Global Investigations Bulletin (June 2021)

Congratulations to Gayathri Kamalanathan for being recognised in the Global Investigation Review: Women in Investigations 2021 list of 100 remarkable female practitioners in the investigations field.

European Public Prosecutor's Office starts work

Summary

The European Public Prosecutor’s Office (EPPO), an independent and decentralised public office of the European Union, will assume its investigative and prosecutorial tasks from the 1st of June 2021. The EPPO has the authority to investigate and prosecute crimes against the EU budget, including corruption, fraud, or serious cross-border VAT fraud. 22 EU countries have signed up to participate with the EPPO (Denmark, Ireland, Hungary, Poland, and Sweden are the exceptions). 

Background

Prior to the establishment of the EPPO, national authorities could investigate and prosecute fraud against the EU budget, but their powers stopped at their borders. Existing authorities, including Europol, Eurojust, and the EU’s anti-fraud office (OLAF) did not have the requisite powers to carry out criminal investigations and prosecutions. Establishing the EPPO was an effort to plug these gaps and enable prosecution of cross-border financial crimes involving the EU budget, which were estimated to have cost €500 million in 2017. The Regulation establishing the EPPO entered into force on 20 November 2017, with the Commission setting 1 June 2021 as the start date for the EPPO to launch its operational activities. It will operate as a single office across all participating EU countries, and will combine European and national law enforcement efforts under one house, with 22 prosecutors (one per participating EU country) reporting up into two Deputies, and onward to the European Chief Prosecutor, Laura Kövesi, formerly the head of Romania’s National Anti-corruption Directorate. The EPPO is located in Luxembourg.

Remit

The EPPO is charged with investigating and prosecuting crimes against the EU budget, and to protect the “financial interests of the EU.” This covers “all revenues, expenditures and assets covered by, acquired through, or due to the European Union budget and the budgets of the institutions, bodies, offices and agencies established under the Treaties, and budgets managed and monitored by them.” 

The crimes listed as within the remit of the EPPO include: cross-border VAT fraud involving total damages of at least €10 million; other fraud affecting the EU’s financial interests; corruption that damages (or is likely to damage) the EU’s financial interests; misappropriation of EU funds/assets by a public official; money laundering and organised crime involving property pertaining to the EU’s financial interests; and other offences linked to the above list. The EPPO has an initial budget of €37.7 million to undertake this work. 

One of the challenges the EPPO will surely face relates to “forum shopping,” whereby a company operating across multiple jurisdictions might try to engage with a national prosecutor in a jurisdiction it views it will receive the most lenient penalty for its misfeasance. The EPPO has not yet indicated how it might address this issue. 

Relationship to UK 

It goes without saying that the UK is not party to the EPPO arrangement. At present, there is little additional information available to learn about how the EPPO could, or would, interact with UK law enforcement authorities, or whether and how it would have jurisdiction over UK-based companies or individuals suspected of criminal involvement. However, there is scope for the UK and EPPO to enter into a “working arrangement” on a third-party basis, to be able to exchange information and facilitate cooperation for joint investigations. 

Recent news

SFO round-up: Investigation into GFG Alliance opened; business plan for 2021/22 published

On 14 May 2021, the Serious Fraud Office (SFO) announced it was investigating suspected fraud, fraudulent trading, and money laundering in relation to the financing and conduct of the business of companies within the Gupta Family Group Alliance (GFG), including its financing arrangements with Greensill Capital UK Ltd. The SFO provided no further comment.
 
On 13 May 2021, the SFO published its Business Plan for 2021/22, detailing how the agency will deliver on its mission to fight complex economic crime, deliver justice for victims, and protect the UK’s reputation as a safe place to do business. The 2021/22 Business Plan describes the action the SFO will take in four priority areas of operations, people, stakeholders, and technology. Read more in the SFO’s Press Release.  

FCA round-up: First CumEx penalty announced; speeches published on firm culture and compliance, and the rise in scams 

The FCA has issued a final notice to investment services and corporate finance firm, Sapien Capital Ltd, fining it £178,000 for failings which led to the risk of facilitating fraudulent trading and money laundering in relation to cum-ex trading. The FCA found that between February and November 2015, Sapien breached:

• FCA Principle 3 as it had inadequate systems and controls to identify and mitigate the risk of being used to facilitate fraudulent trading and money laundering in relation to business introduced by four authorised entities known as the Solo Group; and 
• FCA Principle 2 as it did not exercise due skill, care and diligence in applying its anti-money laundering policies and procedures. It failed to properly assess, monitor and mitigate the risk of financial crime in relation to the Solo Group’s clients and the purported trading.

The FCA found that the Solo Group’s trading was characterised by a pattern of high value trades undertaken to avoid the normal need for payments and delivery of securities in the settlement process. The trading pattern involved the use of OTC equities trading, securities lending and forward transactions involving EU equities, on or around the last cum-dividend date. The FCA’s investigation found no evidence of change of ownership of the shares traded by the Solo Group’s clients, or custody of the shares and settlement of the trades by the Solo Group. This pointed to highly sophisticated financial crime and appeared to have been undertaken to create an audit trail to support withholding tax reclaims in Denmark and Belgium. Sapien appeared to have executed OTC equity trades of the value of approximately £2.5 billion in Danish equities and £3.8 billion in Belgian equities.

This is the first FCA case in relation to cum-ex trading, dividend arbitrage and withholding tax reclaim schemes. Its broader investigation into the involvement of a number of UK-based brokers in cum-ex dividend arbitrage schemes continues and involves working with EU regulators and global law enforcement. Read more in the FCA's press release.

The FCA published a speech by Executive Director of Enforcement and Market Oversight Mark Steward on compliance, culture and evolving regulatory expectations, reflecting on the Senior Managers and Certification Regime (SMCR), the five Conduct Questions, individual obligations, and decision-making in regulated firms. Steward notes that the SMCR and Conduct Questions require firms to focus on conduct and compliance risks. The SMCR has affected how firms allocate responsibilities and operate controls and oversight, and the Conduct Questions continue to promote personal accountability and engagement across an organisation. Both initiatives support proper governance and take steps to address risks and behaviours at the point of failure. However, recent enforcement cases demonstrate that problems of non-compliance persist as a result of individual deviance – an issue which ultimately cannot be fully addressed through the SMCR framework or the Conduct Questions approach.

The FCA published another speech by Mark Steward, in which he discussed the rise in scams and their threat to a legitimate financial services industry. Steward noted that the FCA has a substantial role to play in preventing harm to consumers from unauthorised activities and explains how it has changed its approach to address scams. Points of interest in the speech include:

• the FCA has ratcheted up its proactive monitoring of the internet with a dragnet approach, with the express aim of capturing suspicious advertising on the same day, or 24 hours after it first appears;
• since the end of the Brexit transition period, many social media firms have been required to comply with the financial promotion restriction in section 21 of the Financial Services and Markets Act 2000 for the first time when providing any value adding services;
• the recent publication of the Online Safety Bill includes measures to tackle user-generated fraud, and if passed in its draft form it aims to provide, for the first time, a regulatory framework tackling user-generated online scams; and
• the FCA intends to continue to use its powers to pursue offenders.

Steward also notes that scams and frauds are a threat to the legitimate financial services industry because their existence undermines the societal trust that is necessary for markets to work well.

GRECO publishes Fifth Round Compliance Report 

On 28 May 2021, the Group of States against Corruption (GRECO), an organisation established by the Council of Europe to monitor States’ compliance with the organisation’s anti-corruption standards, published its Fifth Round Compliance Report on the United Kingdom, on preventing corruption and promoting integrity in central governments (top executive functions) and law enforcement agencies and concluded that the UK has not implemented seven of the twelve recommendations contained in the Fifth Round Evaluation Report. The Compliance Report assesses the measures taken by the UK to implement its recommendations issued in May 2018. Some of the recommendations made by GRECO include establishing a centralised mechanism for analysing and mitigating conflicts of interest, making more information available regarding meetings held by ministers and senior government officials, extending the existing registry of consultant lobbyists and including the lobbying of special advisors and senior civil servants involved in policy making. Read more on the GRECO website here.

Banking supervisors must make “major improvements” to tackle dirty money, FATF official warns 

On 6 May 2021, Financial Action Task Force policy analyst Shana Krishna spoke at a webinar on Risk-Based Supervision and warned that banking supervisors must make “major and fundamental improvements” to effectively tackle money laundering worldwide. “Only ten percent of the countries that have been evaluated [by the FATF] are actually supervising the private sector,” Krishna said. "That means that there are around 90% of jurisdictions that still need to make major and fundamental improvements in relation to supervision.” While progress have been made to make sure that the rules and the mandates are in place for risk-based supervision, Krishna noted that the “difficulty is in translating this into real-world implementation.” There are a range of issues covered in the Guidance on Risked-Based Supervision published in March 2021, and she pointed out that “one of the main issues is that supervisors don't always have an up-to-date understanding of the risks, and this is really hampering their ability to focus on the most important issues, and to actually take those risk-based decisions, and apply the discretions and flexibilities they have in hand.” Access the recorded webinar on FATF's webpage here.

AML and CFT action plan – European Commission publishes speech

The European Commission (Commission) has published a speech by the European Commissioner for Financial Services, Financial Stability and Capital Markets Union (CMU), Mairead McGuinness, outlining elements of the reforms the Commission intends to present in order to implement its May 2020 AML and CTF action plan. The presentation of a package of legal proposals to deliver the new EU anti-money laundering (AML) and counter-terrorism financing (CTF) framework was initially planned for Q1 2021. Commissioner McGuinness explained that, owing to technical issues and the volume of the package of measures, they will now be presented in July 2021. 

During her speech Commissioner McGuinness shared further elements of the Commission’s plans, emphasising that these are subject to confirmation. Points of interest in the speech include:

• a single AML and CTF rulebook: the rules for the private sector are to be laid down in a directly applicable EU Regulation. In most areas, the same rules will apply across the EU. In other areas, there will be some margin for member states in how they organise their system, especially around the working of national supervision and financial intelligence units (FIU);
• an EU-wide upper limit of EUR10,000 will be set for cash purchases; and
• an intended new AML authority, funded from fees from entities subject to AML rules, is to be launched in 2024, reaching full staffing in 2025 and starting direct supervision in 2026. The authority aims to combine supervisory and FIU co-ordination tasks. Among other responsibilities, it will be responsible for the direct supervision of certain financial sector entities operating cross-border that are in the highest risk category, it will have a regulatory role preparing technical standards and guidelines, and it will advise the Commission on AML risks outside the EU.

As well as the legislative package, Commissioner McGuinness also commented on the non-legislative areas of work covered by the action plan, as follows:

• the Commission intends to launch a consultation on information exchange and public-private partnerships, with a view to publishing guidance by the end of 2021;
• enforcement remains a top priority for the Commission, and it intends to commission studies on how the AML framework is implemented in each member state with the aim of basing its approach to enforcement on those findings; and
• a key priority is ensuring that beneficial ownership registers are running and fully populated; the Commission is also working on the cross-border interconnection between national beneficial ownership registers, which should start later in 2021.

The EBA consults on its proposals for a central AML/CTF database 

The European Banking Authority (EBA) has published a consultation paper (EBA/CP/2021/19) on draft regulatory technical standards (RTS) to establish an AML and CTF central database. It also published a summary of its draft data protection impact assessment on the database. The draft RTS specify the type of information to be collected, how it will be communicated to the EBA, and the EBA’s analysis and dissemination of that information. The RTS also set out rules to ensure the effectiveness of the database, confidentiality of the data, and how the data will interact with other notifications that national competent authorities are required to provide to the EBA, as well as provisions to ensure the protection of personal data. The database is intended to be a key tool in coordinating efforts to prevent and counter money laundering and terrorism financing across the EU and to serve as an early warning tool to enable national competent authorities to act before the AML/CTF risks crystallise and help them plan their on-site inspections and perform off-site monitoring. The consultation closes on 17 June 2021. Read more in the EBA's press release.

European AML enforcement actions on the rise

This past month saw a trio of enforcement actions concluded by European authorities against financial service institutions. On 3 May 2021, Norway’s Financial Supervisory Authority (FSA) announced that it had fined DNB Bank ASA 400 million kroner ($48 million) for violating Norwegian anti-money laundering laws. The imposition of the fine follows an anti-money laundering inspection in February 2020 which revealed serious breaches in the bank's compliance with the Anti-Money Laundering Act. The decision may be appealed within three weeks.

On 4 May 2021, the French Prudential Supervision and Resolution Authority (ACPR), issued a €2.5 million fine to Cardif Assurance-Vie, a life insurance provider and subsidiary of BNP Paribas, for breaching anti-money laundering regulations. ACPR published a decision fining the company following an investigation which uncovered various failings in its anti-money laundering procedures between 2015 and 2018. 

Finally, on 5 May 2021, the Disciplinary Committee of Nasdaq Stockholm ordered Swedbank to pay a fine of twelve annual fees, equivalent of 46.6 million krona (US$5.5 million). The issue concerns historical matters dating back to 2016-2019. The Disciplinary Committee states that Swedbank over a long period of time had shortcomings in its AML processes and routines and that the shortcomings were known to the bank's top management for a long period of time. During March, Nasdaq Stockholm AB (Nasdaq) informed the bank of the conclusions of its review as to whether the bank had breached the Nasdaq’s rules during the period December 2016 to February 2019. Later, the review was handed over to the Disciplinary Committee of Nasdaq Stockholm which has now decided the matter. Swedbank stated in the quarterly report on April 27 that the bank largely concurs with Nasdaq’s conclusions. “During the last year, the bank has undertaken several measures to strengthen processes for the disclosure of information. Today’s decision means that yet another issue concerning the bank’s historical shortcomings, is closed,” says Jens Henriksson, President and CEO of Swedbank. As the bank communicated in the quarterly report on 27 April 2021, the bank expected that the Disciplinary Committee of Nasdaq Stockholm would decide on a fine and therefore allocated SEK 30 million for the purpose.   

Economic Crime Plan – UK Government publishes Statement of Progress 

The UK Government has published a Statement of Progress on the progress made in relation to its Economic Crime Plan which launched in 2019. The Economic Crime Plan set up a program aimed at tackling fraud and money laundering and set out how the UK’s public and private sectors would work together to improve the UK’s economic crime response.

The Statement indicates there has been progress in a number of areas, including:

• improved understanding of the threat, including through the third publication of the UK’s National Risk Assessment of Money Laundering and Terrorist Financing and the setting up of a “Fusion Cell” in the National Economic Crime Centre;
• addressing vulnerabilities in the system, including by updating UK anti-money laundering requirements; and
• investment in law enforcement – an extra £63 million has been provided for the Home Office to drive efforts in dealing with economic crime and cracking down on fraud.

The Statement also indicates that, in February 2021, the Economic Crime Strategic Board, a government taskforce which approved the Plan, agreed that the Plan needed to be further developed to deliver a ‘comprehensive economic response’ underpinned by seven actions, namely:

• design and deliver a comprehensive fraud action plan;
• strengthen public and private operational action to tackle known vulnerabilities enabling the flow of illicit finance within and out of the UK;
• improve the effectiveness and efficiency of the response to economic crime, increasing high value intelligence in law enforcement and reducing low value activity;
• continue to deliver suspicious activity report (SAR) reform, including the next stages of the new IT infrastructure rollout and an increase in UK Financial Intelligence Unit staffing;
• finalise the sustainable resourcing model to support economic crime reform;
• develop legislative proposals to tackle fraud and money laundering, seize more criminal assets and strengthen corporate transparency; and
• capitalise on the G7 presidency to strengthen the overall international response to illicit finance and anti-corruption.

The Statement confirms that a fraud action plan will be developed by the government, the private sector and law enforcement and is expected to be published following the 2021 spending review. Read more in the press release and the updated webpage.

House of Commons Library publishes briefing paper on corporate criminal liability

On 5 May 2021, the House of Commons Library published Briefing Paper (No. 9027): Corporate criminal liability. The Briefing Paper outlines the circumstances in which corporates can commit crimes in England and Wales, as well as setting out recent developments and proposals for reform.

Data Breach Reports to FCA Down 30% Despite UK Cyber Incidents Increasing 56%

On 4 May 2021, Kroll, the world’s premier provider of services and digital products related to governance, risk and transparency, revealed that the number of data breaches reported to the FCA fell by 30% between 2019 and 2020. This is a direct contradiction to Kroll’s own data which, looking at all industries, showed a 56% average rise in incidents over the same timeframe, with the financial services industry being slightly above that average. Freedom of Information data obtained by Kroll from the FCA shows that the number of reportable cyber incidents where company or personal data was potentially compromised or breached dropped 30% to 76 in 2020, compared to 108 during the same time period in 2019. In reality, the number of data breaches is expected to be far higher, with Kroll’s proprietary data showing that during the same period the overall number of incidents impacting UK organisations rose 56%, leading to an increase in consumer notifications of more than 41% when compared to 2019. This disparity between official FCA statistics and the reality of the current cyber threat landscape means the increase in the sophistication and volume of attacks is in danger of going unaddressed, and is likely to be linked with changes to data breach reporting as a result of GDPR.

CMA and ICO publish joint statement on relationship between competition and data protection

The Competition and Markets Authority (CMA) and the Information Commissioner’s Office (ICO) have published a joint statement, sharing the “strong overlap” between competition and data protection in digital markets. The two UK regulators affirmed their dedication to collaborate in order to find regulatory solutions that “achieve good competition and data protection outcomes.” Their commitment has been fortified by the signing of an updated Memorandum of Understanding (MOU) which outlines how the two regulators will work together in the future through potential joint projects and information sharing. The MOU can be read here and the joint statement is found here. 

Government releases consultation conclusions on legislative proposals to enhance anti-money laundering and counter-terrorist financing regulation in Hong Kong

On 21 May 2021, following the conclusion of the public consultation on proposals to amend the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) (Cap. 615), the Hong Kong Government published a paper outlining the views received during the consultation, its responses and conclusions on the way forward. By the end of the consultation period running from November 3, 2020, to January 31, 2021, the Government received a total of 79 submissions on the proposals, which seek to introduce (a) a licensing regime for virtual asset services providers; (b) a registration regime for dealers in precious metals and stones; and (c) miscellaneous technical amendments under the AMLO. "We are pleased to note that the respondents generally agreed with the overall direction and principles as well as the broad framework of the legislative proposals. Having regard to the valuable comments and suggestions from respondents, we will fine-tune the legislative proposals as appropriate to address stakeholders' concerns," a Government spokesman said. The Government will proceed to prepare the amendment bill based on the consultation conclusions, with a view to introducing the amendment bill into the Legislative Council in the 2021-22 legislative session. Read more in the Consultation Paper and Consultation Conclusions. 

ICO fines Amex for sending marketing emails without valid consent 

The Information Commissioner’s Office (ICO) has fined American Express Services Europe Limited (Amex) £90,000 for sending in excess of four million unsolicited marketing emails in breach of regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (PECR). This was held by the ICO to be a serious breach of regulation 22 caused by Amex’s negligence and failure to take reasonable steps to prevent the contraventions. The recipients included customers who had opted out from receiving marketing messages from Amex. The ICO determined that the emails were marketing because they included content that encouraged customers to make purchases on their Amex cards, from which Amex stood to gain financially. In its press release, the ICO reminded organisations that: “Service messages contain routine information such as changes to terms and conditions and payment plans or notice of service interruptions. Direct marketing is defined as any communication of advertising or marketing material directed at particular individuals. It is against the law to send marketing emails to people unless consent has been freely given. This is contained in Regulation 22 of the Privacy and Electronic Communications Regulations 2003.” 

Combating money laundering and terrorist financing – IAIS publishes revised application paper

The International Association of Insurance Supervisors (IAIS) has published for consultation a revised application paper on combating money laundering and terrorist financing. The IAIS originally published the application paper in October 2013 to provide additional guidance regarding money laundering and terrorist financing risks affecting the insurance industry. Following various updates, in recent years, of the Financial Action Task Force (FATF) recommendations, and publication in 2018 of the revised FATF guidance for a risk-based approach in the life insurance sector, the IAIS revised ICP 22 (the insurance core principle on anti-money laundering and combating the financing of terrorism). In light of these developments, the IAIS has amended the application paper. The amendments include updates to align terminology and to ensure consistency with the FATF recommendations, as well as new guidance on elements reflected in the latest version of ICP 22. Comments can be made until 17 July 2021. The IAIS intends to hold a webinar on 2 June 2021 to discuss the paper. Read more on the IAIS webpage.

FRC issues revised auditing standard for the auditor's responsibilities relating to fraud

On 27 May 2021, the Financial Reporting Council (FRC) issued a revision of its UK auditing standard on the responsibilities of auditors relating to fraud - ISA (UK) 240 (Revised May 2021) - The Auditor's responsibilities Relating to Fraud in an Audit of Financial Statements. The revisions to the standard are designed to provide increased clarity as to the auditor's obligations, addressing the concern raised by Sir Donald Brydon in his review of the quality and effectiveness of audit. The revisions include enhancements to the requirements for the identification and assessment of risk of material misstatement due to fraud and the procedures to respond to those risks. The revised UK standard is effective for audits of periods beginning on or after 15 December 2021 with early adoption permitted.

The Department for Business, Energy and Industrial Strategy (BEIS) is currently consulting on proposals to restore trust in audit and corporate governance, including statutory requirements for directors to report on the steps they have taken to prevent and detect material fraud and for auditors to report in relation to such a director's statement. The FRC will address these proposals in due course, taking account of the outcome of the BEIS consultation. The FRC has also published a Feedback Statement on its consultation on the revision of the standard and an impact assessment. The Feedback Statement provides an explanation of the key changes in the standard.

Horizon Scanning

Look out for:

Consultation closure: The deadline for the submission of comments on EBA's public consultation on draft Regulatory Technical Standards on a central database on anti-money laundering and countering the financing of terrorism in the EU (mentioned above) is 17 June 2021. 

Sentencing hearing: on 14 January 2021, David Lufkin, a British national and the former Global Head of Sales at Petrofac pleaded guilty at Westminster Magistrates’ Court to three counts of bribery. The matter has been listed for a mention hearing on 21 June 2021.