Corporate Crime Insights - November 2024

November 26, 2024

Welcome to the November 2024 edition of Dentons' Corporate Crime Insights, where our UK Regulatory and Investigations team has pulled together news and updates from each of our respective specialisms likely to be of use to our clients in their decision-making.

As with all previous editions, our team has used our combined experience and background at each of the key regulators to give our perspective on significant updates to help inform your horizon scanning in respect of financial crime compliance.

The big news this quarter all centres around fraud, with the APP requirements coming into effect for payment services providers and, of course, the publication by the Home Office of the Failure to Prevent Fraud guidance, which means that the offence itself will come into force in September 2025. We anticipate that many of our clients will be seeking the "legal advice" recommended repeatedly through the guidance to ensure that they understand how the offence may impact them and to consider the framework they need to put in place.

This update covers:

• Anti-money laundering
• Bribery and corruption
• Sanctions
• Corporate fraud
• Internal investigations

Anti-money laundering

• The UK is currently awaiting the publication of two HM Treasury consultations on the current anti-money laundering (AML) framework. One consultation (which closed in June 2024) examines the efficacy of existing Money Laundering Regulations (MLRs), while the other (which closed in September 2023) explores restructuring options for AML supervision. Tulip Siddiq MP has announced in parliament that further updates will be available soon and we understand publication in respect of at least one of the results is due to be published imminently.
• In October 2024, the Financial Action Task Force (FATF) reviewed and published its list of high-risk AML jurisdictions (the "black" and "grey" lists) which have direct effect on AML regulated firms in the UK. High-risk jurisdiction lists should be updated to include Algeria, Angola, Côte D'Ivoire and Lebanon and to remove Senegal.
• These changes were made as part of the October 2024 FATF plenary meeting in Paris. Key takeaways for UK compliance professionals in addition to the grey list changes are the publication of a consultation on proposed changes to the standards to assist in financial inclusion, which may result in changes at a state level, particularly for firms operating in emerging markets. Further FATF updates are also anticipated in the area of cross-border payment standards, which may result in new obligations, and updated guidance in respect of NPOs to ensure that legitimate charity work is not impacted.
• In the financial services space, the FCA has fined Starling Bank for failings in its financial crime systems and controls (AML and sanctions compliance), which failed to keep pace with growth of the business. A key lesson for all regulated firms (whether financial services or otherwise) is to ensure that financial crime risk management is under ongoing review to ensure that the controls in place remain proportionate to and able to appropriately respond to the risks faced by the business.
• In August 2024, the FCA fined CB Payments in respect of a breach of the Electronic Money Regulations 2011. The firm was fined in excess of £3.5 million for repeatedly providing payment services to high-risk customers in breach of a voluntary requirement whereby it had agreed with the FCA not to provide such services until it sufficiently addressed issues with its financial crime framework.
• Those clients with EU operations will be keeping an eye on the progress of the EU's sixth Anti-Money Laundering Directive, which has now been published and is due to be implemented by member states by July 2025, and the new Authority for AML (AMLA) oversight, which will be headquartered in Germany and expected to develop regulatory technical standards which should lead to greater harmonisation across member states. It will also have the power to impose penalties against "obliged entities" (i.e. those subject to the relevant AML regulations).

Bribery and corruption

• In July 2024, the Serious Fraud Office (SFO) published its Annual Report and Accounts for the reporting year 2023-2024. The SFO detailed that in the past year it has taken three cases to trial, arrested 15 individuals and opened six criminal investigations. This follows Director Nick Ephgrave's first year in the role after replacing Lisa Osofsky in September 2023. Based on this reporting, it does not appear that there has been a sea change in the number of expected investigations to be opened. However, Mr Ephgrave has recently disclosed a change in strategy from the SFO, referring to its intention to use its power to grant immunity to "flip" potential suspects to secure evidence against other offenders, speeding up cases. He admits that the SFO has already started to use this strategy in an interview with the Guardian last month.
• Following Glencore's guilty plea to paying US$29 million in bribes to gain preferential access to oil in Africa in 2022, and the SFO subsequently seeking authorisation from the attorney general to pursue individual charges against former employees in June 2024, Glencore's former head of oil trading was charged with bribery offences on 1 August 2024. Alex Beard was charged with two conspiracies to make corrupt payments to government officials and state-owned oil companies in Nigeria and Cameroon between 2010 and 2014. Five other former Glencore employees were also charged with bribery offences. The six individuals appeared in Westminster Magistrates' Court on 10 September 2024.
• In the construction industry, the SFO has reportedly launched an investigation into a hotel and conference centre in Birmingham owned by Unite union and built using members' money. The General Secretary of Unite had previously commissioned two separate inquiries into the project. It is understood that Unite's offices have previously been raided by HMRC and South Wales Police as part of a separate investigation into bribery and fraud linked to the project, which is said to have cost £112 million to build but has been valued at just £29 million.
• Anti-corruption charity Transparency International UK announced on 9 September 2024 that an investigation had found corruption "red flags" in £15.3 billion of the UK's COVID-19 contracts. This translated to 135 contracts which were deemed to be "high-risk" by the charity. Such red flags included contracts being awarded to firms with known political connections, as well as contracts going through a "VIP lane" for those referred by politicians. Transparency International UK, as part of the UK Anti-Corruption Coalition, is a core participant in the ongoing COVID-19 inquiry.

Sanctions

• On 31 July, the UK government introduced new regulations strengthening the Russia sanctions package:
  • Ships can now be "specified" (meaning they will be subject to sanctions such as being banned from entering any UK port) for any activity whose object or effect is to destabilise Ukraine, or undermine or threaten the territorial integrity, sovereignty or independence of Ukraine, or to obtain a benefit from or support the government of Russia, or to contravene or circumvent Russian sanctions. This includes carrying military or dual-use goods to Russia, or oil or oil products originating in Russia.
  • In addition, individuals or entities may be designated (and therefore subject to restrictions such as an asset freeze and travel ban) for providing financial services, or making available funds, economic resources, goods or technology to persons involved in obtaining a benefit from or supporting the government of Russia, and for owning or controlling (directly or indirectly), or working as a director, trustee, other manager or equivalent in, an entity involved in destabilising Ukraine or undermining or threatening the territorial integrity, sovereignty or independence of Ukraine. These changes expand the criteria available to the UK government to designate entities, including foreign financial institutions facilitating transactions on behalf of or in support of specified sectors of strategic significance to the government of Russia.
• On the same day, the UK government updated its Syria sanctions to extend the exception from certain prohibitions for those involved in purchasing, supplying or delivering petroleum products used exclusively to provide humanitarian assistance in Syria. The new extended exception applies, amongst others, to the UN, international humanitarian organisations and NGOs, where before it was only available to those funded by the UK government.
• As of 1 September, a new UK Open General Export Licence (OGEL) came into effect. This licence enables easier transfer of defence and security material amongst approved parties pursuant to the AUKUS security partnership between the UK, US and Australia. To use the new OGEL, UK exporters must apply to join the AUKUS Authorised User Community (AUC). Once approved as an authorised user, UK exporters will be able to export, transfer or supply certain controlled goods to other members of the AUC. Check out Dentons' update here: https://www.linkedin.com/posts/activity-7234126391544365058-idy3?utm_source=share&utm_medium=member_desktop.
• On 27 September, the Office for Financial Sanctions Implementation, (OFSI) which deals with compliance with the UK's financial sanctions, issued its first civil monetary penalty for breach of UK financial sanctions since Russia's invasion of Ukraine in 2022. A £15,000 penalty was levied on Integral Concierge Services Limited for a series of payments it made or received in connection with services provided to a designated person without an applicable licence.
• On 10 October, the Office of Trade Sanctions Implementation (OTSI) was established to monitor the UK government's trade sanctions. As is already the case for OFSI in respect of financial sanctions, OTSI will be able to issue monetary penalties to firms or individuals who breach certain trade sanctions on a strict liability basis (as an alternative option to the criminal sanctions which already apply). In addition, the Trade, Aircraft and Shipping Sanctions (Civil Enforcement) Regulations 2024 also brought in new reporting requirements, such that financial services and legal services providers (amongst others) will be obliged to report breaches of trade sanctions they become aware of to OTSI. Check out Dentons' update here: https://www.linkedin.com/posts/ugcPost-7250080953149140993-exi6?utm_source=share&utm_medium=member_desktop.
• On 31 October, the UK government removed a licensing ground for sanctioned trade services, namely the licensing ground permitting services to a person connected with Russia by a UK parent company or UK subsidiary of that parent company.
• Since the last update, the UK has also announced new designations targeting Russian democratic interference agencies; Iranian military figures; Israeli settler organisations and individuals in the West Bank; individuals involved in repression of civil society in Belarus; and ships which form part of Russia's "shadow fleet" transporting Russian oil globally. The full UK sanctions list is available here.

Corporate fraud

• On 7 October 2024, new rules from the Payment Systems Regulator came into force, extending the previous contingent reimbursement model which applied voluntarily to a mandatory system applying to all in-scope payment services providers (PSPs). The new rules will mean that in-scope PSPs will be required to reimburse customers who have fallen victim to a scam when using the Faster Payments system. This is likely to provide significant challenge to our clients, both as they implement a framework for the effective tight turnaround of investigation and challenge, and the potential tension between the requirements and money laundering reporting responsibilities.
• In October 2023 the Economic Crime and Corporate Transparency Act (ECCTA) received Royal Assent, creating a new corporate offence of failure to prevent fraud. In early November 2024, the UK government published its guidance for firms on steps which they should take to ensure that they have adequate procedures in place to afford a defence to the new offence, which has triggered the coming into force of the offence, which will now happen on 1 September 2025. The team has started to consider how our clients can effectively implement a proportionate and compliant framework or make tweaks to existing frameworks to meet the challenges of the new offence.
• In 2023, the FCA commenced criminal proceedings against four individuals for the conspiracy to commit fraud, money laundering and carrying out unauthorised regulated activities. Earlier this week, the FCA secured successful convictions against two of the individuals, in respect of their conduct and involvement in a £1.5 million investment fraud which impacted at least 65 investors. Steve Smart, the joint executive director of enforcement at the FCA, noted that investors were lured with "promises of high returns on fake investments in crypto". Both defendants pleaded guilty to the conspiracy to defraud and the conspiracy to breach the general prohibition under the Financial Services and Markets Act 2000. One of the defendants also pleaded guilty to possessing false ID documents and perverting the course of justice by deleting phone call recordings following his arrest.
• In 2023/2024, the FCA has secured nine successful fraud prosecutions and charged 21 individuals in respect of financial crime. This is the highest number of charges in any one year and reflects the FCA's ongoing efforts to clamp down on fraud as it reaches the final year of its three-year strategy plan which recognised that fraud was a growing and complex issue. We anticipate that this surge in enforcement action will continue as fraud continues to be a priority area for the FCA and there is an increased sense of accountability on firms to help deter fraud.

Internal investigations

• The FCA has increased the pace of its investigations, emphasising in its recent press release in October that its investigation into Starling Bank for failures in financial crime controls took just 14 months. This is a stark contrast to the 42-month average for cases to close over the last financial year. A contributing factor to this swift resolution may have been remedial action taken by the bank as well as enhancements to a wider financial crime control framework. Remediation was certainly at the forefront of the resolution to the FCA's cross-border investigation with the French Autorité des Marchés Financiers (AMF) into asset manager H2O's due diligence processes. In August, the firm volunteered to pay €250 million to compensate investors and agreed to cease regulated activities in the UK by 31 December 2024.
• We also saw the FCA conclude its internal review into the "Handling of Internal Whistleblowing Communications" in September following two former employees' allegation that their identities as whistleblowers were revealed by the FCA chair at the time. As referenced in the summary of the outcome of the review, whistleblowers should be informed that it is not possible to guarantee their complete anonymity, but confidentiality is crucial. A whistleblower cannot be anonymous in all circumstances, particularly where investigators need to contact them for further information, or if there is only one individual operating in a particular function to which the whistleblowing relates. Regardless, confidentiality must be maintained to protect the whistleblower from possible repercussions and detriment whilst they are at the employer (here, the FCA). Therefore, whilst anonymity might be unattainable, firms and the FCA alike should be maintaining the utmost confidentiality and limiting disclosures to others to a "need to know" basis - a good best practice takeaway for firms generally.
• On 26 October 2024, a new legal duty for employers came into force, requiring firms to take reasonable steps to prevent sexual harassment of their employees. Our Employment team has set out an overview of the requirements, but firms reviewing their internal controls should ensure that they have appropriate reporting channels in place for victims of sexual harassment, and consider how they can adopt a people-centric approach and appropriately support employees during the course of an internal investigation.
• A recent case before the Employment Appeal Tribunal has opened the door for a potential expansion of protections under the Public Interests Disclosure Act (PIDA) to include UK charity trustees, who have been historically excluded from protection largely because they work generally unpaid and without a contract. Although no definitive decision was made on this point as it was not an issue which had been directly raised, the Judge found that there could be an argument that the role of a charity trustee could be held to be analogous to an occupational status. In our view, charities should consider the potential for this expansion when reviewing their internal whistleblowing policies to consider whether, at this stage, to voluntarily extend protection as a risk mitigation measure.