We've examined the top 10 compliance news stories in 2023, from major data breaches and fraud awards to million-dollar fines.
Take a look at our summary of key compliance fines in 2023 too!
Meta has agreed to pay $725m (£600m) to settle a long-running legal action following the Cambridge Analytica scandal.
Facebook gave third parties (including Cambridge Analytica) access to users' personal data, which was harvested without their knowledge or consent.
The class action was filed on behalf of Facebook's 250-280 million users in the United States. The sum is thought to be the highest yet in a US data privacy class action.
Without admitting wrongdoing, Meta said it had "revamped" its privacy policies and processes.
Facebook paid $5b in 2019 to resolve privacy issues and continues to face intense scrutiny over its practices. Earlier this month, WhatsApp, Instagram and Facebook were fined €5.5 million, €180 million and €210 million respectively by the Irish data regulator for GDPR violations. Its parent Meta plans to appeal.
Sub-prime lender Amigo has been censured by the Financial Conduct Authority for failing to conduct adequate affordability checks on its customers and guarantors.
The regulator claimed that between November 2018 and March 2020, the company did not have adequate processes to assess the borrower and guarantor’s circumstances before approving loans. The company relied too heavily on automated IT systems and had inadequate controls in place. Staff also failed to conduct proper checks when the system flagged up concerns.
This resulted in a high risk of consumer harm, particularly for vulnerable customers. It also meant that guarantors were more likely to have to step in, with one in four guarantors being expected to repay the loan.
The company was accused of “prioritising [its] commercial interests over the obligation to comply with the rules and safeguard customers from unaffordable loans”.
The FCA had planned to impose a fine of £72.9 million, but the penalty was waived after Amigo demonstrated it would cause “serious financial hardship” and threaten its ability to fulfil a High Court compensation scheme to repay unfairly treated customers.
A Commerzbank compliance executive has been awarded £300,684 in compensation at a UK employment tribunal. It follows a seven-year battle with the bank, which Jagruti Rajput accused of sex and maternity discrimination.
Rajput claimed that she was denied a promotion opportunity because she was a woman on maternity leave. “Substantial” parts of her role were assigned to a colleague while she was on maternity leave.
Rajput was accused of having “an unhealthy obsession with work”, of being “controlling”, and discouraged from attending a review during her leave “because of assumptions made about what a woman should do whilst on maternity leave”.
The panel of judges found that there would be a 60% chance of her securing a head of markets role had she not faced unlawful discrimination. The tribunal ruled in her favour on six complaints, and Rajput was awarded £201,650 for loss of salary, bonuses and pension, with £25,000 for injury to feelings, plus interest.
The case “represented a very significant setback for the claimant in her career”, said employment judge Natasha Joffe, being a “very significant detriment to a woman newly back from maternity leave of finding that much of her role had been handed over to a more junior employee and not returned to her”.
Commerzbank is appealing.
The UK FCA has granted banks an additional 15 months to stop using the synthetic version of USD LIBOR.
The regulator has extended the deadline for publishing 1- and 6-month synthetic USD LIBOR settings until September 2024, following feedback from the industry that some US dollar cash contracts would benefit from a continued publication.
However, the FCA confirmed that it has no intention to compel continued publication beyond this date.
The move is part of the transition from LIBOR to SONIA, which the FCA and BoE have promoted. The transition is considered critical globally, given that LIBOR underpins more than $300tn in derivatives and other instruments.
The UK Department for Work and Pensions (DWP) has launched a review to improve access to work for people with autism. The review, announced on World Autism Awareness Day, aims to identify barriers to employment for autistic individuals.
According to the government, employment rates for this group are particularly low, with less than three in 10 in work. The review will involve businesses, employment organisations, specialist support groups, and autistic people themselves.
Sir Robert Buckland has been appointed to lead the review, and the Minister for Disabled People, Health, and Work, Tom Pursglove, said that closing the employment gap for autistic people would benefit both individuals and the country's employment and productivity.
The DWP also noted that many of the adjustments and initiatives that would benefit autistic people could also help other neurodiverse individuals, such as those with ADHD, dyslexia, and dyspraxia.
The UK government is reviewing whistleblowing laws to improve the protection of whistleblowers and empower workers to report wrongdoing. UK employers will be expected to establish appropriate reporting channels for whistleblowers that are well-resourced and protect confidentiality.
The review is being led by the Department for Business and Trade, which will examine the effectiveness of current laws and consider how to facilitate disclosures best and protect workers. The review will also consider the definition of "worker" for whistleblowing protection purposes.
The government has highlighted whistleblowing as a crucial source of evidence for authorities tackling corruption, fraud and economic crime. The rise in whistleblowing complaints globally has been attributed to a growing awareness of ESG expectations and uncovering of allegations of sexual harassment.
There's been a sharp rise in the number of potential victims of modern slavery over the last year, according to figures released by the charity Unseen. Calls to the helpline have more than doubled, with 6,516 potential victims identified, a rise of 116%.
Based on an analysis of those calls, there were significant increases in forced labour, sexual exploitation, and domestic servitude, with the care sector showing a huge increase (1,024%) in potential victims.
Exploitation of Indian, Nigerian, and Zimbabwean workers was especially prevalent, which - the report points out - is likely due to low levels of pay and an overreliance on temporary workers in the sector.
In one case outlined in the report, workers were brought into the UK on student visas and worked in care homes through an agency. The agency charged the care homes for the work but did not pay the workers. They had worked 14-hour shifts for five days with no pay.
Eleven cases in the report related to the Homes for Ukraine scheme, and one involved organ harvesting. Earlier this month, Ike Ekweremadu – a senior politician from Nigeria, his wife, and a doctor were found guilty of organ trafficking, the first case of its kind under the Modern Slavery Act. Together, they were sentenced to almost 25 years.
“To be serious about tackling modern slavery in the UK, we need much more awareness of the true size of the problem, better support for victims, and get many more resources going into targeting the criminals behind the exploitation. Instead, the UK is bringing in new migration laws that criminalise some victims of modern slavery, forcing them underground and keeping them vulnerable to traffickers. We should be doing more to expose the extent of slavery, not driving it further into the shadows."
- Justine Carter, Director, Unseen.
Odey Asset Management (OAM) is disbanding and has been forced to suspend two hedge funds after a surge of redemption requests. It follows a report published by the Financial Times and Tortoise Media, where multiple allegations of sexual misconduct were made against its founder Crispin Odey.
OAM’s prime brokers - including Goldman Sachs, JP Morgan, Exane, and Morgan Stanley – moved quickly, reviewing their relationship with the firm and subsequent cut ties in light of the allegations. Now investors are also demanding their money back.
According to the FT, the Financial Conduct Authority (FCA) is continuing to investigate claims of non-financial misconduct against Odey, having begun an investigation in 2021 after a court case in which Odey was acquitted of indecent assault.
OAM has confirmed that it is disbanding, and Crispin Odey’s ‘fit and proper’ status has since been removed from the FCA website. Odey ‘strenuously disputed’ all the allegations, claiming his relationships with the women were ‘consensual’ and that the FT report was a ‘rehash’ and politically motivated.
The FT also claimed senior executives at OAM knew of the allegations up to 16 years before launching their own investigation.
Firms should relax their dress codes to protect workers during the extremely hot weather, according to the Health and Safety Executive. The warning comes as authorities issued a heat-health alert across parts of the country.
While there is no legal maximum temperature, the regulator is urging companies to implement simple but effective measures to protect those working inside and out and manage the heat risk.
Among other things, the HSE suggests:
“Last summer should have been a wakeup call for all employers. Climate change means we’re likely to get hotter summers and that could have a big impact on the workforce of this country, affecting everything from health of workers to productivity on construction sites. We know all employers are under pressure, and we don’t want to add to their burden, but it’s vital they think hard now about simple and cheap measures they can put in place to support workers should we see extreme heat again this summer.”
- John Rowe, Director of Operational Strategy
Microsoft announced that it will make some cloud security tools free from September 2023 following recent major hacks. Sophisticated hackers compromised the email accounts of 25 organisations and government agencies.
Microsoft will make 31 of its important security logs available to its customers using cheaper cloud service packages. This is a significant move by Microsoft, as these tools are typically only available as part of paid subscriptions. In addition, the default retention period for security logs will be extended from 90 to 180 days.
Some of the security tools that will be made available include:
Visa is facing scrutiny from the U.S. Justice Department (DoJ) for its fees related to tokenization technology used to secure cardholder data. This technology replaces card numbers with unique tokens for specific devices or merchants, with only Visa capable of unlocking these tokens.
The DoJ is now investigating Visa's practice of charging higher fees to retailers who don't adopt this technology. This inquiry is part of a larger, ongoing two-year investigation into claims that Visa is trying to monopolise the debit card market. Visa contends that its technology, introduced in 2014, enhances payment security during the transmission of cardholder data.
Over 4 billion tokens have been issued so far, surpassing the number of actual cards in circulation. Around 13,000 retailers are utilising this service. Recent information reveals that Visa and its partners will be implementing fee adjustments, including higher charges for merchants opting out of using Visa's tokenisation technology. This announcement has reignited the DoJ's interest in the matter.
OKX, a cryptocurrency firm, has aligned itself with the UK Financial Conduct Authority's (FCA) new crypto marketing regulations, responding to the FCA's call for transparency and fair marketing in the crypto industry.
The FCA had issued a stern warning to crypto firms to provide accurate risk warnings and demanded compliance with the new regulations. Unregistered crypto firms are now required to cease illegal financial promotions aimed at UK consumers and must obtain approval from an authorised entity for their content.
OKX has made several modifications to cater to its UK retail customers, reducing the number of tokens offered and adding a prominent risk advisory banner on its website. Other crypto firms, such as Nexo and Binance, have also adjusted their offerings and collaborated with FCA-regulated entities to comply with the new regulations.
A worker in his 40s has been crushed to death at an agricultural distribution centre in South Gyeongsang province, South Korea.
The employee was checking the robot's sensor operations before a test run when the accident occurred. The robotic arm was lifting boxes of peppers onto pallets but malfunctioned, failing to distinguish between him and the box of vegetables.
The man's face and chest were crushed against the conveyor belt, and he died later of his injuries. The plant's owner, Dongseong Export Agricultural Complex, now wants 'precise and safe' systems to be established.
Christopher Atkeson, a robotics expert at Carnegie Mellon University, said: “Robots have limited sensing and thus limited awareness of what is going on around them.” Earlier this year, a man in his fifties sustained serious injuries after being trapped by a robot at a car parts plant.
There have been 41 fatalities involving robots in the US alone between 1992 and 2017. The majority (83%) occur during maintenance.
"This study highlights the growing challenges of protecting workers who perform tasks with the aid of robots. As robotic technology develops, identifying patterns of death, such as those found in this study, will be a critical part of developing safeguards, including safety standards, to protect workers."
- The National Institute for Occupational Safety & Health (NIOSH)
Cryptocurrency lender Voyager has settled with the U.S. Federal Trade Commission (FTC) after being accused of falsely claiming that customer accounts were insured by the Federal Deposit Insurance Corporation (FDIC). The company subsequently filed for bankruptcy in July 2022.
This misleading information was provided by Voyager's CEO, Stephen Ehrlich, during a critical financial period for the company. The settlement includes a $1.65 billion fine, temporarily suspended to facilitate customer reimbursement. The Commodity Futures Trading Commission (CFTC) is also pursuing Ehrlich on fraud and registration failure charges.
Voyager is prohibited from offering and marketing certain financial products and services, with the fine payable after addressing creditors in bankruptcy proceedings. While Voyager has agreed to the settlement, Ehrlich has not, and the case against him continues in court.
We have created a series of comprehensive roadmaps to help you navigate the compliance landscape, supported by e-learning in our Essentials Library.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.