Key compliance news including Pfizer bribery, insurance price-fixing, child labour, misleading FS promos, chat-bot cyberattack, gambling AML and more.
Our pick of key compliance stories this month
- Pfizer facing DOJ & SEC foreign bribery probes
- Compare the Market £17.9m competition law fine
- Chocolate industry slammed for failing to reduce child labour
- FCA contacts 55 companies over misleading financial promotions
- Danske Bank accused of discriminating against vulnerable customers
- Wells Fargo ex-CEO settles SEC claims while former consumer-unit head faces fraud case
- Ticketmaster UK fined £1.25m by the ICO over chat-bot cyberattack
- Stricter licence conditions for online gambling operator over AML failings
Pfizer facing DOJ & SEC foreign bribery probes
In November, the whole world heard Pfizer announce the first effective vaccine for Covid-19. What many won't know is that in the same month the US Department of Justice (DOJ) and Securities and Exchange Commission (SEC) launched an investigation in Pfizer's activities in Russia and China. The requests from two Chinese agencies were sent in June and August of 2020, while the Russian requests were sent in 2019 and have already been disclosed in earlier reports.
Both of these probes fall under the Foreign Corrupt Practices Act (FCPA), which bans US individuals and companies from bribing foreign government officials for their own benefit. This is not the first run-in that Pfizer has had with the law either, as in 2012 the firm agreed to pay more than $60 million to settle charges by the SEC and DOJ for the alleged violation of the FCPA.
Pfizer's not the only pharmaceutical company to have been penalised under the FCPA. In June 2020, Novartis was paid out $347 million to conclude years of FCPA investigations around its conduct in China, Vietnam, South Korea and Greece. However, none of these fines even come close to the $490 million fine handed over to Chinese authorities in 2014 by GlaxoSmithKline for bribery in addition to the $20 million it paid to the SEC.
Compare the Market £17.9m competition law fine
The Competition and Markets Authority (CMA) has fined Compare the Market £17.9 million after it discovered that certain clauses in company contracts with home insurers breached UK competition law. The CMA investigation concluded that over a period of two years, Compare the Market was in breach of competition law by imposing wide 'most favoured nation' clauses on home insurance providers making sales through its platform.
These clauses effectively prohibited home insurers from lowering their prices on other platforms. Additionally, these restrictions made it more difficult for Compare the Market’s competitors to grow and challenge the company's dominant market position as other price comparison websites were effectively rendered unable to beat it on price.
Consequently, competition among price comparison websites, as well as competition among home insurers selling such platforms, was limited. The CMA ruled that this is likely to have resulted in increased insurance premiums.
- Never discuss or enter into agreements with competitors regarding prices, margins, market shares or production volumes
- Never discuss future pricing plans and promotions with suppliers or discuss RRPs with retailers
- Don't impose price, territorial or online sales restrictions on suppliers or distributors unless you are absolutely certain that it is legally permissible to do so in that instance
- Don't act in a way that restricts competition in markets where you enjoy a dominant position by for instance refusing to supply, prohibiting discounting, imposing exclusive obligations or entering "pay-for-delay" deals
Chocolate industry slammed for failing to reduce child labour
Almost two decades after the world's leading chocolate brands promised to eliminate employment abuses, perilous child labour remains rife within their supply chains. Researchers from NORC at the University of Chicago discovered that 43% of 5 to 17 year olds in the Ivory Coast and Ghana are engaged in dangerous work. These are the two largest cocoa producing countries in the world.
In fact, approximately 1.56 million children work in cocoa production in just these two countries alone. The kinds of dangerous work they are engaged in includes exposure to agrochemical products, working at night, and working with sharp tools, among other dangerous practices.
The report, which was commissioned by the US Department of Labor, reveals that the overall proportion of child labourers has increased by 14% in the last 10 years. This increase has been accompanied by a 62% increase in production over the same period of time.
The findings of this report raise tricky questions for the chocolate industry. Back in 2001, international brands such as Hershey, Nestlé and Mars signed a cross-sector accord aimed at eliminating egregious child labour. In spite of missing deadlines to deliver on their pledge in 2005, 2008 and 2010, they keep on insisting that ending child labour for good remains their top priority.
FCA contacts 55 companies over misleading financial promotions
The FCA has revealed that it has been in contact with 55 authorised firms between 1st January 2019 and 1st August 2020 asking them to withdraw or change approved financial promotions due to concerns that they were "unclear, unfair or misleading".
The UK regulator has not yet taken any formal action against any of the companies involved, and has previously admitted to possessing somewhat limited powers when it comes to tackling misleading financial services promotions. However, it has stated that it has "a number of ongoing investigations" into UK companies "where the suspected misconduct relates in some way to the communication of financial promotions".
Commenting on the issue, an FCA spokesperson said that "The FCA carries out a range of activities to protect consumers from misleading financial promotions. For example, the FCA has placed restrictions on the financial products that can be promoted to retail consumers, it maintains rules regarding the content of financial promotions, which it supervises actively, and it authorises the firms which approve the communication of financial promotions by unauthorised firms."
Danske Bank accused of discriminating against vulnerable customers
New internal documents leaked to media outlets have revealed that Danske Bank trains its employees to encourage indebted customers to sell via the bank's own real estate broker at an above-average fee. After months of escalating scandals, it further reinforces a damning picture of the practices and culture within the Danish bank.
Whilst quite a few of the "errors" so far have been blamed on human mistakes and IT failures, it is crystal clear that this latest scandal has been brought about by the bank's deliberate actions. The internal employee manual contains direct instructions on how to encourage the use of Home, the Danske Bank's own real estate broker, for customers who have been forced to sell their homes to pay off debt.
The manual also makes it clear that such customers need to be subjected to prices higher than those they would have been charged for a similar service elsewhere. An internal investigation found that customers were each overcharged an average of 28,800 kroner (£3,450), totalling 64.6 million kroner (£7.75m) in overpayments.
Commenting on the case, Lars Krull, a banking expert attached to Aalborg University, stated "It's tasteless in its entirety. Business procedures must of course be in order and legal, and the customers' overall interest must be taken care of without the bank's interest in its own earnings."
- Put vulnerable people first, keep them at the centre of your response, and provide information and support, so that they're empowered to make their own decisions
- Be vigilant for signs and triggers that might suggest someone is vulnerable
- Be clear about company rules and policies, but don't follow them slavishly if they are not appropriate in a particular situation
- Be proactive - look for better ways to improve your response to vulnerable people
- Report any concerns that you have immediately to protect vulnerable people from harm or exploitation
Wells Fargo ex-CEO settles SEC claims while former consumer-unit head faces fraud case
Former Wells Fargo & Co. CEO John Stumpf is to pay $2.5m to settle claims over the bank's fake accounts scandal, while regulators are to sue former consumer-bank head Carrie L. Tolstedt over numerous fraud offenses.
Stumpf, who resigned as CEO in 2016, did not admit or deny the SEC's claims, which accused him of misleading investors about how successful Wells Fargo's community banking business truly was. Stumpf was previously barred from the banking industry and dished out $17.5m to settle claims from the Office of the Comptroller of the Currency.
In a separate case, Tolstedt had a civil fraud case brought against her in a San Francisco federal court. Regulators accused Tolstedt of publicly describing and endorsing a key measure of Wells Fargo's business, the "cross-sell metric" while failing to disclose that the figures were inflated by unauthorized and unused services and accounts.
The lawsuit filed against Tolstedt seeks a court judgment which will effectively prevent her from serving as a director or officer of a public company, in addition to the fine which she would be required to pay. The OCC, another of Wells Fargo's regulators, separately charged Tolstedt earlier this year, seeking a lifetime ban and a $25m fine.
Ticketmaster UK fined £1.25m by the ICO over chat-bot cyberattack
The Information Commissioner's Office (ICO) has issued a £1.25m fine to Ticketmaster UK for failing to keep customers' personal information secure. An ICO investigation discovered that the firm had no appropriate security measures in place to prevent a cyberattack from occurring on a chat-bot which had been set up on an online payment page.
This incident, which was also found to be in breach of GDPR, included the release of payment card numbers, customer names, and even credit card CVV numbers and expiry dates. The full scale of the breach is still not entirely known, but it could have potentially affected up to 9.4 million of Ticketmaster's customers across Europe, of which 1.5 million reside in the UK.
As a direct result of this data breach, 60,000 payment cards belonging to Barclays customers were discovered to have been subjected to known fraud, while an additional 6,000 payment cards had to be replaced by Monzo Bank after fraudulent use was suspected.
Despite the breach starting in February 2018, this penalty only relates to the breach from 25th May 2018, when new GDPR rules came into effect. Ticketmaster UK removed the chat-bot from their website on 23rd June 2018.
- Implement suitable controls to minimise the chance of a personal data breach ever occurring within your company
- Don't put people's personal information at risk by using it in ways that they wouldn't reasonably expect
- Immediately inform your DPO of any data breach or incident within your company
- Keep a record of all data breaches and any action that you took as a result to provide an audit trail, and identify trends and weaknesses
Stricter licence conditions for online gambling operator over AML failings
An online gambling company has had a number of stricter licence conditions imposed upon it after an assessment by the Gambling Commission discovered a number of anti-money laundering failures. Commission rules were found to have been breached by Boylesports Enterprise on its Boylecasino.com and Boylesports.com websites.
The assessment, which forms part of the Commission's drive to improve AML standards across the gambling industry, shows that Boylesports did not have a suitable money laundering risk assessment in place. It was also revealed that the firm's anti-money laundering policies, controls and procedures were not up to scratch and therefore could not be implemented effectively.
Licence conditions added include
- Appoint a Money Laundering Reporting Officer (MLRO) who holds a Personal Management Licence (PML)
- Ensure that specific staff undertake outsourced AML training and periodic refresher courses, including PML holders, key control staff and senior management
- Regularly review AML policies, controls and procedures in terms of effectiveness and implementation
In addition to these conditions, Boylesports was also handed an official warning and fined £2.8 million for its failings.
Looking for more compliance insights?
If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news subscribe to Skillcast Compliance Bulletin.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!