Grant Thornton UK fined $3.2M for Patisserie Valerie audit lapses
Grant Thornton UK has been fined £2.34 million (U.S. $3.2 million) by the Financial Reporting Council for failures in its audits of collapsed café chain Patisserie Valerie between 2015 and 2017.
Petrofac readies bribery guilty plea, touts compliance enhancements
Petrofac will plead guilty to seven counts of failing to prevent bribery, the potential endpoint in a long-running investigation into allegations company executives paid to win lucrative contracts in Iraq, Saudi Arabia, and the UAE.
CMA’s Green Claims Code latest effort in greenwashing crackdown
Companies have until the end of the year to stop making misleading claims about the green credentials of their products and services or face regulatory action, the U.K. Competition and Markets Authority has warned.
Big Four mishaps in U.K. underscore need to challenge auditors
Companies should question their auditors throughout the audit process, particularly in the wake of a spate of recent enforcement actions in the United Kingdom targeting the Big Four and other large firms for audit deficiencies.
Swedbank CCO lauded for role in AML rebound to retire
Ingrid Harbo, Swedbank’s chief compliance officer during its ongoing recovery from a massive AML scandal, announced she will retire in March 2022.
Nord Stream 2 a study in sanctions complexity
The construction of Nord Stream 2 and the accompanying geopolitics at play illustrate how difficult it can be for compliance to respond to evolving sanctions risks.
WhatsApp GDPR fine fallout: EDPB actions shift enforcement landscape
Experts weigh in on the Irish Data Protection Commission’s €225 million (U.S. $267 million) GDPR fine against WhatsApp, which saw the European Data Protection Board rule to increase the fine total and compliance obligations.
German AML deficiencies in spotlight ahead of election
A recent raid by German prosecutors of the country’s finance and justice ministries has once again put a spotlight on Germany’s apparent failings in tackling financial crime.
Credit Suisse appoints Rafael Lopez Lorenzo as chief compliance officer
Credit Suisse has named Rafael Lopez Lorenzo as its chief compliance officer, five months removed from his predecessor stepping down in the wake of massive losses caused by the collapses of Archegos Capital Management and Greensill Capital.
Ireland shakes up GDPR enforcement with $267M fine against WhatsApp
Ireland’s Data Protection Commission announced a record-breaking €225 million (U.S. $267 million) fine against WhatsApp that is equally significant for the compliance lessons it imparts and inconsistency of the GDPR it exposes.
FRC: KPMG provided ‘false’ info in Carillion, Regenersis audit inspections
The U.K. Financial Reporting Council issued a disciplinary formal complaint against KPMG for allegedly providing “false and misleading” information during inspections into the Big Four firm’s audits of Carillion and Regenersis.
U.K. signals divergence from GDPR with new data transfer approach
The United Kingdom announced plans to strike independent data adequacy decisions with key countries—including the United States—as part of its post-Brexit economic strategy.
U.K. audit breakup plan hits snag without Big Four support
The Big Four audit firms have refused to back a U.K. government plan to break their dominance of the market by forcing them to share work with smaller competitors to give them a foothold.
Weathering the storm: Why FinTech compliance failures persist
Experts weigh in with their thoughts on why FinTechs and cryptocurrency firms continue to have a bad reputation in terms of compliance.
EY fined $3M in U.K. for Stagecoach audit failings
The U.K. Financial Reporting Council ordered EY to pay a reduced fine of £2.2 million (U.S. $3 million) related to its audits of international transport company Stagecoach Group for the 2017 financial year.
What went wrong at Greensill Capital? Former risk chief shares his view
Brett Downes, the chief risk officer at Greensill Capital for five years before the company filed for insolvency, explains what factors he believes led to the supply chain finance startup’s abrupt collapse.
ICO’s first GDPR fine reduced on appeal
The U.K. Information Commissioner’s Office’s fine against pharmacy Doorstep Dispensaree for violations of the General Data Protection Regulation has been slashed approximately two-thirds on appeal to £92,000 (U.S. $126,000).
BSI guidance offers whistleblower management best practices
The British Standards Institution has created international guidance to help companies set up an effective whistleblowing management system.
Hamburg DPA warns Zoom incompatible with GDPR
The Hamburg data protection authority has warned local government departments to stop using Zoom because it believes the videoconferencing app is not compliant with the General Data Protection Regulation.
GDPR fines worth appealing? Factors to consider
Experts weigh in on the results of a report from the European Data Protection Board showing which countries have seen the most GDPR fines annulled or modified following court appeal.
Rebuilding Credit Suisse nominates risk management veterans to board
In a continuing overhaul of its risk and compliance leadership, Credit Suisse announced the nominations of Axel Lehmann and Juan Colombas to serve as non-executive members of its board.
Resource demand to enforce GDPR weighing heavy on EU authorities
A new report from the European Data Protection Board has found an overwhelming majority of data protection authorities believe they are under-resourced to deal with the demands of the General Data Protection Regulation.
Employee monitoring proving hot target for GDPR enforcement
Recent fines in Italy against two food delivery companies for violating the privacy of their drivers should act as a warning that employee surveillance can prove to be a major breach of the General Data Protection Regulation.
KPMG fined $18M for ‘integrity and objectivity’ breaches in Silentnight sale
The Financial Reporting Council ordered KPMG to pay a £13 million (U.S. $18 million) fine for “breaches of the principles of integrity and objectivity” in its advisory role regarding the 2011 sale of mattress company Silentnight to U.S. private equity firm HIG Capital.
EU guidance seeks to clarify role of AML/CFT compliance officers
The European Banking Authority is seeking comment on new draft guidelines that set clear expectations regarding the appointment, role, tasks, and responsibilities of anti-money laundering and countering the financing of terrorism compliance officers.
Italian DPA fines Deliveroo $3M for worker privacy violations
Italy’s data protection authority Garante fined U.K.-based food delivery company Deliveroo €2.5 million (U.S. $3 million) under the GDPR for violating the privacy rights of its Italian drivers.
The importance of transaction monitoring, and the cost of getting it wrong
Transaction monitoring has evolved to the point where the emphasis is now on the requirement firms carry out ongoing monitoring of client relationships. Recent enforcement actions provide lessons on pitfalls to avoid.
Amazon discloses record-shattering $887M GDPR fine
Amazon disclosed it has received notice of a €746 million (U.S. $887 million) GDPR fine in Luxembourg for unlawful processing of personal data. The company intends to appeal the penalty, which would be more than 15 times the current record under the law.
Report: Deficient risk culture at Credit Suisse contributed to Archegos collapse
An independent report commissioned by Credit Suisse to examine the bank’s failures that led to $5.5 billion in losses when Archegos Capital Management collapsed this year concluded a series of missteps by risk and compliance failed to escalate numerous red flags.
Ex-Glencore oil trader pleads guilty for role in bribery scheme
A former oil trader for a subsidiary of Glencore entered a guilty plea for his role in bribing government officials in Nigeria in exchange for the award of oil cargoes and more favorable delivery terms.
Credit Suisse hires Goldman Sachs veteran as chief risk officer
Credit Suisse Group has appointed longtime Goldman Sachs risk management expert David Wildermuth as its chief risk officer.
What companies (and the SEC) can learn from U.K. ESG reporting guidance
The U.K. Financial Reporting Council has proposed a series of measures from which companies—as well as other regulators like the SEC—could benefit as ESG disclosures receive closer scrutiny.
TikTok fined $883K under GDPR for children’s privacy violations
The Dutch Data Protection Authority imposed a €750,000 (U.S. $883,000) fine on TikTok for violating the privacy of young children following a wide-scale investigation launched last year.
FRC 2020/21 audit inspections: KPMG rebuked over continued struggles
The U.K. Financial Reporting Council released the results of its 2020/21 audit quality inspections, in which it singled out KPMG for “unacceptable” deficiencies regarding the firm’s audits of banks and similar entities.
New agency Europe’s latest hope to curb AML struggles
The European Commission unveiled new plans to set up an agency specifically aimed at tackling the region’s spiraling problems with money laundering.
SFO secures DPAs worth $3.4M with two unnamed companies
The Serious Fraud Office announced deferred prosecution agreements worth £2.5 million (U.S. $3.4 million) with two unidentified U.K.-based companies for bribery offenses.
FCA pledge to be more assertive rings hollow amid enforcement drops
A steady decrease in enforcement activity makes it easy to question whether the U.K. Financial Conduct Authority is in position to become the “more innovative, assertive, and adaptive regulator” it pledges to be.
The debate over AI: Regulate the tech or its use?
Recent comments by Facebook’s top executive in charge of developing AI reignite the debate over whether regulators should be more focused on reining in the technology itself or just the way it is used.
10 years of U.K. Bribery Act: Compliance enough to define law’s success?
The U.K. Bribery Act marked its 10th anniversary this month, but views are mixed about how the legislation and its enforcement have fared in the decade since it came into force.
Binance enhancing compliance after recent U.K. ban
The CEO of cryptocurrency platform Binance touted the company’s growing commitment to compliance after one of its units was banned from operating in the United Kingdom.
Italian DPA cites biased tech in $3.1M GDPR fine
Italy’s data protection authority fined food delivery company Foodinho €2.6 million (U.S. $3.1 million) because the app at the core of its business model allegedly discriminated against employees.
British Airways settles 2018 data breach class action
British Airways has settled one of the U.K.’s largest group actions after thousands of people sought compensation following a 2018 data breach that resulted in the airline being fined under the GDPR.
Credit Suisse entities to pay $1.5M for swap data reporting failures
The Commodity Futures Trading Commission reached a $1.5 million settlement with three entities of Credit Suisse for swap data reporting failures caused by a technical error.
Compliance lessons from Wood Group’s $177M global bribery settlement
John Wood Group reached a $177 million settlement with authorities in the United States, the United Kingdom, and Brazil, concluding legacy bribery and corruption investigations into Amec Foster Wheeler companies.
PwC audit facing scrutiny amid Greensill collapse fallout
Big Four firm PwC is under investigation for its audit of Wyelands Bank as part of a larger U.K. review linked to the recent collapse of Greensill Capital.
U.K. AML expert convicted of aiding money launderers
A U.K. money laundering prevention expert was found guilty of allowing criminals to use his company to launder the proceeds of an £850,000 (U.S. $1.2 million) investment fraud that resulted in dozens of victims being ripped off.
New tech, legal precedent forcing GDPR to evolve
Companies’ priorities regarding compliance with the GDPR are likely to become more focused because of a mixture of recent legal decisions and efforts by the European Commission to keep privacy rules in sync with changes in technology.
Ex-Deutsche Bank traders imprisoned for ‘spoofing’ roles
James Vorley and Cedric Chanu, former precious metals traders at Deutsche Bank, were each sentenced to one year and one day in prison for their respective roles in a scheme to manipulate the precious metals markets with fraudulent trades.
AML compliance proving tall hurdle for U.K. crypto firms
The U.K.’s financial regulator has been forced to extend a registration deadline for cryptocurrency firms by nearly nine months because so few have been able to meet even basic anti-money laundering requirements.
New rules for SCCs: What you need to know
The latest set of standard contractual clauses for companies transferring data between the European Union and third countries, such as the United States, is meant to align more closely with the GDPR and root out government snooping.