Corporate Crime: What now for 2021?

2020 saw corporate crime move further up the political agenda in the wake of Covid-19, with significant cases, new legislation, and regulators and prosecutors ever more vocal about the prominence of corporate crime. Here we look back at the key developments and global trends that emerged during 2020, and make some predictions for 2021.

Global trends in key corporate crime areas

Bribery and corruption

2020 was another bumper year for enforcement – the biggest so far for FCPA settlements. Notable cases included the record-breaking Airbus settlement (the global settlement of €3.6 billion topped the enforcement charts (read our briefing for more detail), the USD2.9 billion settlement with Goldman Sachs, and the USD1 billion settlement with Ericsson.

Individuals also felt the enforcement heat. The convictions of former Unaoil executives and the ongoing prosecution of high profile individuals such as Nicolas Sarkozy and Benjamin Netanyahu provided reminders of the personal price to be paid.

But whether this will continue into 2021 is debatable. The US aside, Transparency International reported a continued trend of reduced active enforcement of foreign bribery globally.¹ And while the last two years of the Trump administration have set successive records for FCPA settlement amounts, reports indicate a reduction in new investigations during the Trump administration.² If countries tighten their public spending belts in the wake of Covid-19, it may well be that we see a continuation of that downward trend in 2021.

But businesses should not be complacent. Bribery and corruption is very much on the political agenda and legislative improvements continue to be made. 2021 should see the long awaited revision of Australia's anti-bribery and corruption laws, including the introduction of a new offence for "failure to prevent foreign bribery" and a deferred prosecution agreement regime (read our briefing for more detail). We have yet to see the approach the Biden administration will adopt to enforcement. Non-US companies continue to dominate the FCPA 10,³ and it will be hard to ignore the cash injection the fines provide in times of economic pressure.

AML

Anti-money laundering assumed increased importance in 2020. The FinCEN files leak shone a harsh light on the scale of the problem faced by financial institutions, and internal systems and controls came under increasing scrutiny.

The FinCEN files also highlighted the deficiencies in reporting systems. Steps are being taken to address this. For example, reform of the "suspicious activity reports" regime is being looked at in the UK, and the EU is working to unify the AML system with plans for a harmonised rulebook in 2021 and an EU mechanism for coordination.

The UK FCA's fine of Commerzbank shone a light on the systems and controls used to prevent money laundering. Weaknesses in monitoring, inconsistent due diligence and programmatic "failures" were linked to a risk of financial crime, a theme now seen frequently in FCA decision-making (read our briefing for more detail).

The issue of transparency as to the ownership of "shell companies" – a key weapon in the fight against money laundering – has moved up the political agenda. Jersey has finally created a register of beneficial owners, controllers and significant persons, the US is close to passing similar legislation, and the BVI announced it will create a publicly accessible register of company ownership by 2023.

2020 saw the implementation of the EU 5th Money Laundering Directive, increasing the cooperation between EU member states' financial intelligence authorities and improving transparency in the ownership of companies and trusts. Hard on its heels, the 6th Money Laundering Directive extends criminal liability and penalties for money laundering offences.

Australia has also revived its long-delayed AML law reform programme, with "Phase 1.5" legislation being passed in December 2020. The measures introduced by the legislation include expansion of the ability of reporting entities to rely on customer verification performed by third parties; allowing reporting entities to share suspicious matter reports and related information with external auditors and foreign members of corporate and designated business groups (previously prohibited by anti-tipping obligations); a simpler framework for the sharing of financial intelligence to better support combating money laundering, terrorism financing and other serious crimes; a single reporting requirement for the cross-border movement of monetary instruments, including non-cash instruments; and greater restrictions and controls on correspondent banking relationships, including prohibitions on such relationships that permits a bank's accounts to be used by a foreign shell bank. For more see our briefing.

Enforcement activity also increased in 2020. In the US, more global AML fines were issued in the first six months of 2020 than in 2019 ($706 million compared to $444 million),4 and in Europe, enforcement against banks operating in the Nordic region resulted in record fines. However, it was Australia that took the prize for the biggest AML fine of 2020 with its A$1.3 billion (approximately USD992 million) settlement with Westpac. This is the largest fine in Australian corporate history, topping the previous record of a A$700 million (approximately USD534 million) fine levied on the Commonwealth Bank in 2018, also for breach of AML laws.

The focus of enforcement activity was not just on financial institutions. 2020 saw enforcement authorities extend their gaze to companies outside the financial sector. For example in Australia, the AML regulator is building a track record of significant enforcement action across both financial institutions and non-financial services focused targets. As a consequence, corporates are having to review their AML policies to see if they are fit for purpose.

Driven by the Financial Action Taskforce (the supra-national body which presses for improved global AML controls), Covid-19 has seen money laundering regulators around the world work to reassure businesses – especially those in the regulated sector – that the inherent flexibility of a risk-based approach to AML should be used to respond to the unusual pressures and challenges 2020 has seen. Financial regulators in Hong Kong and the UK, for example, issued early guidance on the use of remote customer onboarding, simplifications to due diligence processes and the use of risk assessments to target firms' efforts where they are most needed.

Market Misconduct

Spoofing crackdowns continued to dominate the headlines in 2020. The US has again led the way in enforcement, with a record-breaking 22 enforcement actions over the last financial year and 113 penalties in total. This included its largest ever spoofing penalty of USD920 million handed to JPMorgan (read our briefing for more detail). Improvements in market surveillance software, and the willingness of trading platforms to flag patterns they identify as potentially suspicious may change the game, and it will be interesting to see whether this leads to a reduction in cases in 2021.

US commitment to hold individuals to account was also evident in 2020. The conviction of two former Deutsche Bank traders over a spoofing scheme was the first time prosecutors used the charge of wire fraud affecting a financial institution, which carries a potential 30 years' imprisonment as opposed to 20 years for wire fraud, and a limitation period of 10 years as opposed to 5. Former JPMorgan Chase trader Akshay Aiyer received 8 months in prison following his conviction for conspiracy to fix prices and rig bids for certain currencies.

Strong enforcement for market abuse has been a theme of 2020. On the back of a big year in 2019 (including the $20 million fine of Morgan Stanley for manipulation of French sovereign bonds), the French regulator, the AMF, fined electricity company EDF for providing false information to the market. In the UK, the FCA fined FX options broker, TFS-ICAP Ltd, £3.44 million for a spoofing scheme that involved the practice of "printing" trades, and experienced trader Corrado Abbattista for placing misleading orders in a case which expands the definition of market abuse, and will be the subject of an appeal. However, the FCA revealed no new spoofing investigations commenced in 2019 and only one opened in 2018, so enforcement activity may be thin on the ground in 2021.

In Australia, the knock-on effects of the Financial Services Royal Commission that concluded in 2019 have continued to give rise to extensive regulatory investigations and litigation, both directly in the financial services industry and in other heavily regulated industries such as energy (although with mixed results for regulators where matters have proceeded to final hearing). Most, but not all of this activity, has focused on alleged misconduct involving consumer harm. While some investigations and proceedings have been slowed in the wake of Covid-19, we expect that further high profile matters will emerge in 2021.

Sanctions

Sanctions remained an area of challenge in 2020. The US administration significantly increased its use and enforcement authorities – such as the UK's Office of Financial Sanctions Implementation which levied a record GBP20.47 million penalty on Standard Chartered Bank – continued to flex their muscles.

The year saw a general shift towards human rights and cyber sanctions as governments reacted to global political developments. The UK introduced its new UK human rights sanctions regime – the first time the UK imposed unilateral economic sanctions under national law since Brexit. The sanctions signify the UK's willingness to maintain a robust sanctions regime post-Brexit. While the UK government has acknowledged the benefit of continued co-ordinated sanctions action with the EU and UK support for an EU human rights sanctions regime, this move could be an indication of a shift towards closer alignment to the US.

The year reminded us of the importance of clearly-drafted sanctions clauses, particularly where US secondary sanctions are in play. In Lamesa Investments Ltd v Cynergy Bank Ltd,⁵ the question for the English Court of Appeal was whether wording in a loan agreement prevented payment of interest as that would be in breach of US secondary sanctions. Although it found that the reference to "mandatory provision of law" did cover the US sanctions on the facts, the case highlights the scope for different interpretations.

Fraud

Fraudulent activity skyrocketed during 2020 as fraudsters exploited the opportunities created by Covid-19, the abrupt change in working practices and increased use of remote systems. We saw increased efforts to bypass customer due diligence measures through impersonation fraud, phishing and cyberattacks, along with trade-based fraud and sales of counterfeit medical products and pharmaceuticals. Fraudsters also took advantage of government grant and tax-reduction schemes set up to help individuals and companies survive the economic impact of Covid-19.

This has placed unprecedented pressure on regulators and enforcement authorities at a time when their ability to combat criminal activity has been hampered by the pandemic. Consequently general investigations into fraudulent activity have been delayed in a number of jurisdictions. The FCA confirmed that it will postpone investigations deemed "not critical" to protecting consumers and market integrity. For its part, the French Anti-Corruption Agency not only suspended all on-site inspections but also end-of-inspection closing interviews during France's extensive national lockdowns.

Regulators have also responded to the need to combat misconduct specifically associated with the pandemic. For example, the Australian corporate regulator ASIC implemented a series of pandemic-related enforcement priorities, addressing misconduct arising from behaviour seeking to exploit the pandemic environment (such as predatory lending, mis-selling, scams, misleading and deceptive advertising, and other opportunistic conduct).

Although the rise of Cyber and technology-related crime has been increasing in recent years, this year's crisis has brought this area of corporate crime into sharp relief.

Synthetic identity fraud remains one of the fastest growing crimes globally, and involves combining real and fictitious personal information to create fraudulent accounts which mimic legitimate ones. These are unlikely to be picked up by traditional fraud detection models, and present a complex problem for banks.

The use of cryptocurrencies to fund illegal activity and launder money is becoming ever more popular, and financial institutions increasingly run the risk of unwittingly handling the proceeds of crime and facilitating fraudulent payments. 2020 has also seen in excess of $1.5 billion stolen through cryptocurrency fraud, by far the highest figure to date.

The fallout from the Wirecard scandal dominated headlines in 2020. Attention has now turned to the role played by the company's auditors, Ernst & Young. The auditor has since been embroiled in a series of legal claims; shareholders' association SdK has filed criminal damages against it for not reporting concerns sooner, and German audit oversight body Apas recommended to federal prosecutors that the accounting company face criminal charges.

This forms part of a wider call for greater legal responsibility to be placed upon auditing firms for the detection and reporting of fraud. Jurisdictions such as the UK are conducting reviews into auditors' obligations, and auditor misconduct is one of ASIC's priority focus areas for 2020-2021. Regulators are also feeling the heat as a result of such scandals. Financial regulator BaFin and accounting watchdog FREP both stand accused of failing to monitor Wirecard closely enough and to prevent the fraud.

Global trends in enforcement and compliance

US dominance under threat?

In terms of active enforcement, the US still leads the way. 2020 proved to be another bumper year in all areas of corporate crime. Although it's not clear yet what approach the Biden administration will take, the US is likely to retain its top position for a while yet.

That said, other jurisdictions now have the resources, the tools and the appetite to take a leading role in large scale multi-jurisdictional enforcement, and to enforce aggressively against domestic and international businesses. Having seen how effectively they are used in the US, jurisdictions are increasingly adopting deferred or non-prosecution agreements as an alternative to prosecution. Not only do they allow enforcement authorities to hold offending organisations to account without the uncertainty, expense, or length of a criminal prosecution, but they are also accompanied by a significant financial penalty.

The French have embraced their deferred prosecution agreement arrangement since it was introduced in December 2016, having now secured 11 (compared to the UK's 9). These include the 2020 settlement with Airbus – the largest global foreign bribery settlement to date. Notably, the French enforcement authority took a clear lead in this investigation, establishing primacy at an early stage. It was keen to cooperate with the UK and US, but on its own terms.

Other jurisdictions are also keen to make use of this effective enforcement tool. Japan recently adopted a plea bargaining system in relation to a specific list of corporate crimes, and we should see the introduction of a DPA regime in Australia in 2021.

We may also see a range of jurisdictions make technological advancements in the detection of corporate crime, while efforts continue to improve the management by prosecutors of huge amounts of data. Increased enforcement activity looks inevitable, with global enforcement authorities following their own, rather than the US's, course.

This increased global enforcement activity means that companies should be alert to enforcement risk and the need to report to a wider range of authorities when detecting and investigating potential misconduct. Early self-reporting remains a key step in gaining the greatest credit: in the US settlement, Airbus was not given voluntary disclosure credit because it did not disclose the corruption-related conduct until after the SFO investigation was made public. 

Cooperation and intelligence sharing

The Airbus DPA was a stand-out example of the continued trend of cooperation and intelligence sharing between enforcement authorities.

The investigation was run jointly from an early stage between the French and the English agencies, with the US investigation running in parallel. The investigation was huge; it covered more than 1,750 entities globally and over 30.5 million documents. The agencies worked together to tackle the workload and called on help from other jurisdictions via requests for mutual legal assistance.

Global cooperation and intelligence sharing looks set to increase particularly as agencies struggle to meet the challenges posed by Covid-19. While Brexit may have an impact, given the contingency arrangements in place, in practice it should be minimal.

Increased guidance and transparency

Enforcement agencies are keen to encourage corporates to cooperate with them, using DPAs or forms of "cooperation credit" as the carrot. As part of this encouragement we are seeing greater transparency on the part of enforcement agencies.

The US has been leading this trend for some time. In 2020 the DOJ and SEC released a revised version of the FCPA Resource Guide. Importantly, the guide sets out the factors they consider when deciding to open an investigation or bring charges, such as full cooperation, voluntary self-disclosure and remediation. It also provides detailed information about the statutory requirements as well as insight into DOJ and SEC enforcement policies and practices.

The Head of the UK's SFO, Lisa Osofsky, a former US federal prosecutor, is following that trend. Having published SFO guidance on corporate cooperation in 2019, in 2020 the SFO published guidance on DPAs, and the considerations it takes into account in offering one.

This year also saw the DOJ issue updated guidance on how to assess corporate compliance programmes, focussing on whether a programme is well-designed, adequately resourced and empowered, and effective. This guidance is a valuable resource for businesses seeking to follow global best practice in the design and implementation of their compliance programmes.

Decline of monitorships as a remedy

In the US, the use of independent monitors as part of settlement terms seems to have declined in 2020. There have been several cases where significant financial penalties were levied but a compliance monitor was considered unnecessary. A significant factor in the decision is the level of remediation carried out by the business by the time of settlement. Companies that remediate earlier, and can demonstrate that they have upgraded their compliance procedures by the time of settlement, are likely to avoid the imposition of a monitor. Other factors include the pervasiveness of the unethical conduct. The DoJ appear to be adopting a more flexible approach which, given the huge cost of monitorship, is to be welcomed.

This flexible approach appears to have been adopted in other jurisdictions where monitorships are part of the enforcement toolkit. In the UK for example, the SFO has shown that it will impose an independent monitor where it considers it necessary. The terms of the DPA it agreed with G4S in 2020 included the SFO appointment of an external reviewer. However, this was not imposed on Airbus in their DPA agreed earlier in 2020. Factors considered no doubt included the fact that Airbus had already commissioned an independent panel to regularly review its revised policies and procedures, and French oversight of its compliance programme.

Authors: Ruby Hamid, Partner; Rani John, Partner; James Clarke, Partner; Ross Denton, Consultant; Ronnie King, Partner; Hortense de Roux, Partner; Cameron Cuffe, Partner; Amelia Barrow, Associate; Nicholas Mills, Associate; Ria Shah, Trainee; Imogen Chitty, Trainee; Bertilla Chow, Trainee and Catherine Lillycrop, Trainee.

---

1. TI report: Exporting Corruption 2020, available on the TI website.
2. For example, the research conducted by the Stanford Law School FCPA Clearinghouse.
3. As compiled by the FCPA Blog which ranks them based on penalties and disgorgement assessed in the US enforcement documents.
4. Source: Duff & Phelps Global Enforcement Review 2020.
5. [2020] EWCA Civ 281.