Our pick of key compliance stories this month
- Binance fined $4.3bn & CZ resigns over AML failings
- EU attempts to beef up crypto AML/CTF compliance controls
- Solicitor convicted of first-ever ‘tipping off’ offence
- Rabobank fined €26.6m over bonds cartel
- Entain to pay £585m to settle bribery charges
- Allegations of ‘toxic’ behaviour at MoD and FDIC
- HSBC customers face outage on Black Friday
- Cyberattacks disrupt UK property deals and the British Library
- Ex-Goldman banker gets 3 years for insider trading
- Malfunctioning robot kills worker during test
Binance fined $4.3bn & CZ resigns over AML failings
Cryptocurrency exchange Binance has pleaded guilty and agreed to pay a $4.3bn fine after admitting that it engaged in money laundering, unlicensed money transmitting and sanctions violations, according to US regulators.
Its founder and CEO, Changpeng Zhao, who is known by his initials CZ, has resigned and will pay a $50m fine. He pleaded guilty to failing to maintain an effective AML program and now faces a possible jail term.
Prosecutors said that Binance had such poor controls that terrorists, cybercriminals, sanctions violators and child abusers channelled payments for years via its platform.
The crypto exchange failed to implement know-your-customer (KYC) protocols or monitor transactions and never filed a suspicious activity report (SAR) with FinCEN. It allowed users to open accounts and trade without submitting any information other than an email address, only requesting information in August 2021, while allowing existing users to keep trading until May 2022 without checks.
Its own internal communications show that it did not have protocols to flag or report transactions for money laundering risks, with one employee even writing, “we need a banner ‘is washing drug money too hard these days - come to Binance we got cake for you.’”
Binance ignored and routinely traded with users in sanctioned countries (including Iran, North Korea and Syria) and designated groups, including Hamas, Al Qaeda and the Islamic State of Iraq and Syria (ISIS).
Deputy Attorney General Lisa O. Monaco said: “A corporate strategy that puts profits over compliance isn’t a path to riches; it’s a path to federal prosecution.”
“In just the past month, the Justice Department has successfully prosecuted the CEOs of two of the world’s largest cryptocurrency exchanges in two separate criminal cases. The message here should be clear: using new technology to break the law does not make you a disruptor; it makes you a criminal,”
Binance will now have an independent compliance monitor for three years. Its former Chief Compliance Officer Samuel Lim will also pay $1.5m for wilfully helping customers using ‘workarounds’ and ‘creative means’ to evade US laws.
Separately, Kraken is also being sued by the Securities and Exchange Commission for operating an unregistered securities business and mixing its own funds with its customers. Following the FTX collapse and charges against Sam Bankman-Fried earlier this year, crypto regulations in the US and elsewhere can't come soon enough.
Key takeaways:
- Conduct appropriate AML checks and sanctions screening – to prevent systems from being used to facilitate financial crime
- Conduct proportionate due diligence checks – including enhanced due diligence on high-risk customers and document the results as an audit trail
- Never be tempted to use ‘workarounds’ or ‘creative means’ to bypass controls or evade sanctions restrictions – you will be caught
- Don’t put profit before principles – remember your actions may damage our reputation and facilitate financial crime
- Remember, this also links to ESG – we have a moral duty to rid society of drugs, gun crime, trafficking, organised crime, etc, which fuel money laundering and terrorist financing
EU to beef up crypto AML/CTF compliance controls
The European Banking Authority (EBA) is planning new guidance to strengthen existing Anti-Money Laundering and Combatting the Financing of Terrorism (AML/CTF) standards for crypto asset providers.
The EBA has highlighted inadequacies in existing standards and wants Payment Service Providers (PSPs), Intermediary PSPs (IPSPs), crypto-asset service providers (CASPs) and Intermediary CASPs (ICASPs) to improve their detection of missing or incomplete information on fund transfers, to prevent the abuse of funds and crypto transfers for terrorist financing and other financial crimes.
Its proposals will require exchanges and custodial wallet providers to:
- Collect and maintain information on self-hosted crypto addresses
- Identify and verify the originator or beneficiary (for transfers over €1,000)
The new rules are expected to be finalised in February 2024. The Markets in Crypto-assets Regulation (MiCA) and the Transfer of Funds Regulation (TFR) will also apply from 2024.
Solicitor convicted of first-ever ‘tipping off’ offence
A British lawyer has been convicted of ‘tipping off’ a client about a money laundering investigation in the first-ever case of its kind, according to the Serious Fraud Office (SFO).
When the SFO requested information from solicitor William Osmond about the purchase of a £8m property in Mayfair by his client James Ramsay, Osmond tipped him off about it.
Osmond regularly discussed the case with Ramsay and flew to Malta to meet Ramsay, just one week after the SFO’s initial request.
Osmond - who was the acting MLRO for the firm - also forged a letter claiming that he was the “solicitor for a British Virgin Islands company which was purchased by Ramsay and used to move funds for the purchase of the London property”. Ramsay had paid £4m towards its cost.
Searches of Osmond's office by the SFO uncovered handwritten notes of their meetings. Osmond was convicted of one charge of tipping off under the Proceeds of Crime Act and one charge of forgery.
“We have been aware of this issue for some time, but it has been on hold pending the SFO’s case. Now that the case has concluded, we will collect all relevant information before deciding on next steps.”
Rabobank fined €26.6m over bonds cartel
Netherlands-based Rabobank has been fined €26.6 million for its involvement in a cartel between 2006 and 2016.
The European Commission said the cartel focused on euro-denominated SSA bonds (Supra-Sovereign, Foreign Sovereign, Sub-Sovereign/Agency bonds) and government-guaranteed bonds traded in the EEA.
The antitrust regulator said that for a decade, traders operating at Deutsche Bank’s EUR SSA desk in Frankfurt and at Rabobank’s Investment Grade Bonds desk in London exchanged commercially sensitive information and then coordinated their trading and pricing strategies.
Traders used Bloomberg emails, instant messages and online chatrooms to exchange information on:
- Prices, volumes, and also current and future trading strategies and positions
- The counterparties’ identities
- Requirements for buying and selling bonds
Under leniency rules, Deutsche Bank received immunity for revealing the existence of the cartel and cooperating fully, thereby avoiding a fine of around €156 million.
“Trustworthy and well-functioning bonds trading markets are crucial not only for the national authorities issuing bonds but also for the investors buying and trading,” said antitrust chief Didier Reynders.
Key takeaways:
- Never exchange commercially sensitive information with competitors – including on pricing, markets, strategies, products, or anything else
- If risky topics start to be discussed in front of competitors – leave immediately and have your objection noted
- If you receive commercially sensitive information from a customer – for example, as they try to get a better price, then document where and how it was received as evidence
- Encourage your team to speak up if they witness anti-competitive behaviour – remember, under leniency rules, the first to speak up about illegal practice and cooperate may escape penalties, as Deutsche Bank did here
- Cooperate fully with the authorities in an investigation or dawn raid – remember, they are entitled to search paper and electronic company records, even your personal phone messages. Never conceal or destroy evidence.
Entain to pay £585m to settle bribery charges
Entain, the owner of Ladbrokes and Coral, has agreed to pay £585m to settle bribery charges against one of its former businesses in Turkey.
HMRC launched an investigation in 2019 into Entain’s failure to prevent bribery and the activities of third parties and some employees.
Entain said it had reached a Deferred Prosecution Agreement (DPA) with the Crown Prosecution Service. Under the agreement, Entain will also make a £20m charitable donation and pay £10m towards the HMRC and CPS’ costs. Further details are expected in December.
“This legacy matter concerns a business which was sold by a former management team six years ago. The group has changed immeasurably since these events took place. We are committed to continuing our journey towards operating only in regulated markets and are now widely recognised as a best-in-class, responsible operator with the highest levels of corporate governance across all aspects of our business.”
Allegations of ‘toxic’ behaviour at MoD and FDIC
Around 60 senior women have alleged ‘toxic’ and ‘hostile’ behaviour in a letter sent to the Ministry of Defence’s permanent secretary. The women – who hold senior operational and security roles – claim that they are subjected to a widespread culture of sexual assault, harassment and abuse by male colleagues.
The letter, which is marked ‘Official-Sensitive’ said:
“We are spoken over during meetings, we are subject to pejorative language, we receive unwanted attention and face sexual harassment, including intrusive staring, sexualised comments, running commentary about what we wear, how we look, and how we smell.”
It catalogues a list of specific incidents indicating a discriminatory and abusive culture, including:
- Groping at a social function but being advised against complaining
- Unwanted and inappropriate touching by a senior military officer
- A group of military officers keeping an ‘Excel spreadsheet that rated women’ based on ‘looks and what they thought they’d be like in bed’
- Being propositioned by a military officer late at night on an overseas military base
Recently, the military has faced successive misogyny, harassment and abuse scandals, including in the Red Arrows, the Navy’s submarines, nine rapes at the Army’s training college, and the death of Jaysley Beck after relentless harassment by her boss.
The MoD said: “We are deeply concerned by the complaints made, and we are taking action to tackle the issues raised. No woman should be made to feel unsafe in Defence, and this behaviour will not be tolerated. We also continue to encourage anyone who has experienced or witnessed this kind of inexcusable behaviour to report it immediately.”
Separately, a committee has been launched to investigate ‘toxic’ behaviour at the US banking regulator, the Federal Deposit Insurance Corporation (FDIC), after allegations of sexual harassment, misogyny and partying were made in the Wall Street Journal.
It’s claimed that the agency did not tackle the poor culture or take reports seriously, despite 12 allegations of sexual harassment in four years.
In a letter to Martin Gruenberg, the FDIC’s chair, the House Financial Services Committee said it would “focus not only on the alleged widespread and entrenched misconduct and toxic work environment but whether this environment impacted the safety and soundness of the banking system.” Gruenberg’s personal conduct will also face scrutiny.
HSBC customers face outage on Black Friday
HSBC has apologised after thousands of its UK customers were locked out of mobile and online banking services on Black Friday, one of the busiest shopping days of the year.
A spokesperson said, “We understand this is really frustrating for some of our customers, and we are really sorry for the inconvenience.” The disruption was due to “an internal system issue”.
Consumer groups were critical, with a spokesperson for Which? Saying, “This HSBC outage will cause a real headache for a lot of its customers. In the worst cases, it could prevent people making essential payments such as rent and bills, but it also falls on Black Friday, one of the busiest shopping days of the year.”
The timing is bad news for the industry, coming amid widespread branch closures with customers being urged to embrace digital services instead. HSBC closed 114 branches this year.
Banks have until March 2025 to demonstrate that they are resilient to disruption of services under the operational resilience plans of the Bank of England.
Key takeaways:
- Identify what sorts of disruptions could affect your operations – such as physical attacks (e.g. protests or activism, bomb threats), cyberattacks, weather or natural events (e.g. fire, flood), third-party supplier failure, and more
- Identify business-critical services – prioritise services that, if disrupted, would impact customers and/or would harm financial stability
- Conduct an operational resilience mapping exercise – identify and document the people, processes, technology, facilities and information needed to deliver each important business service. The mapping must be sufficient to allow you to identify vulnerabilities and mitigate these where possible.
- Undertake operational resilience scenario testing – to check your ability to remain within a pre-defined impact tolerance for each important business service in the event of a severe but plausible disruption of operations.
- Act on lessons learned – if weaknesses are identified, take action to improve your ability to respond and recover from future disruptions effectively.
- Develop contingency plans to be implemented if an incident occurs – this should include issues such as communications, key stakeholders, teams with relevant expertise in specific areas, contact information, etc, in order to restore ‘business-as-usual’ as fast as possible.
Cyberattacks disrupt deals & the British Library
IT Managed Service Provider (MSP) CTS has confirmed it is experiencing system disruption following a cyberattack. The incident is thought to have affected around 80-200 law firms, with exchanges and completions of property purchases delayed.
"We are experiencing a service outage which has impacted a portion of the services we deliver to some of our clients. The outage was caused by a cyber-incident," CTS said in a statement. It was unable to provide a timescale for the restoration of its services.
One of its clients, O'Neil Patient, confirmed that the outage was “impacting a number of organisations across the sector, as our provider is a specialist in secure legal systems for many law firms and barrister’s chambers.”
Earlier this year, the UK National Cyber Security Centre (NCSC) warned that MSPs increased the attack surface and were considered a “juicy target” for hackers because they usually manage large numbers of customers.
Separately, the British Library has also confirmed that personal details stolen in a cyberattack have been offered for sale online. The attack was carried out on 31 October, and the known ransomware group Rhysida has since claimed responsibility. It’s posted low-resolution images of employment contracts and passports, with starting bids of 20 bitcoins (around £600k).
Users are advised to change their passwords as a precaution, with academics and researchers being told to expect disruption for several months.
The group has previously targeted government institutions in Portugal, Chile and Kuwait. US government agencies have warned that it uses phishing attacks to dupe people into sharing passwords or clicking on malicious links, or firms’ virtual private networks used by remote workers to gain access.
The attack raises concerns about the UK’s cyber resilience of critical infrastructure (such as schools, hospitals and local authorities). The British Library is a public body sponsored by the Department for Digital, Culture, Media and Sport (DCMS).
Ex-Goldman banker gets 3 years for insider trading
Brijesh Goel, an ex-Goldman Sachs investment banker, has been jailed for three years for insider trading.
Goel received sensitive non-public information in internal emails. After games of squash and drinks, he then tipped off his friend Akshay Niranjan, a former Barclays foreign exchange trader, who made trades on his brother's account. The two bankers split $280,000 in profits.
Goel was found guilty, earlier this year but Niranjan was not charged, having reached a consent decree.
Passing sentence, US attorney Damian Williams said, “If you try to cheat the system by engaging in insider trading, you will be punished, and if you try to cover your tracks while under investigation, you only make matters worse.”
Malfunctioning robot kills worker during test
A worker in his 40s has been crushed to death at an agricultural distribution centre in South Gyeongsang province, South Korea.
The employee was checking the robot's sensor operations before a test run when the accident occurred. The robotic arm was lifting boxes of peppers onto pallets but malfunctioned, failing to distinguish between him and the box of vegetables.
The man's face and chest were crushed against the conveyor belt, and he died later of his injuries. The plant's owner, Dongseong Export Agricultural Complex, now wants 'precise and safe' systems to be established.
Christopher Atkeson, a robotics expert at Carnegie Mellon University, said: “Robots have limited sensing and thus limited awareness of what is going on around them.” Earlier this year, a man in his fifties sustained serious injuries after being trapped by a robot at a car parts plant.
There have been 41 fatalities involving robots in the US alone between 1992 and 2017. The majority (83%) occur during maintenance.
"This study highlights the growing challenges of protecting workers who perform tasks with the aid of robots. As robotic technology develops, identifying patterns of death, such as those found in this study, will be a critical part of developing safeguards, including safety standards, to protect workers."
Looking for more compliance insights?
We have created a series of comprehensive roadmaps to help you navigate the compliance landscape, supported by e-learning in our Essentials Library.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.
