Report: GDPR fines surpass $1B in 2021; breach notifications also rise


Nearly €1.1 billion (U.S. $1.2 billion) worth of fines have been issued against organizations in the past year for violations of the General Data Protection Regulation, according to the latest annual report by law firm DLA Piper.


FRC expands probe of PwC’s Babcock International audits


The U.K. Financial Reporting Council has expanded its investigation into PwC over its statutory audits of British defense contractor Babcock International Group to include the fiscal years ended March 31, 2019, and March 31, 2020.

Credit Suisse sign

Credit Suisse chairman resigns over breach of Covid-19 rules


António Horta-Osório, the leader who was supposed to bring stability and accountability back to Credit Suisse, resigned after eight months as chairman following an investigation into his flouting of Covid-19 rules.

U.K. business

NSI Act reshapes U.K. acquisition landscape


The U.K. National Security and Investment Act might present “unforeseen” compliance problems for companies wanting to merge with or buy foreign businesses, according to legal experts.

UK privacy

Difficult path ahead for new ICO head John Edwards


The United Kingdom’s newly appointed information commissioner, John Edwards, might find it hard to steer a successful path between ensuring citizens’ data rights are preserved while also trying to make U.K. laws more palatable for data-driven business.


Mishcon de Reya fined $316K for AML failings


The Solicitors Regulation Authority, the regulatory body for solicitors in England and Wales, announced British law firm Mishcon de Reya has agreed to pay a financial penalty of £232,500 (U.S. $316,000) for AML compliance violations.

Google Ireland

France’s CNIL fines Google, Facebook $237M combined over cookies consent


French data privacy watchdog CNIL again sidestepped the GDPR in fining Google and Facebook a combined €210 million (U.S. $237 million) for making it too difficult for users to refuse cookies when accessing their websites.


Former Swedbank CEO Birgitte Bonnesen charged with fraud


The Swedish Economic Crime Authority announced charges against Birgitte Bonnesen, Swedbank’s former chief executive officer, for fraud and market manipulation regarding the bank’s money laundering scandal.

Deutsche Bank

Deutsche Bank fined $9.8M for Euribor control weaknesses


Germany’s market regulator BaFin imposed an administrative fine of 8.66 million euros (U.S. $9.8 million) on Deutsche Bank for breaches of the European Union’s Benchmarks Regulation.

2021 talking points

​ICA: Three major compliance talking points from 2021

2021-12-30T15:18:00+00:00By Jon Prentice, International Compliance Association

With 2021 nearing its end, Jon Prentice of the International Compliance Association recaps three major compliance topics and talking points that have stood out this year.

Magnifying glass

S&T AG orders Deloitte audit of short seller allegations


Austrian technology company S&T AG has ordered a forensic audit of its corporate structure and several recent acquisitions in response to allegations made by short seller Viceroy Research.


Should lawyers, accountants be filing more SARs?

2021-12-28T14:32:00+00:00By Jason Morris, International Compliance Association

A study of suspicious activity reporting data in the United Kingdom suggests accountants, lawyers, estate agents, and other service-facing professionals could be doing more to contribute to the fight against financial crime.

London cityscape

BlueCrest facing $55.5M fine for failing to manage fairly a conflict of interest


The U.K. Financial Conduct Authority announced its intention to fine hedge fund BlueCrest Capital Management £40,806,700 (U.S. $55.5 million) for failing to manage fairly a conflict of interest. BlueCrest has challenged the decision.

EU data flag

Dissatisfaction with GDPR pushing EU countries toward local laws


So far, Europe’s wide-reaching data privacy rules have seemingly failed to curb Big Tech firms’ use and abuse of citizens’ personal data. As a result, some EU data regulators are pursuing their own investigations—often through other legislation.

Standard Chartered

Standard Chartered fined record $61.5M for liquidity reporting failures


The U.K. Prudential Regulation Authority imposed a record fine of £46.55 million (U.S. $61.5 million) against Standard Chartered Bank for repeatedly misreporting a key metric to determine liquidity risk.


HSBC hit with $84M penalty over AML failings


The U.K. Financial Conduct Authority fined HSBC Bank £63,946,800 (U.S. $84.3 million) for failings in its anti-money laundering processes over an eight-year period.


Grindr fined $7.2M for GDPR consent violations


The Norwegian Data Protection Authority announced a fine of NOK 65 million (U.S. $7.2 million) against gay dating app Grindr for sharing personal data with third parties without users’ consent.

United States European Union cooperation

Biden corruption strategy puts FCPA in spotlight overseas


President Joe Biden’s strategy on countering corruption shows tackling corporate abuses overseas is firmly back on the U.S. agenda. As such, European companies and executives should beware: The Foreign Corrupt Practices Act is likely to get a dusting off.


SFO integrity questioned after Unaoil conviction overturned


The Serious Fraud Office will be investigated by the U.K. Attorney General’s Office after a court said the agency denied a convicted former oil and gas executive the right to a fair trial.

Credit Suisse

Credit Suisse sets executive board roles in line with new risk strategy


Credit Suisse reemphasized its corporate restructuring plan in the wake of this year’s Archegos and Greensill Capital meltdowns as part of a series of executive board appointments, including the return of Francesco De Ferrari to lead Wealth Management.

Societe Generale

Societe Generale CEO to assume oversight of risk and compliance


The CEO of Société Générale will assume direct supervision of the risk and compliance control functions at the French multinational investment bank following the completion of remediation programs in line with two U.S. deferred prosecution agreements.

Hiltrud Werner index

Volkswagen integrity head Hiltrud Werner to depart in board reshuffle


Hiltrud Werner, board member responsible for integrity and legal affairs at Volkswagen and a key figure in the Dieselgate monitorship, will leave the German automaker on Feb. 1, 2022, as part of a series of managerial changes.

Dutch government building

Dutch DPA fines government tax authority $3.1M under GDPR


The Dutch Data Protection Authority announced a fine of €2.75 million (U.S. $3.1 million) against the government’s Tax and Customs Administration for data processing violations of the EU’s General Data Protection Regulation.

Green accounting

FRC 2022 reviews to focus on climate risks, fraud


The U.K. Financial Reporting Council will prioritize climate-related financial disclosures in company accounts and climate risks in audits as key areas of supervisory focus for 2022/23.


Top ethics and compliance failures of 2021


Systemic risk management lapses at a financial services firm, allegations of toxic culture at a video game giant, and more of the same baffling behavior from one of the world’s largest tech companies comprise CW’s list of the biggest ethics and compliance fails of 2021.


UBS Switzerland CCO nominated to become board chairman


Markus Ronner, the group chief compliance and governance officer for UBS Switzerland AG, will be nominated to become chairman of the board at the bank’s annual meeting in April 2022.


HSBC, Credit Suisse, Barclays, NatWest fined $389M total for currency cartel scheme


The European Commission fined HSBC, Credit Suisse, Barclays, and NatWest a total of €344 million (U.S. $389 million) for their participation in a trader-driven scheme to manipulate the foreign exchange spot market. UBS was not fined after first reporting the scheme.

U.K. Parliament

Greensill report: British Business Bank loan approvals lacked due diligence


The British Business Bank failed to carry out sufficient due diligence when it gave collapsed lender Greensill Capital approval to hand out £350 million (U.S. $465 million) under the government’s pandemic support program, according to a U.K. Parliament report.

Clearview AI

Clearview AI facing $22.6M fine over U.K. privacy violations


The U.K. Information Commissioner’s Office has warned Clearview AI it could face a £17 million (U.S. $22.6 million) fine over its use of people’s data to power its facial recognition software.

London cityscape

U.K. Corporate Governance Code gaps remain despite reporting improvements


U.K. companies have improved corporate reporting—particularly on environmental and social issues—despite more instances of noncompliance with the Corporate Governance Code, according to the Financial Reporting Council’s latest review.

Danske Bank

Danske Bank appoints CCO Philippe Vollot as chief administrative officer


Danske Bank has appointed Philippe Vollot, its chief compliance officer, to be its group chief administrative officer in charge of the bank’s compliance, financial crime prevention, and financial crime risk divisions.

SBM Offshore

SBM Offshore subsidiaries fined $7.6M in Swiss bribery probe


The Swiss Public Prosecutor’s Office ordered three subsidiaries of Dutch oil and gas services company SBM Offshore to pay a criminal penalty of CHF 7 million (U.S. $7.6 million) as part of the conclusion of a legacy bribery investigation.

Deutsche Bank

Deutsche Bank names Olivier Vigneron group chief risk officer


Deutsche Bank announced the appointment of Olivier Vigneron as group chief risk officer. Following regulatory approvals, Vigneron will assume the role effective June 1, 2022.

CWE2021 Whistleblowing

CWE panel: EU Whistleblowing Directive a test for company procedures


Multiple weak points identified with the upcoming EU Whistleblowing Directive could put the burden on companies to determine how to best implement the law, experts discussed during CW’s virtual Europe event.


Dutch authorities warn Rabobank of pending action for AML failures


Rabobank announced the Dutch Central Bank ordered it to “remedy deficiencies in its compliance with the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act.”


FRC report sets quality expectations for U.K. audit firms


The U.K. Financial Reporting Council published a blueprint for how it wants audit firms to perform to ensure they deliver high-quality audits.


CWE panel: GDPR ‘the start of a culture of data protection’


Belgian Data Protection Authority head David Stevens and Member of European Parliament Axel Voss discussed ways the General Data Protection Regulation could be improved for the future during a keynote at CW’s virtual Europe event.


Volkswagen not resting on laurels post-monitorship


Volkswagen CCO Kurt Michels shared how the company has intensified business partner due diligence in the wake of completing its three-year U.S. monitorship during a fireside chat at CW’s virtual Europe event.


CWE panel: Risks, rewards of outsourcing compliance


As they look to manage third-party risks, compliance departments are increasing their reliance on outsourcing. Experts at Compliance Week’s virtual Europe event discuss the benefits and risks of enlisting external help.

Google building

U.K. Supreme Court decision on Google deals blow to class actions


Legal experts weigh in on the U.K. Supreme Court’s rejection of a claim that sought billions of pounds in damages from Google over alleged illegal tracking of millions of iPhones and what it means for future collective actions.


When racist words, stereotypes are not in the eye of the beholder


A recent case involving discrimination allegations raised by a former compliance executive at Commerzbank serves as a reminder that sometimes people use words that hurt others’ feelings, but it doesn’t always mean the intention is there.

Belgium privacy

IAB Europe expecting to be found in violation of GDPR


The European arm of the Interactive Advertising Bureau released a statement acknowledging it expects to be found in violation of the EU’s General Data Protection Regulation regarding its Transparency and Consent Framework.

Credit Suisse

Credit Suisse to overhaul strategy: ‘Risk management will be at the core of our actions’


Credit Suisse announced sweeping changes to its long-term growth strategy, reemphasizing risk management after missed red flags led to billions of dollars in losses related to the collapses of Archegos Capital Management and Greensill Capital.


Ex-FIFA president facing fresh fraud charges


Former FIFA officials Sepp Blatter and Michel Platini have been charged with fraud, forging documents, and other offenses following a six-year investigation into a controversial CHF 2 million (U.S. $2.2 million) payment made out to Platini a decade ago.


Banks in crisis at CEO turning to chief risk officers


Two of the largest banks in Europe—Barclays and Danske Bank—have had to make abrupt pivots at the CEO position this year. Each has chosen to pass the baton to their former chief risk officer.

Grant Thornton

Grant Thornton UK fined for ‘skepticism failures’ in Interserve audit


Grant Thornton UK received a “severe reprimand” and reduced penalty of £718,250 (U.S. $981,000) for breaches that arose in the context of audit work on the 2015-17 financial statements of now-collapsed construction firm Interserve.


Barclays CEO Jes Staley steps down over Jeffrey Epstein links


Barclays CEO Jes Staley stepped down after a probe by British financial regulators looks to have found evidence his friendship with disgraced sex offender Jeffrey Epstein was closer than he had originally made out.

Corporate reporting

FRC reporting review: COVID-19 disclosures lacking, new climate-related mandates


In its annual review of corporate reporting, the U.K. Financial Reporting Council found companies are struggling to provide stakeholders with enough detail about COVID-19 disruptions. The regulator also announced new requirements for climate-related disclosures.

Data money

IAPP report: Privacy spend rising, with further growth expected


Corporate spending on managing privacy risks has risen significantly since last year, with 6 of 10 privacy professionals believing budgets will continue to increase over the coming year, according to the latest IAPP survey.


Swedbank: Swedish enforcement agency closes market abuse probe


Swedbank said it has been notified by the Swedish Financial Supervisory Authority that an investigation by the regulator concerning suspected market abuse by the bank has been closed “with no remark.”