Risk & Compliance monthly highlights - May 2020

Risk & Compliance monthly highlights - May 2020

In this issue:

GDPR & data protection

Crime prevention

AML & counter-terrorist financing

Information management & security

GDPR & data protection

Coronavirus (COVID-19)

The Information Commissioner’s Office (ICO) has published a series of questions for consideration by organisations using data to combat the coronavirus (COVID-19) pandemic. Several organisations are employing contact tracing and location tracking technologies, and the ICO is keen to ensure that privacy implications are appropriately considered. See: LNB News 20/04/2020 3.

The ICO has also published a document explaining its regulatory approach during the coronavirus pandemic. The Information Commissioner says the ICO is taking an empathetic, pragmatic and flexible approach by focusing mainly on the greatest threats, providing advice and guidance on data protection to frontline organisations, taking action against those exploiting the current public health emergency, and providing support for businesses and public authorities recovering from the impact of the pandemic. See: LNB News 15/04/2020 74.

The European Data Protection Board (EDPB) has adopted a letter concerning the European Commission’s draft guidance on apps supporting the fight against the coronavirus pandemic. The guidance on data protection and privacy implications complements the Commission's Recommendation on apps for contact tracing, published on 8 April 2020, setting out the process towards a common EU toolbox for the use of technology and data to combat and exit from the coronavirus crisis. See: LNB News 15/04/2020 48 and LNB News 09/04/2020 24

The EDPB has announced that the issuing of guidance concerning data processing will be brought forward as a result of the coronavirus pandemic. Areas including the use of location and anonymisation of data, the processing of health data for research and scientific purposes and the processing of data by technologies used to facilitate remote working are all being prioritised. The EDPB also intends to issue general guidance in line with adequate legal bases and pertinent legal principles. See: LNB News 06/04/2020 12.

See also our Q&As: Do I need to report a data breach to the ICO during the coronavirus (COVID-19) epidemic? and What should I do if I can’t access all the relevant data to respond to a data subject request because of coronavirus (COVID-19) social distancing measures?


Most guidance on personal data transfers and Brexit has focused on the implications for transfers from the European Economic Area (EEA) to the UK. Bridget Treacy and Olivia Lee, partner and associate at Hunton Andrews Kurth, discuss the implications of Brexit for the reverse situation: personal data transfers from the UK to the EEA during and after the Brexit implementation (or ‘transition’) period. See News Analysis: Brexit—implications for personal data transfers from the UK to the EEA.

Vicarious liability

On 1 April 2020 the Supreme Court in WM Morrison Supermarkets plc v Various Claimants unanimously allowed Morrisons’ appeal, finding Morrisons was not vicariously liable for the actions of an employee who deliberately leaked the company’s payroll data online. See News Analysis: The Supreme Court allows Morrisons’ appeal in group litigation claim (WM Morrison Supermarkets plc v Various Claimants)LNB News 24/04/2020 9 and LNB News 01/04/2020 94.

Disclosures of personal information

Claire Williams, principal associate and Samuel Ash Croft, trainee solicitor, at Mills & Reeve LLP look at the issue of oral disclosures and the GDPR in Scott v LGBT Foundation. See News Analysis: Oral disclosures of personal information and the GDPR.


Crime prevention


The Organisation for Economic Co-operation’s (OECD) Working Group on Bribery has warned that the global response to the coronavirus should not be undermined by bribery. See: LNB News 22/04/2020 34.

The Home Office has issued guidance for businesses on how to address and report on modern slavery risks during the coronavirus pandemic. See: LNB News 21/04/2020 30. See also our Q&A: Can we delay publishing our annual slavery and human trafficking statement as a result of the coronavirus (COVID-19) pandemic and are there any particular modern slavery risks we should address?

The coronavirus is affecting the ongoing case work of UK enforcement agencies facing constraints imposed by the countrywide lockdown and social distancing measures that are hampering their ability to push forward substantive investigations already on their books. See News Analysis: COVID-19 slows pace of existing investigations.

To help address fraudulent conduct amid a slowing of the US Department of Justice’s (DOJ) prosecution and enforcement efforts, the Coronavirus Aid, Relief, and Economic Security Act grants the DOJ some emergency powers, subject to important limitations related to defendants' constitutional rights and public access to hearings, says James Petkun at Klehr Harrison. See News Analysis: How COVID-19 will affect DOJ’s US white collar enforcement.

Anti-bribery & corruption

Airbus group's resolution of global bribery issues with UK, French and US authorities for €3.6bn can be seen as a good outcome for all concerned. See: LNB News 20/04/2020 21.

Goldman Sachs’ compliance procedures worked, US enforcers said in explaining a decision not to pursue the bank over alleged bribes that a London-based executive paid to help a client win work in Ghana. See News Analysis: In UK Goldman executive’s corruption case, US enforcers again take the wheel.

Unexplained wealth orders

The case of National Crime Agency v Baker exposes the potential limitations of unexplained wealth orders (UWOs) and warns against overreliance on the use of complex offshore arrangements as evidence of unlawful conduct. Gary Pons, a barrister at 5 St Andrew Hill, examines the case in more detail and assesses the future implications of the judgment. See News Analysis: The discharge of unexplained wealth orders! (National Crime Agency v Baker).

Financial sanctions

The Office of Financial Sanctions Implementations (OFSI), took a big swing with its £20.5m fine on Standard Chartered PLC over loans that violated Ukraine sanctions, its most aggressive move yet that could usher in a new era of US-style enforcement in the UK. See News Analysis: Record UK sanctions fine ushers in more aggressive era.

Ed Pearson, solicitor, and Lucia Cabello, a Spanish-qualified lawyer, both of Fulcrum Chambers, consider OFSI’s decision to fine the UK bank Standard Chartered PLC. See News Analysis: Standard Chartered fined £20.5m for breach of EU sanctions against Russia.


AML & counter-terrorist financing


The UK’s money-laundering authorities insist that it's ‘business as usual’ for banks during the coronavirus crisis, but that approach appears to be out of step with the more hands-on approach taken elsewhere. Banks and others that skimp on diligent and timely money laundering reporting and ignore the risks can’t expect an easy ride from regulators despite the unprecedented situation they face. See News Analysis: Comment—UK approach to money-laundering reporting seems out of step with other countries.

AML actions

The Gambling Commission’s recent AML fine against Betway Limited (Betway), illustrates companies subject to the Money Laundering Regulations 2017 (MLR 2017) must adopt a risk-based approach that concentrates resources and focus into their highest-risk areas, say Kevin Roberts, Mark Beardsworth and Duncan Grieve, lawyers at Cadwalader. See News Analysis: Gambling Commission AML action is a warning to all companies.


Information management & security


The Solicitors Regulation Authority (SRA) has released a cybersecurity Q&A during the coronavirus outbreak. See: LNB News 02/04/2020 19. See: LNB News 24/04/2020 44.

The Home Office has published guidance on steps to take to protect individuals and businesses against fraud and cybercrime during the coronavirus pandemic and where to report security breaches. See: LNB News 23/04/2020 46.

The ICO has published guidance regarding the use of video conferencing during the coronavirus pandemic. See: LNB News 16/04/2020 58.

The National Cyber Security Centre (NCSC) has urged all individuals to backup their data securely following an increase in coronavirus-related cyber-attacks. The NCSC sets out what factors to consider when checking your data backup regime is fit for purpose, which is vital especially with the rapid increase in the numbers of people working from home. See: LNB News 09/04/2020 8.

The NCSC has released an advisory alongside the US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) on the exploitation of coronavirus by cyber criminals. The advisory provides information on recorded malicious activity and tips to detect and mitigate attacks. See: LNB News 09/04/2020 12.

The European Parliament has published recommendations for people to protect themselves better against coronavirus cyber-attacks. See: LNB News 01/04/2020 11.

For further information and guidance, see our information management and security—coronavirus guidance and tools:

See further subtopic: Pandemic management, which contains guidance, Precedents, analysis and other resources for in-house lawyers and law firms relating to pandemic management, including in relation to coronavirus.

Related Articles:
Latest Articles:
About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.