Latest News on Risk and Compliance - August 2019

This month we cover issues including crime prevention, modern slavery and human traffficking, anti-bribery and corruption as well as updates on data protection and AML & counter-terrorists financing.

In this issue:

  • Crime prevention
  • Modern slavery & human trafficking
  • Anti-bribery & corruption
  • AML & counter-terrorist financing
  • Data protection
  • Additional Risk & Compliance updates this month

Crime Prevention  

The Home Office has published its summer 2019 anti-corruption newsletter providing a progress update on the government's efforts to battle corruption both in the UK and abroad. It covers the economic crime plan, open government partnership and extractive industries transparency initiative. See: LNB News 24/07/2019 53.

HM Treasury and the Home Office have published an economic crime plan for 2019 to 2022, providing information on action being taken by the public and private sectors. The plan aims to draw together actions to overhaul the approach to tackling economic crime, with greater partnering between the government, law enforcement and the private sector. See: LNB News 12/07/2019 52 and News Analyses: UK economic crime plan prompts worries about banks role and Economic Crime Plan 2019-2022reinforcing the UKs position in combatting economic crime?

Modern slavery & human trafficking

As the problem of modern slavery persists, UK companies must take a broad approach when rooting out slave labour in their supply chains and should not ignore the risk posed by suppliers within the UK, says Maria Theodoulou of Stokoe. See News Analysis: Addressing modern slavery inside and outside the UK.

The government has published a consultation on changes to the transparency in supply chain provisions in section 54 of the Modern Slavery Act 2015. It has also published its response to the Independent Review of the MSA and announced a new £10m Policy and Evidence Centre for Modern Slavery and Human Rights. See: LNB News 09/07/2019 69 and LNB News 11/07/2019 54.

Anti Bribery and Corruption 

The Serious Fraud Office (SFO) has announced that a former Unaoil executive has pleaded guilty to five offences of conspiracy to give corrupt payments relating to the SFOs investigation into Unaoil. See: LNB News 19/07/2019 67.

The SFO has confirmed the acquittals of three individuals of conspiracy to corrupt and conspiracy to bribe. Michael Sorby, Adrian Leek and David Justice were all found not guilty of conspiring with agents to agree bribes relating to 27 separate overseas contracts for Sarclad Ltd. After the removal of reporting restrictions, the SFO confirmed that these acquittals follow the Deferred Prosecution Agreement that was reached with Sarclad in July 2016. See: LNB News 17/07/2019 24 and News Analysis: Former execs acquitted after Sarclad's deal with SFO.

An appeals court has upheld the conviction of a British Alstom subsidiary over bribes paid to secure a valuable African infrastructure project, finding that the executives involved in the case did not have to be present for the transportation giant to get a fair trial. See News Analyses: Appeals court upholds Alstoms UK bribery conviction, Mr Lithuania told to pay up over Alstom bribery plotand Alstom ruling helps UK prosecutors tackling corporations.

French oil conglomerate TechnipFMC was recently called out by the US Department of Justice for one of its predecessor companies being a Foreign Corrupt Practices Act recidivist, but the settlement shows that being a repeat offender doesnt block a company from getting co-operation and remediation credit. See News Analysis: FCPA policy benefits open to repeat bribery offenders.

AML & counter-terrorist financing

Regulatory regime

The Financial Action Task Force (FATF) has set out the procedures for the fourth round of mutual evaluations for its members based on the FATF Recommendations (2012), and the Methodology for assessing compliance with the FATF Recommendations and the effectiveness of AML and CTF systems (2013). See: LNB News 26/07/2019 29.

In response to concerns about an excess of suspicious activity reports, the UK Law Commission recently published a report recommending improvements to the UKs anti-money laundering (AML) regime. The proposed reform is welcome, but may have missed an opportunity to advocate for some additional changes, says Jonah Anderson of White & Case. See News Analysis: Key reforms in UK anti-money laundering proposal.

The European Commission has adopted a communication and four reports that stress the need for full implementation of the fourth and fifth Anti-Money Laundering Directives (MLD4 and MLD5) while underlining that a number of structural shortcomings in the implementation of the EUs AML and counter-terrorist finance 9CTF) rules still need to be addressed. See: LNB News 24/07/2019 32.

The European Ombudsman, Emily O'Reilly, has published her decision in case 925/2019/MIG. The case concerned a request for public access to documents drawn up by the European Commission assessing the risk of money laundering and terrorist financing in 54 third countries. The Commission refused to make public the documents, arguing that disclosure would undermine international relations, public security and the financial, monetary or economic policy of the EU. The Ombudsman inspected the documents at issue and found that the Commission was justified in refusing access to the documents. See: LNB News 22/07/2019 42.

HM Treasury (HMT) has published its seventh annual report on AML and CTF supervision. HMT appoints supervisors to monitor the AML/CTF compliance of businesses that are in the scope of the Money Laundering Regulations. See: LNB News 08/07/2019 69.

The FATF has published terrorist financing (TF) risk assessment guidance, which aims to assist practitioners, and particularly those in lower capacity countries, in assessing TF risk at the jurisdiction level by providing good approaches, relevant information sources and practical examples based on country experience. See: LNB News 05/07/2019 93.

The FATF has also published an updated version of the FATF Recommendations, which set out international standards on combating money laundering and the financing of terrorism and proliferation. An interpretive note has been added, setting out the application of the FATF standards to virtual asset activities and service providers. See: LNB News 04/07/2019 85.

Prevention of money laundering  

The Royal Bank of Scotland (RBS) does not owe a major foreign exchange company compensation for closing bank accounts allegedly connected to a boiler room scheme as the lender had a responsibility to stop suspected money laundering, a London court has ruled. See News Analysis: RBS cleared after freezing accounts over AML fears.

Privilege 

The Department for Business, Energy and Industrial Strategy (BEIS) has published the government response to its consultation on changes to regulations on confidentiality clauses, also known as non-disclosure agreements (NDAs). The final proposals include legislating to limit NDAs from restricting disclosures being made to police, regulated health care professionals and legal professionals. See: LNB News 22/07/2019 20.

Richard B Ritchie, barrister at XXIV Old Buildings, Lincolns Inn, discusses the case of Hotel Portfolio II Ltd v SMA Investment Holdings Ltd and others which considered the test to be applied and what an applicant had to establish when seeking to rely on the fraud exception in order to obtain disclosure of documents otherwise privileged. See News Analysis: Legal professional privilege and the fraud/iniquity exception (Hotel Portfolio II Ltd v SMA Investment Holdings Ltd and others)

Information management & security

Cybersecurity 

Lloyds of London has announced it believes it is in the best interests of policy holders, brokers and syndicates for all insurance policies to be clear on whether there is coverage for cyber-related losses. Lloyds is mandating that all policies provide clarity by explicitly excluding or providing cover. Namely, if there is no exclusion for cyber-related losses and no affirmation of cover, action is required to provide clarity of the cover available.This will come into effect in 2020. See: LNB News 05/07/2019 23.

Claire Williams, principal associate at Mills & Reeve, provides comment and analysis on the EU Cybersecurity Act which was recently published in the Official Journal. See News Analysis: EU Cybersecurity Actwhat to expect?

The Department for Business, Energy & Industrial Strategy has declared that global businesses, including Google and Microsoft, have backed the UK in becoming a world leader in tackling the most damaging cybersecurity threats. Approximately £117m of expected private industry investment is to be combined with £70m in funding from the government in an effort to develop new anti-cyber threat technologies in accordance with the governments Industrial Strategy. See: LNB News 22/07/2019 58.

Matthew Richardson, barrister at Henderson Chambers, examines the concept of bulk hacking by intelligence services and some of the legal implications, in light of the latest judicial review challenge by Liberty International. See News Analysis: The implications of bulk hacking.

 Website management 

James Davies, barrister and mediator, at New Square Chambers considers the case of Viagogo AG v Competition and Markets Authority. It provides a useful illustration of the issues which can arise in the context of drafting agreements and consent orders dealing with the provision of information to consumers. It also provides assistance and direction for those seeking to reach agreements with regulators such as the CMA as to the provision of consumer information through websites. See News Analysis: Providing required information on websitesicons and cursors (Viagogo AG v Competition and Markets Authority).

Peter Broadhurst, partner and Annalie Grogan, associate, both at Simmons and Simmons, discuss the new EU transparency obligations for online platforms and the implications for UK companies in light of Brexit. See News Analysis: The impact of EU transparency obligations for online platforms.

The Information Commissioner's Office (ICO) has published long-awaited revisions to its guidance on the use of cookies and similar technologies under the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426 (PECR 2003) and the General Data Protection Regulation (EU) 2016/679 (GDPR).​​ See: LNB News 04/07/2019 19.   

Data protection

GDPR regime 

The European Commission has published a report reflecting on the impact of the GDPR one year on from its first implementation. The report finds that most Member States have set up the necessary legal framework, and that the new system strengthening the enforcement of the data protection rules is falling into place. See: LNB News 24/07/2019 57.


Data breaches

The ICO has announced its intention to fine Marriot International £99,200,396 for breaches of the GDPR. The breaches are in relation to a cyberincident in November 2018 where 339 million guest records were exposed. The ICO investigation found that Marriotts system security was not sufficient and that Marriot failed to carry out proper due diligence. See: LNB News 09/07/2019 80.

The ICO has also declared its intention to fine British Airways (BA) £183.39m under the GDPR following a data breach. BA notified the ICO of a cyberincident in September 2018, which saw BA customers redirected from the companys website to a fraudulent site that harvested customer details. See: LNB News 08/07/2019 66.

Nick Holland and Hamish Corner, Partners at Shoosmiths, explain the announcements by the ICO of its intention to fine British Airways and Marriott International £183m and £99m respectively under the GDPR regime have not come as a surprise and examine the next steps and implications for businesses. See News Analysis: ICO announce intent to fine British Airways and Marriott International £183m and £99m respectively.


 Privacy

The US Federal Trade Commission has imposed a $5bn penalty on Facebook for privacy violations. In addition to the financial penalty, which is almost 20 times higher than the second-highest penalty imposed on a company in a privacy enforcement action, Facebook has been ordered to submit new restrictions and modify their corporate structure so that the company can be held accountable for decisions made about users privacy. Rebecca Toman, partner at Carter-Ruck, says despite the fine grabbing headlines, it is the non-financial aspects that should really have the corporate world sitting up and taking note. See: LNB News 25/07/2019 74.

BEIS has published a guide for business on how to help their customers better understand their contractual terms and privacy policies. The guide examines techniques for improving consumers understanding of contractual terms, conditions and privacy policies while focusing on methods offering low-cost and scalable solutions. See: LNB News 19/07/2019 100.


Standard contractual clauses

The European Data Protection Board (EDPB) has issued Opinion 14/2019 on draft standard contractual clauses (SCCs) submitted by the Danish supervisory authority. That Opinion, which has so far received little attention within the data protection community, provides a first glimpse of the EDPBs thinking on SCCs under Article 28 of the GDPR and, by extension, on the drafting of contractual provisions for compliance with the mandatory requirements of Article 28 more generally. See News Analysis: EDPB Opinion 14/2019 and the drafting of Article 28 compliant clauses.


 AI systems

The ICO has published a blog post on how the use of artificial intelligence (AI) can require trade-offs between data protection principles and how organisations can assess and balance these. See: LNB News 25/07/2019 32.


 Additional Risk & Compliance updates this month

Whistleblowing reforms

The All Party Parliamentary Group (APPG) has published a report addressing current whistleblower legislation. The APPG gives recommendations in the form of a 10 point plan following analysis of over 400 pieces of evidence. See: LNB News 19/07/2019 31.


 Law firmscomplaints handling

The Solicitors Regulation Authority (SRA) has published figures relating to law firms customer service and handling of complaints. The results show that law firms are improving in these areasin 2018, 81% of complaints were successfully resolved, compared to 71% in 2012. The report also finds that 88% of clients are satisfied with their solicitors services and 65% felt that their solicitor offered good value for money. See: LNB News 10/07/2019 35.


Product safety

The House of Commons Library has published a paper providing an overview of the current product safety regime in the UK. Product safety in the UK is governed mainly by the General Product Safety Regulations 2005, SI 2005/1803 implementing the General Product Safety Directive 2001/95/EC. See: LNB News 24/07/2019 49.



Filed Under: Analysis , News

Relevant Articles
Area of Interest