Risk and Compliance monthly update - November 2019

Risk and Compliance monthly update - November 2019


Crime prevention

AML and counter-terrorist financing

GDPR and data protection

Information management & security

No-deal Brexit & the law

For our report Continental Shift: No-deal Brexit and the law, we spoke to a range of experts to hear their views on the latest developments, focussing in particular on the implications of a no-deal Brexit, seeking answers to some of the key questions. As part of LexisNexis’ ongoing coverage of the Brexit preparations, this report seeks to cut through the rhetoric and provide an update on the legal and practical implications. See: Continental Shift: No-deal Brexit & the law.


The Office of Financial Sanctions Implementation (OFSI) has updated its guidance on post-Brexit sanctions to include a new document on the sanctions regime imposed on Russia, which will come into force in the event of a no-deal Brexit. The guidance sets out the financial and investment restrictions in the Russia (Sanctions) (EU Exit) Regulations 2019, SI 2019/855. See: LNB News 28/10/2019 4 & LNB News 25/10/2019 68.

eCommerce Directive

The Department for Digital, Culture, Media & Sport has published new guidance on the eCommerce Directive to help stakeholders prepare for the UK leaving the EU without a deal in place. See: LNB News 17/10/2019 23.

Business sector updates

The government has published further guidance pages for UK businesses collating existing stakeholder and sectoral guidance on Brexit, focusing on preparing for the no-deal scenario in certain sectors including telecoms, media and broadcasting, digital, technology, arts, creative industries, sports and recreation, gambling and tourism. See: LNB News 03/10/2019 47.

Crime prevention
Compliance teams

Companies need to better recognise the value of their compliance units, the SFO's top lawyer has said, noting the weight the UK agency gives to compliance processes when looking at suspected wrongdoing and deferred prosecution agreements. See: Businesses must lift ‘daily pressure’ on compliance units.

Fraud chief pushes coordination to tackle spiraling crime

Fraud and money laundering are reaching epidemic levels in the UK, requiring better coordination among law enforcers and more funding from government to combat the threat, the head of the country’s new command centre for fighting economic crime, the National Economic Crime Centre (NECC), told Law360 in an exclusive interview. See: Fraud chief pushes coordination to tackle spiraling crime.

SFO's cooperation strategy

Serious Fraud Office (SFO) director, Lisa Osofsky's emphasis on corporate cooperation instead of traditional prosecutions may fail to produce results unless individuals and companies contemplating whether to share information with the SFO can be convinced that the benefits outweigh the risks, says Danielle Reece-Greenhalgh of Corker Binning. See: SFO's cooperation strategy may fail to entice corporations.

The SFO’s Corporate Cooperation Guidance is arguably less demanding than many would have feared, but some aspects are vague, puzzling or give genuine cause for concern, says Azizur Rahman of Rahman Ravelli. See: SFO’s co-operation guidance feels like a missed opportunity.

Financial sanctions

The OFSI has published its annual review for April 2018 to March 2019 outlining it work on sanctions implementation and enforcement. The report says 2,183 people and entities were subject to an asset freeze across 28 regimes as of 28 March 2019. Around a quarter of those involved North Korea and a fifth Ukraine. See: LNB News 10/10/2019 49.

The OFSI has issued a monetary penalty of £146,341 to Telia Carrier UK Ltd for breaches of the financial sanctions regime. The company had indirectly facilitated international telephone calls to SyriaTel and had thereby made economic resources available to a designated person without a licence. See: LNB News 29/10/2019 33.

Modern slavery

The Home Office has published its UK annual report on modern slavery which provides an assessment of modern slavery and explains the UK’s existing and future response. See: LNB News 17/10/2019 38.

Information-sharing for economic crime

HM Treasury (HMT) has confirmed that the public-private working group on information-sharing for economic crime purposes has begun its review and a steering group has been assembled. The group is made up of public and cross-sectoral private sector representatives, from the Home Office, HM Treasury, the National Economic Crime Centre, UK Finance, the Information Commissioner's Office, the Legal Sector Affinity Group, and the Accountancy Affinity Group. See: LNB News 23/10/2019 47.

Bribery & corruption

Barclays PLC has agreed to pay $6m in fines and ill-gotten profits for allowing the hire of more than 100 friends and relatives of government officials in Asia between 2009 and 2013. See: Barclays pays $6m to end US SEC's foreign bribery claims.

Is the Business Integrity Consultancy Service for small and medium-sized enterprises (SMEs) part of the government’s post-Brexit trading strategy? Robert Barrington, Professor of Anti-Corruption Practice at the Centre for the Study of Corruption in the University of Sussex, assesses the Business Integrity Consultancy Service and the importance of preparing SMEs for bribery-related challenges when accessing non-EU markets. See: Examining the Business Integrity Consultancy Service.

Covert corporate surveillance

SFO Director, Lisa Osofsky, has once more expressed her desire to see covert surveillance play a greater role in her agency’s battle against white collar crime. See: Covert corporate surveillance may not be practical for SFO.


Transparency International UK (TI-UK) has published its new report ‘At your service’ on 24 October 2019 revealing businesses from the UK and its offshore financial centres have been involved in over 400 cases of corruption. See: LNB News 25/10/2019 24.

The Microsoft settlement, along with other recent Foreign Corrupt Practices Act (FCPA) enforcement actions, demonstrates the need to prioritise compliance resources in high-risk jurisdictions if third-party intermediaries are engaged and provides insight into how the US Department of Justice (DOJ) voluntary disclosure policy operates, say attorneys at FaegreBD. See: US FCPA lessons on 3rd-party risks and cooperation credit.

Dawn raids

On 17 October 2019, the Court of Justice issued its judgment in Case C-403/18 P Alcogroup and Alcodis v Commission, an appeal against the General Court’s judgment in Case T-274/15 dismissing as inadmissible an action for annulment against two European Commission decisions dated 12 March 2015 and 8 May 2015. The first decision concerned the manner in which the Commission carried out dawn raids on 24 March 2015 in relation to AT.40244 (Bioethanol). The second decision related to the Commission’s letter rejecting the applicants’ request to suspend any investigative act concerning them in AT.40054 (Oil and Biofuel Markets) and AT.40244 (Bioethanol). The Court of Justice dismissed the appeal in its entirety. In particular, it held that EU rules protecting privileged communications between lawyers and their clients were sufficient to ensure that dawn raids against Alcogroup in one investigation did not risk breaching its rights of defence in a separate (parallel) investigation. See: LNB News 17/10/2019 33.

AML and counter-terrorist financing
International priorities

The Council of the European Union has published a presidency issues note on the EU’s strategic priorities on anti-money laundering and countering the financing of terrorism (AML/CFT). See: LNB News 01/10/2019 58.

The Financial Action Task Force (FATF) has published the outcomes of its plenary session held in Paris between 16 and 18 October 2019. Following the session, FATF published a document on the money laundering risks from ‘stablecoins’ and other emerging assets, a public statement on the continuing risks posed by North Korea and Iran, and a note which identifies the jurisdictions that have strategic AML/CFT deficiencies for which they have developed an action plan with the FATF. HMT has issued an advisory notice in light of the FATF’s statements. See: LNB News 21/10/2019 59.

Transaction monitoring and reporting

The European Supervisory Authorities (ESAs)—comprising the European Banking Authority, the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority—have published their second joint opinion on the risks of money laundering and terrorist financing affecting the EU financial sector. Drawing on data and information provided by national AML and CTF competent authorities, the ESAs found that the monitoring of transactions, and suspicious transaction reporting, still raise concerns—particularly in sectors where a financial institution's business model is based on frequent transactions. See: LNB News 04/10/2019 26.

AML supervision

The economic secretary to HMT, John Glen MP, has written to the Treasury Select Committee (TSC) on the UK’s AML/CTF supervision regime. Glen provides an update on progress towards HMRC’s commitment to enhance its risk-based approach to AML/CTF supervision by March 2021 under the UK government’s Economic Crime Plan, and sets out the process by which HMT will respond to a recommendation from the Office for Professional Body AML Supervision (OPBAS) to remove a professional body’s status as an AML/CTF supervisor. See: LNB News 23/10/2019 46.

High-risk third countries

The Council of the EU has published an informal document prepared by the Commission on key elements of a refined methodology for identifying high-risk third countries under the Fourth Money Laundering Directive (MLD4). See: LNB News 11/10/2019 25.

The Microsoft settlement, along with other recent Foreign Corrupt Practices Act (FCPA) enforcement actions, demonstrates the need to prioritise compliance resources in high-risk jurisdictions if third-party intermediaries are engaged and provides insight into how the US Department of Justice (DOJ) voluntary disclosure policy operates. See: US FCPA lessons on 3rd-party risks and cooperation credit.

Beneficial ownership

The Cayman Islands will disclose the true owners of companies domiciled in the territory by 2023, in a bid to combat money laundering and meet transparency standards under incoming EU rules. See: Caymans to reveal corporate owners amid AML crackdown.

The FATF has published best practice guidance on beneficial ownership for legal persons. It aims to help countries ‘get rid of the cloak of secrecy’ concerning the ultimate owner of a company, foundation, association or any other legal person, and prevent the misuse of anonymous shell companies for crime and terrorism. See: LNB News 24/10/2019 69.

GDPR and data protection
AI auditing framework

The Information Commissioner’s Office (ICO) has ended its call for input on the development of its artificial intelligence (AI) auditing framework. The ICO highlighted key areas to address in the framework such as adequate governance, accountability, risk management and compliance with data protection legislation and principles. See: LNB News 29/10/2019 34.


Data protection accountability toolkit

The ICO has launched a consultation into its proposed accountability toolkit, which is designated to help organisations in assessing whether their data protection governance arrangements are effective and appropriate, and help them demonstrating this to the wider public, customers and the ICO. The consultation welcomes responses until 9 December 2019. See: LNB News 28/10/2019 36.

EU–US Privacy Shield

The European Commission has published its report on the third annual review of the EU–US Privacy Shield, which has found that the US has maintained an adequate level of protection for personal data transferred under the Privacy Shield from the EU to US companies. See: LNB News 23/10/2019 94.

IT contracts

The European Data Protection Supervisor (EDPS) has called for a stronger collaborative approach between public authorities in Member States, EU institutions and other international organisations to ensure consistency for individuals rights in IT contracts. See: LNB News 21/10/2019 43.

Scope of GDPR over information society services

The fourteenth European Data Protection Board (EDPB) meeting has highlighted a number of regulatory changes. Some of the most notable announcements include the adoption of guidelines on the scope and application of Article 6(1)(b) of the General Data Protection Regulation (EU) 2016/679 (GDPR) in the context of information society services and the adoption of the opinion that the Equinix Binding Corporate Rules contain all elements required under Article 47 of the GDPR and contain the appropriate safeguards. See: LNB News 11/10/2019 52.

ePrivacy Regulation

Representatives of the digital technology industry have asked the European Commission to overhaul its proposed ePrivacy Regulation, because ‘Europe’s digital transformation will be severely hampered as a result of the legal uncertainty and rigidity brought about’ by the proposed draft. See: LNB News 08/10/2019 75.

Information management & security

The National Cyber Security Centre (NCSC) has published its 2019 annual review, which outlines the developments and highlights of the NCSC’s work between 1 September 2018 to 31 August 2019 in order to meet its mission ‘to make the UK the safest place to live and work online’. See: LNB News 23/10/2019 95.

The Charity Commission has published an insights and actions report following its cybercrime survey of registered charities in England and Wales, finding that 58% of charities believe cybercrime to be a major risk to the sector and a growing threat. Larger charities were more likely to appreciate the risk while a higher age profile of trustees implied lower levels of cyber awareness. See: LNB News 23/10/2019 73.

One major challenge law enforcers face in tackling cybercrime is getting businesses to admit when they have been victims, the head of Britain's crime-fighting agency has said. See: Fighting cybercrime requires more trust, NCA chief says.

More than 400 experts attended the seventh Europol-INTERPOL cybercrime conference at Europol’s headquarters in The Hague to examine the latest cybercrime trends, threats and strategies under the theme of ‘Law enforcement in a connected future’. See: LNB News 14/10/2019 48.

Europol has published its Internet Organised Crime Threat Assessment 2019 on emerging threats and key developments in cybercrime. See: LNB News 10/10/2019 80.

EU Member States, supported by the European Commission and the European Agency for Cybersecurity, have published a report on the EU coordinated risk assessment of the cybersecurity of 5G networks, highlighting critical security challenges in order to ensure the robust security and resilience of 5G networks in the EU. See: LNB News 09/10/2019 69.

On 9 October 2019, Insurance Europe published a report stating that insurers can play a vital role in helping businesses in the EU recover quickly from cyber crime and minimise losses. See: Insurers have a key role in EU cyber resilience.

Related Articles:
Latest Articles:
About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.