William Hill fined record $23.7M for social responsibility, AML failures


The U.K. Gambling Commission announced three units of British bookmaking service William Hill Group will pay a record fine of £19.2 million (U.S. $23.7 million) for failures regarding social responsibility and anti-money laundering.

Credit Suisse

‘Crisis of confidence’ leads Credit Suisse to merger with UBS


Credit Suisse will merge with UBS in a move approved by Swiss banking regulators after a proposed cash injection from the Swiss National Bank failed to stabilize Credit Suisse’s rapidly declining finances.

Danske Bank

Danske Bank to name audit exec new chief compliance officer


Danske Bank will appoint Chief Audit Executive Dorthe Tolborg to serve as its chief compliance officer after current CCO Satnam Lehal announced he would depart the bank in early 2024.

Credit Suisse sign

Credit Suisse discloses ICFR ‘not effective’ in 2022


Credit Suisse Group disclosed in its annual report its internal control over financial reporting was “not effective” for the fiscal year ending December 2022.


Swedbank reserves $3.7M for OFAC settlement


Swedbank said it expects to pay 40 million Swedish krona (U.S. $3.7 million) as part of a settlement with the U.S. Treasury’s Office of Foreign Assets Control related to apparent sanctions violations.

London cityscape

U.K. moves forward with GDPR reform bill


The U.K. government formally introduced a bill to reform the country’s data privacy laws in a manner projected to save British businesses “billions.”

Place blame

Corporate conformity and ‘blame culture’

2023-03-08T14:25:00+00:00By Paul Eccleson, for International Compliance Association

Conformity can be a powerful force for good, but the same urge to conform can also lead to a toxic culture with an unhealthy atmosphere for employees and customers alike.

Virgin Media

U.K. push for GDPR reprimand transparency draws mixed reviews


The U.K. Information Commissioner’s Office began publishing the details of cases where organizations breached the General Data Protection Regulation but were not fined. Legal experts share their take on the initiative.


Flutter Entertainment to pay $4M for legacy FCPA violations


Ireland-based gaming and sports betting company Flutter Entertainment will pay a $4 million fine to resolve SEC charges payments made to Russian consultants by a company it acquired violated the Foreign Corrupt Practices Act.


SEC orders Rio Tinto to pay $15M over FCPA violations


U.K.-based mining and minerals company Rio Tinto will pay a $15 million fine to settle charges of violating the Foreign Corrupt Practices Act when it entered into a scheme with a consultant in 2011 to bribe government officials in Guinea.


Ericsson to pay $207M for breaches of 2019 DPA over FCPA violations


Swedish telecommunications company Ericsson agreed to pay nearly $207 million following two breaches of its 2019 deferred prosecution agreement with U.S. authorities.

EU US privacy

Privacy Shield replacement on track, though hurdles remain


The agreement on a new framework for transatlantic data flows between the United States and European Union could be finalized this year. Whether it can stand legal scrutiny is the real question.

Energy company

Italian DPA fines Edison Energia $5.2M over GDPR lapses


The Italian data protection authority penalized electric utility company Edison Energia for multiple alleged violations of the General Data Protection Regulation regarding marketing communications and data processing transparency.

Credit Suisse

FINMA: Credit Suisse ‘seriously breached’ duty regarding Greensill


Poor risk management by Credit Suisse’s asset management company kept the bank mostly unaware of the risky nature of lending procedures used by Lex Greensill that would lead to the collapse of Greensill Capital, according to Switzerland’s Financial Market Supervisory Authority.


Ericsson searching for CCO successor amid extended compliance monitorship


Ericsson announced the departure of Chief Compliance Officer Laurie Waddy as the Swedish telecommunications company braces for another year under an independent compliance monitorship.

European Commission

EU handbook touts diverse practices for combating corruption


The European Commission published a collection of best practices from each European Union member state that companies and compliance officers might find useful to combat corruption.


Raiffeisen confirms OFAC probe into Russia, Ukraine business


Raiffeisen Bank International said it received a request for information from the Treasury Department’s Office of Foreign Assets Control regarding its business activities related to Russia and Ukraine.


GDPR push for privacy by design still ‘a long way off’


Italy’s data protection authority banned U.S.-based AI chatbot creator Replika from processing the personal data of Italian users because of risks the service posed to minors and vulnerable people—the latest example of a tech company’s product running afoul of the GDPR.

PwC building

FRC probing PwC audits at collapsed property group Intu


The U.K. Financial Reporting Council launched an investigation into Big Four firm PwC’s audit work at collapsed real estate investment trust Intu Properties.


Amigo Loans dodges $89M fine over IT system lending lapses


Amigo Loans faced a penalty of £72.9 million (U.S. $88.7 million) after the U.K. Financial Conduct Authority found it used automated decision-making to drive sales over ensuring whether customers posed credit risks.


Report: FCA probing Barclays over AML controls


Barclays Bank is reportedly being investigated by the U.K. Financial Conduct Authority for failures regarding its anti-money laundering procedures and controls.

Societe Generale

Societe Generale says SEC probing employee off-channel comms


French bank Société Générale is the latest financial institution to be swept up in U.S. regulators’ crackdown on the use of personal cellphones and private apps by employees to conduct official business.


SFO’s Balli Steel win latest to leverage international cooperation


The Serious Fraud Office secured the convictions of two executives at failed British steel trading business Balli Steel on six counts of fraud. Legal experts examine whether “record-breaking” international cooperation in the case served as a crutch for the U.K. regulator.


European labor laws showing teeth in crackdown on gig economy


Recent enforcement cases against food delivery company Glovo and online retailer Amazon in Spain have shone a spotlight on the compliance difficulties associated with engaging workers as freelancers rather than full-time employees.

Business data

Experts: New AI laws pose risk of overlap with data protection mandates


Companies are at serious risk of facing multiple fines for the same offense under different sets of legislation if the artificial intelligence technologies they employ misuse personal data or cause harm to consumers, according to legal experts.


In Touch Games fined $7.6M for AML failures by U.K. Gambling Commission


U.K. online gaming company In Touch Games was fined £6.1 million (U.S. $7.6 million) by the country’s Gambling Commission for a series of anti-money laundering failures—its third such penalty since 2019.

Exam cheating

Audit exam cheating findings spark concern of endemic trend


Recent penalties against Big Four audit firms KPMG, PwC, and EY over allegations of widespread exam cheating have raised concerns prompting regulators to investigate the extent of the practice.

Forced labor hands

Good faith not good enough in navigating global supply chain laws


Differences in the level of duty of vigilance among supply chain legislation in countries including the United States, United Kingdom, and Germany mean best efforts to root out and stop slave labor and other worker exploitation are not enough, according to experts.

WhatsApp phone

WhatsApp fined $5.9M for lawful processing GDPR violations


The Irish Data Protection Commission announced a fine of €5.5 million (U.S. $5.9 million) against WhatsApp under the General Data Protection Regulation for forcing users to consent to updated terms and conditions or lose access to the service.


FRC probing EY audit of Veolia unit


The U.K. Financial Reporting Council launched an investigation into Big Four audit firm EY’s work at Scotland-based Stirling Water Seafield Finance.

Deutsche Bank

Deutsche Bank refreshes compliance leadership with new group CCO


Deutsche Bank named Laura Padovani to be its next group chief compliance officer and head of compliance, effective April 1. She will replace Pascal Tagné, who will become the bank’s head of compliance for the Asia Pacific region.

Danske Bank

Danske Bank CCO to depart in 2024


Satnam Lehal, chief compliance officer of Danske Bank, announced he will leave the bank in early 2024 after playing a pivotal role in helping steer it through the aftermath of one of the world’s largest money laundering scandals.

Financial Conduct Authority

FCA orders GT Bank to pay $9.4M for ‘reckless’ AML weaknesses


The U.K. Financial Conduct Authority fined Guaranty Trust Bank approximately £7.67 million (U.S. $9.4 million) for weaknesses in its anti-money laundering systems and controls that spanned a five-year period.

Al Rayan Bank

FCA fines Al Rayan Bank nearly $5M for AML failings


The U.K. Financial Conduct Authority fined Al Rayan Bank more than £4 million (U.S. $4.9 million) for its lack of adequate anti-money laundering controls.

Facebook Ireland

Meta fined $414M for targeted advertising GDPR breaches


The Irish Data Protection Commission fined Meta Ireland a total of €390 million (U.S. $414 million) for breaching the General Data Protection Regulation by forcing users to agree their personal data can be used for targeted advertising to access Facebook and Instagram.


Danfoss to pay $4.4M in OFAC sanctions settlement


Danish manufacturer Danfoss agreed to pay nearly $4.4 million to settle allegations a subsidiary violated U.S. sanctions by running payments from customers based in Iran, Sudan, and Syria through the foreign branch of a U.S. financial institution.


Lessons in preventing AML failures

2022-12-29T14:51:00+00:00By Jake Plenderleith, International Compliance Association

Anybody working in financial services will know enormous effort is made to ensure their institution is on the right side of the law. Why, then, do such failures continue to exist? And crucially, what can be done to prevent their recurrence?


Irish DPC probing Twitter over breach affecting 5.4M users


The Irish Data Protection Commission is investigating whether Twitter violated the European Union’s General Data Protection Regulation regarding a data breach alleged to have affected 5.4 million users.


DOJ declines to prosecute Safran over alleged FCPA violations


The U.S. Department of Justice informed French aircraft equipment manufacturer Safran that the company would not face prosecution regarding alleged bribes paid by employees at two subsidiaries to a China-based consultant.

European Parliament

ESG in 2023: CSRD to put new pressures on EU businesses


Corporate reporting on everything from climate change to workers’ rights is set for a shake-up in the European Union, and companies should use 2023 to prepare for new regulations and stakeholder expectations.


Deloitte fined $1.1M for SIG audit lapses


Deloitte received a penalty of £906,250 (U.S. $1.1 million) from the U.K. Financial Reporting Council for evidence failures regarding supplier rebates and cash uncovered in its 2015 and 2016 financial year audits at specialist building product distributor SIG.


Managing sanctions risk: Keys to successful implementation

2022-12-22T16:33:00+00:00By Holly Thomas-Wrightson, International Compliance Association

The International Compliance Association hosted a webinar looking at challenges faced by organizations regarding changes in the sanctions landscape in 2022. Holly Thomas-Wrightson offers a recap of the discussion.

U.K. Parliament

‘Period of uncertainty’ projected as U.K. embarks on ‘Edinburgh Reforms’


The “Edinburgh Reforms” aim to establish a smarter regulatory framework for the United Kingdom that is agile, less costly, and more responsive to emerging trends. Experts weigh in on the proposed changes.

TSB Bank

TSB Bank fined $59.2M for governance lapses in botched IT migration


TSB Bank was fined £48.65 million (U.S. $59.2 million) by U.K. regulators after a disastrous IT migration left customers unable to access cash or use online accounts for weeks.

BNP Paribas

BNP Paribas names new head of compliance


BNP Paribas, France’s largest bank, announced the appointment of Stéphanie Maarek as its new head of compliance. She succeeds Nathalie Hartmann, who held the role since 2017.


Joining the dots between ESG and corruption

2022-12-20T14:00:00+00:00By Ingrida Kerusauskaite and Rory Donaldson, for International Compliance Association

A report from Transparency International UK sets out the case for why business integrity and corruption should be considered as core issues in the context of impact environmental, social, and governance investing.


Abanca fined $3.3M for missing 2-hour breach reporting deadline


The European Central Bank fined Spanish bank Abanca €3.145 million (U.S. $3.3 million) after it “knowingly failed” to report a major cyber breach within the prescribed two-hour time limit.

Deutsche Bank

Deutsche Bank efforts to meet BaFin order reflective of EU’s AML struggles


Deutsche Bank said it is about “two-thirds” of the way toward meeting Germany’s financial regulator’s demands for tighter controls to combat money laundering and terrorist financing—an area of weakness many banks across the European Union are confronting.


DOJ, SEC extend Ericsson compliance monitorship one year


Swedish telecommunications company Ericsson agreed with U.S. authorities on a one-year extension of its independent compliance monitorship after a second breach of its obligations under a deferred prosecution agreement earlier this year.


Portugal statistics office fined record $4.6M for GDPR violations


The government office for national statistics in Portugal was assessed a fine of €4.3 million (U.S. $4.6 million) by the country’s data protection authority for multiple violations of the General Data Protection Regulation that occurred during its 2021 census work.