For compliance officers in Europe, 2015 has been a big year. Aside from focusing on reporting wrongdoing and promoting a speak-up culture, watchdogs have been keeping compliance practitioners busy with a barrage of regulations that show no sign of easing. As compliance officers wonder to what degree the past year’s enforcement actions will make their job change in 2016, here is a roundup of the top 10 major changes in 2015 that have helped set the stage for this year and beyond.

10. Stanbic Bank Tanzania

The Serious Fraud Office’s first-ever deferred-prosecution agreement (DPA): In November, the SFO issued its first DPA under the U.K. Bribery Act with Standard Bank (now known as ICBC Standard Bank) for the bank’s conduct in failing to prevent the payment of bribes by an affiliate of the London-based institution, Stanbic Bank Tanzania. A 55-page statement of facts presented by the SFO provided an explanation of the misconduct that occurred by the London Bank and Stanbic. It also outlined where Stanbic went wrong and how Standard Bank responded to red flags picked up by the financial institution’s AML program. Standard Bank scored some points in the eyes of the court after it was revealed that, “The bank fully cooperated with the SFO from the earliest possible date by, among other things, providing a summary of first accounts of interviewees, facilitating the interviews of current employees, providing timely and complete responses to requests for information and material, and providing access to its document review platform,” said Lord Justice Brian Leveson in statement.

9. European data transfers

As we move into the new year, the topic of European data transfers will likely keep compliance officers up at night. When the European Court of Justice ruled in October that the longstanding Safe Harbor program for international data transfers between the U.S. and EU was invalid, planning for the future became tougher for compliance officers. As Compliance Week previously reported, U.S.-based companies in Europe may now need to consider creating overseas data centers. “If you are transferring data so that you can engage in centralized accounting and financial operations, you would have to localize those operations,” said Scott Vernick, a partner at law firm Fox Rothschild. “Your cost of doing business just got a heck of a lot more expensive.” The U.S. and EU watchdogs are negotiating an updated Safe Harbor agreement, but the timeline remains uncertain.

8. Senior Managers Regime

The U.K. Financial Conduct Authority (FCA) rolled out two frameworks that will hold senior managers accountable for their actions. This move by the FCA sent ripples throughout the industry, as the new Senior Managers Regime (SMR) will require that top-level managers provide a clear distribution of their responsibilities to key decision makers, which will boost individual accountability through ongoing assessments by the firm and regulators, says the FCA. The regulator is requiring that senior managers who are “capable of causing significant harm” to a financial institution and its stakeholders be annually assessed and certified according to the watchdog’s guidelines. To complement the SMR, the Certification Regime will give firms full responsibility to regularly assess and certify key employees who can “risk the integrity of financial markets.” The new accountability rules are set to go into effect in early 2016.

“Intermediaries and agents are a classic red flag, particularly where they are purporting to offer assistance in winning business in a country other than the one in which they are based.”

Alan Milford, General Counsel, SFO

7. Personal liability for compliance officers

Compliance officers and personal liability: As regulatory authorities continue to expand their investigation beyond companies and whistleblowers, regulators have placed a renewed focus on compliance practitioners amid a string of oversight failures. In early 2015 the SFO brought corruption charges against Alstom’s former compliance executive Jean-Daniel Lainé. Lainé was found guilty for violating Section 1 of the prevention of Corruption Act, as well as two offenses of conspiracy to corrupt in violation of Section 1 of the Criminal Law Act.  In another case, the FCA hit U.K.-based Keydata Investment Services with a record fine of  £75 million. The British regulator also issued a fine of £200,000 to Peter Johnson, the former compliance officer of the embattled company for his role in selling “death bonds” which cost investors millions amid the collapse of the firm. FCA said Johnson, in addition to the company’s chief executive and a sales director, all “failed to act with integrity and also misled the then-Financial Services Authority (FSA) on a number of occasions in relation to the performance of the investment products.”


Below is an excerpt from the U.K. Serious Fraud Office’s announcement of its first deferred-prosecution agreement under the U.K. Bribery Act.
The Serious Fraud Office’s first application for a Deferred Prosecution Agreement was today approved by Lord Justice Leveson at Southwark Crown Court, sitting at the Royal Courts of Justice.
The counterparty to the DPA, Standard Bank Plc (now  known as ICBC Standard Bank Plc) (“Standard Bank”), was the subject of an indictment alleging failure to prevent bribery contrary to section 7 of the Bribery Act 2010. This indictment, pursuant to DPA proceedings, was immediately suspended. This was also the first use of section 7 of the Bribery Act 2010 by any prosecutor. 
As a result of the DPA, Standard Bank will pay financial orders of US$25.2 million and will be required to pay the Government of Tanzania a further US$7 million in compensation. The bank has also agreed to pay the SFO’s reasonable costs of £330,000 in relation to the investigation and subsequent resolution of the DPA.
In addition to the financial penalty that has been imposed, Standard Bank has agreed to continue to cooperate fully with the SFO and to be subject to an independent review of its existing anti-bribery and corruption controls, policies and procedures regarding compliance with the Bribery Act 2010 and other applicable anti-corruption laws. It is required to implement recommendations of the independent reviewer (Price Waterhouse Coopers LLP).
Commenting on the DPA, Director of the SFO David Green CB QC said:
“This landmark DPA will serve as a template for future agreements. The judgment from Lord Justice Leveson provides very helpful guidance to those advising corporates. It also endorses the SFO’s contention that the DPA in this case was in the interests of justice and its terms fair, reasonable and proportionate. I applaud Standard Bank for their frankness with the SFO and their prompt and early engagement with us.”
The suspended charge related to a US$6 million payment by a former sister company of Standard Bank, Stanbic Bank Tanzania, in March 2013 to a local partner in Tanzania, Enterprise Growth Market Advisors (EGMA). The SFO alleges that the payment was intended to induce members of the Government of Tanzania, to show favour to Stanbic Tanzania and Standard Bank’s proposal for a US$600 million private placement to be carried out on behalf of the Government of Tanzania. The placement generated transaction fees of US$8.4 million, shared by Stanbic Tanzania and Standard Bank.
On 18 April 2013, Standard Bank’s solicitors Jones Day reported the matter to the Serious and Organised Crime Agency and on 24 April to the SFO. It also instructed Jones Day to begin an investigation and to disclose its findings to the SFO. The resulting report was sent to the SFO on 21 July 2014.
The SFO reviewed the material obtained and conducted its own interviews. Subsequently, the Director of the SFO considered that the public interest would likely be met by a DPA with Standard Bank and negotiations were commenced accordingly.
The SFO has worked with the US Department of Justice (DoJ) and Securities and Exchange Commission (SEC) throughout this process. A penalty of $4.2m has been agreed between Standard Bank and the SEC in respect of separate related conduct.
We are very grateful to the DoJ, the SEC, the Foreign and Commonwealth Office, the Financial Conduct Authority for their assistance in resolving this investigation and deferred prosecution.
Source: U.K. Serious Fraud Office

6. Broadened anti-corruption investigations

The fight to stamp out corruption in Europe is expected to continue. Swiss authorities unveiled a new “Lex-FIFA” anti-corruption reform in the wake of corruption scandals that have engulfed the world’s most influential sports body, FIFA. Under this law, Swiss officials will be permitted to investigate corruption in the private sector, without a tip-off from inside the company. The new changes will also treat cases of bribery as a criminal offense. Private corruption will be punishable for up to three years in prison. Moreover, officials will be permitted to launch corruption investigations against 60 international sporting organizations.

5. Gender diversity mandates

Gender diversity in the boardroom has sparked intense debate around the world. Germany, for example made an unprecedented move this year when it passed a new law, which mandated that some of the country’s largest companies allocate 30 percent of supervisory seats to women by early 2016. Across Europe, Norway was the first country to make legislative moves for gender balance in the boardroom. Next, Spain, France, and Iceland followed suit and pushed for a 40 percent requirement at European companies; Italy moved forward by setting a quota of one-third. Britain has seen an increase in the representation of women without any specific regulatory requirement, as several companies have made this a voluntary effort.

4. Cyber-security concerns

Cyber-breaches continue to skyrocket. Numerous reports of poorly handled cyber-security breaches have left many European companies vulnerable to theft and fraud. In March, the European Commission (EC) released a cyber-security survey, which revealed that roughly 85 percent of participants fear that their personal information can be easily compromised and believe that the risk of cyber-crimes are increasing across the European Union. Sixty-three percent of respondents claimed that online banking fraud remains a top concern. Britain, however, lagged behind in cyber-security risk management and was ranked as one of the worst European countries for dealing with identity theft and cyber-fraud.

3. Slow whistleblowing implementation

EU agencies slow to implement whistleblowing policies. Hopefully this may change in 2016 as new regulations go into effect. Currently, only two of nine institutions in the European Union adopted whistleblower rules more than a year after a mandate to do so, said a report released by EU Ombudsman Emily O’Reilly back in March. O’Reilly conducted a review of the institutions, which revealed that only the European Commission and the Court of Auditors have adopted internal whistleblowing policies.

2. Robust rules of engagement

The European Union’s top regulator called for the European Central Bank (ECB) to strengthen its rules of engagement by putting a stop to banker meetings prior to rolling out new policies. The transparency debate at the ECB was triggered when an ECB official revealed market-sensitive information during a private dinner earlier this year. “It has already been established by the ECB, in its speaking engagement guidelines, that it should not give a prestige advantage to certain groups over others when a board member meets them,” O’Reilly told Reuters.

1. A view from the U.K. SFO

At the 2015 Compliance Week Europe event, Alan Milford, general counsel at the U.K. SFO, provided compliance officers and audit executives with some interesting views from the SFO. Milford urged compliance officers to pay close attention to the actions of their vendors and agents, as they will always be an area of interest to the SFO. “Intermediaries and agents are a classic red flag, particularly where they are purporting to offer assistance in winning business in a country other than the one in which they are based.”