Crime prevention
AML & counter-terrorist financing
GDPR and data protection
Information management & security
Alstom Network UK Ltd has been fined £15m and ordered to pay a further £1.4m in costs after being convicted for conspiracy to corrupt, relating to a contract to supply trams in Tunisia. The company paid an intermediary, Construction et Gestion Nevco Inc (Nevco), €2.4m to secure a €79.9m contract with Transtu—the operator of the Tunis Metro. The contract between Alstom and Nevco was made to appear legitimate and pass internal compliance checks, however, in reality, it was only designed to facilitate bribes. See: .
A jury found former Alstom SA executive Lawrence Hoskins guilty of a scheme to bribe Indonesian officials on Friday, 8 November 2019, convicting on all but one count in the long-awaited Foreign Corrupt Practices Act (FCPA) trial. See News Analysis: .
Samsung Heavy Industries Company Limited has agreed to pay total penalties of $75,481,600 to resolve the US government’s investigation into violations of the FCPA relating to bribery in Brazil. According to admissions by Samsung Heavy Industries, between 2000 and 2013, the company conspired to violate the FCPA by providing approximately $20m in payments to a Brazilian intermediary, knowing portions of the money would be paid as bribes to officials at Petrobras, the Brazilian state-owned oil and state-controlled energy company. See: .
TRACE, the world’s leading anti-bribery standard setting organisation, has released the 2019 TRACE bribery risk matrix (TRACE Matrix), which measures business bribery risk across 200 jurisdictions. The overall risk score is a combined and weighted score of business interactions with government, anti-bribery deterrence and enforcement, government and civil service transparency, and capacity for civil society oversight, including the role of the media. See: .
The Serious Fraud Office (SFO) faces further pressure to prove it can hold companies to account for wrongdoing after data released on Wednesday 20 November 2019 showed the crime-fighting agency has secured just seven corporate convictions in seven years. See News Analysis: .
The US Department of Justice (DOJ) has tweaked its policy offering companies leniency under the FCPA, clarifying what companies need to disclose and when. See News Analysis: .
Apple Incorporated will pay nearly US $467,000 to the US Department of the Treasury for allegedly hosting a sanctioned Slovenian software developer on its platform and processing more than US $1m in payments to the company. See News Analysis: .
The 2018–2019 Consumer Harm Report has identified the rise in modern slavery in criminal activities and of online fraud in social media, search engine adverts and websites as emerging threats. In the past year, these investigations have, among other things, focused on doorstep criminals, online fraud and dangerous consumer products. See: .
The National Crime Agency (NCA) has released a booklet ‘Suspicious Activity Report (SAR) Glossary Codes and Reporting Routes—November 2019’. The booklet is designed to provide guidance on the use of SAR glossary codes and reporting routes. See: .
The NCA has published its annual UK financial intelligence unit (UKFIU) report into SARs. The UKFIU reports that it received and processed 478,437 SARs between April 2018 and March 2019, including 34,543 requests for a defence against money laundering (representing a 52.72% increase) with refusals of a defence numbering a small 1372. These refused requests related to a total of £131,667,477 in funds which were restrained, seized, forfeited or recovered as a result (more than double on the previous year). 459 cases involved no previous or existing law enforcement investigation. See: .
The Financial Action Task Force (FATF) has published a speech by its executive secretary, David Lewis, on global developments in digital identity, and FATF’s work developing guidance to clarify how digital ID systems can be used by banks and others to identify and verify a person’s identity. See: .
David Lewis, the executive secretary of the FATF, also delivered a speech at the Royal United Services Institute, outlining the context for the forthcoming FATF strategic review. Lewis stated that FATF has identified some positive results among its member states, but that most countries are failing in terms of effectiveness and many are also failing when it comes to technical compliance. Lewis also stated that the current challenge is the implementation of the FATF standards, not the standards themselves, and that the strategic review will focus on how FATF’s evaluation of countries can better promote and enable more effective anti-money laundering (AML) measures and measures to counter financing of terrorism. See: .
On 11-12 November 2019, in Sanya, China, the FATF held its first Supervisors’ Forum on improving the effectiveness of supervision. Approximately 100 senior financial and professional supervisors, from over 40 countries, took part in the event, chaired by FATF president Xiangmin Liu. The meeting identified a number of areas that require further actions, which will be taken forward at the FATF plenary and at further meetings of the Supervisors’ Forum, to be held in May 2020. See: .
A joint working party of the Law Society and City of London Law Society (CLLS) Company Law Committees (the committees) has drafted a Q&A document which highlights practitioner experience on certain areas of complexity not specifically covered by the people with significant control (PSC) register primary and secondary legislation or the related Department for Business, Energy and Industrial Strategy (BEIS) guidance. See: .
The Information Commissioner’s Office (ICO) has submitted the final version of the Age Appropriate Design Code of Practice to the Secretary of State. The code reflects the results of a consultation carried out by the ICO and follows the General Data Protection (GDPR) and (). As the code needs to be laid in Parliament, the general election will delay this until after a new government has formed. See: .
The ICO has called for views on it being granted access to investigation and other associated powers under the (). Although the GDPR introduced increased financial penalties for civil breaches of the the only sanction available to the courts in criminal cases is a fine which is often less than the financial gain of the offender. Courts can make confiscation orders and the ICO submits that investigations and other associated powers would enable the ICO to assist the court in the identification of assets and to determine the value of a criminal’s proceeds from crime and stop offenders from retaining significant criminal proceeds. Responses are welcome until 6 December 2019. See: .
On 5 November 2019, the Berlin Commissioner for Data Protection and Freedom of Information announced that it had imposed a fine of €14.5m on Deutsche Wohnen SE, a prominent real estate company. This is the highest fine issued in Germany since the GDPR became applicable. Anna Pateraki of Hunton Andrews Kurth LLP explains the action. See News Analysis: .
The European Data Protection Board (EDPB) has adopted the report on the third annual joint review of the EU–US privacy shield. The EDPB welcomes the US’ efforts to implement the privacy shield, especially ex officio oversight and enforcement actions. The EDPB also approves of the appointment of the permanent ombudsperson and the filling of the final two vacancies on the Privacy and Civil Liberties Oversight Board (PCLOB). See: .
The European Commission (Commission) has issued a report on its findings from the third annual Privacy Shield review, which took place in September 2019. In its report, the Commission confirmed that the EU-US Privacy Shield framework continues to ensure an adequate level of protection for personal data transferred from the EU to companies participating in the Privacy Shield program in the United States. In concluding its report, the Commission provided additional action items necessary to ensure the continued functioning of Privacy Shield, including time limits for re-certifications and encouraging US authorities to expand their substantive review of Privacy Shield compliance spot-checks. Brian Hengesbaugh, Partner at Baker McKenzie LLP, explains the report’s findings. See News Analysis: .
Banks, insurers, airlines and other companies may soon have new EU-approved model clauses for the transfer of personal data as regulators work on a review of the clauses. See News Analysis: .
The EDPB has released its final version of the Guidelines on Territorial Scope following a public consultation on the subject. The guidelines endeavour ‘to provide a common interpretation of the GDPR for EEA Data Protection Authorities when assessing whether a particular processing by a controller or a processor falls within the territorial scope of the legal framework’. Indeed, they intend to clarify GDPR’s application in various situations. Feedback from the earlier consultation has been taken into account by the EDPB and has led to updates to the guidance’s wording and legal reasoning. See: .
The ICO has published new detailed guidance on special category data, aimed at data protection officers and those with specific data responsibilities in larger organisations, as well as updated its guide to data protection regarding special category data. Ian Hulme, director for regulatory assurance at the ICO, describes special category data as the most sensitive personal data and highlights that the ICO expects controllers to take all necessary precautions to protect this data. A template appropriate policy document is also available. See: .
UK Finance has published a blog post on the need to ensure that security measures evolve in order to defeat cyber threats of various forms, including from organised criminals, ‘lone wolves’ as well as ‘disgruntled employees’ and ‘nation-state-sponsored actors’. See: .
The National Cyber Security Centre (NCSC) has published the first full cybersecurity body of knowledge (CyBOK), which codifies foundational information in 19 knowledge areas and should be used as a tool to address the means and objectives of cybersecurity, understand failures and incidents and limit risk. The work covers principles of sound thinking and good practice to be applied across knowledge areas as well as crosscutting themes such as security economics, verification and formal methods and security architecture and lifestyle. See: .
The Department for Digital, Culture, Media & Sport (DCMS) has issued a call for evidence, seeking views and advice on how the government can help improve cybersecurity across the UK economy. DCMS says it wants to understand the barriers which prevent organisations from improving their cybersecurity, and hear views on the effectiveness of existing interventions, including regulations like GDPR and the NIS Directive, and other guidance and support. Feedback is sought by 20 December 2019. See: .
Europol has published a strategic report on spear phishing, one of the most prevalent cyber threats, detailing recommendations on prevention, response and investigation. Europol, presenting a law enforcement and private industry perspective, outlines case studies, common modi operandi, technical solutions, prevention guidance and attributional and operational responses to provide an overview. See: .
* denotes a required field
0330 161 1234