Our pick of key compliance stories this month
- AML compliance costs forecast to rise to £1m for financial institutions
- CMA investigate suspected anti-competitive conduct
- Starling Bank payout £1m to former employee
- London Capital & Finance dodges FCA penalty
- MCB fined $30m for third-party oversight failure
- Okta market cap drops $2b after cybersecurity breach
- CFTC dishes out $18m to whistleblower
- SRA warns automatic penalties to be issued
- Financial institutions behind a surge in greenwashing
- OKX fall in line with the FCA's marketing regulations
AML compliance costs forecast to rise to £1m
Research by compliance and payments expert, Eastnets has uncovered a financial industry under intense pressure due to forthcoming Anti-Money-Laundering Authority (AMLA) regulations from the European Commission to combat money laundering and terrorism financing.
Surveying over 3,000 IT, risk, and compliance leaders in the sector, the study revealed that 76% of UK respondents anticipate potential business setbacks of £350,000 to £1 million due to AML legislation, while 72% of European Union respondents foresee similar costs between €360,000 and €1 million.
The majority (97%) expect these expenses to arise from penalties, seizures, and increased training and reporting, with 88% highlighting the growing complexity and financial burden of battling financial fraud and money laundering, partly attributed to stricter regulatory expectations.
These findings underscore significant concerns among financial institutions, with 46% grappling with the rapidly evolving regulatory landscape and 45% struggling with the complexity of regulations and legislation.
CMA investigate suspected anti-competitive conduct
The Competition and Markets Authority (CMA) has initiated an investigation into suspected anti-competitive behaviour concerning the supply of chemicals used in the construction industry, particularly chemical admixtures and additives crucial for products like concrete, mortars, and cement.
The CMA has raised concerns about potential anti-competitive conduct involving several chemical suppliers and industry bodies. This investigation is being conducted in collaboration with the European Commission, which is also probing similar conduct, and the United States Department of Justice, Antitrust Division.
While the CMA may issue a statement of objections if it preliminarily finds a violation of competition law, it emphasises that no assumptions should be made at this stage. This action aligns with the CMA's commitment, as outlined in its 2023-2024 Annual Plan, to combat anti-competitive practices and foster a fair and innovative business environment.
Key takeaways:
- Engage in antitrust vigilance - companies operating in the construction industry, particularly chemical suppliers, need to be vigilant about complying with competition law and avoiding anti-competitive behaviour. This includes not engaging in practices that could harm fair competition, such as price-fixing, market allocation, or collusion.
- Conduct legal due diligence - businesses involved in mergers, acquisitions, or collaborations should conduct thorough legal due diligence to ensure they are not inheriting or engaging in anti-competitive practices.
- Have a robust compliance programme in place - educate employees about competition law, monitor business practices, and ensure adherence to legal standards. A strong compliance programme can help mitigate risks and prevent potential violations.
Starling Bank payout £1m to former employee
Gulnaz Raja, who was terminated from her job as a lawyer at Starling Bank, had previously won a disability discrimination case against her former employer and has now been granted over £1.1 million by an employment judge.
Raja's career suffered significant setbacks when she was fired by her boss, Matt Newman, who favoured a culture of long office hours. In contrast to her boss, Raja adhered strictly to her contract hours, leaving work at the stipulated time and arriving just five minutes before board meetings.
Nevertheless, she compensated for this by working from home later in the evening, as revealed by the employment appeal panel. Despite Gulnaz Raja's attempts to adapt her working conditions to accommodate her asthma, her employer, Starling Bank, grew impatient when she fell ill and requested to work from home.
Raja had developed a cough attributed to the office's air conditioning and had asked to be relocated to a desk away from the AC vents. The tribunal noted that Starling Bank failed to address her health concerns and was reluctant to support sick leave and remote work, suggesting a discouraging attitude towards these accommodations.
London Capital & Finance dodges FCA penalty
The insolvent credit broker, London Capital & Finance (LCF), has avoided a significant financial penalty from the FCA in relation to the misleading promotions it employed to market minibonds to investors.
The FCA, in a press release, condemned LCF for its "unfair and misleading" advertising practices. However, due to LCF being under administration since 2019 and efforts to prioritise bondholder creditors, the FCA chose not to impose a fine on the company.
Despite this, the regulator did not mince words in criticising the firm for its "serious failings" that negatively impacted more than 11,000 investors. It was noted that LCF could have been liable for approximately £237 million ($291 million) in restitution if such an order had been issued.
"LCF's use of financial promotion led to bondholders, many of whom were vulnerable, investing in unsuitable, high-risk products...it is important we set out what went wrong at LCF and how their promotions misled people into parting with their money."
MCB fined $30m for third-party oversight failure
Metropolitan Commercial Bank (MCB) has been hit with fines and penalties amounting to nearly $30 million due to shortcomings in its risk-management processes that enabled a significant fraud scheme involving $300 million in pandemic unemployment benefits.
The New York State Department of Financial Services (NYDFS) Superintendent, Adrienne Harris, criticised MCB for its failure to prevent a large-scale fraud in the MovoCash prepaid card program, allowing scammers to exploit the financial system during the pandemic when heightened vigilance was crucial.
This case highlights the importance of promptly addressing concerns and implementing effective oversight measures, and it underscores the significance of heeding regulatory guidance to enhance financial institutions' preparedness for such challenges.
Key takeaways:
- Employ robust risk management processes - financial institutions must have robust risk management processes in place to identify and mitigate potential vulnerabilities and fraud risks, especially during times of crisis such as a pandemic.
- Implement effective oversight measures - this includes third-party oversight, which is essential in preventing and detecting fraudulent activities and ensuring compliance with regulatory requirements.
- Promptly address concerns - it is crucial to swiftly address concerns and escalate issues within an organisation. Delays in responding to red flags can lead to significant financial and regulatory consequences.
Okta market cap drops $2b after cyber breach
Cybersecurity company, Okta, has seen a significant drop in its market value, losing over $2 billion since revealing a hack of its support systems. This breach, the latest in a series of incidents linked to Okta, led to an 11% drop in the company's stock.
Okta provides identity management services for over 18,000 customers, allowing them to offer a single sign-on for various platforms. The company informed affected clients about the breach but had been alerted by at least one client about a potential breach earlier.
Additionally, another identity management firm, BeyondTrust, reported suspicious activity within Okta's systems but received no initial acknowledgement of a breach from Okta, despite concerns that multiple customers might have been affected.
Key takeaways:
- Be cybersecurity vigilant: organisations, especially those in the cybersecurity sector, must remain vigilant about their own security. The fact that Okta, a cybersecurity company, experienced a significant breach emphasises the need for continuous monitoring and proactive threat detection.
- Have an incident response plan: companies should have a well-defined incident response plan in place to address security breaches promptly and efficiently. This includes acknowledging potential breaches when alerted by clients or third parties and conducting thorough investigations.
- Communicate with clients: Okta's communication with affected clients is a positive compliance step. Clear and effective communication with customers is crucial when a data breach occurs, as it helps maintain trust and can be a regulatory requirement.
CFTC dishes out $18m to whistleblower
A whistleblower has been rewarded by the U.S. Commodity Futures Trading Commission (CFTC) for providing crucial information that initiated an investigation into challenging-to-detect violations.
The whistleblower not only alerted the CFTC to previously unknown misconduct but also played a substantial role in advancing the investigation by offering valuable information at various stages. Moreover, the whistleblower's cooperation with another unnamed agency was pivotal in resolving a related matter.
The CFTC emphasised the importance of such informants in their enforcement efforts, acknowledging their contribution to conserving resources. The award reflects the program's commitment to incentivising whistleblowers to report actionable information directly to the CFTC.
The size of the award is determined by several factors, and the whistleblower could receive an even higher bounty for their involvement in a third related action by a state regulator.
SRA warns automatic penalties to be issued
The Solicitors Regulation Authority (SRA) is considering extending automatic fixed penalties to money-laundering regulation breaches due to frequent non-compliance issues in the legal sector.
Currently applied to failures such as document requests and transparency requirements, the SRA sees fixed fines as a means to make firms take AML obligations more seriously.
"We are making the point that further compliance needs to happen, and we can see no other way forward than consulting on our automatic fining arrangements"
The SRA has found that a 'significant majority' of firms are not fully meeting their AML obligations, prompting the need for quicker punitive measures without going through the disciplinary process.
The regulator plans to conduct further inspections, emphasising the importance of compliance, as firms have raised concerns about the burden of AML regulations. The SRA has issued a warning notice to firms, urging them to conduct proper assessments of money laundering risks from clients and services offered, with the aim of addressing non-compliance more effectively.
Financial institutions behind surge in greenwashing
A recent analysis by ESG data firm RepRisk reveals that financial institutions have played a significant role in a 70% surge in climate-related greenwashing incidents in the past year.
This report, released shortly after the SEC reached a $25 million settlement with a Deutsche Bank subsidiary over greenwashing allegations, indicates a general increase in greenwashing cases, rising from one in five incidents last year to one in four this year.
Additionally, the analysis uncovers a related trend known as "social washing," where companies project a positive image while masking social issues like diversity, equity, or human rights.
Surprisingly, these two deceptive practices often go hand in hand, with one in three public companies accused of greenwashing also involved in social washing incidents.
Key takeaways:
- Increase regulatory scrutiny: financial institutions and other companies should be aware that regulatory authorities are intensifying their focus on greenwashing and deceptive ESG practices. The SEC's settlement with Deutsche Bank underscores the potential legal and financial consequences of such actions. Firms should anticipate more regulatory oversight in this area.
- Elevate compliance standards: with the rise in greenwashing incidents, firms need to escalate their compliance standards regarding ESG reporting. This includes ensuring that their ESG disclosures are accurate, transparent, and aligned with their actual environmental and social practices.
- Implemenet multi-dimensional ESG reporting: the emergence of "social washing" highlights the importance of comprehensive ESG reporting that encompasses not only environmental factors but also social and ethical dimensions. Firms should adopt a holistic approach to ESG reporting and ensure they are addressing diversity, equity, and human rights alongside environmental concerns.
- Be transparent and accountable: transparency and accountability are fundamental in compliance efforts. Firms must be diligent in their efforts to honestly communicate their ESG initiatives and achievements while holding themselves accountable for addressing any shortcomings in their environmental and social impact.
OKX fall in line with the FCA's marketing regulations
OKX, a cryptocurrency firm, has aligned itself with the UK Financial Conduct Authority's (FCA) new crypto marketing regulations, responding to the FCA's call for transparency and fair marketing in the crypto industry.
The FCA had issued a stern warning to crypto firms to provide accurate risk warnings and demanded compliance with the new regulations. Unregistered crypto firms are now required to cease illegal financial promotions aimed at UK consumers and must obtain approval from an authorised entity for their content.
OKX has made several modifications to cater to its UK retail customers, reducing the number of tokens offered and adding a prominent risk advisory banner on its website. Other crypto firms, such as Nexo and Binance, have also adjusted their offerings and collaborated with FCA-regulated entities to comply with the new regulations.
Looking for more compliance insights?
We have created a series of comprehensive roadmaps to help you navigate the compliance landscape, supported by e-learning in our Essentials Library.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.
