EDPB decision sparks ‘consent-or-pay’ debate for Big Tech firms
Big Tech firms may have to rethink their plans to charge users for not selling their personal data for behavioral advertising following a decision by Europe’s main data regulator.
Focused on consumer privacy? Don’t forget employees’ rights
The implications of a privacy rights case involving a U.K.-based Uber Eats driver underscore a popular belief that companies prioritize protecting the personal information of their customers over the data rights of their employees.
U.S., U.K. ban new Russian metal imports
The U.S. Treasury Department, in coordination with the United Kingdom, is clamping down harder on Russia’s ability to wage war against Ukraine by banning the import of Russian-origin aluminum, copper, and nickel.
ECHR ruling opens door to climate change litigation on basis of human rights
By holding the Swiss government accountable for failing to do more to limit climate change, a ruling by the European Court of Human Rights might have significant implications for legislators and organizations in other countries across the European Union.
KPMG Netherlands fined record $25M by PCAOB for exam cheating
KPMG Netherlands agreed to pay a record $25 million penalty levied by the U.S. Public Company Accounting Oversight Board for allegedly allowing widespread cheating by employees on internal training exams and misinforming regulators about the misconduct.
Experts: ESG gone mainstream, but new regs still create headaches
Environmental, social, and governance goals have gained acceptance from senior leadership because of upward pressure from employees, investors, and customers, according to compliance leaders speaking at Compliance Week’s 2024 National Conference.
Grant Thornton UK dinged $51K for pension fund audit lapses
Grant Thornton UK was assessed a penalty of £40,000 (U.S. $51,000) by the Financial Reporting Council for alleged procedure failures affecting the firm’s audit of a local authority’s pension fund.
U.K. border controls on EU goods evoke supply chain disruption concerns
The imposition of full border controls on goods entering the United Kingdom from the European Union will affect importers and their EU suppliers, and both are advised to prepare for increased checks, possible delays, and new charges.
SEC concludes VW emissions case with $48.8M judgment
Volkswagen Group of America Finance was ordered to pay $48.75 million as part of a final judgment obtained by the Securities and Exchange Commission to resolve historical violations related to the automaker’s emissions scandal.
Need to know: How AI Act sets tone for AI regulation
The European Union’s AI Act follows a risk-based approach: the higher the risk the artificial intelligence poses, the stricter the rules. Understanding each category is key to compliance.
Ericsson: Monitor certified anti-corruption program post-FCPA settlement
Swedish telecommunications company Ericsson announced its independent monitor appointed by the Department of Justice certified its compliance program satisfies the requirements ordered by the U.S. agency following its 2019 Foreign Corrupt Practices Act settlement.
New leadership no easy fix for Irish DPC’s GDPR woes
The Irish Data Protection Commission has a new leadership structure, but it is uncertain whether the changes can get the key privacy regulator caught up on enforcement of the General Data Protection Regulation.
U.K. sets recommendations to address misogyny in finance
Sexism, sexual assault, and bullying are rife at financial services organizations, according to a recent report by the U.K. Treasury Committee. “The government and financial regulators have important roles to play in driving change,” the committee said.
Big Tech practices draw early scrutiny under DSA, DMA
TikTok and X are under investigation related to their respective compliance with the European Union’s Digital Services Act, while the first three companies probed under the Digital Markets Act include Apple, Alphabet, and Meta.
EU regs for energy-efficient buildings raise questions for commercial property
Organizations with property in the European Union should be asking more questions about their sustainability and emissions in light of revised plans to decarbonize buildings across the region.
ICO primed for enforcement increase behind new fining guidance?
The Information Commissioner’s Office updated its data protection fining guidance to provide companies with greater transparency and clarity about how and why it would issue penalties for a breach of the U.K. General Data Protection Regulation or Data Protection Act 2018.
Chapter 4: Investigations into misconduct: What banks can do
Both JPMorgan Chase and Deutsche Bank retained their respective Jeffrey Epstein relationships for too long. Yet, there is a case to be made for why exiting a high-risk relationship too soon can become an inverse form of recklessness.
Chapter 3: Egregious failures: Customer due diligence and transaction monitoring
Why did JPMorgan Chase retain Jeffrey Epstein for more than a dozen years? How did the relationship persist despite glaring red flags? The “why” is straightforward; the “how” is more complicated.
Deutsche Bank dinged $54K over IT incident reporting
Deutsche Bank was assessed a penalty of €50,000 (U.S. $54,000) by Germany’s financial supervisory authority for its alleged miscommunication of a 2023 information technology security incident.
Chapter 2: KYC shortfalls: JPMorgan and Deutsche Bank’s onboarding of Epstein
Jeffrey Epstein’s designation as a high-risk client should have subjected him to enhanced due diligence that never appeared to occur, most notably at Deutsche Bank. Instead, Epstein was allowed to continue his misconduct despite numerous red flags.
Chapter 1: Compliance v. complicity: The ‘underbelly’ of bank culture
Why were decisions made the way they were at the banks that serviced Jeffrey Epstein? Evidence points to a cultural tension: a tug-of-war between the allure of profit and the drag of compliance, with the former having all the pulling power.
EU due diligence directive back on track, despite concession concerns
The future of the EU’s Corporate Sustainability Due Diligence Directive was thrown into doubt when the European Council failed to endorse proposals. The directive is back on track after being agreed upon, albeit in weaker form.
Policy changes underscore need for enhanced child labor due diligence
Rooting out potential child or forced labor violations in your company’s supply chain can have benefits beyond protecting reputation and being ethically sound. The process can also help your firm comply with pending child labor laws in other jurisdictions.
Departing ABN AMRO risk chief says climate, cyber among priorities
Tanja Cuppen, chief risk officer of ABN AMRO, shared her view on the Dutch bank’s biggest risk focus areas and the accomplishments of her tenure a month ahead of her planned departure.
Privacy by design a silver bullet for stemming AI risks?
The proliferation of artificial intelligence technologies—and their reliance on publicly available data—has reinforced the need for tech developers and the companies using their solutions to ensure privacy by design and by default is at the crux of any offering.
Study: Climate transition impact reporting still lacking
Large polluters are failing to account for climate change impact and adaptation, but policymakers need to harmonize disclosure requirements to drive coherent action.
SFO launches probe into collapsed Carlauren Group
The U.K. Serious Fraud Office announced two raids and three arrests coinciding with the launch of an investigation into collapsed property developer Carlauren Group.
FCA fines financial adviser $1.1M over British Steel advice, oversight lapses
The U.K. Financial Conduct Authority fined Inspirational Financial Management nearly £900,000 (U.S. $1.1 million) regarding alleged failures in advice and oversight provided to customers who were primarily members of the British Steel Pension Scheme.
Italian DPA fines UniCredit $3M over data breach GDPR lapses
The Italian data protection authority announced a fine of €2.8 million (U.S. $3 million) against UniCredit for alleged violations of the General Data Protection Regulation regarding insufficient security measures the bank had in place during a cyberattack.
SFO director support for whistleblower incentives enough to drive change?
When Nick Ephgrave of the Serious Fraud Office said in his maiden speech he favored paying whistleblowers in exchange for information, he might not have been fully aware of the implications, according to legal experts.
EU to ban sale of products made with forced labor
The European Union announced an agreement to ban products made with forced labor, a decision that will oblige organizations to track and declare more information about their supply chains for goods entering EU markets.
Ericsson promotes investigations head to CCO
Ericsson shook up its reporting structure with the promotion of Head of Corporate and Government Investigations Rebecca Rohr to chief compliance officer.
Top brands shamed for U.K. minimum wage failings ahead of hike
The U.K.’s Department for Business and Trade named 524 businesses found to have failed to pay the national minimum wage, ahead of wage hikes for certain workers that will take effect April 1.
FCA warns CEOs over firm AML failings
The U.K. Financial Conduct Authority warned the chief executive officers of approximately 1,000 financial institutions it supervises regarding common failures in anti-money laundering procedures it observed during recent assessments.
KPMG fined $1.9M by FRC over M&C Saatchi audit lapses
KPMG agreed to pay a reduced penalty of nearly £1.5 million (U.S. $1.9 million) assessed by the U.K. Financial Reporting Council addressing admitted failings in the Big Four audit firm’s financial year 2018 work at advertising services company M&C Saatchi.
Swedbank says Estonia money laundering probe closed
The Estonian branch of Swedbank is no longer under investigation regarding suspected money laundering and other criminal activities.
Best practices for determining need for a human rights policy
Does your business need a human rights policy? An increasing number of organizations believe they do, according to research firm Gartner.
FCA vows transparency, faster case outcomes in new enforcement strategy
The U.K. Financial Conduct Authority will rein in its enforcement focus and commit to providing more updates on its ongoing investigations as part of a revamped strategy designed to quicken the pace and increase the deterrent impact of its cases.
FCA calls attention to continued trade manipulation tactics
Financial firms continue to flout rules designed to protect investors from being misled about the true value of financial products, according to a recent bulletin from the U.K.’s Financial Conduct Authority.
New European AML agency to be based in Germany
The European Union’s recently approved Anti-Money Laundering Authority will be based in Frankfurt, Germany, and begin operations in 2025.
Compliance’s role in managing challenges related to employee side hustles
Employees engaging in side businesses—part-time jobs or new company creations—can introduce a myriad of risks for a company.
Experts: No easy fix for U.K. senior manager accountability shortcomings
Legal experts generally agree the U.K.’s record for prosecuting board-level executives for financial and economic crime could be better. But some believe there is a problem criticizing poor enforcement when the legislation in place has its own shortcomings.
Lloyds discloses FCA probe into AML controls
Lloyds is the latest U.K. financial institution being probed by the Financial Conduct Authority regarding its anti-money laundering control framework.
Barclays says FCA probe into AML controls closed
Barclays Bank disclosed an investigation by the U.K. Financial Conduct Authority into the bank’s anti-money laundering controls has closed without a penalty.
U.K. labor shortage stakes up following tripled illegal worker fines
Fines for employing people who do not have a legal right to work in the United Kingdom have risen, meaning employers who fail to carry out the required checks or neglect to re-examine the status of those on temporary work visas could face substantial penalties.
SFO raids kick off probe into collapsed Signature Group
The U.K. Serious Fraud Office carried out several residential raids as it announced the launch of a criminal investigation into collapsed property investment firm Signature Group.
Public consultation on GDPR opens door for changes
Feedback from a European Commission consultation on the six years of enforcement of the General Data Protection Regulation could result in tweaks to the rules and potential changes to the way data protection authorities enforce them.
Q&A: ManpowerGroup compliance director on CSRD prep efforts
James Levey, compliance director at global recruitment agency ManpowerGroup, discusses with Compliance Week his focus on preparing the group’s European operations to gather the data required for compliance with the EU’s Corporate Sustainability Reporting Directive.
Verifiable data key as companies begin TNFD-aligned disclosures
More than 320 organizations worldwide committed to disclosing their impact on nature following the recommendations of the Taskforce on Nature-Related Financial Disclosures.
Toeing the ‘fine line’ of cloud security compliance
When organizations move their data or operations to the cloud, the compliance team has their work cut out and then some, experts discussed at CW’s Cyber Risk & Data Privacy Summit.