Our pick of the top 10 compliance stories of 2023
- Meta pays £600m over data scandal
- Amigo censured but avoids £73m fine
- Commerzbank executive gets £300k payout
- Synthetic USD Libor extended to September 2024 by the FCA
- Alarm at rising modern slavery cases in the care sector and beyond
- Odey loses ‘fit and proper’ status
- Microsoft take the path of cyber threat resistance
- Visa faces probes over tokenisation pricing
- OKX fall in line with the FCA's marketing regulations
- Malfunctioning robot kills worker during test
- Voyager's $1.65bn settlement gets approval
Take a look at our summary of key compliance fines in 2023 too!
Meta agrees to pay £600m over data scandal
Meta has agreed to pay $725m (£600m) to settle a long-running legal action following the Cambridge Analytica scandal.
Facebook gave third parties (including Cambridge Analytica) access to users' personal data, which was harvested without their knowledge or consent.
The class action was filed on behalf of Facebook's 250-280 million users in the United States. The sum is thought to be the highest yet in a US data privacy class action.
Without admitting wrongdoing, Meta said it had "revamped" its privacy policies and processes.
Facebook paid $5b in 2019 to resolve privacy issues and continues to face intense scrutiny over its practices. Earlier this month, WhatsApp, Instagram and Facebook were fined €5.5 million, €180 million and €210 million respectively by the Irish data regulator for GDPR violations. Its parent Meta plans to appeal.
Key takeaways:
- Comply with the UK GDPR principles - there are seven of them
- Make sure your data processing is lawful, fair and transparent - be honest with people about what we plan to do with their data, our lawful basis for this, and who else we'll share it with via privacy notices
- Give people access to their personal data - so they can see how we use their personal data, check that it's accurate and that our processing is lawful
- Make sure our consent is unambiguous, and there's clear affirmative action - don't assume we have consent, bundle it with standard terms and conditions, or make it a precondition of using our services
- Manage third-party risks - conduct an assessment to determine your risk exposure when working with third parties and implement controls to manage them
- Take extra care when sharing personal data with third parties – implement contracts to clarify expectations, and ensure everyone recognises their mutual obligations and liabilities
Amigo censured but avoids £73m fine
Sub-prime lender Amigo has been censured by the Financial Conduct Authority for failing to conduct adequate affordability checks on its customers and guarantors.
The regulator claimed that between November 2018 and March 2020, the company did not have adequate processes to assess the borrower and guarantor’s circumstances before approving loans. The company relied too heavily on automated IT systems and had inadequate controls in place. Staff also failed to conduct proper checks when the system flagged up concerns.
This resulted in a high risk of consumer harm, particularly for vulnerable customers. It also meant that guarantors were more likely to have to step in, with one in four guarantors being expected to repay the loan.
The company was accused of “prioritising [its] commercial interests over the obligation to comply with the rules and safeguard customers from unaffordable loans”.
The FCA had planned to impose a fine of £72.9 million, but the penalty was waived after Amigo demonstrated it would cause “serious financial hardship” and threaten its ability to fulfil a High Court compensation scheme to repay unfairly treated customers.
Commerzbank executive gets £300k payout
A Commerzbank compliance executive has been awarded £300,684 in compensation at a UK employment tribunal. It follows a seven-year battle with the bank, which Jagruti Rajput accused of sex and maternity discrimination.
Rajput claimed that she was denied a promotion opportunity because she was a woman on maternity leave. “Substantial” parts of her role were assigned to a colleague while she was on maternity leave.
Rajput was accused of having “an unhealthy obsession with work”, of being “controlling”, and discouraged from attending a review during her leave “because of assumptions made about what a woman should do whilst on maternity leave”.
The panel of judges found that there would be a 60% chance of her securing a head of markets role had she not faced unlawful discrimination. The tribunal ruled in her favour on six complaints, and Rajput was awarded £201,650 for loss of salary, bonuses and pension, with £25,000 for injury to feelings, plus interest.
The case “represented a very significant setback for the claimant in her career”, said employment judge Natasha Joffe, being a “very significant detriment to a woman newly back from maternity leave of finding that much of her role had been handed over to a more junior employee and not returned to her”.
Commerzbank is appealing.
Key takeaways:
- Treat people fairly and consistently apply our equality policies - in all day-to-day activities and work-related decisions (recruitment, training, promotion, allocating work, pay, etc.)
- Be proactive - don’t slavishly follow our rules if you think they are wrong, if they create unintentional bias, or lead to some groups being treated less favourably than others. Instead, work to get them changed. Remember, diverse companies are often more productive, innovative and profitable too!
- Mind your language - check that all communications are free of discriminatory and sexist language. Careless language and stereotyping, however unintentional, can create a perception of inequality and make people feel vulnerable.
- Use objective criteria when making decisions on recruitment, training and promotion - this ensures appointments are always made on merit
- Watch out for indirect discrimination - make sure that our company policies don’t inadvertently put certain groups at a disadvantage
- Collect data and benchmark your progress - assess “the current state”, monitor progress, and learn from others
Synthetic USD Libor extended to September 2024
The UK FCA has granted banks an additional 15 months to stop using the synthetic version of USD LIBOR.
The regulator has extended the deadline for publishing 1- and 6-month synthetic USD LIBOR settings until September 2024, following feedback from the industry that some US dollar cash contracts would benefit from a continued publication.
However, the FCA confirmed that it has no intention to compel continued publication beyond this date.
The move is part of the transition from LIBOR to SONIA, which the FCA and BoE have promoted. The transition is considered critical globally, given that LIBOR underpins more than $300tn in derivatives and other instruments.
New review aims to tackle autism employment gap
The UK Department for Work and Pensions (DWP) has launched a review to improve access to work for people with autism. The review, announced on World Autism Awareness Day, aims to identify barriers to employment for autistic individuals.
According to the government, employment rates for this group are particularly low, with less than three in 10 in work. The review will involve businesses, employment organisations, specialist support groups, and autistic people themselves.
Sir Robert Buckland has been appointed to lead the review, and the Minister for Disabled People, Health, and Work, Tom Pursglove, said that closing the employment gap for autistic people would benefit both individuals and the country's employment and productivity.
The DWP also noted that many of the adjustments and initiatives that would benefit autistic people could also help other neurodiverse individuals, such as those with ADHD, dyslexia, and dyspraxia.
UK government to review whistleblowing laws
The UK government is reviewing whistleblowing laws to improve the protection of whistleblowers and empower workers to report wrongdoing. UK employers will be expected to establish appropriate reporting channels for whistleblowers that are well-resourced and protect confidentiality.
The review is being led by the Department for Business and Trade, which will examine the effectiveness of current laws and consider how to facilitate disclosures best and protect workers. The review will also consider the definition of "worker" for whistleblowing protection purposes.
The government has highlighted whistleblowing as a crucial source of evidence for authorities tackling corruption, fraud and economic crime. The rise in whistleblowing complaints globally has been attributed to a growing awareness of ESG expectations and uncovering of allegations of sexual harassment.
Key takeaways:
- Legal protection - Whistleblowers are protected by law, so companies must have policies in place to protect them from retaliation
- Confidentiality - Whistleblowers must be able to report concerns confidentially, and companies should provide secure channels for this
- Investigation - Companies must investigate concerns thoroughly, appoint an independent investigator, and keep whistleblowers informed of the progress and outcome
Alarming rise in modern slavery cases
There's been a sharp rise in the number of potential victims of modern slavery over the last year, according to figures released by the charity Unseen. Calls to the helpline have more than doubled, with 6,516 potential victims identified, a rise of 116%.
Based on an analysis of those calls, there were significant increases in forced labour, sexual exploitation, and domestic servitude, with the care sector showing a huge increase (1,024%) in potential victims.
Exploitation of Indian, Nigerian, and Zimbabwean workers was especially prevalent, which - the report points out - is likely due to low levels of pay and an overreliance on temporary workers in the sector.
In one case outlined in the report, workers were brought into the UK on student visas and worked in care homes through an agency. The agency charged the care homes for the work but did not pay the workers. They had worked 14-hour shifts for five days with no pay.
Eleven cases in the report related to the Homes for Ukraine scheme, and one involved organ harvesting. Earlier this month, Ike Ekweremadu – a senior politician from Nigeria, his wife, and a doctor were found guilty of organ trafficking, the first case of its kind under the Modern Slavery Act. Together, they were sentenced to almost 25 years.
“To be serious about tackling modern slavery in the UK, we need much more awareness of the true size of the problem, better support for victims, and get many more resources going into targeting the criminals behind the exploitation. Instead, the UK is bringing in new migration laws that criminalise some victims of modern slavery, forcing them underground and keeping them vulnerable to traffickers. We should be doing more to expose the extent of slavery, not driving it further into the shadows."
Odey loses ‘fit and proper’ status
Odey Asset Management (OAM) is disbanding and has been forced to suspend two hedge funds after a surge of redemption requests. It follows a report published by the Financial Times and Tortoise Media, where multiple allegations of sexual misconduct were made against its founder Crispin Odey.
OAM’s prime brokers - including Goldman Sachs, JP Morgan, Exane, and Morgan Stanley – moved quickly, reviewing their relationship with the firm and subsequent cut ties in light of the allegations. Now investors are also demanding their money back.
According to the FT, the Financial Conduct Authority (FCA) is continuing to investigate claims of non-financial misconduct against Odey, having begun an investigation in 2021 after a court case in which Odey was acquitted of indecent assault.
OAM has confirmed that it is disbanding, and Crispin Odey’s ‘fit and proper’ status has since been removed from the FCA website. Odey ‘strenuously disputed’ all the allegations, claiming his relationships with the women were ‘consensual’ and that the FT report was a ‘rehash’ and politically motivated.
The FT also claimed senior executives at OAM knew of the allegations up to 16 years before launching their own investigation.
The HSE's hot weather advice
Firms should relax their dress codes to protect workers during the extremely hot weather, according to the Health and Safety Executive. The warning comes as authorities issued a heat-health alert across parts of the country.
While there is no legal maximum temperature, the regulator is urging companies to implement simple but effective measures to protect those working inside and out and manage the heat risk.
Among other things, the HSE suggests:
- Ensuring windows can be opened or closed to prevent hot air from building up
- Using blinds and reflective film on windows to shield workers from the sun
- Moving workstations away from direct sunlight
- Offering flexible working so people can work at cooler times of the day (e.g. 5am-1pm)
- Providing free access to drinking water
Providing weather-appropriate personal protective equipment - Relaxing dress codes, where possible
- Raising awareness of the symptoms of heat stress, how to manage and prevent it
“Last summer should have been a wakeup call for all employers. Climate change means we’re likely to get hotter summers and that could have a big impact on the workforce of this country, affecting everything from health of workers to productivity on construction sites. We know all employers are under pressure, and we don’t want to add to their burden, but it’s vital they think hard now about simple and cheap measures they can put in place to support workers should we see extreme heat again this summer.”
Microsoft take the path of cyber threat resistance
Microsoft announced that it will make some cloud security tools free from September 2023 following recent major hacks. Sophisticated hackers compromised the email accounts of 25 organisations and government agencies.
Microsoft will make 31 of its important security logs available to its customers using cheaper cloud service packages. This is a significant move by Microsoft, as these tools are typically only available as part of paid subscriptions. In addition, the default retention period for security logs will be extended from 90 to 180 days.
Some of the security tools that will be made available include:
- Microsoft Defender for Cloud: This tool provides cloud security posture management and threat protection for Azure resources.
- Microsoft Defender for Office 365: This allows email and collaboration security for Microsoft 365 users.
- Microsoft Cloud App Security: This tool provides cloud application security for organisations that use a variety of cloud applications.
Visa faces probes over tokenisation pricing
Visa is facing scrutiny from the U.S. Justice Department (DoJ) for its fees related to tokenization technology used to secure cardholder data. This technology replaces card numbers with unique tokens for specific devices or merchants, with only Visa capable of unlocking these tokens.
The DoJ is now investigating Visa's practice of charging higher fees to retailers who don't adopt this technology. This inquiry is part of a larger, ongoing two-year investigation into claims that Visa is trying to monopolise the debit card market. Visa contends that its technology, introduced in 2014, enhances payment security during the transmission of cardholder data.
Over 4 billion tokens have been issued so far, surpassing the number of actual cards in circulation. Around 13,000 retailers are utilising this service. Recent information reveals that Visa and its partners will be implementing fee adjustments, including higher charges for merchants opting out of using Visa's tokenisation technology. This announcement has reignited the DoJ's interest in the matter.
Key takeaways:
- Ensure transparent fee structures: it is important to have transparency in fee structures so that they do not raise concerns about unfair or discriminatory practices.
- Use technology wisely: the adoption of technology to enhance data security is commendable, but it should not be used to create a competitive disadvantage for merchants. This could be seen as unfair practice.
- Be consistent: ongoing compliance monitoring is crucial. Companies need to regularly assess their practices to avoid unexpected legal challenges.
- Proceed with caution to ensure fair competition: be cautious about actions that could be interpreted as attempts to monopolise a market. Antitrust violations and monopoly concerns could lead to being in hot water with regulators.
OKX fall in line with the FCA's marketing regulations
OKX, a cryptocurrency firm, has aligned itself with the UK Financial Conduct Authority's (FCA) new crypto marketing regulations, responding to the FCA's call for transparency and fair marketing in the crypto industry.
The FCA had issued a stern warning to crypto firms to provide accurate risk warnings and demanded compliance with the new regulations. Unregistered crypto firms are now required to cease illegal financial promotions aimed at UK consumers and must obtain approval from an authorised entity for their content.
OKX has made several modifications to cater to its UK retail customers, reducing the number of tokens offered and adding a prominent risk advisory banner on its website. Other crypto firms, such as Nexo and Binance, have also adjusted their offerings and collaborated with FCA-regulated entities to comply with the new regulations.
Malfunctioning robot kills worker during test
A worker in his 40s has been crushed to death at an agricultural distribution centre in South Gyeongsang province, South Korea.
The employee was checking the robot's sensor operations before a test run when the accident occurred. The robotic arm was lifting boxes of peppers onto pallets but malfunctioned, failing to distinguish between him and the box of vegetables.
The man's face and chest were crushed against the conveyor belt, and he died later of his injuries. The plant's owner, Dongseong Export Agricultural Complex, now wants 'precise and safe' systems to be established.
Christopher Atkeson, a robotics expert at Carnegie Mellon University, said: “Robots have limited sensing and thus limited awareness of what is going on around them.” Earlier this year, a man in his fifties sustained serious injuries after being trapped by a robot at a car parts plant.
There have been 41 fatalities involving robots in the US alone between 1992 and 2017. The majority (83%) occur during maintenance.
"This study highlights the growing challenges of protecting workers who perform tasks with the aid of robots. As robotic technology develops, identifying patterns of death, such as those found in this study, will be a critical part of developing safeguards, including safety standards, to protect workers."
Voyager's $1.65bn settlement gets approval
Cryptocurrency lender Voyager has settled with the U.S. Federal Trade Commission (FTC) after being accused of falsely claiming that customer accounts were insured by the Federal Deposit Insurance Corporation (FDIC). The company subsequently filed for bankruptcy in July 2022.
This misleading information was provided by Voyager's CEO, Stephen Ehrlich, during a critical financial period for the company. The settlement includes a $1.65 billion fine, temporarily suspended to facilitate customer reimbursement. The Commodity Futures Trading Commission (CFTC) is also pursuing Ehrlich on fraud and registration failure charges.
Voyager is prohibited from offering and marketing certain financial products and services, with the fine payable after addressing creditors in bankruptcy proceedings. While Voyager has agreed to the settlement, Ehrlich has not, and the case against him continues in court.
Key takeaways:
- Ensure disclosure and transparency: Transparency in financial dealings, especially during critical financial periods, is crucial. Misleading information during such times can raise regulatory concerns and legal actions.
- Implement consumer protection measures: Ensuring the security of customer funds and providing accurate information about the safety of their assets is paramount. The violation of consumer trust, as evidenced by the false advertising in this case, can lead to significant financial penalties.
- Have a truthful representation of insurance coverage: Companies need to represent insurance coverage to customers accurately. False claims, especially regarding government-backed insurance like FDIC, can have severe legal consequences.
Looking for more compliance insights?
We have created a series of comprehensive roadmaps to help you navigate the compliance landscape, supported by e-learning in our Essentials Library.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.