We've examined the top 10 compliance news stories in 2020, from major data breaches and discrimination awards to billion-dollar fines.
Don't forget to read our summary of key compliance fines in 2020 too!
In January 2020, the French competition watchdog fined Google $150m for abusing its dominant position in the online search advertising market.
It criticised the tech giant for its "brutal and unjustified" suspension of accounts, "opaque and difficult to understand operating rules" relating to Google Ads and for applying them in "an unfair and random manner" after complaints by firms that had their accounts suspended without warning.
Google planned to appeal, insisting that "People expect to be protected from exploitative and abusive ads, and this is what our advertising policies are for".
But, while agreeing that customer protection is "perfectly legitimate", the watchdog cautioned, "Google cannot suspend the account of an advertiser on the grounds that it would offer services that it considers contrary to the interests of the consumer while agreeing to reference and accompany on its advertising platform sites that sell similar services".
Google previously received a €1.5bn EU competition fine in March 2019.
In February 2020, Airbus confirmed it would pay €3.6bn to settle a long-running investigation by French, UK and US authorities into bribery and corruption. This case was unprecedented in its scale and chutzpah. It is also controversial that Airbus was let off with a DPA.
In 2012, a whistleblower alleged that Airbus's GPT subsidiary used gifts and bribes of over £14m to secure a contract to upgrade military communications in Saudi Arabia. In 2017, the French-based planemaker was also investigated over its use of middlemen and third-party consultants to secure airline sales. The subsidiary at the centre of the allegations has ceased trading.
In March 2020, the French antitrust regulator handed Apple a record €1.1bn fine for anti-competitive selling practices relating to its non-iPhone products in France.
France's Autorité de la Concurrence accused Apple of colluding with two wholesalers, Tech Data and Ingram Micro, effectively preventing competition for its Apple Mac computers and other non-iPhone products.
The investigation was prompted after a complaint by eBizcuss, an Apple premium reseller. Antitrust officials say Apple forced premium resellers to match prices on the Apple Store, and contracts restricted them to almost only selling Apple products despite the stock being withheld.
Apple planned to appeal. The two firms - Tech Data and Ingram Micro - were also fined €76.1m and €63m, respectively.
In March 2020, Marriott International reported a second data breach that exposed the personal information of around 5.2 million guests.
In a statement, it said:
"At the end of February 2020, the company identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. The company believes that this activity started in mid-January 2020. Upon discovery, the company confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests."
The incident was reported on 31 March. Marriott appeared to play it down, explaining that the impact would not be materially significant due to its cyber insurance policy (savvy learners will immediately recognise the 4T model there, with the risk being transferred to an insurance company).
However, security experts were noticeably less confident, pointing out that NSA, CIA, FBI intelligence officials, and diplomats frequent Marriott hotels. This is the latest in a series of breaches targeting US officials.
Casey Ellis of Bugcrowd said, "This attack emphasizes the need for the hospitality industry to take security seriously. Hotels collect more private personal information than most enterprises (birthdays, passport numbers, email and mailing addresses, and phone numbers). Cybercriminals know what types of organizations collect troves of sensitive data, and given the amount of valuable information at hand, hospitality businesses can no longer afford to ignore their vulnerabilities."
In April 2020, aerospace engineer Peter Allen was awarded £175,000 for harassment and discrimination on the grounds of sexual orientation at work.
The Manchester Employment Tribunal upheld his claim of harassment and direct discrimination on the grounds of sexual orientation against Paradigm Precision and agreed he was victimised and faced detrimental treatment when he requested adoption leave. Allen had faced homophobic insults and was passed over for promotion after he enquired about adoption leave.
The tribunal awarded Allen £175,000, which included £24k for unfair dismissal, £26k for injury to feelings, £70k for loss of earnings and £18k for failing to follow ACAS Code of Practice on Disciplinary and Grievance Procedures.
BlueCrest Capital Management Ltd. has agreed to a settlement to the tune of $170 million over allegations that it had been systematically misleading clients. The allegations relate to a fund that invested its traders' own money via an underperforming algorithm.
Back in its heyday, BlueCrest was among Europe's largest hedge-fund managers. However, the firm ceased managing money for outside clients in 2015 after a run of poor returns from its flagship macro fund and a sharp drop in assets. Yet, it carried on trading in its employees' own money.
According to SEC investigators, BlueCrest established the proprietary fund, BSMA Limited, back in 2011 before moving most of its best traders to work on it. Their work selecting assets for BlueCrest’s flagship fund was then replaced by an algorithm meant to replicate human decisions but ended up performing poorly.
Commenting on the case, SEC enforcement director Stephanie Avakian said, "BlueCrest repeatedly failed to act in the best interests of its investors, including by not disclosing that it was transferring its highest-performing traders to a fund that benefited its own personnel to the detriment of its fund investors."
The US Treasury Department has released a statement announcing that Amazon has agreed to pay a $134,523 fine over alleged sanctions violations. The charges in question relate to goods and services sent to Syria, Iran and Crimea between 2011 and 2018. All three of these countries are covered by Office of Foreign Assets Control (OFAC) sanctions.
This settlement is relatively insubstantial compared to Amazon's enormous market cap. However, the sales were for fairly low-level retail goods and services. In fact, the total amount of the goods and services which breached US sanctions only totalled just over $250,000 - peanuts for a firm like Amazon!
The Treasury Department does not believe that these sales were made with malicious intent, but that they relate to issues with Amazon's online systems, which failed to flag shipments to sanctioned countries. There seem to be several reasons why this occurred. One specific example involves the Amazon site failing to note when a sale was made to an Iranian embassy outside of Iran.
This event only highlights the importance of reforming sanctions infrastructure for cross-border transactions, which has scarcely changed since 1977. As of 2021, ISO 20022 is set to streamline cross-border payments, creating a flexible infrastructure to facilitate information exchange and aid in harmonizing the payments language between old and new technologies. The ultimate aim of ISO 20022 is to remove the barriers to sanctions compliance and get the global financial community on the same page.
Key takeaways:
A damning report, released in July 2020, found that up to 10,000 people may be working in slave-like conditions in textile factories in Leicester.
Leicester MP Andrew Bridgen claimed that a "conspiracy of silence" permitted such factories to exploit people over many years and said that "you've got a systemic failure of all the protections in Leicester that would prevent this from happening."
The factories supply garments to several UK retailers, most notably Boohoo, which also owns Nasty Gal and Pretty Little Thing.
Despite the UK's minimum wage being set at £8.72 an hour for over 25's, an undercover reporter found employees paid a mere £3.50 per hour instead. Additionally, no protection was provided to workers to protect against Covid-19, putting their health at serious risk.
As a result of the modern slavery investigation, a staggering £2 billion was wiped off of Boohoo's value on the AIM market in London, reducing it to £2.7 billion - further hindering its chances of reaching its £7.55 billion target by 2023.
Boohoo faced a massive backlash, as retail giants including ASOS and Next both stopped stocking Boohoo garments in their shops in retaliation. Likewise, Very.co.uk and Zalando both temporarily suspended the sale of any items associated with Boohoo, as quite a few Instagram influencers cut ties with them.
Key takeaways
In October 2020, Morgan Stanley agreed to pay $60 million over claims that they failed to decommission data centres connected to their wealth-management operations correctly.
According to the Office of the Comptroller of the Currency (OCC), Morgan Stanley "failed to effectively assess or address risks associated with decommissioning its hardware".
This includes failing to keep tabs on client data contained within obsolete devices and the improper assessment of the risks posed by subcontractors.
"We have continuously monitored the situation, and we do not believe that any of our clients’ information has been accessed or misused," Morgan Stanley said in response.
"Moreover, we have instituted enhanced security procedures, including continuous fraud monitoring, and will continue to strengthen the controls that we have in place to protect our clients’ information."
Earlier in the same month, the firm announced its intention to expand its wealth-management operations through a $7 billion acquisition of Eaton Vance Corp. The Federal Reserve later approved them to acquire E*Trade Financial Corp in a deal that added a new retail customer base to its brokerage business.
In October 2020, Deutsche Bank AG was issued a €13.5m fine by Frankfurt prosecutors due to money-laundering violations connected with Danske Bank A/S. According to prosecutors, Deutsche Bank failed to alert authorities about suspicious transactions in a timely manner on more than 600 different occasions.
Deutsche Banks's case was directly connected to another scandal which saw over $200bn in suspicious payments pass through Danske Bank’s Estonian unit. It was revealed that most of this money was also routed through Deutsche Bank, which processed US dollar payments for the Estonian business at the time.
Commenting on the scandal, Deutsche Bank said that it had stopped being Danske Bank Estonia's so-called correspondence in 2015. According to Stefan Simon, a member of Deutsche Bank’s management board, "with the closure of these proceedings, it is clear that there was no evidence of criminal misconduct either on the part of Deutsche Bank or its employees."
Chris Vogelzang, Dankse Bank's CEO, has stated that they expected to wrap up their internal investigation into the matter by the end of 2020. Danske Bank was also looking to come to a global agreement with authorities to close the case.
If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to Skillcast Compliance Bulletin.
To help you navigate the compliance landscape, we have collated searchable glossaries of key terms and definitions across complex topics, including GDPR, Equality, Financial Crime and SMCR. We also track the biggest compliance fines, explaining what drives them and how to avoid them.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
Last but not least, we have 70+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!