This month's key compliance news includes TD Bank's record AML fine, the government's Employment Rights Bill, LinkedIn's data privacy violations and more.
TD Bank has agreed to pay $3 billion to settle charges for failing to monitor money laundering activities linked to drug cartels. This includes a record-breaking $1.3 billion penalty to the US Treasury’s Financial Crimes Enforcement Network and an additional $1.8 billion to the US Justice Department.
As part of the settlement, TD Bank will also plead guilty to violations of the Bank Secrecy Act. The Department of Justice highlighted TD's "systemic deficiencies" in transaction monitoring, with over 90% of transactions going unreviewed from January 2018 to April 2024. This oversight enabled money laundering networks to transfer more than $670 million through TD accounts.
“By making its services convenient for criminals, it became one. I want to be clear, these systemic failures did not just create hypothetical vulnerabilities, but they resulted in actual, material harm to American citizens and communities. Time and again, unlike its peers, TD Bank prioritised growth and profit over complying with the law.”- Merrick Garland, Attorney General
TD Bank is strengthening its anti-money laundering efforts by hiring over 700 specialists with expertise in financial crime prevention and implementing enhanced processes to improve detection and risk assessment.
Additionally, the bank will undergo four years of monitoring by the US Financial Crimes Enforcement Network (FinCEN) to ensure compliance with the new measures.
The UK and US governments have announced a joint commitment to tackle online child sexual abuse by enhancing international cooperation to remove harmful content and prevent exploitation.
This partnership will establish a joint working group on children’s online safety, encouraging online platforms to accelerate protective measures, especially for end-to-end encrypted services, and address the growing issue of AI-generated child abuse content.
The Internet Watch Foundation (IWF) supports this collaboration, emphasising the importance of including civil society expertise in developing strategies to safeguard children online.
The IWF, which has worked with tech providers since the 1990s, stresses that global online safety initiatives—such as the UK’s Online Safety Act and similar EU legislation—are essential for holding platforms accountable in combating harmful and illegal content. This coordinated effort signals a strong, shared resolve to prioritise children’s online safety worldwide.
The Irish Data Protection Commission (DPC) has concluded an investigation into LinkedIn Ireland Unlimited Company, following a complaint originally made to the French Data Protection Authority. The DPC’s inquiry focused on LinkedIn's use of member data for behavioral analysis and targeted advertising.
The final decision found LinkedIn’s data processing practices lacked lawfulness, fairness, and transparency, resulting in a reprimand, an order to correct practices, and €310 million in fines.
"The lawfulness of processing is a fundamental aspect of data protection law and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject's fundamental right to data protection."- Graham Doyle, Deputy Commissioner, DPC
The decision underscores the GDPR’s demand for lawful, clear, and fair processing of personal data, reflecting a significant regulatory push for greater transparency and accountability in online data use.
On October 10, 2024, the UK government introduced the Employment Rights Bill, which includes 28 reforms aimed at enhancing worker protections. Key changes focus on expanding rights for flexible working, reflecting the positive impact of remote work during the pandemic.
The government plans to establish the right to remote work from the start of employment as a default, allowing employers to refuse only under specific statutory grounds.
In addition to flexible working, the Bill enhances sick pay rights, allowing employees to receive pay from the first day of sickness rather than after three days, and extends these rights to workers earning below the current minimum threshold. Other proposed "day one" rights include parental leave and increased protection against workplace sexual harassment.
The Bill also proposes amendments to the Equality Act 2010, requiring private sector employers with 250 or more employees to create action plans to address gender pay gaps and implement menopause support policies. Pregnant women and new mothers will receive additional protections against dismissal during and after maternity leave.
Additionally, the Bill seeks to eliminate exploitative zero-hour contracts, providing guaranteed hours for those who work regular shifts over a defined period. Most of these reforms are expected to take effect by 2026, giving businesses time to adapt to the new requirements.
The Financial Conduct Authority (FCA) has fined Volkswagen Finance UK £5.4 million for unfairly treating customers in financial difficulty, which may have caused them harm. The company will also pay over £21.5 million in compensation to approximately 110,000 affected customers following an investigation.
From January 1, 2017, to July 31, 2023, Volkswagen Finance repossessed vehicles from vulnerable customers without considering alternative solutions. This approach risked worsening their situations, particularly for those reliant on their cars for commuting.
The FCA criticised the company for failing to understand individual customer circumstances and for using automated, templated communications.
"For many, a car is not a nice to have but a necessity for work or for family life. Volkswagen Finance made tough personal situations worse by failing to consider what those in difficulty might need."
- Therese Chambers, executive director of enforcement & market oversight, FCA
In response to the investigation, Volkswagen Finance has improved its training for customer service staff, enhanced communication strategies, and implemented a new debt collections model. By agreeing to resolve the issues, the company received a 30% discount on its initial £7.7 million fine.
Defence contractor RTX has agreed to pay more than $950 million to resolve investigations into allegations of misleading the Defense Department and bribing a senior Qatari air force official.
The company formalised the settlement in federal court in Brooklyn, agreeing to pay over $280 million related to U.S. bribery and export control violations. Additionally, an RTX subsidiary will pay approximately $574 million in a separate agreement concerning government contracting law violations.
The settlements come amid a series of legal challenges that RTX warned in July could cost up to $1.24 billion. Both cases involve deferred prosecution agreements, allowing charges against RTX’s Raytheon unit to be dismissed if the company enhances its compliance measures.
"Raytheon engaged in criminal schemes to defraud the US government in connection with contracts for critical military systems and to win business through bribery in Qatar. Such corrupt and fraudulent conduct, especially by a publicly traded US defense contractor, erodes public trust and harms the DOD, businesses that play by the rules, and American taxpayers."
- Kevin Driscoll, Deputy Assistant Attorney General, Justice Department
Several former employees of EY have pushed back against their firings for completing multiple online training courses simultaneously, arguing that their actions were not unethical.
The consulting firm terminated dozens of staff in the U.S. after an investigation revealed that some employees attended different courses at the same time during the “Ignite Learning Week” in May. EY claimed this behavior violated its code of conduct, branding it as unethical.
The affected employees argue that they were not informed of any prohibition against multitasking during training and pointed out that the company's communications encouraged participation in as many sessions as possible.
This crackdown follows previous scandals involving cheating at EY, including a $100 million settlement with the SEC in 2022 due to misconduct in its accounting department. The firm stated that disciplinary actions were taken against those who violated ethical standards.
In light of the backlash, EY has modified its communication regarding future training, explicitly instructing employees not to engage in other learning activities during training sessions.
Some former employees contend that the company's high-pressure work culture, which promotes multitasking, contributed to their decisions to attend multiple courses. They expressed frustration at the punitive measures, suggesting that the company should improve its systems instead of imposing harsh penalties.
EY has faced criticism in the past for its intense work environment, particularly after the death of a young employee in India, raising concerns about employee well-being. The firm maintains that it prioritises the health and well-being of its workforce and is committed to improving workplace conditions.
We have created a series of comprehensive roadmaps to help you navigate the compliance landscape, supported by e-learning in our Essentials Library.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.