Corporate Crime - What now for 2022
31 January 2022
31 January 2022
We look back at the key developments and global trends that emerged during 2021, and make our predictions for 2022.
While we did not see the blockbuster fines of previous years, the ABC risk landscape continued to evolve at pace in 2021 as governments and authorities faced increased political and public pressure to tackle bribery and corruption.
NGOs continued to play an increasingly active and influential role in shaping the ABC agenda. A Transparency International survey revealed that almost a third of EU people think corruption is getting worse in their country.1 The need to strengthen enforcement of anti-corruption regulations and improve cooperation across jurisdictions was also very much front and centre of the OECD's revised guidance published in November 2021.2
Against this backdrop, the Biden Administration stated its commitment to tackling corruption, which it described as being a threat to national security. This was followed in December with publication of its anti-corruption strategy.3 Referred to by President Biden as elevating the "fight against transnational corruption",4 the strategy sets out how the US intends to work both domestically and internationally with governmental and non-governmental partners to tackle corruption and related crimes. Where the US leads, other jurisdictions follow, and we expect to see more aggressive enforcement action in a number of jurisdictions in 2022.
Governments and authorities in some jurisdictions took action. The French National Assembly's Law Commission, in charge of evaluating the Sapin 2 Law, presented 50 recommendations to strengthen France's anti-corruption system. The UK and Australia introduced a global anti-corruption sanctions regime, similar to the US (see below), and the EU looks set to follow suit.
But businesses should not be complacent; although the overall value and volume of fines decreased (in part due to the investigative interruptions of the pandemic) there were some notable enforcement outcomes. The conviction of Petrofac, and connected individuals, in the UK represented a shift away from the deferred prosecution agreement regime and signalled that the SFO will seek to prosecute corporates, where appropriate, for failing to prevent bribery. The fine of £147 million imposed by the UK Financial Conduct Authority against a regulated financial institution for deficient systems and controls and failure to manage the risk of bribery and corruption, acts as a cautionary reminder to the sector of the need to monitor and update systems and controls.5 Individuals also remain a key focus. Earlier this year the US Department of Justice confirmed that prosecuting individuals is the top priority. And, in a reversal of policies introduced under Trump, it re-introduced requirements on corporations to hand over all evidence on all employees involved in misconduct in order to secure cooperation credit.
|Verdict: 2021 may not have been a bumper year in terms of enforcement activity, but we expect more aggressive enforcement activity in 2022 as authorities (led by the US) implement policy changes and commit to closer multilateral cooperation. Corporates should evaluate and enhance their existing ABC compliance programmes to ensure that they are aligned with law enforcement/regulatory expectations.|
Anti-money laundering remained one of the hottest compliance areas, globally, in 2021. The risks identified in FATF's (the global money laundering and terrorist financing watchdog, Financial Action Task Force) December 2020 report have not abated and criminals continued to thrive during the pandemic as more people worked from home and spent time online.6
Enforcement authorities and regulators have been quick to sanction corporate entities for breaching AML regulations. Enforcement activity has run high, as have the fines imposed. In Europe, for example, Netherlands and UK headquartered banks have faced fines in their hundreds of millions. While banks remain firmly in the firing line, we expect to see closer scrutiny of electronic money institutions in 2022 given the recent calls for tougher oversight in that sector.7
Cryptoassets, supervision of which is embryonic but developing, carry a high risk profile of financial crime, and enforcement authorities around the world made step changes in 2021 to address that risk: FATF updated its guidance on a risk-based approach for virtual assets and virtual asset service providers; the UK government has proposed legislative changes which will require cryptoasset exchanges and wallet providers to establish systems for gathering information and responding to requests from authorities; and proposed reforms to the EU regime include new rules for cryptoasset transfers. We expect to see an uptick in enforcement action against individuals and businesses in this sector. Indeed, in 2021 we saw the first DoJ conviction against a cryptocurrency mixer for its role in assisting and facilitating money laundering.8
Governments, globally, continue to enhance their existing AML-CTF framework. At the end of 2020, Australia introduced a raft of measures aimed at strengthening Australia's anti-money laundering and terrorism financing framework (the Anti-Money Laundering and Counter-Terrorism Financing and Other Legislation Amendment Bill 2020 discussed in our briefing).
The EU also took action, announcing a significant overhaul. Key to these reforms, and in addition to the latest EU AML Directive (6AMLD), is the creation of the new EU AML-CTF authority with extended powers to ensure consistent application of EU AML-CTF rules and supervise selected high-risk financial institutions (the Anti Money Laundering Agency – AMLA). The EU will also seek to harmonise the patchwork of rules in member states by introducing a specific European regulation which embodies the current EU AML-CTF framework and a new anti-money laundering directive.
Steps were taken to increase transparency. In the US, Congress passed legislation to tighten rules relating to beneficial ownership disclosure. In addition to requiring certain corporations to report information on their beneficial owner to the Financial Crimes Enforcement Network (FinCEN), it bans the use of anonymous shell companies that often render difficult the identification of a company's ultimate beneficial owner.
Technology will be crucial. As recommended by FATF,9 the combination of a risk-based approach and innovative technologies can reduce the risk of financial crime. Regulators are also encouraging banks to use better software and integrate emerging technologies. The Hong Kong Monetary Authority published case studies that highlighted the benefits of adopting Regtech solutions, particularly for customer identity verification and transaction monitoring. In France, the ACPR has implemented software based on AI and machine learning to assist the ACPR in the conduct of its controls.
In Singapore, the Monetary Authority is working with six major financial institutions to create a digital platform to enable financial institutions to collaborate and share relevant information on customers and transactions, in order to prevent money laundering, proliferation and terrorism financing. MAS plans to launch the platform in the first half of 2023.
|Verdict: AML assumed even greater importance in 2021 and is a trend which shows no signs of abating. We expect authorities to continue to assess money laundering offences across a broad range of predicate conduct and for law-makers to continue in their attempts to extend the legislative perimeter to tackle risks emerging from digital currency and fintech businesses.|
The US continued to dominate in terms of enforcement in 2021 and a number of criminal convictions were secured. In March 2021, an ex-Glencore oil trader pleaded guilty to conspiring to manipulate commodity prices at the San Francisco federal court. In the same month, the Chicago federal court threw out two former Deutsche Bank traders' arguments that jurors wrongly convicted them of wire fraud over a scheme to spoof precious metals markets. In August 2021, two ex-Merrill Lynch traders were convicted by a Chicago jury of spoofing. Federal prosecutors accused the two ex-traders of attempting to manipulate the value of precious metals commodities. In November 2021, an Israeli securities trader was sentenced to 30 months in prison for his role in an international insider trading scheme. In December 2021, NatWest Markets pleaded guilty in a case in which traders in London and the US independently engaged in schemes to defraud in connection with the purchase and sale of U.S. Treasury futures contracts. In December 2021, a former partner at McKinsey pleaded guilty to insider trading ahead of Goldman Sachs' agreement to buy fintech lender GreenSky Inc.
The SEC also brought insider trading charges against numerous individuals, including two individuals for alleged wash trading in the options of “meme stocks”, and a quantitative analyst and a hedge fund trader for allegedly perpetrating front-running schemes (uncovered by the SEC’s data analytics tools).
The CFTC also pursued significant cases involving price manipulation and misappropriation of confidential information.
Australia has taken fresh steps to incentivise whistleblowing in this area. While monetary rewards are not on offer, immunity from prosecution is. In February the Australian securities regulator, ASIC, published an immunity policy which applies to individuals who have been involved in misconduct such as market manipulation and insider trading. The policy is intended to help strengthen ASIC's investigation powers and make the detection and securing of criminal and civil penalties easier. (see our briefing). It is too early to know what impact this policy has had so far on information flows to the regulator. Contrast that with the EU where, except for Denmark and Sweden, Member States had not managed to implement the EU Whistleblowing Directive by the 17 December 2021 deadline.
ASIC's enforcement approach saw further evolution in 2021, as the pendulum swung back after the extremes of the 'why not litigate' approach. While litigation will still play an important role in enforcement, it is likely that we will see greater use of the other tools in ASIC's enforcement toolbox going forward. For more detail, see our briefing.
In other jurisdictions, regulators are developing more sophisticated ways of managing ever-more-complex crimes, such as algorithmic surveillance, machine learning, AI, and natural language processing. In the UK, for example, the FCA is using internal surveillance algorithms to identify a range of manipulative trading strategies. At the end of March 2021 (the latest available data point) the FCA had 72 insider dealing and 17 market manipulation cases open. The FCA gave three individuals at a bank warning notices on 16 July 2021 for placing large futures orders - that they did not intend to execute - on the opposite side of the order book to small orders which they did. The FCA warned that the UK Market Abuse Regime requires firms to establish and maintain effective arrangements, systems and procedures for detecting and reporting potential market abuse, and that users of web-based platforms may not be able to monitor all their orders to detect potential market abuse.10
Other regulators, such as the Monetary Authority in Singapore, are taking steps to increase their regulatory powers against market abuse, publishing proposals to amend legislation to grant it wider powers and to remove restrictions to its investigative efforts. The results of that consultation have yet to be published.
|Verdict: Actions targeting market misconduct continue to be vigorously pursued by enforcement agencies and regulators, globally. As well as offences around inside information, wider market-manipulative practices such as "spoofing" are regularly detected and enforcement action is taken, with an increasing reliance on Regtech. Financial institutions, in particular, should note the uptick in enforcement here.|
Sanctions remain a preferred tool for many governments to achieve foreign policy and national security objectives. As a result, we have seen increasingly active enforcement against corporates and individuals, including the US government's action against the United Arab Emirates bank, Mashreqbank, which paid USD $100 million in penalties relating to sanctioned business activity with Sudan.
This year also saw a number of countries extending existing, and implementing new, sanctions regimes, thereby exposing companies with an international footprint to greater legal and regulatory compliance risk.
In Australia, the Australian Parliament passed the Autonomous Sanctions Amendment (Magnitsky-style and Other Thematic Sanctions) Bill 2021 (Cth), which will come into effect the day after receiving royal assent. The bill will amend the existing Autonomous Sanctions Act 2011 (Cth) to now target 'thematic' categories of conduct to which autonomous sanctions can be applied, irrespective of where the conduct occurred. The categories of conduct include serious human rights abuses, serious violations of international humanitarian law, malicious cyber activity, and activities undermining good governance or the rule of law (including serious corruption). For more detail, see our briefing.
This amendment follows a wider global trend of providing certain countries/jurisdictions greater flexibility to target individuals and or entities associated with serious human rights abuses, irrespective of where in the world the conduct has occurred. This development directly follows the shift we saw in the EU last year, namely the Council of the EU's announcement that the new global sanctions regime will now target thematic sanctions.
The UK's autonomous sanctions regime which enables the UK to create, update and lift its own sanctions came into force at the start of 2021 following the end of the UK's Brexit transition period. Separately, in April 2021, the UK implemented the Global Anti-Corruption Sanctions Regulations 2021 which targets conduct concerning bribery and corruption. These regulations enable the UK to prevent designated persons involved in corruption from entering the UK and/or freeze funds and economic resources of designated persons and entities involved in serious corruption.
In China, the Standing Committee of the National Peoples' Congress of China enacted the Anti-Foreign Sanctions Law (AFSL) in June 2021. Under the AFSL, if a foreign country violates international law and the basic principles of international relations and imposes 'discriminatory restrictive measures against Chinese citizens or organisations', China is entitled to implement countermeasures. These measures may be targeted at individuals and organisations that are 'directly or indirectly involved in the formulation, decision-making, and implementation' of the measures, as well as their associated individuals or organisations (e.g. immediate family members and senior executives of a designated entity). These measures will not be automatically imposed but instead be assessed on a case-by-case basis, and enforced by private actions in courts, as opposed to administrative measures.
Last year's developments highlight the importance of sanctions compliance. Companies must remain alert to sanctions risk, implement stronger compliance frameworks, and ensure adequate contractual protections and sanctions-related exit clauses are in place. Companies should also keep their risk assessments constantly updated, including conducting thorough due diligence, and re-assess whether their policies and other protections are too narrowly focussed on jurisdiction-based concepts.
|Verdict: This year has seen the rise of "thematic" sanctions, with an emphasis on human rights, cybersecurity and corruption. The West has also taken a consistent approach to Myanmar. China has entered the sanctions arena, and appears to be determined to resist US sanctions. Looking forward, the West will have to come to a solution for dealing with Afghanistan, as ruled by the Taliban, and may have to impose swingeing sanctions on Russia for activities in eastern Ukraine.|
2021 brought into sharp focus the extent of pandemic-related fraud. The fraudulent activity that began in 2020 did not abate as scammers continued to take advantage of those working from home, and we saw an increase in vaccination focused fraud and duplicitous dipping into government grant schemes. In the UK for example, an estimated £5 billion has been stolen due to exploitation of the UK's business support Covid-19 schemes.11
In Australia, ASIC estimates that millions were lost by retail investors induced to invest in fake Covid bonds by scammers using the names of vaccine producers. Globally, fraudsters took advantage of Covid payment schemes such as the Paycheck Protection Program in the US, the furlough scheme in the UK and the JobKeeper stimulus scheme in Australia.
Cybercrime was also on an upward trajectory. The UK's National Cyber Security Centre (NCSC) tackled a record number of cyber incidents in the UK, with ransomware attacks dominating its activities.12 The Australian Cyber Security Centre also reported a 13 per cent increase in cybercrime reports in the 2020-21 financial year.13
Cryptocurrencies were the vehicle of choice for many cybercriminals. According to research conducted by Elliptic, fraud and theft at decentralised finance platforms totalled $10.5 billion by November. With billions in cryptocurrency stored in these platforms, they present a high reward for criminals with the means to bypass their security measures, as illustrated by the Poly Network heist in which hackers stole (and then returned) $613 million in digital coins.
Enforcement authorities are responding but lack of resource and the sheer scale of the fraud is posing challenges. Further support has been provided, for example the US DOJ sought an additional US$40 million to combat Covid-related fraud and in the UK the government announced a £100 million grant to the UK's tax agency. However, many consider the support to be inadequate given the scale of the problem (see for example the UK National Audit Committee's criticisms in its report ), and the backlog of cases exacerbated by pandemic shutdowns has further hampered swift enforcement.
Tax fraud also hit the headlines in 2021. While cum-ex trading dividend arbitrage and withholding tax reclaim schemes has been making headlines in Europe for some time, 2021 was the year when it arrived in the UK. The UK's FCA now has two penalties under its belt and other investigations ongoing. The German authorities remain active in this area, with a further tax claim of €511 million being made against Swedish bank SEB.
|Verdict: Our prediction is that significant enforcement action will be taken in 2022 in response to fraud on government bail-out schemes during the pandemic. Cyber and 'technology-related' fraud should be a focus for businesses, as it is stated to be for the financial regulators. Enhancements to financial crime prevention programmes will be essential to meet new and growing fraud risks, globally.|
2021 was a bumper year for financial crime enforcement, across a broader range of areas and in a growing number of jurisdictions. Corporate criminal conduct is set to remain a priority agenda item for authorities in the coming year. We expect governments to continue to promulgate new law and regulation aimed at holding corporates and senior management to account for criminality in their businesses, and for supra-national bodies, such as FATF, to continue to place governments under pressure to improve corporate crime prevention.
We expect money laundering to continue to top the bill. In particular, we expect ESG considerations to increasingly inform AML enforcement strategy. Given the significant overlap and synergies between ESG and financial crime risks, it is possible that enforcement agencies and regulators will seek to investigate and prosecute environmental crimes (for example, illegal trade in wildlife) and social crimes (for example, modern slavery and tax evasion) as money laundering offences where proceeds from the underlying criminal conduct are handled in breach of existing AML laws.
The governance agenda looks set to lead to a continued focus on the criminalisation of systems and controls failings in circumstances where businesses facilitate economic crime. Companies should take steps to assess the risk profile of their supply chains and update their compliance programmes accordingly.
Authors: Ruby Hamid, Rani John, David Capps, Ross Denton, Neil Donovan, Paul Charlot, Luke Thiagarajah, Matt Wood and Kate Pantelidis.