This month's key compliance news from UK return-to-office, Netflix insider trading, major Whatsapp fine, KPMG misconduct, and T-Mobile hack to £500k AML fine...
Our pick of key compliance stories this month
- UK businesses grapple with return to office plans
- CLSA Premium fined £560k for AML breach
- Insider trading charges for former Netflix engineers
- Mirabaud questioned in $2bn US tax evasion case
- BitConnect founder sought in £1.4bn crypto fraud
- Morrisons staff win first equal pay legal battle
- WhatsApp issued 2nd highest ever GDPR fine
- KMPG fined £13m for misconduct
- 53m US T-Mobile customer's data hacked
UK businesses grapple with return to office plans
With the strictest Covid-19 restrictions lifted in August 2021, employers are now free to ask their employees to return to the office. Regardless, the Chartered Institute for Personnel and Development (CIPD) noted that there is likely to be more freedom in working arrangements. A representative stated that: "People generally want a mix of workplace and home working [...] meaning hybrid working can provide an effective balance for many workers."
The Office for National Statistics found that a quarter of all businesses plan to let employees work from home at least one or a few days each week. Yet even with this level of flexibility, the monumental shift to working from offices raises several issues related to worker rights and anti-discrimination laws. Overseas, US businesses and citizens are already facing the challenges brought about by considering mandatory Covid-19 vaccines.
The UK Government has reacted by scheduling a consultation review in late 2021 to examine proposals that seek to expand employees' rights to flexible working.
Current employment rights limit flexible working requests to employees who have been working for the same employer for a minimum of 26 weeks. Even then, they can only request a statutory flexible working arrangement once in a 12-month period. The proposed changes to employment law would make flexible working arrangements the norm rather than an exception.
- Businesses need to carefully balance their right to request employees to return to work with existing worker rights by managing risk associated with health crises.
- Businesses remain responsible for ensuring adequate office sanitation, hygiene and social distancing to prevent infections during the pandemic.
CLSA Premium fined £560k for AML breach
Multi-national foreign exchange business CLSA Premium has been fined over £560,000 for breaking anti-money laundering regulations.
An investigation by New Zealand's Financial Markets Authority revealed that the Auckland branch of the company bent the rules to safeguard the interests of high-net-worth clients. They failed to carry out know-your-customer procedures and did not terminate business relationships with customers who refused to be transparent with the origin of their funds.
A Judge found that company directors actively hindered compliance managers from doing their job. They noted that the company "was willing to accept inadequate information, including objectively suspicious information", to retain customers' business. The transactions totalled over £36.2m and £30m, respectively, which were deposits of just two customers.
Insider trading charges for former Netflix engineers
The US Securities and Exchange Commission (SEC) charged three former Netflix engineers with insider trading using non-public information - making profits of over £2m. The SEC noted that the engineers used company information, including subscriber growth data, to trade Netflix stock ahead of publishing the company's earnings announcements. After one of the engineers left the role, he continued to receive and act on inside information from another engineer.
The engineers used encrypted messaging to pass on inside information to avoid capture. However, the SEC's Market Abuse Unit picked up on the suspicious activity when it used data analysis to identify improbable and consecutive successful trades.
- Individuals who misappropriate non-public information by relaying it to others and those who trade using inside information can be charged with insider dealing.
- Companies must take adequate measures to ensure inside information is shared on a 'need to know' basis, and suitable systems are in place to prevent market abuse.
Mirabaud questioned in $2bn US tax evasion case
Swiss private bank Mirabud & Cie was queried by a US senator over the Swiss accounts held by Robert Brockman. Brockman, a Texas-based software billionaire, is currently on trial for allegedly masterminding the US's biggest ever individual tax evasion scheme. He is believed to have hidden over $2bn from the Internal Revenue Service (IRS) using a large web of offshore accounts in Switzerland and Bermuda.
Prosecutors allege that Brockman utilised the hidden bank accounts to conceal profits from private equity investments he made over 20 years. Swiss prosecutors froze $950 million in Brockman's Mirabaud accounts after his indictment in October 2020. In the indictment, Mirabaud was not accused of any misconduct. Still, it does highlight how tax evasion cases can become complex when they take on an international scope.
Mirabaud defended its operations, noting that "Mr Brockman went to great lengths to deceive Mirabaud about his real involvement in the accounts held with the bank." They stated that the bank has fully cooperated with US authorities and has implemented the procedures required to comply with US regulators.
BitConnect founder sought in £1.4bn crypto fraud
The US Securities and Exchange Commission charged BitConnect founder Satish Kumbhani for allegedly raising $2bn from retail investors in a fraudulent way over one year. Promoters of the company were also charged with receiving millions in referral commissions and development funds using the raised funds.
BitConnect, which is now defunct, created BitConnect Coin, a digital token that investors could trade for Bitcoin, the world's most widely used cryptocurrency. Investors in a BitConnect loan program were promised BitConnect would employ a "volatility software trading bot" that could yield returns of 40% per month.
According to the SEC, investors were given fake, inflated returns showing gains of 3,700% per year. In reality, most of the investors lost most of their investment when the price of BitConnect Coin dropped by 90%. The founder's whereabouts are unknown, and the case remains ongoing.
- Employees performing regulated functions must act with integrity and honesty in all their professional dealings.
- Look out for any suspicious activity that suggests fraud - unwitting individuals might become an accomplice to unscrupulous third parties, employees, customers or suppliers.
- Report and escalate any suspicious activity via appropriate company channels - seek advice from the relevant national regulator if not feasible.
Morrisons staff win first equal pay legal battle
A UK Employment Tribunal has ruled in favour of over 2,300 Morrisons retail workers, primarily female, over an equal pay legal battle. The staff argued that their role as retail staff should have the same pay as distribution centre staff.
Morrisons said that the two roles couldn't be compared since each distribution centre has specific, pre-bargained terms and conditions with a different employment source. However, the tribunal favoured the workers, who are seeking up to £100m in missed pay. The case remains ongoing.
WhatsApp issued 2nd highest ever GDPR fine
Ireland's data authority fined WhatsApp £193m for violating privacy standards. It's the highest penalty the Irish Data Protection Commission (DPC) has ever imposed and the second-highest under EU GDPR standards.
A 2018 investigation revealed that WhatsApp was not transparent enough with its customers on how it collected, managed and processed their data. Following "a lengthy and comprehensive investigation," the Irish DPC said it had communicated its decision to other regulators, as required by under GDPR law, and had received complaints from eight countries, including Germany, France, and Italy.
KMPG fined £13m for misconduct
KMPG has come under intense scrutiny over the past few weeks in light of multiple separate misconduct cases. UK accounting regulators fined KMPG £13m after it found that it breached the "fundamental principles of objectivity and integrity." KPMG failed to perform its advisory role of overseeing the sale of Silentnight, a mattress company, to HIG, a private equity firm.
A separate disciplinary case was filed against KPMG over their role in auditing two UK companies, Carillion Plc and Regenersis Plc, for allegedly handing in "false and misleading information" to the Financial Reporting Council. KPMG claims it notified the regulator of the breaches when it became aware of the misconduct and suspended the employees involved in the incident.
A representative for KMPG noted that "the allegations in the formal complaint would, if proven, represent very serious breaches of our processes and values."
- Managers should prioritise fostering a healthy conduct culture in the workplace. Fit & Proper Assessments don't guarantee misconduct incidents won't occur.
- Firms should have robust internal disciplinary procedures for misconduct.
53m US T-Mobile customer's data hacked
Mobile US Inc has confirmed that hackers obtained access to the personal information of 53 million subscribers.
The information includes customers' addresses, dates of birth, and phone numbers. The firm has stated that the data downloaded does not seem to include financial information such as credit cards or other payment information.
Several T-Mobile users filed a class-action lawsuit against the firm, alleging that the cyberattack breached their privacy and put them at risk of fraud and identity theft. Hackers are exploiting compromised user system privacy and security due to work-from-home rules implemented since the start of Covid-19, making the cellular carrier the newest target of assaults on big companies in the US.
Looking for more compliance insights?
If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech, and RegTech news, subscribe to Skillcast Compliance Bulletin.
To help you navigate the compliance landscape, we have collated searchable glossaries of key terms and definitions across complex topics, including GDPR, Equality, Financial Crime and SMCR. We also track the biggest compliance fines, explaining what drives them and how to avoid them.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
Last but not least, we have 70+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!