Our pick of key compliance stories this month
- TD Bank hit with a record $3bn AML fine
- UK-US partner to strengthen online child safety
- LinkedIn to pay €310m for data privacy violations
- UK Government introduces the Employment Rights Bill
- The FCA punishes Volkswagen for unfair customer treatment
- RTX settles Qatar bribery charges for over $950m
- Fired EY employees challenge dismissal over training breaches
TD Bank hit with a record $3bn AML fine
TD Bank has agreed to pay $3 billion to settle charges for failing to monitor money laundering activities linked to drug cartels. This includes a record-breaking $1.3 billion penalty to the US Treasury’s Financial Crimes Enforcement Network and an additional $1.8 billion to the US Justice Department.
As part of the settlement, TD Bank will also plead guilty to violations of the Bank Secrecy Act. The Department of Justice highlighted TD's "systemic deficiencies" in transaction monitoring, with over 90% of transactions going unreviewed from January 2018 to April 2024. This oversight enabled money laundering networks to transfer more than $670 million through TD accounts.
“By making its services convenient for criminals, it became one. I want to be clear, these systemic failures did not just create hypothetical vulnerabilities, but they resulted in actual, material harm to American citizens and communities. Time and again, unlike its peers, TD Bank prioritised growth and profit over complying with the law.”
TD Bank is strengthening its anti-money laundering efforts by hiring over 700 specialists with expertise in financial crime prevention and implementing enhanced processes to improve detection and risk assessment.
Additionally, the bank will undergo four years of monitoring by the US Financial Crimes Enforcement Network (FinCEN) to ensure compliance with the new measures.
Key takeaways:
- Implement multi-year compliance overhaul: Invest in monitoring, reporting, and preventative measures to ensure compliance with AML regulations.
- Expand Anti-Money Laundering (AML) staffing and resources: TD Bank's failure to detect and prevent money laundering highlights the need for a stronger AML programme with adequate staff training and expertise in compliance.
- Assume accountability and cooperate with investigations: Cooperation demonstrates a commitment to transparency and regulatory compliance moving forward.
UK-US partner to strengthen online child safety
The UK and US governments have announced a joint commitment to tackle online child sexual abuse by enhancing international cooperation to remove harmful content and prevent exploitation.
This partnership will establish a joint working group on children’s online safety, encouraging online platforms to accelerate protective measures, especially for end-to-end encrypted services, and address the growing issue of AI-generated child abuse content.
The Internet Watch Foundation (IWF) supports this collaboration, emphasising the importance of including civil society expertise in developing strategies to safeguard children online.
The IWF, which has worked with tech providers since the 1990s, stresses that global online safety initiatives—such as the UK’s Online Safety Act and similar EU legislation—are essential for holding platforms accountable in combating harmful and illegal content. This coordinated effort signals a strong, shared resolve to prioritise children’s online safety worldwide.
LinkedIn to pay €310m for data privacy violations
The Irish Data Protection Commission (DPC) has concluded an investigation into LinkedIn Ireland Unlimited Company, following a complaint originally made to the French Data Protection Authority. The DPC’s inquiry focused on LinkedIn's use of member data for behavioral analysis and targeted advertising.
The final decision found LinkedIn’s data processing practices lacked lawfulness, fairness, and transparency, resulting in a reprimand, an order to correct practices, and €310 million in fines.
"The lawfulness of processing is a fundamental aspect of data protection law and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject's fundamental right to data protection."
The decision underscores the GDPR’s demand for lawful, clear, and fair processing of personal data, reflecting a significant regulatory push for greater transparency and accountability in online data use.
UK Government introduces Employment Rights Bill
On October 10, 2024, the UK government introduced the Employment Rights Bill, which includes 28 reforms aimed at enhancing worker protections. Key changes focus on expanding rights for flexible working, reflecting the positive impact of remote work during the pandemic.
The government plans to establish the right to remote work from the start of employment as a default, allowing employers to refuse only under specific statutory grounds.
In addition to flexible working, the Bill enhances sick pay rights, allowing employees to receive pay from the first day of sickness rather than after three days, and extends these rights to workers earning below the current minimum threshold. Other proposed "day one" rights include parental leave and increased protection against workplace sexual harassment.
The Bill also proposes amendments to the Equality Act 2010, requiring private sector employers with 250 or more employees to create action plans to address gender pay gaps and implement menopause support policies. Pregnant women and new mothers will receive additional protections against dismissal during and after maternity leave.
Additionally, the Bill seeks to eliminate exploitative zero-hour contracts, providing guaranteed hours for those who work regular shifts over a defined period. Most of these reforms are expected to take effect by 2026, giving businesses time to adapt to the new requirements.
FCA fines Volkswagen for unfair customer treatment
The Financial Conduct Authority (FCA) has fined Volkswagen Finance UK £5.4 million for unfairly treating customers in financial difficulty, which may have caused them harm. The company will also pay over £21.5 million in compensation to approximately 110,000 affected customers following an investigation.
From January 1, 2017, to July 31, 2023, Volkswagen Finance repossessed vehicles from vulnerable customers without considering alternative solutions. This approach risked worsening their situations, particularly for those reliant on their cars for commuting.
The FCA criticised the company for failing to understand individual customer circumstances and for using automated, templated communications.
"For many, a car is not a nice to have but a necessity for work or for family life. Volkswagen Finance made tough personal situations worse by failing to consider what those in difficulty might need."
In response to the investigation, Volkswagen Finance has improved its training for customer service staff, enhanced communication strategies, and implemented a new debt collections model. By agreeing to resolve the issues, the company received a 30% discount on its initial £7.7 million fine.
Key takeaways:
- Prioritise customer-centric practices: Financial institutions must prioritise understanding individual customer circumstances, especially those in financial difficulty. A failure to consider personal situations can lead to harmful consequences for vulnerable customers.
- Avoid automated communications: Relying heavily on automated and templated communications can lead to misunderstandings and inadequate support. It's crucial for companies to implement personalised communication strategies that address specific customer needs.
- Proactively implement compliance measures: Organisations should proactively enhance training for customer service staff to ensure they are equipped to handle sensitive situations appropriately. Ongoing training and awareness can help improve compliance and customer treatment.
RTX settles Qatar bribery charges for over $950m
Defence contractor RTX has agreed to pay more than $950 million to resolve investigations into allegations of misleading the Defense Department and bribing a senior Qatari air force official.
The company formalised the settlement in federal court in Brooklyn, agreeing to pay over $280 million related to U.S. bribery and export control violations. Additionally, an RTX subsidiary will pay approximately $574 million in a separate agreement concerning government contracting law violations.
The settlements come amid a series of legal challenges that RTX warned in July could cost up to $1.24 billion. Both cases involve deferred prosecution agreements, allowing charges against RTX’s Raytheon unit to be dismissed if the company enhances its compliance measures.
"Raytheon engaged in criminal schemes to defraud the US government in connection with contracts for critical military systems and to win business through bribery in Qatar. Such corrupt and fraudulent conduct, especially by a publicly traded US defense contractor, erodes public trust and harms the DOD, businesses that play by the rules, and American taxpayers."
Fired EY staff challenge training breach dismissal
Several former employees of EY have pushed back against their firings for completing multiple online training courses simultaneously, arguing that their actions were not unethical.
The consulting firm terminated dozens of staff in the U.S. after an investigation revealed that some employees attended different courses at the same time during the “Ignite Learning Week” in May. EY claimed this behavior violated its code of conduct, branding it as unethical.
The affected employees argue that they were not informed of any prohibition against multitasking during training and pointed out that the company's communications encouraged participation in as many sessions as possible.
This crackdown follows previous scandals involving cheating at EY, including a $100 million settlement with the SEC in 2022 due to misconduct in its accounting department. The firm stated that disciplinary actions were taken against those who violated ethical standards.
In light of the backlash, EY has modified its communication regarding future training, explicitly instructing employees not to engage in other learning activities during training sessions.
Some former employees contend that the company's high-pressure work culture, which promotes multitasking, contributed to their decisions to attend multiple courses. They expressed frustration at the punitive measures, suggesting that the company should improve its systems instead of imposing harsh penalties.
EY has faced criticism in the past for its intense work environment, particularly after the death of a young employee in India, raising concerns about employee well-being. The firm maintains that it prioritises the health and well-being of its workforce and is committed to improving workplace conditions.
Key takeaways:
- Implement clear communication of compliance policies: EY's case emphasises the importance of clearly communicating expectations for compliance policies. Effective policy dissemination includes outlining specific expectations, potential violations, and consequences.
- Have effective compliance monitoring systems in place: Companies should ensure that their compliance systems and technology align with policy objectives to detect and prevent potential violations.
- Rollout ongoing compliance training and policy updates: Compliance programmes should be regularly reviewed and updated to respond to new challenges and employee feedback, ensuring policies remain clear, relevant, and well-communicated.
- Ensure a balance between high workloads and compliance expectations: Compliance teams should assess whether employees can reasonably meet compliance requirements within standard workloads to avoid creating undue risk.
Looking for more compliance insights?
We have created a series of comprehensive roadmaps to help you navigate the compliance landscape, supported by e-learning in our Essentials Library.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.
