Compliance News | September 2023

Posted by

Lynne Callister

on 28 Sep 2023

This month’s key compliance news includes fraud at Patisserie Valerie, personal relationships and BP, MGM and Caesars’ ransomware attacks, 3M’s sanctions violations, and more.

Compliance News September 2023

Our pick of key compliance stories this month

Four charged with fraud at Patisserie Valerie

Four people have been charged with fraud following the collapse of Patisserie Valerie. It follows an investigation into the failure of nearly 200 high street bakeries, which began after the company unexpectedly stopped trading in 2018.

70 stores closed and 900 jobs were lost when a black hole in its accounts was discovered. The Serious Fraud Office has charged former director and the CFO of Patisserie Holdings Plc for 12 years, Christopher Marsh, his wife and accountant Louise Marsh, Financial Controller Pritesh Mistry, and financial consultant Nileshkumar Lad.

All four are charged with conspiring to inflate the cash in Patisserie Holdings’ balance sheets and annual reports between 2015 and 2018, including providing false documentation to its auditors, Grant Thornton. The high-street bakery, which was valued at £450m, had concealed £10 million in debts from investors and creditors.

“Patisserie Valerie’s abrupt collapse rocked our high streets – leaving boarded-up shops, devastating job losses and significant investor losses in its wake. Today is a step forward in getting to the bottom of this scandal,”

- Lisa Osofsky, Director of the SFO

Auditor Grant Thornton was fined £2.3m and accused of a “serious lack of competence” for its role, having missed red flags.

Key takeaways:

  • Keep accurate financial records – so investors and stakeholders have a clear and reliable picture of the business
  • Act with integrity – ensure all disclosures are honest, accurate, and lawful
  • Never exaggerate or embellish the facts – as false statements can result in investors and markets being misled
  • Implement systems and controls to prevent and detect fraud – such as four-eyes checks, adequate monitoring and oversight, etc
  • Avoid and manage conflicts of interest – segregate responsibilities so family members or close associates do not supervise one another or sign off on financial matters to prevent abuse of position.

Free Fraud Prevention Good Practice Guide

Former directors banned & fined for flawed advice

Two directors of CFP Management Ltd have been banned from carrying out regulated activity and fined £1.3m for their flawed pension advice model. Directors Toni Fox and David Price, a former Money Laundering Reporting Officer, were fined £681,536 and £632,594 respectively.

In addition, a prohibition order was imposed on Mr. Price, preventing him from performing any function relating to regulated activities, and his approvals to perform the senior management functions SMF 3 (Executive Director) and SMF 17 (Money Laundering Reporting Officer) were withdrawn.

From April 2015 to October 2017, CFP gave advice on 1,470 transfers worth over £392m. Ms Fox designed the pension transfer model and signed off most of the advice. Over 99% of the advice was to transfer and 90% did not comply with the FCA’s rules. 33 clients were members of the British Steel Pension Scheme.

Despite their significant experience in the pensions industry, Fox and Price did not properly take into account clients’ financial circumstances and objectives, their attitude to risk, or their capacity for loss. Their flawed business model posed a significant risk of clients transferring out of defined benefit schemes when this was unsuitable. The pair made substantial financial gains as a result.

“Ms Fox and Mr Price’s misconduct meant that customers did not receive the advice they needed when trying to secure comfort and peace of mind for their retirement. Despite having a wealth of experience in the industry, they both oversaw and designed a deeply flawed advice model that was little more than a machine to churn out recommendations to transfer, placing people’s hard earned retirement money at risk. ”

- Therese Chambers, Enforcement and Market Oversight, FCA

Fox and Price have referred the decision to the Upper Tribunal.

Free SMCR Spaced Learning Module

BP CEO quits over personal relationships

BP’s chief executive, Bernard Looney, has stepped down over his personal relationships with colleagues.

An investigation was launched into Looney's conduct following a report by an anonymous whistleblower in May 2022. Looney had confirmed a “small number of historical relationships” and gave the board assurances about his past relationships and conduct before his appointment in 2020.

But, following fresh allegations, Looney confirmed that he’d not been “fully transparent in his previous disclosures”.

Speaking to the Guardian, a source said, “The issue is bigger than Bernard” and concerns had been raised about a “male-dominated, macho, problematic culture”. Staff did not fully realise the issues around undisclosed relationships.

BP's code of conduct warns employees about conflicts of interest, including “having an intimate relationship with someone whose pay, advancement or management you can influence”.

Up until his exit, Looney had been applauded for his commitment to diversity, especially better gender representation and mental health awareness.
Investors have expressed concern that the board did not disclose its review to the market in 2022.

His departure comes amid a string of similar exits. Days later, CBOE confirmed its CEO Edward Tilly had also resigned over undisclosed personal relationships with colleagues. Philip Gillespie, ex-CEO of crypto exchange B2C2, similarly stepped down after alleged inappropriate behaviour with an intern, and Lazard banker Reid Snellenbarger was recently fired for inappropriate behaviour at a weekend party.

Earlier this year, McDonald’s former CEO, Steve Easterbrook, was fined and fired for making false and misleading statements about work relationships.

Key takeaways:

  • Promote trust, openness, and understanding - remember, many people meet their spouses and partners at work. Conflicts of interest aren't 'wrong', but they need to be managed carefully
  • Disclose conflicts of interest immediately - so they can be properly managed and we can minimise any risks to our business and reputation
  • Make it easy for people to review and update their CoI disclosures - the easier it is to do this, the less chance there will be for inadvertent slips
  • Don’t forget about employees in senior positions - their exposure will often be greater, with a potentially bigger impact if things go wrong
  • Regularly remind colleagues about our values and expectations - personal relationships are usually prohibited if you are in a position of power or if you can influence a colleague’s pay, advancement, opportunities, or rewards.

How to Promote Equality in the Workplace

Trouble at the top: FINMA faces exodus

High-profile executives are leaving FINMA, Switzerland's Financial Market Supervisory Authority. The latest is the former head of the Strategic Foundations division, Johanna Preisig, who will leave after nearly ten years. 

It comes just one day after Tamedia Group newspapers claimed there was a staff exodus. Urban Angejrn announced his resignation earlier this month, citing health consequences due to high stress and workload. And, there was a wave of other departures, including Secretary General Edith Honegger and other high-profile names from international cooperation and communications.

The regulator faced criticism over its handling of Credit Suisse with accusations that it acted too late and indecisively. Claims that the authority is understaffed will be louder still after recent departures.

FINMA has announced that it will expand its resources for supervision.

Free Workplace Stress Training Presentation

MGM Resorts & Caesars suffer ransomware attacks

Casino giants MGM Resorts and Caesars Entertainment have been targeted in ransomware attacks. Hacking groups ALPHV and Scattered Spider have claimed responsibility for taking down the systems of the $14bn gaming firm MGM Resorts International.

The groups use social engineering to trick people into sharing login credentials or One-Time Password (OTP) codes. Ten days on, MGM has finally restored operations. It’s reported the shutdown has cost it $8m per day.

Rival casino operator Caesars Entertainment was also hacked and is believed to have paid a $15m ransom after threats were made to release its data online. It could not confirm whether customers' personal information had been compromised.

Both companies lost market value as their shares fell. Analysts warn of further attacks. Casinos are especially vulnerable to financially-motivated attacks.

“At this point, all casinos should be moving to the highest defensive posture possible and taking active measures to verify the integrity of their systems and environment, and reviewing — if not activating — their incident response processes,”

- Christopher Budd, Sophos X-Ops

A report by Moody’s said the incident “highlights key risks related to (MGM's) business operations’ heavy reliance on technology and the operational disruption caused when systems need to go offline or are inoperable.” There are unconfirmed reports that the hackers targeted at least three other firms in manufacturing, retail, and technology.
Free Cyber Security Training Presentation

3M to pay nearly $10m for Iran sanctions violations

3M will pay over $9.6m following its sales to a sanctioned Iranian entity, according to the US Treasury Department.

One of its subsidiaries sold reflective licence plate sheeting between September 2016 and 2018 to the sanctioned police foundation Bonyad Taavon Naja, said the Office of Foreign Assets Control (OFAC). The sales were still processed despite being flagged by outside due diligence staff.

Forty-three shipments were sent by its Swiss subsidiary, 3M East, to a German reseller, knowing that the ultimate destination was Iran. Transactions were valued at $10m and a US person was involved in the sales. There was a total of 54 alleged violations of sanctions.

3M disclosed the conduct immediately and cooperated with the investigation. Several employees were fired over the matter and the German-based intermediary involved in the sales has been struck off.

Last month, 3M paid over $6.5m to the SEC after a China-based subsidiary took officials on tourist trips to the US and Australia. The trips were disguised as work events.

Elsewhere, a survey by the FCA has found that financial firms lack the resources to ensure adequate sanctions screening. It claims that screening software is not always properly calibrated to the UK regime, and significant backlogs risk non-compliance.

An unprecedented number of sanctions have been introduced following the Russian invasion of Ukraine in February 2022, urging firms to ensure adequate systems and controls.

Free Sanctions Training Presentation

Boosting support for victims of economic abuse

The charity Surviving Economic Abuse (SEA) is calling on banks and the government to do more to support victims of economic abuse. In its report Seen Yet Sidelined, 810 cases of coercive control were analysed:

  • Two-thirds involved economic abuse, which often went “undocumented and unpunished”, according to its founder and CEO Nicola Sharp-Jeffs
  • Total debts of £174k were run up in seven of the cases
  • Victims seldom received compensation for their losses

    In one case, the perpetrator gave his victim an allowance of £15, which was paid in 2p pieces. In another, a £10,000 deposit was paid into the victim-survivor account, described by the court as a ‘bribe’ to silence her. “He financially rinsed me,” said another victim. Another victim described £20k in loans and credit being taken out in her name to buy a car. She was left with £80k of debt.

The banking initiative, the 2021 Financial Abuse Code of Practice, can provide a lifeline for victims. For example, Allied Irish Bank provides loans to those with poor credit scores following domestic abuse. But banks can go further still

Key takeaways:

  • Raise awareness of financial and economic abuse with your team – so they know what it looks like, who may be affected, and the challenges they may face
  • Communicate with customers – to provide clear guidance on what help is available (including signposting to third parties), and encourage them to engage with providers early
  • Deliver good customer service – so customers can make disclosures. Prioritise privacy and a supportive response, minimising distress and inconvenience. Have a one-stop shop so they don’t need to keep repeating the story.
  • Check our policies and processes – to help victims access financial services in their own name or to regain control of existing accounts, funds, or services
  • Maintain confidentiality – by allowing victims to receive communications at a refuge or other postal address, if required
  • Provide support for those with debts and arrears - to prevent further debts accruing
  • Train your colleagues - so they spot red flags, always show empathy, and deal effectively with disclosures, including making referrals to others
  • Provide support to frontline colleagues – including those dealing directly with traumatised victims and those who may have experienced financial or economic abuse themselves.

Free Vulnerable Customers Checklist

TikTok fined €345m by Irish data regulator

Video hosting app TikTok has been fined €345m by the Irish data regulator for GDPR failures relating to children’s accounts. The DPC accused the platform of breaking multiple GDPR laws:

  • TikTok made children’s accounts public by default, a move which failed to take into account the considerable risks to under 13s using the platform with public settings.
  • The ‘Family Pairing’ setting allowed adult users to pair with a child’s account. But, there were no checks to ensure that this was their parent or guardian. This enabled adult users to allow direct messages from over 16s, something that could potentially pose severe risks to children.

    A spokesperson for TikTok said, “We respectfully disagree with the decision, particularly the level of the fine imposed. The DPC’s criticisms are focused on features and settings that were in place three years ago and that we made changes to well before the investigation even began, such as setting all under-16 accounts to private by default.”

Answers to 10 GDPR FAQs

Interactive Brokers fail to notice suspicious trades

Interactive Brokers will pay AUD$ 832k ($538k) for failing to identify suspicious trades by one of its clients.

ASIC, Australia’s regulator, claimed Interactive Brokers allowed a trader to enter orders that he had no intention of executing, known as spoofing. It then allowed further suspicious activity to occur, even after concerns were raised by the watchdog.

ASIC noticed certain Closing Single Price Auction (CSPA) orders being placed between March and November 2021. It said that Interactive Brokers should have realised that the trades were suspicious because of their timing, small volume and value, their impact on the price of OCC shares, and inconsistencies with the trader’s previous trading patterns.

The disciplinary panel accused Interactive Brokers of allowing their client to manipulate the closing price of OCC shares, sending false signals to trick competitors and move the market. Despite warnings and 44 ‘marking the close’ alerts on its surveillance systems, the firm failed to intervene.

“Market participants play an important gatekeeper role in detecting and preventing suspicious trading. They must have effective controls and adequate resources to efficiently identify and disrupt potential market misconduct, and they need to respond quickly to concerns,” ASIC said.

Market Abuse Prevention Tips

Fintech owner accused of crypto money laundering

A judge has ruled that Caio Marchesani, the owner of the FCA-regulated payments business Trans-Fast Remittance, should be extradited to face charges against him.

Marchesani is accused of assisting drug traffickers to launder millions of euros through a crypto exchange platform. Belgium authorities started an investigation into Marchesani three years ago and want to extradite him to take down an organised crime network.

The investigation began when Dutch authorities seized 12 tonnes of cocaine worth €260 million at Rotterdam. Those drugs were traced to Brazilian drug lord Sergio Roberto De Carvalho and Belgian criminal Flor Bressers.

Marchesani was implicated through decrypted communications. He is believed to have stashed the proceeds in 14 Binance crypto accounts for the pair. He had around £1.5 million in cryptoassets and stored large amounts of cash in an apartment in London.

Amanda Bostock, Belgium’s lawyer, claims Marchesani is a “dark banker” who moves money around for the criminal gang. However, his lawyers are adamant that the money used for his bail surety is ‘clean’ and comes from a UK company. They are challenging his extradition.

6AMLD Training Presentation

Looking for more compliance insights?

We have created a series of comprehensive roadmaps to help you navigate the compliance landscape, supported by e-learning in our Essentials Library.

We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!

Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.

Compliance Bulletin

Compliance Bulletin

Our monthly email provides best practices, expert opinions, industry insights, news and key trends in regulatory compliance training, digital learning, EdTech and RegTech.