This month’s key compliance news includes fraud at Patisserie Valerie, personal relationships and BP, MGM and Caesars’ ransomware attacks, 3M’s sanctions violations, and more.
Four people have been charged with fraud following the collapse of Patisserie Valerie. It follows an investigation into the failure of nearly 200 high street bakeries, which began after the company unexpectedly stopped trading in 2018.
70 stores closed and 900 jobs were lost when a black hole in its accounts was discovered. The Serious Fraud Office has charged former director and the CFO of Patisserie Holdings Plc for 12 years, Christopher Marsh, his wife and accountant Louise Marsh, Financial Controller Pritesh Mistry, and financial consultant Nileshkumar Lad.
All four are charged with conspiring to inflate the cash in Patisserie Holdings’ balance sheets and annual reports between 2015 and 2018, including providing false documentation to its auditors, Grant Thornton. The high-street bakery, which was valued at £450m, had concealed £10 million in debts from investors and creditors.
“Patisserie Valerie’s abrupt collapse rocked our high streets – leaving boarded-up shops, devastating job losses and significant investor losses in its wake. Today is a step forward in getting to the bottom of this scandal,”
- Lisa Osofsky, Director of the SFO
Auditor Grant Thornton was fined £2.3m and accused of a “serious lack of competence” for its role, having missed red flags.
Two directors of CFP Management Ltd have been banned from carrying out regulated activity and fined £1.3m for their flawed pension advice model. Directors Toni Fox and David Price, a former Money Laundering Reporting Officer, were fined £681,536 and £632,594 respectively.
In addition, a prohibition order was imposed on Mr. Price, preventing him from performing any function relating to regulated activities, and his approvals to perform the senior management functions SMF 3 (Executive Director) and SMF 17 (Money Laundering Reporting Officer) were withdrawn.
From April 2015 to October 2017, CFP gave advice on 1,470 transfers worth over £392m. Ms Fox designed the pension transfer model and signed off most of the advice. Over 99% of the advice was to transfer and 90% did not comply with the FCA’s rules. 33 clients were members of the British Steel Pension Scheme.
Despite their significant experience in the pensions industry, Fox and Price did not properly take into account clients’ financial circumstances and objectives, their attitude to risk, or their capacity for loss. Their flawed business model posed a significant risk of clients transferring out of defined benefit schemes when this was unsuitable. The pair made substantial financial gains as a result.
“Ms Fox and Mr Price’s misconduct meant that customers did not receive the advice they needed when trying to secure comfort and peace of mind for their retirement. Despite having a wealth of experience in the industry, they both oversaw and designed a deeply flawed advice model that was little more than a machine to churn out recommendations to transfer, placing people’s hard earned retirement money at risk. ”
- Therese Chambers, Enforcement and Market Oversight, FCA
Fox and Price have referred the decision to the Upper Tribunal.
BP’s chief executive, Bernard Looney, has stepped down over his personal relationships with colleagues.
An investigation was launched into Looney's conduct following a report by an anonymous whistleblower in May 2022. Looney had confirmed a “small number of historical relationships” and gave the board assurances about his past relationships and conduct before his appointment in 2020.
But, following fresh allegations, Looney confirmed that he’d not been “fully transparent in his previous disclosures”.
Speaking to the Guardian, a source said, “The issue is bigger than Bernard” and concerns had been raised about a “male-dominated, macho, problematic culture”. Staff did not fully realise the issues around undisclosed relationships.
BP's code of conduct warns employees about conflicts of interest, including “having an intimate relationship with someone whose pay, advancement or management you can influence”.
Up until his exit, Looney had been applauded for his commitment to diversity, especially better gender representation and mental health awareness.
Investors have expressed concern that the board did not disclose its review to the market in 2022.
His departure comes amid a string of similar exits. Days later, CBOE confirmed its CEO Edward Tilly had also resigned over undisclosed personal relationships with colleagues. Philip Gillespie, ex-CEO of crypto exchange B2C2, similarly stepped down after alleged inappropriate behaviour with an intern, and Lazard banker Reid Snellenbarger was recently fired for inappropriate behaviour at a weekend party.
Earlier this year, McDonald’s former CEO, Steve Easterbrook, was fined and fired for making false and misleading statements about work relationships.
High-profile executives are leaving FINMA, Switzerland's Financial Market Supervisory Authority. The latest is the former head of the Strategic Foundations division, Johanna Preisig, who will leave after nearly ten years.
It comes just one day after Tamedia Group newspapers claimed there was a staff exodus. Urban Angejrn announced his resignation earlier this month, citing health consequences due to high stress and workload. And, there was a wave of other departures, including Secretary General Edith Honegger and other high-profile names from international cooperation and communications.
The regulator faced criticism over its handling of Credit Suisse with accusations that it acted too late and indecisively. Claims that the authority is understaffed will be louder still after recent departures.
FINMA has announced that it will expand its resources for supervision.
Casino giants MGM Resorts and Caesars Entertainment have been targeted in ransomware attacks. Hacking groups ALPHV and Scattered Spider have claimed responsibility for taking down the systems of the $14bn gaming firm MGM Resorts International.
The groups use social engineering to trick people into sharing login credentials or One-Time Password (OTP) codes. Ten days on, MGM has finally restored operations. It’s reported the shutdown has cost it $8m per day.
Rival casino operator Caesars Entertainment was also hacked and is believed to have paid a $15m ransom after threats were made to release its data online. It could not confirm whether customers' personal information had been compromised.
Both companies lost market value as their shares fell. Analysts warn of further attacks. Casinos are especially vulnerable to financially-motivated attacks.
“At this point, all casinos should be moving to the highest defensive posture possible and taking active measures to verify the integrity of their systems and environment, and reviewing — if not activating — their incident response processes,”
- Christopher Budd, Sophos X-Ops
A report by Moody’s said the incident “highlights key risks related to (MGM's) business operations’ heavy reliance on technology and the operational disruption caused when systems need to go offline or are inoperable.” There are unconfirmed reports that the hackers targeted at least three other firms in manufacturing, retail, and technology.
3M will pay over $9.6m following its sales to a sanctioned Iranian entity, according to the US Treasury Department.
One of its subsidiaries sold reflective licence plate sheeting between September 2016 and 2018 to the sanctioned police foundation Bonyad Taavon Naja, said the Office of Foreign Assets Control (OFAC). The sales were still processed despite being flagged by outside due diligence staff.
Forty-three shipments were sent by its Swiss subsidiary, 3M East, to a German reseller, knowing that the ultimate destination was Iran. Transactions were valued at $10m and a US person was involved in the sales. There was a total of 54 alleged violations of sanctions.
3M disclosed the conduct immediately and cooperated with the investigation. Several employees were fired over the matter and the German-based intermediary involved in the sales has been struck off.
Last month, 3M paid over $6.5m to the SEC after a China-based subsidiary took officials on tourist trips to the US and Australia. The trips were disguised as work events.
Elsewhere, a survey by the FCA has found that financial firms lack the resources to ensure adequate sanctions screening. It claims that screening software is not always properly calibrated to the UK regime, and significant backlogs risk non-compliance.
An unprecedented number of sanctions have been introduced following the Russian invasion of Ukraine in February 2022, urging firms to ensure adequate systems and controls.
The charity Surviving Economic Abuse (SEA) is calling on banks and the government to do more to support victims of economic abuse. In its report Seen Yet Sidelined, 810 cases of coercive control were analysed:
The banking initiative, the 2021 Financial Abuse Code of Practice, can provide a lifeline for victims. For example, Allied Irish Bank provides loans to those with poor credit scores following domestic abuse. But banks can go further still.
Video hosting app TikTok has been fined €345m by the Irish data regulator for GDPR failures relating to children’s accounts. The DPC accused the platform of breaking multiple GDPR laws:
Interactive Brokers will pay AUD$ 832k ($538k) for failing to identify suspicious trades by one of its clients.
ASIC, Australia’s regulator, claimed Interactive Brokers allowed a trader to enter orders that he had no intention of executing, known as spoofing. It then allowed further suspicious activity to occur, even after concerns were raised by the watchdog.
ASIC noticed certain Closing Single Price Auction (CSPA) orders being placed between March and November 2021. It said that Interactive Brokers should have realised that the trades were suspicious because of their timing, small volume and value, their impact on the price of OCC shares, and inconsistencies with the trader’s previous trading patterns.
The disciplinary panel accused Interactive Brokers of allowing their client to manipulate the closing price of OCC shares, sending false signals to trick competitors and move the market. Despite warnings and 44 ‘marking the close’ alerts on its surveillance systems, the firm failed to intervene.
“Market participants play an important gatekeeper role in detecting and preventing suspicious trading. They must have effective controls and adequate resources to efficiently identify and disrupt potential market misconduct, and they need to respond quickly to concerns,” ASIC said.
A judge has ruled that Caio Marchesani, the owner of the FCA-regulated payments business Trans-Fast Remittance, should be extradited to face charges against him.
Marchesani is accused of assisting drug traffickers to launder millions of euros through a crypto exchange platform. Belgium authorities started an investigation into Marchesani three years ago and want to extradite him to take down an organised crime network.
The investigation began when Dutch authorities seized 12 tonnes of cocaine worth €260 million at Rotterdam. Those drugs were traced to Brazilian drug lord Sergio Roberto De Carvalho and Belgian criminal Flor Bressers.
Marchesani was implicated through decrypted communications. He is believed to have stashed the proceeds in 14 Binance crypto accounts for the pair. He had around £1.5 million in cryptoassets and stored large amounts of cash in an apartment in London.
Amanda Bostock, Belgium’s lawyer, claims Marchesani is a “dark banker” who moves money around for the criminal gang. However, his lawyers are adamant that the money used for his bail surety is ‘clean’ and comes from a UK company. They are challenging his extradition.
We have created a series of comprehensive roadmaps to help you navigate the compliance landscape, supported by e-learning in our Essentials Library.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.