The U.K. Information Commissioner’s Office agreed to slash its intended GDPR fine for British Airways from £183.39 million (U.S. $230 million) to just £20 million (U.S. $26 million). What was behind the massive reduction?
Experts discuss whether EU data protection authorities would be better served using corrective actions other than eye-watering fines to encourage companies to commit to best (and legal) GDPR practices.
A German public prosecutor levied a €13.5 million (U.S. $15.9 million) fine against Deutsche Bank for failing to report over 600 suspicious transactions in a timely manner but dropped a wider investigation related to the Danske Bank money laundering scandal.
It is not clear what action Danske Bank will take on the back of its investigation into Europe’s biggest-ever money laundering scandal, but it is a safe bet to think further improving compliance will be on the list.
The Swiss Financial Market Supervisory Authority found Banca Credinvest “seriously breached” anti-money laundering regulations with regard to dealings with PDVSA in Venezuela.
In one of the largest GDPR fines imposed, a regional data protection authority in Germany fined H&M Germany €35.2 million (U.S. $41.3 million) for excessive monitoring of several hundred employees by one of the retailer’s subsidiaries.
The damning revelations from the “FinCEN Files” leaks have once again put Europe and its supposed world-leading anti-money laundering rules under the spotlight.
In the past month three of the world’s largest tech firms have been hit with legal actions that could lead to billion-dollar damages suits for alleged violations of the GDPR. Neil Hodge explores the trend and what to expect moving forward.
Swedbank announced the Swedish Financial Supervisory Authority has opened an investigation into the bank for potential violations of the regulation on market abuse in connection to the disclosure of suspected money laundering.
The U.K. Financial Reporting Council fined Deloitte a record £15 million (U.S. $19.4 million) for numerous findings of misconduct regarding past audits of British software company Autonomy Corporation.
In both the U.S. and U.K., millions (perhaps billions) of dollars of coronavirus relief loans intended for small businesses is believed to have been misused. Legitimate businesses have been hurt as a result, writes Martin Woods.
The chairman and chief executive of Big Four auditing firm EY says auditors should do more to uncover fraud while conducting external audits, a topic the industry has historically been reluctant to tackle.
A first-of-its-kind lawsuit in the U.K. alleges YouTube unlawfully collects personal information from children without parental consent and harvests their data for advertising purposes, in violation of British and European data privacy laws.
The Irish DPC’s order to Facebook to halt the transfer of European citizens’ personal data to the United States could pose operational and legal challenges that set a precedent for not only other tech giants, but companies generally.
The Swiss Federal Data Protection and Information Commissioner believes the Swiss-U.S. Privacy Shield “does not provide an adequate level of protection for data transfer from Switzerland to the US.”
While bribery can provide companies with major short-term gains, there is little evidence to support many other beliefs surrounding the “return on investment,” according to a new study.
Companies are at risk of being investigated by the U.K.’s tax authority over fears that up to two out of every three employees worked during lockdown while their employers illegally claimed salaries from the government’s furlough program.
The European Commission this week warned there will be “no quick fix” to replace the now-invalidated Privacy Shield, which governed data transfers between the European Union and United Sates.
Credit Suisse is learning the hard way that spying on former colleagues is frowned upon, following announcement of an enforcement proceeding against the Zurich-based bank by the Swiss Financial Market Supervisory Authority.
The U.K. Financial Conduct Authority seeks comment on a new proposal that would widen the scope of its annual financial crime reporting obligations to include firms whose regulated activities potentially pose a higher money laundering risk.
It appears Europe’s data authorities are prepared to interpret a key court judgement as they see fit in the absence of definitive guidance from the bloc’s primary privacy regulator.
How we came to learn about the fraud allegedly perpetrated by Wirecard offers important lessons in compliance and corporate governance, writes financial crime expert Martin Woods.
A scathing report on the extensive fraud at German payment giant Wirecard had a compliance silver lining: KPMG’s by-the-books, transparent approach to a special audit helped bring that fraud to light.
Can the United Kingdom play with the big boys when it comes to issuing its own sanctions, and what do compliance professionals need to know as Brexit’s start date looms closer?
As Ireland’s first GDPR decision against Big Tech hangs in limbo, experts are scratching their heads as to why a seemingly straightforward case is headed to the EU’s data governing body to rule on.
While it’s not yet clear whether Wells Fargo’s compliance moves (including the loss of its CCO) will pay off, we’re much more certain about the Irish Data Protection Commission’s stance on a potential Twitter fine.
The U.K. Information Commissioner’s Office is investigating allegations that Barclays Bank had effectively been spying on employees by using an intrusive software system that monitored workers’ activity.
Privacy campaign group NOYB has filed complaints against 101 websites with European operators that it says are still sending data to the U.S. via Google and/or Facebook integrations—potentially in breach of the EU’s strict data privacy rules.
Daimler AG, the parent company of car maker Mercedes-Benz, predicts it will spend over $2 billion to settle emission tampering allegations by U.S. regulators and a related class-action lawsuit.
A European privacy group is pursuing multiple class-action lawsuits against Oracle and Salesforce for alleged violations of the EU’s General Data Protection Regulation, estimating damages sought could exceed €10 billion (U.S. $11.9 billion).
Staff members of Germany’s financial regulator, BaFin, were reportedly buying and selling Wirecard shares at a suspiciously higher rate leading up to the collapse of the FinTech firm.
A fresh podcast from the Theranos whistleblower and a new compliance association for Black practitioners get a round of applause from us this week, while a complicated case involving McDonald’s lands the company on both the “Nailed It” and “Failed It” lists.
Despite a recent court ruling to scrap the EU-U.S. Privacy Shield, the program is apparently still alive and well in the United States. It’s time to move on, writes Aaron Nicodemus.
The U.K. Serious Fraud Office announced it has secured orders confiscating £5.45 million (U.S. $7 million) from two former executives of oil and gas exploration company Afren.
The United Kingdom has become just the second country to issue guidance for companies in the maritime shipping industry alerting them about common illicit and suspicious practices used to evade sanctions.
As the fallout from the demise of the Privacy Shield continues to play out, here are a handful of steps companies can take to protect themselves from potential GDPR violations when transferring data between the European Union and the United States.
British Airways has hinted that it will qualify for a nearly 90 percent reduction of its original GDPR fine (U.S. $230 million) and end up paying just $26 million.
The U.K. Serious Fraud Office announced charges against GPT Special Project Management and three individuals concerning a criminal investigation that began eight years ago into allegations of misconduct in Saudi Arabia.
The legal and financial burden for companies to comply with the recent ruling to invalidate the EU-U.S. Privacy Shield might actually be worse than first thought, if an FAQ from the European Data Protection Board is any indication.
German prosecutors arrested three Wirecard executives, including the former CFO and head of accounting, as an investigation into the company’s inflated balance sheet and a missing $2 billion continues to expand.
The U.K.’s long-awaited report on Russian interference in the country stresses the importance for big money to be subject to enhanced levels of due diligence, writes financial crime expert Martin Woods.
The United Kingdom issued its first wave of sanctions this month under a new regime targeting those who commit human rights abuses, with the promise of many more sanctions to come.
The Financial Conduct Authority’s fine of £37.8 million (U.S. $47.5 million) on Commerzbank’s London branch is a reminder that the most fundamental risk-based AML controls are still not being implemented at some financial services firms.
In a surprise decision that will have a major impact on trans-Atlantic data transfers, Europe’s top court ruled Thursday that a mechanism used by thousands of companies to send data to the United States is unlawful.
Recent reports of underpaid workers at suppliers for U.K. fashion retailers Boohoo and Quiz shed light on inherent weaknesses in companies’ monitoring of their supply chains.
In this week’s “Nailed It or Failed It?”, we reflect on the most troubling aspect of Wednesday’s giant Twitter hack while giving Wells Fargo a rare kudos for being good corporate citizens.
The U.K. Financial Reporting Council announced the closure of its nearly three-year-long investigation into the financial statements of facility management firm Mitie Group for the year ended March 31, 2016.
Italian telecommunications operator Wind Tre S.p.A has been fined approximately €16.7 million (U.S. $18.6 million) for violating data collection provisions of the EU’s General Data Protection Regulation.
Belgium’s Data Protection Authority fined Google Belgium €600,000 (U.S. $670,000) for refusing to delete search results linked to a Belgian public official, a provision of the GDPR know as the “right to be forgotten.”
Following a four-year investigation, the U.K. Serious Fraud Office has secured convictions against two former Unaoil executives for bribes made to win oil services contracts in Iraq, although the presiding judge ordered a review into how SFO Director Lisa Osofsky led the case.