This month's key compliance news includes Deere's bribery, Clearview AI's data fine, the fallout from the Slack hack, Nordic AML fines, SMCR woes, and more.
The Illinois-based tractor and heavy machinery manufacturer John Deere has agreed to pay $9.93 million to settle a bribery probe.
According to the SEC, its Thailand subsidiary offered improper gifts to officials at the Royal Thai Air Force, Thailand's Department of Highways and its Department of Rural Roads to secure multiple government contracts.
Between 2017 and 2020, managers and employees at its Wirtgen unit offered bribes in the form of cash, meals, sham consulting fees, and trips to massage parlours. International travel and sightseeing trips to European countries were disguised as "factory visits".
The improper payments were all recorded as legitimate business expenses. The unit made a $4.3mn profit as a result of the bribes. Despite acquiring Wirtgen Thailand in 2017, Deere had failed to integrate it into its compliance and controls environment.
“This action is a reminder for corporations to promptly ensure newly acquired subsidiaries have all the necessary internal accounting control processes in place,”- Charles E. Cain, Chief of the SEC Enforcement Division's FCPA Unit
Its actions had violated the recordkeeping and internal accounting controls provisions of the Foreign Corrupt Practices Act. However, the regulator acknowledged Deere's cooperation, the termination of those involved in misconduct, and its strengthening of compliance procedures and anti-bribery training.
In a statement, Deere said, "These allegations represent a clear violation of our company policies and ethical standards. They are in direct conflict with our core values - particularly our commitment to integrity--and we strongly condemn such practices."
US software company Clearview AI has been fined again. This time, it's been handed a €30.5 million fine by the Dutch Data Protection Authority.
Clearview AI shares its facial recognition tools with law enforcement agencies. The Dutch data watchdog accused the company of scraping the internet for images of citizens in the Netherlands and using it to build an "illegal database" without their consent, violating the General Data Protection Regulation (GDPR).
It also claimed that the firm assigned biometric identifiers to faces, which can be used by intelligence agencies in the US.
However, Clearview has hit back, insisting it only operates outside the EU. Its chief legal officer, Jack Mulcaire, argues the penalty is "unlawful, devoid of due process" and "unenforceable".
Clearview has been warned that it faces additional fines of €5 million if it fails to comply. But we have been here before. The company was charged with similar violations in France, Greece, Italy and Austria. Its total unpaid fines in the EU currently stand at €80 million.
Chairman of the Dutch DPA Aleid Wolfsen acknowledged the value of facial recognition technology in fighting crime. But he would prefer this was done by "competent authorities in highly exceptional cases only" rather than commercial companies.
"Facial recognition is a highly intrusive technology, that you cannot simply unleash on anyone in the world. If there is a photo of you on the Internet then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film."
- Aleid Wolfsen, Chairman, Dutch DPA
Disney is planning to transition its internal communications from the messaging platform Slack to Microsoft Teams, according to an email sent by its CFO Hugh Johnston.
News of the transition is not surprising. The hacking group called NullBulge breached Disney's internal messages over the summer, gaining access to over 1.1 TB of messages and files. The leaked files were then posted online.
This included data about unreleased projects, code, images, login credentials, links to internal websites and APIs from around 10,000 channels. The NullBulge group is a "hacktivist group protecting artists' rights and ensuring fair compensation for their work".
It claimed that the data came from an insider and subsequently published details of that employee, thought to be in retaliation for cutting off access and communication. It's unclear whether the person actually collaborated or their account was compromised.
Security experts have long warned about the dangers of cloud and software-as-a-service platforms.
"It is just easier for attackers and holds bigger rewards", Roei Sherman of Mitiga Security told Wired magazine. "Disney will probably be targeted a lot more now by opportunistic threat actors."
News of the transition has sparked discontent among some workers at Disney, who are worried about losing integrations and archived content, and the subsequent impact on productivity.
Slack is owned by Salesforce and popular with many organisations, including Capital One, IBM, Paramount, and Uber.
Nordea Bank will pay $35 million to settle its probe into compliance failures linked to the 2016 Panama Papers leak, according to New York's Department of Financial Services (NYDFS).
It said the bank had failed to tackle deficiencies in its AML regime and conduct proper due diligence on its customers and partners.
Its investigation revealed links between Nordea and illicit money from Russia and Azerbaijan and said that high-risk transactions worth billions of dollars were carried out between 2008 and 2019.
"Deficient AML controls, an unsophisticated transaction monitoring apparatus, and a decentralized global compliance program created a set of circumstances that exposed Nordea's financial channels to a high risk of criminal abuse. Nordea's relationships with U.S. banks imported those risks to the New York financial system," the NYDFS said in a statement.
"International financial entities such as Nordea must
-Adrienne Harris, NYDFS
safeguard against criminal activity in the global financial system,
and for years Nordea failed in these respects."
Jamie Graham, Nordea's chief compliance officer, acknowledged that historically, the bank had underestimated the complexity and resources needed to tackle financial crime but said €1.5 billion had been invested in AML controls since 2015.
Following investigations in multiple countries over suspected money laundering in its Estonian unit, Danske Bank has now reached a final settlement with French authorities.
The bank will pay €6.3 million, considerably less than the $2 billion it paid in the United States.
In 2018, Danske Bank found itself at the centre of one of the European Union's biggest money laundering scandals. Thousands of suspicious customers were found to have laundered around €200 billion through its now-closed Estonian unit.
In a statement, the lender's senior general counsel, Niels Heering, noted that it marked the end of all investigations related to the non-resident portfolio at its former Estonian unit, adding, "We are pleased to have reached this resolution with the French National Financial Prosecutor."
But as the case concludes for Danske Bank, it was just beginning for another player in the story…
Commentators have expressed shock after Swedbank's former CEO was convicted of "gross swindling" by the Svea Court of Appeal, overturning her previous acquittal in January 2023.
Birgitte Bonnesen was sentenced to 15 months for spreading misleading and financially damaging information about the bank's anti-money laundering operations in the Baltic region.
One expert described the news as "unprecedented". It would make Bonnesen the highest-ranking banker to be jailed for her role in the scandal.
Bonnesen was previously in charge of the bank's Baltic operations. When the scandal at Danske Bank surfaced in 2018, Bonnesen was asked whether Swedbank had problems which were tied to it.
"The court concluded that two of the answers were incorrect or misrepresented facts in a way that they were misleading," said the Presiding Judge Sven Johannisson.
Indeed, Bonnesen had said there were "no suspected money laundering ties to Danske Bank's operations in Estonia" and Swedbank "had gone through everything".
The judge said that these misleading statements had caused financial damage. When Swedish Television published a leaked internal Swedbank report that showed €80 billion passed through its Baltic business from Russia, Swedbank's shares plummeted, causing losses for investors.
The bank was fined SEK 4 billion in 2020 by the Swedish regulator. Bonnesen's severance pay was also cancelled after a report by Clifford Chance found around a high risk of money laundering linked to €37 billion of its transactions.
Swedbank's clients included Russian oligarchs, and some of the money could be traced to the notorious Magnitsky fraud.
"This is an important decision to deter other bank executives from lying and
- Bill Browder
manipulating information. In the past, it was banks that were fined, but the CEOs always walked free. Now every CEO will have to consider their own
personal liability before doing something similar."
"In my experience, this is an unprecedented outcome and one which should serve as a wake-up call to all senior managers and c-suite executives in regulated firms. Accountability is not just about some words written on a policy document or risk appetite statement but something real, tangible and which carries significant penalties if not delivered responsibly and effectively."
- Graham Barrow, AML expert
Bonnesen has denied the charges and plans to appeal.
Toronto-Dominion Bank has announced the retirement of its CEO, Bharat Masrani, and confirmed the name of his successor - Raymond Chun, its head of Canadian personal and commercial banking.
It's widely believed that the succession has been expedited as the bank battles several probes by US authorities.
A few weeks ago, TD Bank confirmed that it had set aside $2.6 billion to cover expected AML fines and penalties in its US division. Regulators also suspect Chinese crime groups and drug traffickers used the bank to launder the proceeds of US fentanyl sales, with some employees receiving bribes.
In a statement published by the bank, Masrani said:
"The anti-money laundering challenges we face took place on my watch as CEO and I take full responsibility. We have a strong bench of senior leaders and will execute a smooth and seamless CEO transition."
- Bharat Masrani
Separately, TD Bank also agreed to pay a $28 million penalty for credit reporting issues. The Consumer Financial Protection Bureau (CFPB) said the bank intentionally mishandled consumers' credit information, provided false information to consumer reporting companies and had subsequently failed to rectify its failings.
"Rather than treating its customers fairly and following the law,
TD Bank's management clearly cared more about growth
and expanding its empire through mergers."
A pregnant worker who was criticised by her boss and referred to as "very emotional and tearful" has had her total compensation increased from £37k to £350k by an employment tribunal.
Nicola Hinds, an account director for Mitie, notified the company of her pregnancy in July 2020. But Mitie failed to carry out a risk assessment. The tribunal said her manager, Nav Kalley, had "limited knowledge or awareness of HR issues, including responsibilities towards their pregnant employees".
In October 2020, Hinds informed account director Nav Kalley and head of operations Karla Harper in an email that she had experienced panic attacks, her sleep was disrupted, and she was "really struggling" with parts of her role. In particular, she was concerned about work-related stress and anxiety and wanted to resolve the situation.
However, in an email to HR, Kalley said Hinds had become "very emotional and tearful", adding that she "is certainly not overworked".
Mitie was already aware of Hinds' work-related stress due to a challenging client relationship. But the situation was handled "ineptly" despite an "obvious and pressing need" for a risk assessment.
Among other things, her manager:
Tynan added that by not carrying out a risk assessment, Mitie was "in breach of its duty of care to the claimant, in breach of its statutory obligations in the matter and in contravention of its own documented policy, procedure and guidance".
Hinds was found to be unfairly constructively dismissed.
In its final judgment, the tribunal recommended increasing the award from £37k to £350k after receiving more information from Mitie and factoring in Hinds' loss of earnings.
"Employers should ensure that they not only provide equality and diversity training, but that the training they provide covers the use of stereotypical language. The sum of compensation awarded in this case shows that failing to provide such training could be very costly."
- Ross Spiller, employment solicitor at Mayo Wynne Baxter
A $30 billion offshore energy project is under threat after Australia's Department of Climate Change, Energy, the Environment and Water (DCCEEW) added the dusky sea snake to its endangered list.
The newly protected species is unique to the Scott Reef and Browse Basin in Western Australia, where energy giant Woodside is leading a $30 billion project to boost energy security.
However, conservationists are calling on the government to "urgently review all activities for the fossil fuel industry across the Browse Basin", highlighting "known and potential impacts". This also includes threats to Green Turtles and Pygmy Blue Whales.
The question is how to balance the need for energy security with recognised environmental impacts.
“Browse would be an important part of not only WA’s gas supply
- Roger Cook, WA Premier
but making sure we can assist our south-east Asian and north Asian partners
to decarbonise their economies through the ongoing supply of gas.”
JPMorgan has appointed Ryland McClendon, its head of diversity and inclusion, to oversee the "wellbeing and success" of its junior bankers.
The news comes just one week after it and Bank of America announced it was capping junior bankers' hours to 80 hours a week amid concerns about overworking across the sector. However, an exception has been made for those working on live deals.
The sector's high-pressure, long-hours culture has been a concern for some time. But, banks are facing renewed scrutiny following the tragic deaths of two BoA junior bankers earlier this year. JPMorgan's CEO Jamie Dimon has set out three priorities:
Time will tell whether these measures actually move the dial or, as cynics say, are merely "surface-level" HR measures to protect banks from the backlash.
Separately, Dimon has also been a high-profile champion of workers returning to the office despite the widely reported benefits of hybrid working.
Dimon's not alone. Amazon has also issued a five-day return-to-office (RTO) mandate, which some employees describe as "going backwards".
We have created a series of comprehensive roadmaps to help you navigate the compliance landscape, supported by e-learning in our Essentials Library.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.