Skip to content

European Financial Crime Compliance and Enforcement Trends: Where Next?

2017 saw an escalation in the regulatory pressure placed on compliance departments across Europe. Over the last year, the European Union and numerous national governments introduced a cluster of new laws and regulations to help fight financial crime, including: the EU 4th Anti-Money Laundering Directive, the UK’s Criminal Finances Act and France’s Sapin II. Despite increasing regulatory expectations, the resources that compliance departments are afforded to mitigate the risk has not kept pace. This means compliance professionals are being asked to do more with less. What are the key lessons that compliance officers should take from 2017 to help meet this challenge, and how is the financial crime compliance landscape likely to evolve in 2018? Policing & Crime Act strengthens the UK sanctions regime  Until now, the UK’s enforcement of financial sanctions has been relatively reserved when compared to the aggressive fines and actions taken by US enforcement bodies. Although the UK Financial Conduct Authority (“FCA”) has fined banks for inadequate systems and controls, there has been little by way of enforcement against corporates for sanctions violations.   This may soon change with the introduction of the Policing and Crime Act (“The Act”). Part 8 of The Act, which came into force on 1 April 2017, gives the Office of Financial Sanctions Implementation (“OFSI”) new civil powers to impose monetary penalties for breaches of financial sanctions. These powers don’t just cover UK corporates though. Under OFSI’s guidance, a company is now subject to the new enforcement measures if it has any connection with the UK, meaning that non-UK companies may now also fall under the remit of OFSI’s enforcement regime.  One of the key expectations will be early disclosure, which shows now more than ever, the importance of having strong policies, systems and controls to manage sanctions risk and identify issues early. OFSI can impose penalties on both the corporate entity subject to investigation as well as the officials of that corporate. The level of penalty determined or levied by OFSI can now be the greater of £1,000,000 or 50% of the estimated value of the breach. The Act also importantly strengthens criminal penalties, increasing the maximum criminal penalty for breach of financial sanctions, from two to seven years’ imprisonment. In addition, the Act adds a breach of financial sanctions to the list of offences which Deferred Prosecution Agreements (“DPAs”) may be entered into, adding further to the toolkit of the enforcement options available in the UK. These changes take a hard line against sanctions breaches and further indicate that UK authorities are moving towards the US style of law enforcement in the year ahead. Anti-bribery & corruption (“ABC”): why complying with the FCPA or UK Bribery Act isn’t enough  The Netherlands, Spain and Italy are just some of the governments that introduced anti-bribery and corruption legislation or regulatory requirements in 2017. In particular, France’s Sapin II mandates the compulsory implementation of an anti-corruption compliance programme for French companies and French subsidiaries of foreign companies who have at least 500 employees and whose annual turnover is more than €100 million. Failure to have a suitable programme, as determined by the new Agence Française Anticorruption (“AFA”), carries a fine of up to €1 million, in addition to larger fines for actual bribery.  With the above in mind, although US and UK corruption legislation remain the ‘gold standard’ globally, not all requirements of newer laws outside of these jurisdictions will be met by complying with older legislation. There are many significant changes. By way of example, whistleblowing lines in France must be anonymised and have set rules for escalation. There are also additional rules regarding conflicts. Likewise, Spanish and other laws require written compliance prevention plans and/or due diligence which may be broader than previous norms because of a broader definition of bribery, or ‘influence peddling’. As a result, companies, especially multinationals, can no longer rely on ABC policies that comport only to the Foreign Corrupt Practices Act or the UK Bribery Act. In 2018 and going forward, companies will need to ensure that their controls are aligned with anti-corruption laws in all the major jurisdictions they operate in. In response to the myriad of legislation, some corporates may consider ISO 37001 anti-corruption certification to meet a common international standard and show stakeholders their commitment to transparency and testing. In this regard, during 2017, ISO 37001 gained traction in France, the UAE and Italy, with the certification of Alstom, Bosch Middle East and Eni respectively. However, the standard has not been without detractors and it remains open to question whether adoption will continue as quickly in 2018 – along with the extent to which the ISO standard could protect companies that become subject to a corruption trial.  UK enforcement actions continue as agencies pursue new tactics It has been a busy year for UK enforcement agencies. Several big-ticket cases have hit the news and enforcement agencies are exploring new tactics to counter financial crime. Here we explore what you need to know about each agency’s key actions over the past year. Serious Fraud Office (“SFO”)The SFO’s much publicised DPA with Rolls-Royce in January set the ball rolling and showed that you don’t have to self-report to the SFO to secure a DPA – provided you co-operate to the maximum extent. Prosecutions in the FH Bertling case led to non-custodial sentences and more recently, charges have been laid against directors of Unaoil, demonstrating a desire to target middle men as a means of intervening in corrupt activity and identifying complicit companies as the web of corruption is exposed.With a dozen open bribery and corruption investigations from the SFO, the UK is likely to see more charging decisions next year, to be resolved either in DPAs or prosecutions. David Green announced that his last day as Director of the SFO will be in April 2018. As the search for his successor is underway, there are no indications of a shift in enforcement trends. Other frauds continue to be prosecuted, with convictions and confiscation orders being made. Litigation privilege is coming under test in cases involving ENRC and RBS. This has relevance to internal investigations, specifically concerning whether material obtained and created during the investigation will be covered by privilege, and so care should be taken when embarking on new matters to plan carefully and take appropriate advice. National Crime Agency (“NCA”)The biannual National Risk Assessment of Money Laundering and Terrorist Financing, produced by HM Treasury and the Home Office, highlights that the NCA has been very active liaising with financial institutions through the Joint Money Laundering Intelligence Taskforce and that it continues to strengthen its intervention and enforcement teams. The NCA has been given new tools as part of the Criminal Finances Act, and it is clearly prepared to use them. Financial Conduct AuthorityThe FCA continues to issue large fines. High-profile cases over the past year included Merrill Lynch, who were fined £34.5 million for failing to report transactions again – albeit a different type of transaction this time. Rio Tinto were fined £27 million for breaching disclosure and transparency rules. The FCA continues to broaden the reach of enforcement to cover other types of organisations such as insurers and investment managers – meaning they should be as prepared as the banks are. Technology streamlines how compliance departments manage diligence and third party risk 2017 was a breakthrough year for the use of RegTech in Europe. Compliance departments are looking for auditable ways to meet compliance requirements with fewer resources, as well as methods to ensure their diligence policies and procedures are consistently applied across the globe. Wholesale process reengineering was conducted by a range of organisations over the past year, including those in the FTSE 100, to allow AI-enabled solutions to automate compliance processes that were once highly manual – such as the sending of third party vendor questionnaires.  What is interesting is that much of this process realignment has not come from the regulated sector, but can be seen in large corporates in industries that rely on diverse subcontractor networks – such as engineering and retail. Indeed, corporates have shown a real willingness to look beyond their sectors to adopt the best technology-enabled approaches – regardless of industry. This trend is likely to continue into 2018 and beyond, as financial institutions and corporates choose technological innovation as an effective means of ensuring sustainable compliance and supporting more ethical business practices amongst increasing regulatory expectations.

The risk landscape is constantly changing. Hear about the latest with Exiger.

Client Alert: The Anti-Money Laundering Act of 2020

The Role of Compliance in Protecting Our People & Communities

Evolving from a Check-the-Box Function to a Culture of Compliance