Risk & Compliance monthly highlights - April 2020

Risk & Compliance monthly highlights - April 2020

In this issue:

Risk & Compliance forecast


AML and counter-terrorist financing

Crime prevention

Business activities

Data protection

When things go wrong

Information management & security

Risk & Compliance forecast

The latest Risk & Compliance forecast is now available. This month, we report on issues including (1) AML and CTF; (2) data protection; (3) Brexit; (4) future regulation of legal services; and (5) crime prevention. You can rest assured we’re tracking forthcoming regulatory changes so you can plan ahead. See: Risk & Compliance forecast as at 19 March 2019.


Data protection

The Data Protection Intelligence Group has published a further paper on Brexit and international personal data transfers. The new paper focuses on a ‘Brexit ready’ template international transfers sub-clause for personal data processing arrangements between controllers and processors which may continue after the UK has exited the EU. See News Analysis: New ‘Brexit ready’ template sub-clause for international personal data transfers published.

Eleonor Duhs, director at Fieldfisher, provides a comprehensive update on the ePrivacy Regulation and considers the potential implications of Brexit. See News Analysis: Future of ePrivacy Regulation and impact of Brexit on its application in UK.

Financial crime

This week’s Brexit voting deadline could propel Britain out of the EU without a regulatory safety net in April 2019, a process that would open chinks in the country’s defences against fraud and financial crime that may never be closed. See News Analysis: Hard Brexit could put chinks in UK’s financial crime armor.

Providing services to EEA and EFTA countries

The government has published updated its guidance for UK businesses on EU service provision that collates stakeholder and sector guidance on Brexit, focusing on preparing for a no-deal scenario. See: LNB News 07/03/2019 54 and LNB News 11/03/2019 115.

AML and counter-terrorist financing

Supervision and enforcement

Not a single person was prosecuted under key UK anti-money laundering laws during the first 16 months following their introduction in 2017, new data revealed, raising questions about Britain’s campaign against dirty money. See News Analysis: All talk, no action so far for UK under new AML rules.

The National Crime Agency are seeking court orders to freeze 95 bank accounts at Barclays PLC holding £3.6m ($4.8m) in suspected illicit funds. See News Analyses: UK agency seeks freeze on 95 bank accounts in AML sweep and UK slowly steps up use of new 'dirty money' powers.

The Treasury Committee has published a report on AML supervision and sanctions implementation. Experts from Baker & MacKenzie and Linklaters discuss the report, adding it ‘has zeroed in on some of the key challenges facing UK AML efforts’. See: LNB News 08/03/2019 153.

HMRC has revealed that it carried out unannounced inspections as part of a week-long crackdown on money laundering in the property industry. HRMC officers inspected 50 estate agents in England suspected of trading without complying with money laundering regulations. HMRC will now take action against the businesses that have failed to comply. See: LNB News 06/03/2019 111.

High-risk third countries

The Council of the EU has rejected a draft list put forward by the European Commission of 23 ‘high-risk third countries’ in the area of money laundering and terrorist financing. See: LNB News 07/03/2019 124.

MEPs then adopted a resolution expressing concern that Member States have scuppered the Commission’s plan to place new countries on the EU money-laundering blacklist. See: LNB News 14/03/2019 156.

Corporate liability

The co-chairs of the all-party Parliamentary group on Fair Business Banking, along with a number of other signatories, have written to Theresa May urging action on the UK’s corporate liability regime. The authors say there is currently no real legal mechanism for holding large institutions criminally accountable for wrong-doing, including for large-scale fraud or for laundering of the proceeds of corruption and other crimes. See: LNB News 06/03/2019 126.

Beneficial ownership register

The UK has a head-start on implementing the latest round of European rules designed to clamp down on money laundering, with its two-year old public register showing who really owns corporate entities. But the government faces challenges if it wants the British version to be effective in helping to cut back criminal funding. See News Analysis: Hurdles remain as UK pushes on with AML-fighting register.


The Financial Conduct Authority has published a speech by its director of specialist supervision on the role of the Office for Professional Body Anti-Money Laundering Supervision (OPBAS) and findings from its first-year supervisory assessments of the 22 professional bodies it supervises. See: LNB News 12/03/2019 48.

OFSI guidance

The Office of Financial Sanctions Implementation (OFSI) has published guidance on Counter-Terrorism (Sanctions) (EU Exit) Regulations 2019, SI 2019/577 to assist in its implementation. See: LNB News 21/03/2019 85.

Crime prevention

Anti-bribery & corruption

The Organisation for Economic Co-operation and Development (OECD) has published the UK’s follow-up report on implementation of the OECD’s Anti-Bribery Convention, together with the summary and conclusions of the OECD Working Group on Bribery. See: LNB News 01/01/0001 2512.

The Serious Fraud Office (SFO) failed to obtain key documents from the law firm that represented Qatar as the agency investigated side deals used by Barclays PLC to pay Qatari investors additional fees as it tried to raise billions of pounds in the financial crisis. See News Analysis: SFO failed to obtain key legal docs in Barclays fraud probe.

Recent cases show that even when a company’s high-level executives are involved in foreign bribery, that doesn’t automatically mean charges for the company itself. See News Analysis: Executive bribes don’t always mean corporate charges, DOJ says.

The House of Lords Select Committee on the Bribery Act 2010 has published its post-legislative scrutiny report. See: LNB News 14/03/2019 127.

TRACE, a globally recognised anti-bribery business organisation, has published its ninth annual Global Enforcement Report. See: LNB News 07/03/2019 105.

Economic crime

The SFO has abandoned two of its biggest cases in a move that raises questions about its desire to prosecute individuals over economic crime as new director Lisa Osofsky sets about clearing the anti-fraud agency’s backlog of high-profile cases. See News Analysis: New SFO head’s deck-clearing move raises questions.

As the UK government presses the agencies that investigate and prosecute white collar crime to produce results, it remains unclear whether their limited resources are up to the task. See News Analysis: Tight budgets hinder UK's economic crime-fighting efforts.

Gavin Irwin of 2 Hare Court considers two significant recent reports on economic crime in the United Kingdom. The first is the report of the Treasury Committee Inquiry into Economic Crime: Anti-money laundering and the sanctions regime. A further Report relating to consumers and economic crime will follow later in 2019. The second is the Corruption Watch report on the ‘Corporate Crime Gap: How the UK Lags the US in Policing Corporate Financial Crime.’ See News Analysis: Sweeping changes to UK AML and sanctions regimes.


Companies facing a UK fraud investigation may want to avoid the embarrassment and damage of a criminal case by striking a deferred prosecution agreement (DPA), but attorneys say firms must clear high hurdles to get a deal—and realise they won’t walk away unscathed. See News Analysis: What to do when the SFO knocks—tips on landing a DPA.

Criminal Finances Act 2017

HM Revenue & Customs (HMRC) has published a report on the impact of the commencement of the corporate criminal offences introduced in the Criminal Finances Act 2017. See: LNB News 14/03/2019 137.

Modern slavery

The Home Office has published the third and fourth interim reports from the independent review of the Modern Slavery Act 2015. See: LNB News 21/03/2019 78.

The Home Office has also released guidance designed to help organisations identify if they need to publish a modern slavery statement and provide best practice on how to produce a statement. See: LNB News 15/03/2019 108.

Bruce Caldow, partner at Harper Macleod, comments on the push to render businesses looking to secure public sector contracts more cooperative in the struggle against modern slavery. See News Analysis: Exploring the responsibility of business in tackling modern slavery.

Internal investigations

Lawyers in the UK are beefing up their internal investigations amid a growing number of whistleblowers, heightened regulatory scrutiny and sharpened compliance procedures. See News Analysis: 4 tips for lawyers working on internal investigations.

Business activities

Sanctions regime

As the Civil Procedure (Amendment) (EU Exit) Rules 2019 come into force, Alexandra Webster, supervising associate, and Shivaun Chandiramani, trainee solicitor, at Simmons & Simmons LLP, identify its key provisions and explain why there may be an increase in sanctions litigation before the UK courts as a result. See News Analysis: New Rules for the UK domestic sanctions regime.

An Iranian bank suing the UK government for $4bn over its enforcement of nuclear sanctions, which were later struck down, must hand over the names and addresses of all its customers to HM Treasury. See News Analysis: Iranian bank must name all clients in $4B UK sanctions suit.


The CMA has published a letter from Lord Tyrie, CMA Chair, to the Secretary of State for BEIS, outlining proposals for legislative and institutional reforms to the UK’s competition and consumer law regimes. The proposals if implemented have the potential to change significantly the UK’s competition law regime. See News Analysis: CMA proposes changes to the competition regime

Data protection


The first overview of the implementation and enforcement of the General Data Protection Regulation (GDPR) has been published by the European Data Protection Board (EDPB). The EDPB concludes that the GDPR cooperation and consistency mechanism work quite well in practice. See: LNB News 15/03/2019 106.

EU regulators who have the power to enforce national privacy rules for electronic communications can factor these alleged violations into the punishments they dole out under the bloc's GDPR. See News Analysis: E-privacy rules can weigh on GDPR fines, EU board say.

The EDPB has published its opinion which it has adopted on the interplay between the ePrivacy Directive 2002/58/EC and the GDPR. See: LNB News 15/03/2019 95 and LNB News 14/03/2019 149.

The effectiveness of Europe’s sweeping new data protection law is being cast into doubt as legal experts warn that companies are over-reporting to national regulators amid widespread confusion about what the rules really require. See News Analysis: Companies stumble amid confusion surrounding GDPR.

ePrivacy Regulation

The EDPB has published a statement calling on EU legislators to intensify efforts to adopt the ePrivacy Regulation to complete EU framework for data protection and confidentiality of communications. See: LNB News 15/03/2019 107.

While the ePrivacy reform is still being worked on by EU lawmakers, one of the items the ePrivacy Regulation is expected to update is the use of ‘cookie walls.’ Alex van der Wolk, Mercedes Samavi and Philip Radlanski of Morrison & Foerster LLP consider the Austrian and UK DPAs recently issued enforcement actions involving the use of cookie walls. See News Analysis: The cookie wall must go up. Or not?


ICO enforcement

Information Commissioner’s Office (ICO) officers have executed search warrants at offices in Brighton and Birmingham of companies suspected of making millions of live and automated nuisance calls to UK landline and mobile numbers. See: LNB News 12/03/2019 83.

Investigations by the ICO into nuisance marketing have resulted in 16 company directors being banned from running a company for 107 and a half years in total. See: LNB News 28/02/2019 111.

The ICO has fined Vote Leave Limited £40,000 for sending unsolicited text messages before the 2016 EU referendum—see: LNB News 19/03/2019 131. It has also fined a Kent pensions company for sending nearly two million spam emails—see: LNB News 26/03/2019 101.

When things go wrong


The European Parliament and the Member States have reached agreement on new rules that the European Commission says will guarantee a high level of protection for whistleblowers who report breaches of EU law. The new rules cover a wide reach of areas of EU law, including anti-money laundering and corporate taxation, data protection, and protection of the EU's financial interests, as well as food and product safety, and environmental protection and nuclear safety. See: LNB News 15/03/2019 104. and LNB News 12/03/2019 28.

European Union governments and the bloc’s lawmakers are divided over the best way to protect whistleblowers, with Member States seeking to delay informants before they go public. See News Analysis: EU governments and lawmakers divided on whistleblower protection.

The European Commission has announced it is launching a new online program that will make it easier for companies and legal representatives to submit documents and blow the whistle on cartel cases. See News Analysis: Europe launches online cartel whistleblowing tool.

Information management & security


According to the government’s 2018 ‘Cyber Governance Health Check’ report, which examines the UK’s FTSE 350 companies’ approach to cybersecurity, boards at many of the UK’s largest companies still haven’t grasped the severity of the impact that a cyberattack can have on their business. See: LNB News 05/03/2019 40.

Matthew Richardson, barrister at Henderson Chambers, comments on the obligations and opportunities which businesses face in relation to cybersecurity. See News Analysis: Exploring businesses’ approach to cybersecurity.

The European Parliament has announced that it will adopt the EU Cybersecurity Act 2018, the first EU-wide cybersecurity certification scheme to ensure that certified products, processes and services sold in EU countries meet the cybersecurity standards. See: LNB News 12/03/2019 95.



Related Articles:
Latest Articles:
About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.