Europe


britishairways_216861912214608

Anatomy of a 90% fine reduction: How BA saved $200M on GDPR penalty

2020-10-16T19:44:00+01:00By

The U.K. Information Commissioner’s Office agreed to slash its intended GDPR fine for British Airways from £183.39 million (U.S. $230 million) to just £20 million (U.S. $26 million). What was behind the massive reduction?

GDPR

Corrective action could trump fines as GDPR evolves

2020-10-14T16:32:00+01:00By

Experts discuss whether EU data protection authorities would be better served using corrective actions other than eye-watering fines to encourage companies to commit to best (and legal) GDPR practices.

Deutsche

Deutsche Bank fined $15.9M for lag in reporting suspicious transactions

2020-10-14T15:57:00+01:00By

A German public prosecutor levied a €13.5 million (U.S. $15.9 million) fine against Deutsche Bank for failing to report over 600 suspicious transactions in a timely manner but dropped a wider investigation related to the Danske Bank money laundering scandal.

Danske Bank

How Danske is cleaning up after a €200B money laundering scandal

2020-10-13T20:38:00+01:00By

It is not clear what action Danske Bank will take on the back of its investigation into Europe’s biggest-ever money laundering scandal, but it is a safe bet to think further improving compliance will be on the list.

EU-AML

FINMA orders Banca Credinvest to improve AML measures

2020-10-06T19:56:00+01:00By

The Swiss Financial Market Supervisory Authority found Banca Credinvest “seriously breached” anti-money laundering regulations with regard to dealings with PDVSA in Venezuela.

H&M

H&M Germany fined $41.3M in one of largest GDPR penalties

2020-10-01T16:56:00+01:00By

In one of the largest GDPR fines imposed, a regional data protection authority in Germany fined H&M Germany €35.2 million (U.S. $41.3 million) for excessive monitoring of several hundred employees by one of the retailer’s subsidiaries.

Europe

‘FinCEN Files’ show Europe’s AML efforts maybe aren’t so world class

2020-09-25T17:18:00+01:00By

The damning revelations from the “FinCEN Files” leaks have once again put Europe and its supposed world-leading anti-money laundering rules under the spotlight.

GDPR

Companies face greater risk as GDPR class actions emerge

2020-09-24T18:00:00+01:00By

In the past month three of the world’s largest tech firms have been hit with legal actions that could lead to billion-dollar damages suits for alleged violations of the GDPR. Neil Hodge explores the trend and what to expect moving forward.

Swedbank

Swedbank being investigated for suspected market abuse

2020-09-21T16:24:00+01:00By

Swedbank announced the Swedish Financial Supervisory Authority has opened an investigation into the bank for potential violations of the regulation on market abuse in connection to the disclosure of suspected money laundering.

Deloitte

FRC fines Deloitte record $19.4M for Autonomy audit failures

2020-09-17T18:53:00+01:00By

The U.K. Financial Reporting Council fined Deloitte a record £15 million (U.S. $19.4 million) for numerous findings of misconduct regarding past audits of British software company Autonomy Corporation.

woods

Assessing the fallout from coronavirus relief loan frauds

2020-09-16T17:52:00+01:00By

In both the U.S. and U.K., millions (perhaps billions) of dollars of coronavirus relief loans intended for small businesses is believed to have been misused. Legitimate businesses have been hurt as a result, writes Martin Woods.

EY

EY chairman: Auditors should work harder to find fraud

2020-09-15T20:31:00+01:00By

The chairman and chief executive of Big Four auditing firm EY says auditors should do more to uncover fraud while conducting external audits, a topic the industry has historically been reluctant to tackle.

Youtube

U.K. lawsuit seeks $3.2B from YouTube for violating children’s privacy

2020-09-14T19:29:00+01:00By

A first-of-its-kind lawsuit in the U.K. alleges YouTube unlawfully collects personal information from children without parental consent and harvests their data for advertising purposes, in violation of British and European data privacy laws.

Facebook

Ireland’s order to Facebook to halt data transfers could have ‘profound’ impact

2020-09-10T16:06:00+01:00By

The Irish DPC’s order to Facebook to halt the transfer of European citizens’ personal data to the United States could pose operational and legal challenges that set a precedent for not only other tech giants, but companies generally.

Privacy Shield

More Privacy Shield fallout: Swiss-U.S. pact ruled inadequate

2020-09-09T18:57:00+01:00By

The Swiss Federal Data Protection and Information Commissioner believes the Swiss-U.S. Privacy Shield “does not provide an adequate level of protection for data transfer from Switzerland to the US.”

Bribe

Benefits of bribery: New study separates fact from fiction

2020-09-09T17:11:00+01:00By

While bribery can provide companies with major short-term gains, there is little evidence to support many other beliefs surrounding the “return on investment,” according to a new study.

Euros

Firms could face enforcement as U.K. cracks down on furlough fraud

2020-09-09T15:00:00+01:00By

Companies are at risk of being investigated by the U.K.’s tax authority over fears that up to two out of every three employees worked during lockdown while their employers illegally claimed salaries from the government’s furlough program.

EU US privacy

European Commission: No Privacy Shield replacement in sight

2020-09-04T15:57:00+01:00By

The European Commission this week warned there will be “no quick fix” to replace the now-invalidated Privacy Shield, which governed data transfers between the European Union and United Sates.

Credit Suisse

Credit Suisse faces FINMA enforcement in corporate espionage case

2020-09-03T17:48:00+01:00By

Credit Suisse is learning the hard way that spying on former colleagues is frowned upon, following announcement of an enforcement proceeding against the Zurich-based bank by the Swiss Financial Market Supervisory Authority.

Money laundering

FCA proposes expanding scope of financial crime reporting obligations

2020-09-01T19:44:00+01:00By

The U.K. Financial Conduct Authority seeks comment on a new proposal that would widen the scope of its annual financial crime reporting obligations to include firms whose regulated activities potentially pose a higher money laundering risk.

Privacy Shield

EU data authorities take different approaches to Privacy Shield ruling

2020-08-28T18:12:00+01:00By

It appears Europe’s data authorities are prepared to interpret a key court judgement as they see fit in the absence of definitive guidance from the bloc’s primary privacy regulator.

woods

What the Wirecard story tells us about red flags, healthy skepticism

2020-08-28T16:51:00+01:00By

How we came to learn about the fraud allegedly perpetrated by Wirecard offers important lessons in compliance and corporate governance, writes financial crime expert Martin Woods.

Nailedit1200x800

Credit to KPMG for shining a light on fraud at Wirecard

2020-08-27T15:08:00+01:00By Compliance Week

A scathing report on the extensive fraud at German payment giant Wirecard had a compliance silver lining: KPMG’s by-the-books, transparent approach to a special audit helped bring that fraud to light.

UKfinanceplan

Assessing U.K. sanctions in a post-Brexit world

2020-08-26T18:09:00+01:00By David Povey, International Compliance Association

Can the United Kingdom play with the big boys when it comes to issuing its own sanctions, and what do compliance professionals need to know as Brexit’s start date looms closer?

Twitter

Clash over draft Twitter GDPR decision exposes differences among EU authorities

2020-08-26T14:23:00+01:00By

As Ireland’s first GDPR decision against Big Tech hangs in limbo, experts are scratching their heads as to why a seemingly straightforward case is headed to the EU’s data governing body to rule on.

Nailedit1200x800

Jury’s out on Wells Fargo compliance moves; Twitter #fail for Irish DPC

2020-08-20T18:33:00+01:00By Compliance Week

While it’s not yet clear whether Wells Fargo’s compliance moves (including the loss of its CCO) will pay off, we’re much more certain about the Irish Data Protection Commission’s stance on a potential Twitter fine.

Employee monitoring

How far is too far with employee monitoring? Barclays case could offer litmus

2020-08-20T14:54:00+01:00By

The U.K. Information Commissioner’s Office is investigating allegations that Barclays Bank had effectively been spying on employees by using an intrusive software system that monitored workers’ activity.

EU US privacy

EU privacy advocate targets Facebook, Google in latest salvo

2020-08-19T20:02:00+01:00By

Privacy campaign group NOYB has filed complaints against 101 websites with European operators that it says are still sending data to the U.S. via Google and/or Facebook integrations—potentially in breach of the EU’s strict data privacy rules.

Mercedes Benz

Daimler projects over $2B to resolve U.S. emission cheating allegations

2020-08-18T21:12:00+01:00By

Daimler AG, the parent company of car maker Mercedes-Benz, predicts it will spend over $2 billion to settle emission tampering allegations by U.S. regulators and a related class-action lawsuit.

Salesforce

Oracle, Salesforce targeted in class-action GDPR lawsuits

2020-08-17T20:51:00+01:00By

A European privacy group is pursuing multiple class-action lawsuits against Oracle and Salesforce for alleged violations of the EU’s General Data Protection Regulation, estimating damages sought could exceed €10 billion (U.S. $11.9 billion).

Stocks

Report: Trading activity by German regs spiked ahead of Wirecard collapse

2020-08-17T18:45:00+01:00By

Staff members of Germany’s financial regulator, BaFin, were reportedly buying and selling Wirecard shares at a suspiciously higher rate leading up to the collapse of the FinTech firm.

Nailedit1200x800

McDonald’s handling of ex-CEO scandal gets compliments, criticism

2020-08-13T14:37:00+01:00By Compliance Week

A fresh podcast from the Theranos whistleblower and a new compliance association for Black practitioners get a round of applause from us this week, while a complicated case involving McDonald’s lands the company on both the “Nailed It” and “Failed It” lists.

columnist_nicodemus

Without guidance, U.S. companies in limbo after Privacy Shield scrapped

2020-08-12T19:31:00+01:00By

Despite a recent court ruling to scrap the EU-U.S. Privacy Shield, the program is apparently still alive and well in the United States. It’s time to move on, writes Aaron Nicodemus.

British pounds

SFO confiscates $7M from ex-Afren execs in fraud case

2020-08-05T17:41:00+01:00By

The U.K. Serious Fraud Office announced it has secured orders confiscating £5.45 million (U.S. $7 million) from two former executives of oil and gas exploration company Afren.

Shipping boat

U.K. issues maritime guidance for reducing sanctions risk

2020-08-04T16:23:00+01:00By

The United Kingdom has become just the second country to issue guidance for companies in the maritime shipping industry alerting them about common illicit and suspicious practices used to evade sanctions.

Europedata

Five tips for EU-U.S. data transfers post-Privacy Shield

2020-08-04T15:21:00+01:00By

As the fallout from the demise of the Privacy Shield continues to play out, here are a handful of steps companies can take to protect themselves from potential GDPR violations when transferring data between the European Union and the United States.

British Airways

British Airways banking on drastic reduction of record GDPR fine

2020-08-03T21:04:00+01:00By

British Airways has hinted that it will qualify for a nearly 90 percent reduction of its original GDPR fine (U.S. $230 million) and end up paying just $26 million.

Airbus

SFO charges Airbus subsidiary for corrupt acts in Saudi Arabia

2020-07-30T16:00:00+01:00By

The U.K. Serious Fraud Office announced charges against GPT Special Project Management and three individuals concerning a criminal investigation that began eight years ago into allegations of misconduct in Saudi Arabia.

EU US privacy

Companies paying price for EU-U.S. Privacy Shield removal

2020-07-27T21:43:00+01:00By

The legal and financial burden for companies to comply with the recent ruling to invalidate the EU-U.S. Privacy Shield might actually be worse than first thought, if an FAQ from the European Data Protection Board is any indication.

AdobeStock_360633962_Editorial_Use_Only

Accounting execs arrested as Wirecard probe continues

2020-07-23T17:55:00+01:00By

German prosecutors arrested three Wirecard executives, including the former CFO and head of accounting, as an investigation into the company’s inflated balance sheet and a missing $2 billion continues to expand.

United Kingdom Russia

U.K.’s Russia report underscores need to question big money

2020-07-22T15:06:00+01:00By

The U.K.’s long-awaited report on Russian interference in the country stresses the importance for big money to be subject to enhanced levels of due diligence, writes financial crime expert Martin Woods.

HumanRights

New U.K. regime targets human rights abusers

2020-07-21T16:18:00+01:00By

The United Kingdom issued its first wave of sanctions this month under a new regime targeting those who commit human rights abuses, with the promise of many more sanctions to come.

Commerzbank

Commerzbank fine demonstrates danger of AML lapses

2020-07-16T17:57:00+01:00By Jake Plenderleith, International Compliance Association

The Financial Conduct Authority’s fine of £37.8 million (U.S. $47.5 million) on Commerzbank’s London branch is a reminder that the most fundamental risk-based AML controls are still not being implemented at some financial services firms.

Europe Justice

Europe’s top court strikes down U.S.-EU data transfer rule

2020-07-16T15:21:00+01:00By

In a surprise decision that will have a major impact on trans-Atlantic data transfers, Europe’s top court ruled Thursday that a mechanism used by thousands of companies to send data to the United States is unlawful.

Fashion workshop

Boohoo complaints put spotlight on supply chains and working practices

2020-07-16T13:35:00+01:00By

Recent reports of underpaid workers at suppliers for U.K. fashion retailers Boohoo and Quiz shed light on inherent weaknesses in companies’ monitoring of their supply chains.

Nailedit1200x800

Nailed It or Failed It? Twitter’s meltdown exposes major vulnerability

2020-07-16T09:29:00+01:00By Compliance Week

In this week’s “Nailed It or Failed It?”, we reflect on the most troubling aspect of Wednesday’s giant Twitter hack while giving Wells Fargo a rare kudos for being good corporate citizens.

Accounting fraud

FRC closes accounting investigation into Mitie Group

2020-07-15T17:07:00+01:00By

The U.K. Financial Reporting Council announced the closure of its nearly three-year-long investigation into the financial statements of facility management firm Mitie Group for the year ended March 31, 2016.

GDPRgavel

Italian telecom fined $18.6M for violating GDPR data collection rules

2020-07-14T19:49:00+01:00By

Italian telecommunications operator Wind Tre S.p.A has been fined approximately €16.7 million (U.S. $18.6 million) for violating data collection provisions of the EU’s General Data Protection Regulation.

Googlecrop

Google fined $670K for violating GDPR’s ‘right to be forgotten’

2020-07-14T18:24:00+01:00By

Belgium’s Data Protection Authority fined Google Belgium €600,000 (U.S. $670,000) for refusing to delete search results linked to a Belgian public official, a provision of the GDPR know as the “right to be forgotten.”

Serious Fraud Office

SFO secures two Unaoil convictions, but judge critical of director

2020-07-14T16:42:00+01:00By

Following a four-year investigation, the U.K. Serious Fraud Office has secured convictions against two former Unaoil executives for bribes made to win oil services contracts in Iraq, although the presiding judge ordered a review into how SFO Director Lisa Osofsky led the case.