced choices for consumers, as this can risk regulatory action
  • Never act in a way that restricts competition in any market where your company has a dominant position - for example, refusing to supply, prohibiting discounting, imposing exclusive obligations, or entering "pay-for-delay" deals
  • Get advice from Legal or Compliance before tying or bundling products - there can be legitimate reasons for doing this, but if it raises the costs for competitors, reduces the benefits that customers perceive in competitor offerings, or shuts out rivals from the market, there can be competition concerns
  • Don't discuss future pricing plans and promotions with competitors or suppliers
  • Report any suspicion or violation of competition law immediately to your manager or Legal - this is vital as under leniency rules, the first to report to the authorities can escape prosecution

Anti-trust E-learning Course

US sanctions financial firms & a Russian national

The US Treasury's Office of Foreign Assets Control (OFAC) has sanctioned three financial firms and a Russian national for their involvement in a scheme to unfreeze $1.5 billion in shares controlled by Russian businessman Oleg Deripaska in an Austrian construction company.

OFAC claims that Deripaska tried to sell the shares he holds in Strabag through "an opaque and complex supposed divestment", which amounted to sanctions evasion.

OFAC sanctioned Rasperia Trading, an investment holding company based in Russia, and restricted financial firm Titul, its owner Dmitrii Beloglazov, and Iliadis, a subsidiary of Titul.

OFAC alleged that Deripaska engaged Titul and Beloglazov to complete the transaction in June and acquired Rasperia Trading earlier this year. But the deal was aborted when buyer Austria's Raffeisen Bank International came under pressure from the US and was "unable to obtain the required comfort in order to proceed".

"Anyone still doing business in or with Russia should be skeptical of supposed divestment schemes that involve shell companies or proxies linked to sanctioned oligarchs",

- Brian Nelson, Treasury spokesperson

Deripaska, a raw materials tycoon, has been sanctioned by the US since 2018 for his supposed links to the Kremlin and Russia's energy sector. He was previously charged in 2022 for attempting to evade sanctions. He dismissed the latest sanctions as "balderdash".

This is the latest action to target professional service providers who work for sanctioned Russian oligarchs. Last year, former FBI agent Charles McGonigal was jailed for four years for investigating a rival oligarch.

Key takeaways:

  • Keep your knowledge of sanctions up-to-date – so you understand what's expected of you. Remember, sanctions can change quickly, so check regularly for updates.
  • Look out for red flags - including the use of shell companies, proxies linked to sanctioned people, or transactions via third countries with links to sanctioned jurisdictions.
  • Put systems and controls in place to comply with sanctions obligations – such as identifying individuals or territories subject to sanctions, conducting risk-based due diligence, blocking IP addresses in sanctioned jurisdictions, etc.
  • Monitor any third parties providing due diligence or screening tools on your behalf

Free Sanctions Training Presentation

Former investment manager convicted of fraud

Following a retrial, former investment manager David Kennedy has been convicted for his role in a £100m investment fraud which saw hundreds of people losing their life savings, according to the Serious Fraud Office.

Kennedy and his business partner Timothy Schools managed Axiom Legal Finance Fund, a company registered in the Cayman Islands. They promised investors a guaranteed return, offering loans to UK law firms that pursued no-win-no-fee cases where there was "purportedly a high chance of success". The fund raised over £100m from around 500 investors.

Schools was sentenced to 14 years for fraud at a previous trial in 2022. The SFO's investigation found that Kennedy used investors' money to fund high-risk cases which were not vetted and often failed.

Investors rarely saw any return, and Kennedy diverted over £5.8m from Axiom to pay for items for his personal benefit, including a Swiss ski chalet, a Tenerife villa, and renovations to his UK property.

Timothy Schools, a former solicitor who has since been struck off, also had a boat, luxury cars, and a £5m shooting estate in the Lake District.

Funds to finance their lavish lifestyle were concealed via offshore bank accounts and trusts.

"This individual's criminal actions flooded the legal system with unwinnable cases affecting hundreds of people who suffered financial loss and significant anxiety as a result. This criminality also served to undermine trust and confidence in the legal profession more widely. Our specialist team used their expertise to unpick a complex trail of payments, including into Kennedy's personal accounts, to secure justice for victims today."

- Nick Ephgrave, Serious Fraud Office.

The SFO said the fraud affected around 35,000 clients. The collapse of Axiom, which also led to the failure of an insurance broker business, affected some IFA firms.

Fraud Prevention Training Course

Ex-banker appeals decision over bribery allegations

Former banker Asante Berko is appealing the UK decision to extradite him to the United States to face charges that he bribed Ghanaian officials while working for Goldman Sachs.

At the hearing, his lawyers claimed that the order to extradite Berko should be dismissed as the charges were not extradition offences and mostly occurred in London.

However, US officials counter that Berko and others bribed Ghanaian officials with $700,000. The energy company allegedly reimbursed Berko and his co-conspirators for those bribes by issuing fraudulent invoices. Payments were transferred from Turkey via US bank accounts to Ghana.

In 2020, the Securities and Exchange Commission claimed that Berko helped the bank's client - a Turkish energy company - funnel $2.5 million to a Ghanaian intermediary to pay bribes to Ghanaian government officials to secure their approval for a power plant project.

Berko also helped the intermediary pay $200k to other government officials and personally paid $60k to members of the Ghanaian parliament and other officials. He took deliberate action to prevent the bank from detecting the bribery scheme, including lying to its compliance team about the true role and purpose of the intermediary. At the time, Berko agreed to pay more than $329,000 without admitting or denying the charges.

Berko worked in Goldman's natural resources group. He went on to be the managing director of Tema Oil Refinery Ltd but stepped aside following the SEC charges.

Key takeaways:

  • Follow your company's Gifts and Hospitality policy - ensure you know what is and is not acceptable. What are the limits and thresholds? What should you do if you are offered anything beyond this?
  • Remember, many anti-bribery laws (including the UK Bribery Act) have extra-territorial reach - meaning you can be prosecuted for bribes paid anywhere in the world.
  • Arrange proper oversight of third parties and intermediaries - your company can be found guilty of bribes paid by consultants and intermediaries, even without your knowledge.
  • Take extra care when dealing with foreign public officials - especially state-owned entities.
  • Declare any gifts and hospitality you receive - in line with your company policy and rules.
  • Talk to Compliance or Legal first - if you feel there are legitimate reasons to accept or offer anything outside your company's limits or thresholds. Be honest in all your disclosures.
  • Practise declining graciously - use roleplays so your team isn't tempted to accept due to embarrassment or coercion.

Anti-bribery Training Tips

Looking for more compliance insights?

We have created a series of comprehensive roadmaps to help you navigate the compliance landscape, supported by e-learning in our Essentials Library.

We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!

Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.

Compliance Bulletin

Compliance Bulletin

Our monthly email provides best practices, expert opinions, industry insights, news and key trends in regulatory compliance training, digital learning, EdTech and RegTech.