In our quarterly report, we take a look at key developments in the UK in terms of white-collar crime, investigations and enforcement over the past three months.
Everything we include on our quarterly review has a potential impact on business in the UK – both large and small. This has been an evolving spectrum of laws and regulations for 30 years, and at the end of this extraordinary and difficult year, we can only speculate about how far the pandemic will transform our business and the aftermath of law and regulation. We continue to include the core issues you would expect, and we are also developing areas of business and human rights concern that the English courts are currently grappling with. The role of the compliance function will also continue to expand, with a greater emphasis on culture and ethics beyond the strict requirements of laws and regulations. We are grateful for the positive feedback on our quarterly report and wish you all all the best for 2021.
The UK government is asking the Law Commission to review corporate white-collar crime laws:: In January 2017 the UK government launched a call for evidence after fearing that current criminal law does not provide a solid framework for prosecuting companies for economic crimes. On November 4, 2020, the government reported that the evidence presented was inconclusive and further investigation is needed before legislative reforms are implemented. In light of this finding, the government asked the Law Commission, a statutory independent body in the United Kingdom, to prepare proposals to investigate corporate financial crimes. At the end of 2021, the Legal Commission will publish an option paper in which the Commission will analyze the effectiveness of the applicable laws and make recommendations on legislative reforms. This suggests we expect further delays in expected corporate crime reforms, which may not come into effect until 2023.
The Serious Fraud Office ("SFO") publishes guidelines on Deferred Law Enforcement Arrangements ("DPA"): In October 2020, the OFS published its internal guidelines on data protection authorities by amending its SFO operating manual. The guidelines published largely reflect the messages that have emerged from the nine data protection authorities approved to date, but provide more useful guidance on what companies and their advisors need to understand in order to conclude a data protection authority with the OFS and avoid criminal conviction. Cooperation and recovery remain key factors, with significant weight attached to a “truly proactive approach” and the waiver of privilege is seen as an important part of such cooperation. Parallel investigations between authorities and jurisdictions is still a growing trend but still a situation where a data protection authority can be considered.
While full surveillance has not yet been implemented within a data protection authority, the published guidelines make it clear that this remains a possibility in the OFS arsenal alongside less burdensome alternatives such as an external auditor (imposed by the SFO's eighth data protection authority). . In the terms of a data protection authority, it is usually fair, reasonable and proportionate to impose a fine and other monetary obligations.
DPA of the OFS at Airline Services Limited ("ASL"): The High Court approved the SFO's ninth data protection authority on October 30, 2020. Following the ASL's self-report to the OFS in 2015, the data protection authority has concluded investigations and negotiations for five years. The indictment includes three cases in which bribery was not prevented contrary to Section 7 of the Data Protection Agency's Bribery Act 2010. The ASL representative used commercially sensitive information about potential competitors to secure three commercial aircraft overhaul contracts valued at $ 7.3 million. GBP to complete. ASL, now not a trading company, has agreed to pay nearly £ 3m in fines, lost profits and costs as per data protection regulations. Ms. Justice May agreed with the DPA, believing that the collaboration, self-reporting, nature of the conduct and corrective actions taken by ASL resulted in a DPA in the "interests of justice". Considering these factors, ASL obtained the maximum 50% discount on the fine.
The director of the SFO calls for the extension of the laws to prevent violations: Lisa Osofsky, director of the OFS, spoke in front of the Royal United Services Institute on October 8, 2020, calling for the crimes to be extended to fraud. The UK's non-prevention laws currently apply to bribery and tax evasion and create direct liability for a company where it has been determined that a person acting for or on behalf of a company has facilitated bribery or tax evasion, as well as for the company do not prevent such an offense. It is important that “non-prevention” of crime bypasses the traditional challenge of making companies criminally responsible by demonstrating that the people involved are high enough to represent the company's “controlling spirit and will”.
SFO Success in Bribery Cases at Unaoil and Petrobras: The OFS made two notable announcements related to high profile corruption scandals in the last quarter.
In October 2020, the conviction of a former Unaoil executive director was announced after pleading guilty in 2019 to a conspiracy to pay corrupt payments related to oil pipeline construction projects in Iraq. Basil Al Jarah was sentenced to three years and four months in prison after conspiring to bribe Iraqi officials around $ 20 million to land contracts valued at $ 1.7 billion. Al Jarah received a reduced sentence while helping with the SFO investigation. However, it was found that he played a central role in the bribery because of his strong business relationships and his obvious ability to take advantage of them.
In November 2020 the OFS announced that it had successfully received nearly £ 1.2 million from a person implicated in the Brazilian "Operation Car Wash" scandal which exposed widespread corruption in the Brazilian oil industry. The person, Julio Faerman, was suspected by the SFO of buying a luxury apartment in West London with the proceeds of his criminal behavior. Faerman has been investigated by the OFS after admitting bribery in connection with the Brazilian corruption scandal in his home country, Brazil. The OFS investigation looked at its £ 4.25million London apartment, as well as some of its offshore bank accounts and businesses. Faerman eventually reached an agreement with the SFO that would require him to pay nearly £ 1.2 million to free his property from a freeze warrant.
These two announcements mark further achievements for the SFO in late 2020. The SFO has reaffirmed its commitment to holding individuals, not just businesses, accountable for their role in bribery scandals. It has also stated that it will continue to investigate, seize and recover criminal assets held in the UK.
SFO first listed asset order: In September 2020 the OFS used a Listed Asset Order ("LAO") for the first time. LAOs enable law enforcement agencies to seize, detain, and forfeit certain valuable items of personal property if they have reasonable grounds to suspect that such" listed assets "have been illegally acquired. Assets listed include precious metals and stones , Clocks, artwork, face value vouchers or postage stamps, LAOs are a key example of the OFS using new legal powers incorporated into the Proceeds of Crime Act 2002 by Section 15 of the Criminal Finances Act 2017.
In this case, the OFS used an LAO to successfully recover £ 500,000 worth of jewelry, including necklaces, Rolex watches and rings, on the basis that such assets were believed to have been purchased with the proceeds of crime from a mortgage fraud case . Although this is the first time the OFS has set up an LAO, the National Crime Agency ("NCA") used an LAO in 2019 to seize a £ 1 million ring. The SFO stated that it would continue to use all powers available to it to confiscate proceeds from crime.
SFO and the Financial Services Compensation Scheme ("FSCS") work together to eradicate serious and complex fraud: On November 19, 2020, the FSCS and SFO signed a Memorandum of Understanding ("Letter of intent") Facilitate the investigation and prosecution of serious and complex fraud cases. While the OFS is already tasked with investigating serious and complex fraud cases, the role of the FSCS is to protect the consumers of regulated financial services companies in the UK when they fail. The Memorandum of Understanding formalizes ways of exchanging information in order to support both agencies in performing their respective functions. The MoU also provides for additional collaboration, including the exchange of expertise and the provision of testimony, expert advice or oral evidence for use in court or in court.
NCA Achieves First Successful Use of Unexplained Wealth Order ("UWO"): A suspected money launderer has agreed to lose nearly £ 10 million worth of assets to the NCA. Mansoor Mahmood Hussain and the NCA reached an agreement on August 24, 2020, with the High Court sealing the recovery order on October 2, 2020. Earlier this year, after a hearing in July 2019 when the agency also filed a motion, the NCA secured a UWO against Mr Hussain for a temporary freeze order. This was the second UWO the NCA has successfully obtained and deployed, but the first UWO obtained solely because of a person's alleged involvement in serious organized crime. UWOs were introduced by the Criminal Finances Act 2017, which amended Part 8 of the Proceeds of Crime Act 2002. UWOs require the respondent to provide evidence of how they obtained certain assets. The High Court ruled that there were reasonable grounds to suspect Mr. Hussain's involvement or association with those involved in serious crime.
Important findings from the 2019/2020 annual report of the Office of Financial Sanctions Implementation ("OFSI"): The UK OFSI reported that in the financial year from April 2019 to March 2020 it received 140 voluntary reports of potential sanctions violations with a total transaction value of £ 982 million, a significant increase over the previous two financial years. While most violations were reported in the banking and financial services sectors, more and more reports were reported in the legal, charity, insurance, energy and travel sectors.
Since its inception four years ago, OFSI has only imposed four fines (1), three of which were imposed in fiscal 2019-2020. However, OFSI has only imposed a multi-million pound fine so far and so it remains to be seen whether this can really be seen as an indicator that OFSI is playing a more important and active enforcement role.
Other notable developments highlighted in the 2019/2020 OFSI report include the addition of 44 new named persons to the consolidated list of asset freeze and asset freeze targets totaling nearly £ 12.5 billion as of September 2019. OFSI continued its reach and engagement efforts in preparation for Brexit at the end of the transition period, publishing general guidance on autonomous UK financial sanctions in January 2020 (updated July 2020) and guidance on Russian financial sanctions that will apply when Russia (Sanctions) (EU exit regulation 2019 comes into force.
It has also nearly doubled its international collaborative efforts, partnering with 83 jurisdictions in the past fiscal year, compared to 42 in fiscal 2018-2019. It will be interesting to see if OFSI benefits from the additional resources and information that OFSI's international collaboration provides would be expected to bring.
The Information Commissioner's Office ("ICO") fined £ 20 million for breaching cybersecurity data: In October 2020 the ICO imposed a £ 20 million fine under the General Data Protection Regulation ("GDPR") To British Airways plc ("BA”) For a data breach that BA suffered in June and July 2018. The size of the fine was a significant reduction from the original £ 183.39 million amount proposed by the ICO in its letter of intent in July 2019.
The breach is believed to have affected 429,612 customers and employees and that attackers have collected information including: personal customer information such as name, address and payment card details, as well as user names and PIN numbers for BA Executive Club accounts and login details for BA administrator and employee accounts. The ICO identified specific concerns about BA's practices, including the fact that: (i) BA did not discover the data breach itself but was made aware of it by a third party (and it was unclear whether BA would have identified the breach itself) , and (ii) BA could have taken a number of measures without undue cost to reduce or prevent an attacker from accessing its systems, including: multi-factor authentication, more stringent penetration testing, ensuring different passwords for different ones Accounts and monitoring / logging of access to files on BA systems.
In calculating the amount of the £ 20m fine, the ICO took a starting value of £ 30m instead of the £ 183.39m proposed in its previous Memorandum of Understanding (although the ICO did not clarify how it was going starting at £ 30 million as a starting point) before reducing the fine taking into account the following factors: (i) it was not a deliberate or intentional act on the part of BA and BA did not make any financial gain from the breach; (ii) BA's “good conduct”, including the fact that no previous violations were reported to the ICO, its full cooperation with the ICO's investigation and the rapid implementation of improvements to its IT systems to anticipate a similar cyberattack in the future prevent; and (iii) given the current public health emergency and related economic impact of the COVID-19 pandemic.
The Financial Conduct Authority ("FCA") last message to the trader according to insider belief: On September 1, 2020, the FCA issued a final notice against Julian Rifat preventing him from performing any future functions related to the regulated activities of an authorized or exempted individual or an exempted professional company. Mr. Rifat had committed several dishonesty violations. Between June and November 2009, Mr. Rifat was involved in insider trading eight times when he was a Senior Trader at Moore Europe Capital Management, LLP. In his position, Mr. Rifat often received information on major transactions before public announcements were made. He was also aware of the fact that he had received price sensitive information on a regular basis. However, Mr. Rifat took advantage of his position and conducted numerous business through a professional intermediary between the time he received the price sensitive information and the time it was publicly announced. The total value of the eight trades he placed was £ 285,000. On March 19, 2015, Southwark Crown Court sentenced Mr Rifat to 19 months in prison and a fine of £ 100,000. The FCA also determined that Mr. Rifat is no longer an appropriate person to perform functions related to regulated activities and found in its decision that Mr. Rifat's actions represented a "clear and serious lack of honesty and integrity".
Pension Cold Call – £ 130,000 Fine Issued: On September 10, 2020, the ICO imposed a £ 130,000 fine on CPS Advisory Ltd ("CPSAL ”) for 106,987 unauthorized marketing calls to individuals about their pensions. According to regulation 21B of the Regulation on Data Protection and Electronic Communications (EC Directive) of 2003, a person may not call individuals without being asked to directly market company or personal pension schemes, unless certain conditions apply. An important requirement is that the caller must be an “authorized person” within the meaning of Section 31 of the Financial Services and Markets Act 2000 or a person who is a trustee or manager of a corporate or personal pension scheme. This was not the case here. During its investigations, the ICO also found that CPSAL engaged in questionable practices during those calls, such as false claims that CPSAL had obtained the call recipient's personal information from a "survey" when the call recipient in question did not remember filling out a Survey.
Business and human rights cases before the English courts:: UK companies with overseas offices will be aware of the recent trend that English courts are open to review allegations of alleged violations of business and human rights (“BHR”) Abroad, as we have dealt with here in a customer alert. In the recent BHR case of Municipio de Mariana v. BHP Group Plc, the High Court appears to have placed some limits on its willingness to bring such claims. If a case is already pending in the jurisdiction of the alleged violation and there is reason to believe that the applicant has a fair chance at material justice, the English courts would be unwilling to accept the jurisdiction. The High Court dismissed the class action and concluded that it would be "expensive, almost endless, unfocused, unpredictable and unmanageable" to have the same case heard in Brazil and England at the same time. For a full summary of the implications of this ruling, see our Practical Law Notice here.
Latest developments of the Modern Slavery Act ("MSA"):: The UK has long been a leader in combating modern slavery risks in corporate operations and supply chains. On September 22nd, 2020, in response to the supply chain transparency consultation, the UK government reaffirmed its commitment to eradicate often hidden risks. The response examines the various obligations under the MSA and specifically states that a single reporting deadline will be introduced for modern statements of slavery that must address specific issues (which issues should be addressed is further determined by the government). The government set out further details of its mission against modern slavery in its Annual Report on Modern Slavery, published October 14, 2020. The English courts have also helped develop in this area. In R v Wabelua, the appellate court provided useful guidance on how the court should proceed in deciding whether to issue a slavery and human trafficking order under the MSA after a defendant was convicted of an offense against slavery or human trafficking. The English courts must satisfy themselves that (i) there is a real risk that the accused will commit further violations of slavery or human trafficking, and (ii) the order to protect individuals is necessary rather than merely desirable or helpful.
The Financial Reporting Council ("FRC") for reporting on climate change: The FRC has published a comprehensive thematic overview (the "review”) From climate-related considerations from boards of directors, corporations, accountants, professional associations and investors, suggesting that the focus is well below what is needed. The FRC's focus on non-financial reporting coincides with announcements by the UK government that it will set stricter standards for corporate environmental disclosure so that investors can better understand their risks to climate change. The review concluded that (i) there is little evidence that business models and strategies are sufficiently influenced by integrating climate considerations into governance frameworks; (ii) An increasing number of companies report extensively on climate-related issues. However, it is unclear how progress will be made, monitored or ensured towards these objectives. and (iii) Investors support the Task Force on Climate-Related Financial Disclosures ("TCFD”). Please see our customer notification here for more information.
The life science industry is facing new enforcement powers in post-Brexit regulations: Since Brexit in Great Britain will be finalized on January 1, 2021, the regulator for medicines and health products ("MHRA”) Will be the regulator for stand-alone pharmaceuticals and medical devices in the UK. The transition from the EU allowed the UK to make completely independent regulatory decisions for devices and medicines, both nationally and in collaboration with other international regulators.
The frequent changes in legislation on these issues will no longer result from updates at EU level. The Law on Drugs and Medical Devices (the "bill”), Which has almost completed its passage by Parliament, is creating the structure for the UK government to legislate for updates or amendments to our existing laws on human and veterinary drugs, clinical trials and medical devices at the end of the Brexit transition period in 2018 issued January 2021.
When the bill goes into effect, several new enforcement tools will be available to the MHRA, including enforcement obligations and fines. As with other UK regulators, the MHRA will have the power to choose between civil and criminal penalties for violating the rules that apply to companies, but also to individuals and directors. Please see our customer notification here for more information.
We would like to thank the following team members for their contributions: MoFo staff Laura Steen, Pietro Grassi, James Colautti, Sampaguita Tarrant, Rayhaan Vankalwala and Matt Rodin as well as budding lawyers Stephanie Pong, Georgia Wright and Tom Zheng.
(1) Details of the fines imposed by OFSI can be found here: https://www.gov.uk/government/collections/enforcement-of-financial-sanctions
(View source.)