2021 was an extraordinary year in financial crime. In this blog we consider recent UK developments, the key issues emerging in 2022 and the practical implications for companies.
Taking a step back from these developments, we see four key overarching themes:
- An increased focus from authorities on the effectiveness of preventative systems and controls when considering how to resolve investigations. Companies need to consider how they can best allocate their resources to manage their key risks, meet authorities’ increasing expectations and to ensure they are able to evidence effectiveness.
- Fraud has become a front page issue and we expect to see significant changes in how fraud is regulated, investigated and prosecuted, as well as a continued increase in civil disputes alleging fraud. Many companies will need to significantly enhance their anti-fraud compliance programmes as a result.
- The way in which financial crime is being investigated is changing as we move to a hybrid working model. We will continue to see criminal and regulatory authorities demanding more in terms of mobile data and a shift away from typical dawn raids.
- Regulators are turning their attention to ESG disclosures published by companies in response to an array reporting requirements, from climate risk to human rights impacts. At the same time companies are grappling with vast amounts of data to support their public commitments. This is likely to result in significant future enforcement action and litigation.
The scale of fraud increased exponentially in 2021 and we expect to see increasing litigation, regulatory scrutiny, and public inquiries in relation to the following issues:
- Payment fraud: In the first half of 2021 alone, £754m was stolen from bank customers. Expectations are continuing to increase on firms to prevent their customers from falling victim to fraud – and on refunding them. This is particularly pertinent in light of the Treasury Committee’s recently published report on fraud, scams and economic crime which recommends that the Government urgently legislates to make reimbursement for victims of ‘authorised push payment fraud’ mandatory. We are also likely to continue to see increased civil litigation arising out payment fraud issues.
- Misuse of COVID-19 relief schemes such as furlough fraud and loan schemes: We can expect to see significant investigations, litigation and inquiries in relation to misuse of these schemes. HM Revenue & Customs has instigated a taskforce to investigate COVID-19 related fraud, and we expect to see an increase in related investigations by the National Crime Agency and Serious Fraud Office (SFO).
- Trade finance: We expect to see heightened scrutiny in this area following the FCA/PRA Dear CEO letter published in September 2021. See here for our commentary on this.
- Auditors and their role in preventing fraud: In May 2021, the Financial Reporting Council (FRC) published a revised version of its auditing standard setting out more stringent requirements for auditors in relation to identifying fraud and there have been various FRC investigations and civil litigation on this point, which is impacting on how auditors approach fraud issues and discussions around disclosures.
- Multilateral banks: Increased enforcement activity by multilateral banks. Significant funds have been disbursed as a result of the pandemic, and investigations have increased with it. By way of example, the World Bank has recently reported an increase in fraud investigations.
We are also likely to see further steps towards enhancing the ability to prosecute fraud, both in terms of enhancing corporate criminal liability laws and changing how (and by whom) fraud is investigated (see here for our article on this). We may also see authorities using their powers more widely to seize or restrain assets.
We saw significant anti-money laundering (AML) fines in 2021 and UK authorities will continue to focus on this area, including:
- AML systems and controls: We expect to see an increased focus on firms’ AML systems and controls following the Dear CEO summarising systems and controls weaknesses identified by the FCA. See here for our views on this.
- Cryptoassets: We expect an increased focus on the role of cryptoassets in money laundering, as criminals continue to move away from cash, and online fraud increases.
In 2021, FCA actions resulted in financial organisations in the UK facing significant fines totalling over £500m relating to money laundering. In November 2021, the FCA reformed its decision-making processes with the aim of streamlining and speeding up investigations, so we may see a drive for more efficient enforcement in 2022.
Bribery and Corruption
2021 saw further major deferred prosecution agreements (DPAs) and guilty pleas by corporates, as well as FCA fines related to anti-bribery and corruption (ABC). We expect to continue to see:
- Coordinated global settlements against major corporates and financial institutions: With an increasing focus by authorities on assessing the effectiveness of companies’ compliance programmes in considering the resolution of investigations. We recently reported on the results of our survey regarding how companies’ ABC compliance programmes compare against current global best practice expectations.
- Increases in the exchange of information: Multilateral banks have also recently been driving for an increase in the exchange of information relating to anti-corruption investigations, and so we expect to see greater co-operation between localised anti-corruption agencies and multilateral banks.
- Scrutiny in relation to conflicts of interest: Further scrutiny and investigations in relation to potential conflicts of interests regarding COVID-19 related government procurement.
- Civil claims: Significant increases in civil claims arising of out ABC issues, including investor claims where material ABC issues are not disclosed in accounts.
- A shift in approach to the prosecution of individuals: The SFO has failed to secure convictions of any individuals following a DPA, and in 2021 came under fire for disclosure failures leading to the collapse of high profile trials of individuals. The SFO may be forced to change tack when approaching DPAs and also the prosecution of individuals, and there may be an increased focus on securing the co-operation of individuals to assist in securing convictions both of companies and individuals.
While sanctions enforcement activity remains low in the UK with HM Treasury’s Office of Financial Sanctions Implementation (OFSI) imposing its largest fine of over £20m back in March 2020, the steady flow of enforcement by US authorities continues and may inform the areas of focus by the UK and EU authorities in the year ahead. Some of the key themes include:
- Indirect sanctions risks: Companies have been found liable for referring business or payments to subsidiaries and/or affiliates where they are unable to undertake the business directly due to sanctions prohibitions. These cases highlight the importance of ensuring that sanctions compliance policies and procedures address both direct and indirect sanctions risks, and that procedures are not implemented which allow indirect involvement in a transaction where direct involvement is prohibited.
- Deficient due diligence: Several enforcement actions have been brought over deficient due diligence, even where certain compliance measures were in place. These cases highlight the importance of a risk-based approach to sanctions compliance: where transactions are larger and the parties are based in high-risk jurisdictions, sanctions due diligence should be more thorough and not rely on basic processes set out for low and medium risk transactions.
- Post-acquisition compliance programs: A number of recent cases have involved insufficient implementation of sanctions compliance programs following an acquisition. For example, where cessation of certain business of the target that would expose the acquirer to sanctions risks is a condition of closing and that business continues. It is clear that authorities expect to see adequate post-acquisition due diligence and a well-executed remediation plan to ensure compliance with applicable sanctions.
Whether OFSI increases its enforcement activity in these areas remains to be seen, but there is no doubt that complying with sanctions is becoming even more complex for companies navigating multiple and often competing sanctions regimes. The on-going tensions in Russia and the Ukraine are also increasing the likelihood of further wide-ranging sanctions being imposed by the US, EU, UK and other nations, which could have a material impact on many businesses operating in or with links to the region.
Environmental, social and governance (ESG)
In the last few years, “ESG” has quickly developed into a board-level issue and has risen up the agenda. ESG-related risks for businesses may manifest in various ways – including reputational risk, insurance risk, operational risk and litigation risk. Amongst these risks, ESG related regulatory issues will continue to emerge as a prominent issue in 2022. As far as the UK is concerned:
- Modern slavery: The Government committed to strengthening the Modern Slavery Act 2015, most notably by mandating the topics to be covered in businesses’ modern slavery statements (e.g. key risks and steps taken to assess and manage risks). The Government has also since announced that it plans to introduce fines for non-compliance. The timing of these changes is unclear, but the Government is now under pressure to implement these changes so progress is expected in 2022.
- Deforestation: The Environment Act 2021 makes it illegal for larger businesses to use certain “forest risk commodities” or products derived from those commodities, unless they have been produced in compliance with local laws. The Act also introduces due diligence and reporting requirements. The Government is consulting on secondary legislation until March 2022.
- Import bans and export controls: Taking the lead of the US, the Government is reviewing its export controls regime to address the risk that UK goods may be exported to Xinjiang, China, and then used in connection with alleged human rights abuses in the region. The Government has also confirmed it is reviewing possible import bans.
- Online Safety Bill: In early 2022, the Government announced amendments to the Online Safety Bill to extend the proposed duty of care on internet services providers to remove illegal content to a broader range of offences including fraud and financial crime, and hate crime.
- Regulators: The FCA and FRC have been recruiting subject matter experts in order to develop their internal expertise in the ESG area. Both regulators will increase their scrutiny of public disclosures made by listed entities and financial institutions regarding how climate related and other ESG risks are being managed.
Beyond the UK, the European Commission is expected to table a draft directive requiring mandatory human rights and environment due diligence on 23 February 2022, after several delays. This follows mandatory due diligence laws in other jurisdictions including France, Norway and Germany. The UK Government faces increasing calls from civil society and institutional investors to develop its own legislation.