Our pick of key compliance stories this month
- Pandora Papers reveal secret world of offshore deals
- Southeastern loses franchise over failure to declare
- Credit Suisse £350m settlement in corruption case
- NatWest expects £340m fine AML breaches
- Real estate group charged in £150m fraud
- Sky Italia fined £2.7m for GDPR malpractice
- Facebook shares drop after fines & whistleblowing
- Petrofac fined £77m over historic bribery
- Manufacturer fined £40k for health & safety breach
- OBIE chair resigns over malpractice & bullying
Pandora Papers reveal secret world of offshore deals
A cache of over 11m files consisting of confidential offshore records shared by the International Consortium of Investigative Journalists has exposed the secret financial dealings of 130 billionaires, 300 public officials and 30 world leaders in the biggest leak in history.
The leak shows how these individuals bought real estate, cars, and even artworks by Banksy and Picasso via a complex web of offshore shell companies and incognito bank accounts. Enabled by banks, law firms and accounting practices, they evaded taxes in their home countries and in some cases, misappropriated wealth through embezzlement. The implicated parties include politicians receiving donations via offshore corporate structures, dealers transferring ownership of Cambodian antiquities to bypass UK inheritance tax, as well as celebrities concealing their earnings to evade income tax.
Following the leak, at least eight countries have announced investigations into the financial and wealth assets of implicated individuals. The FATF insists countries must now do more to strengthen transparency by establishing beneficial ownership registers.
- Before establishing any business relationship, companies must conduct due diligence checks and carry out regular ongoing reviews to confirm customers' identity, source of wealth or funds (SOW/SOF), beneficial ownership, as well as the purpose and expected nature of the relationship.
- Companies must conduct enhanced due diligence, particularly when dealing with complex company structures, Politically Exposed Persons, relatives and close associates to manage transactions posing higher risks.
- Build a healthy conduct culture at your company where employees feel comfortable reporting any concerns or suspicious activity.
Southeastern loses franchise over failure to declare
Rail operator Southeastern has had its franchise claimed by the Government after it failed to declare over £25m of taxpayer funds. The Operator Last Resort will now oversee the rail services in the southeast region to safeguard taxpayers’ interests.
Investigations over the undeclared funds are being carried out and the Government has indicated the company and any guilty parties involved in the case could face financial penalties.
"We won’t accept anything less from the private sector than a total commitment to their passengers, and transparency with taxpayers."
The Department for Transport has said that the taxpayer funds have since been reclaimed.
Credit Suisse £350m settlement in corruption case
Global bank Credit Suisse has been fined £147m by the Financial Conduct Authority (FCA) as part of a £343m resolution agreement for failing to conduct adequate due diligence.
Loans worth over £940m were issued to the Republic of Mozambique over four years by the bank’s Emerging Markets Business but were mired in corruption.
As part of the settlement deal, Credit Suisse has written off £144m of debt owed by the Republic of Mozambique.
"The FCA’s fine reflects the impact of these tainted transactions which included a debt crisis and economic harm for the people of Mozambique."
NatWest expects £340m fine AML breaches
NatWest faces a £340m fine from regulators after it admitted to three counts of failing to conduct adequate due diligence on £365m.
The funds in question were deposited by Fowler Oldfield, a jeweller with a predicted turnover of £15m. His NatWest accounts were in fact at the centre of the multi-million-pound laundering business, with frequent and large deposits of up to £1.8m.
"We work tirelessly with colleagues, other banks, industry bodies, law enforcement, regulators and governments to help find collaborative solutions to this shared challenge. These partnerships are crucial to counter the significant and evolving threat of financial crime to society."
It is the first criminal prosecution brought by the FCA against a bank under the 2007 Money Laundering Regulations. MPs are now asking why it took five years for the FCA to bring a prosecution.
- Due diligence cannot be a one-time process – ongoing reviews are needed to ensure a client’s transactions and activities are legitimate.
- Employees are responsible for looking out for red flags - including transactions and suspicious payments which defy market norms.
- Firms should ensure suspicious reports are filed promptly - to enable further investigations to be carried out.
- Combatting financial crime requires vigilance and a collaborative effort - between regulators, law enforcement and the financial industry.
Real estate group charged in £150m fraud
The Serious Fraud Office has launched a formal investigation into the Alpha and Green Park Group of Companies over alleged money laundering and suspected fraud.
They have been charged with misleading some 1,500 investors into buying over £150m worth of leaseholds across the country, with the promise of guaranteed returns. The properties include student accommodation throughout the UK, along with holiday homes in Devon. The investors, who come from 50 different countries, stopped receiving their returns in 2018.
Police carried out several coordinated raids, interviews and mandatory requests for evidence across the country in light of the case.
Sky Italia fined £2.7m for GDPR malpractice
Garante, Italy’s data protection regulator, has fined Sky Italia £2.7m for using customer data without seeking consent. Garante heard how scores of customers received telemarketing calls from Sky Italia and third parties without having ever subscribed to these promotions. It also failed to carry out checks on contact lists obtained from third parties, in breach of the accountability principle.
Garante stated: "Unlike what Sky believed, in fact, the consent to communicate their data to third parties given by users to the company providing the lists did not authorise it to use the names for promotional purposes."
The regulator also noted that a large and experienced company like Sky Italia should have taken more care with GDPR compliance, particularly since they have a large customer base.
As well as the fine, Sky Italia was ordered to stop processing customer information via third parties for any commercial purposes.
- Businesses are accountable - They must take responsibility for what happens with personal data, implement organisational and technical measures, and be able to demonstrate compliance with data protection principles.
- Companies need to review and document consent practices - Individuals are entitled to object to direct marketing and can change their minds at any time.
Facebook shares drop after fines & whistleblowing
Facebook's former employee who was part of its civic integrity team, Frances Haugen, has blown the whistle and released documents accusing the company of consistently prioritising "astronomical profits before people".
Haugen claimed Facebook put user engagement above all else, even when such decisions led to online hate, violence and misinformation. Documents show that Facebook also conducted internal research that proves that time spent on Instagram negatively impacted teens’ mental health and emotional well-being – and failed to do anything about it.
In light of these allegations, US Congress questioned the company’s Global Head of Safety over buried internal research. The Senator overseeing the court session said: "Facebook knows the destructive consequences that Instagram’s design and algorithms are having on our young people and our society".
Separately, Facebook was also fined £10m after discriminatory hiring practices in the US, and over £50m in the UK for breaching competition rules.
- Businesses are responsible for ensuring products and services do not harm vulnerable people.
- Managers should foster a healthy culture and encourage anyone with concerns to speak out via internal whistleblowing channels.
- Companies need to ensure there are robust policies and procedures to protect individuals from harm. For example, companies in the iGaming industry need to ensure that individuals below the legal age don’t have access to their products or services and to identify those at risk.
Petrofac fined £77m over historic bribery
The UK Serious Fraud Office (SFO) has secured convictions against Petrofac Ltd for bribes paid between 2011 and 2017.
Petrofac Ltd pleaded guilty to seven corporate counts of failing to prevent bribery by the senior executives of its subsidiaries. They used third-party agents to bribe officials in Iraq, Saudi Arabia and the United Arab Emirates paying them £32m to obtain oil and gas contracts worth over £2.5bn. Petrofac’s former Head of Sales, David Lufkin, was also convicted of 14 counts of bribery and was given a two-year custodial sentence, suspended for 18 months.
Lisa Osofsky, Director of the SFO noted that the Petrofac Ltd conviction shows: "The SFO will use all the powers at its disposal to root out and prosecute companies and individuals, whose criminal activity detrimentally affects the reputation and integrity of the United Kingdom."
- Businesses are responsible for looking out for bribery red flags - including payments concealed as commission or fees, anything that doesn't make commercial sense, third parties who merely 'facilitate' deals, and so on.
- Remember that anti-bribery laws are extra-territorial in nature - we can be held liable for bribes paid anywhere in the world.
- Firms should ensure that there is adequate scrutiny and oversight - of business decisions and the tender process.
Manufacturer fined £40k for health & safety breach
Treelocate (Europe), a manufacturer of artificial plants and trees, has admitted breaching Work at Height Regulations after an employee fell from height and suffered severe injuries. The company was fined £40k and over £1.5k in legal costs.
The Court heard how one of its warehouse operatives was accessing products stored in unwrapped boxes up to four bays high. Bays were primarily accessed by ladder and employees had to either carry or drop the boxes to ground level. The employee in question slipped from the ladder and fell around five metres, sustaining a serious head injury.
"Treelocate Ltd failed to suitably plan and carry out work at a height in its warehouse … as far as is reasonably practicable....Ladders should not just be the go-to piece of equipment for working at height."
- All companies must carry out health and safety risk assessments - and provide training for employees to manage risks and prevent workplace injuries.
- Firms should appoint a Health and Safety Officer - to ensure compliance depending on the nature of work and the size of the business.
- Companies have a duty to protect the health, safety and welfare of staff - including providing equipment to keep people safe, particularly if manual work and/or working at height is undertaken.
OBIE chair resigns over malpractice & bullying
Imram Gulamhuseinwala, the former chair and trustee of the Open Banking Implementation Entity (OBIE) has resigned as part of the remedial action being taken to tackle a culture of misconduct and poor governance in the body.
The Competition and Markets Authority (CMA) ordered nine UK banks and building societies to establish the OBIE in 2017 to create a more collaborative culture between big firms and startups as well as drive forward open banking reforms.
Following reports by a whistleblower, the CMA found there was a toxic working environment where sexist comments were brushed aside and conflicts of interest, governance failings, and a culture of bullying and intimidation were not tackled.
New non-executive directors have now been appointed to provide greater scrutiny and oversight.
Looking for more compliance insights?
If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech, and RegTech news, subscribe to Skillcast Compliance Bulletin.
To help you navigate the compliance landscape, we have collated searchable glossaries of key terms and definitions across complex topics, including GDPR, Equality, Financial Crime and SMCR. We also track the biggest compliance fines, explaining what drives them and how to avoid them.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
Last but not least, we have 80+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!