Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On June 13, the White House announced that the U.S. and UK governments are developing privacy-enhancing technology prize challenges to help address cross-border money laundering. The White House highlighted that the estimated $2 trillion of cross-border money laundering which happens annually could be better detected if improvements were made to information sharing and collaborative analytic efforts. However, research shows that this process “is hindered by the legal, technical and ethical challenges involved in jointly analyzing sensitive information,” the White House said. Privacy-enhancing technologies (PETs) could play a transformative role in addressing the global challenges of financial crime, the White House explained, noting that PETs can allow “machine learning models to be trained on high quality datasets collaboratively among organizations, without the data leaving safe environments.” Moreover, “[s]uch technologies have the potential to help facilitate privacy-preserving financial information sharing and analytics,” thus “allowing suspicious types of behavior to be identified without compromising the privacy of individuals, or requiring the transfer of data between institutions or across borders.”
Opening this summer, the challenges (developed between the White House Office of Science and Technology Policy, the U.S. National Institute of Standards and Technology, the U.S. National Science Foundation, the UK’s Center for Data Ethics and Innovation, and Innovate UK) will allow innovators to develop state-of-the-art privacy-preserving federated learning solutions to help combat barriers to the wider use of these technologies without the uncertainty of potential regulatory implications. Innovators will engage with the U.K.’s Financial Conduct Authority and Information Commissioner’s Office and the Financial Crimes Enforcement Network. Acting FinCEN Director Himamauli Das announced that the agency “is pleased to support this important initiative to advance the development of a building block for protecting the U.S. financial system from illicit finance.”
On April 21, the UK’s Financial Conduct Authority (FCA) secured a £2,000,000 account forfeiture consent order against a fintech startup that purportedly offers due diligence and underwriting services. The FCA noted that the funds were supposedly an investment received from a software firm, but observed that the fintech company moved the money repeatedly to different bank accounts in several countries in transactions with no legitimate business purpose. The funds, which the FCA had already frozen in October and December 2020, were allegedly “the proceeds of illegal activity connected to criminal proceedings in the United States of America concerning an alleged conspiracy to commit wire fraud against banks, credit card companies and other financial service providers in the USA.” While the FCA is not alleging that the fintech company was involved in the conspiracy, it flagged concerns in response to the company’s application to become a regulated firm. The company has since withdrawn its application to be regulated by the FCA.
On February 11, the UK Competition and Markets Authority (CMA) issued a decision accepting a multinational technology company’s offer to provide more transparency and oversight to its privacy sandbox proposals. The purpose of these proposals is to remove cross-site tracking of certain users through third-party cookies and alternative tracking method such as fingerprinting, and replace these methods “with tools to provide selected functionalities currently dependent on cross-site tracking.” A replacement technology has not yet been selected. CMA conducted an investigation centered around competition concerns related to the impact the privacy sandbox proposals may have if they are “implemented without sufficient regulatory scrutiny and oversight, in terms of third parties’ unequal access to the functionality associated with user tracking.” CMA’s decision requires the company to work closely with the agency when developing and testing its proposed replacements for third-party cookies. Additionally, the company is barred from making changes that give it an advantage over competitors when third-party cookies are removed and from developing replacements that give the company a competitive advantage over third parties. The company is also required to provide CMA with at least 60 days’ notice before removing support for third-party cookies and may not “combine user data from certain specified sources for targeting or measuring digital advertising on either [company] owned and operated ad inventory or ad inventory on websites not owned and operated by [the company].” CMA stated that it will continue to consult with the UK Information Commissioner’s Office on aspects of the privacy sandbox proposals related to privacy and data protection measures to ensure these concerns are addressed as the proposals are more fully developed.
On December 22, the CFTC announced that the Division of Clearing and Risk (DCR), Division of Market Oversight (DMO), and Market Participants Division each issued revised no-action letters (see 21-26, 21-27, and 21-28) to swap dealers and other market participants associated with the transition from swaps that reference LIBOR and other interbank rates to swaps that reference alternative benchmarks. As previously covered by InfoBytes, the United Kingdom’s Financial Conduct Authority announced the dates that all LIBOR settings will cease to be provided by any administrator and will no longer be representative. All sterling, euro, Swiss franc and Japanese yen settings, and one-week and two-month U.S. dollar settings ceased immediately after December 31, 2021, while all remaining U.S. dollar settings will cease immediately after June 30, 2023. Therefore, according to the recent CFTC announcement, the DMO and the DCR letters are effective until June 30, 2023 “for swaps otherwise covered by such letters to the extent such swaps reference one of the 2023 USD LIBOR Settings.”
On December 17, the U.S. Treasury Department issued a joint statement covering the recently held fifth meeting of the U.S.-UK Financial Regulatory Working Group (Working Group). Participants included officials and senior staff from both countries’ treasury departments, as well as regulatory agencies including the Federal Reserve Board, CFTC, FDIC, OCC, SEC, the Bank of England, and the Financial Conduct Authority. The Working Group discussed, among other things, (i) international and bilateral cooperation; (ii) “emerging regulatory approaches and the need to promote multilateral cooperation and alignment given that a number of third-party providers operate cross-border to provide services to the financial sector and there are potential risks of regulatory fragmentation”; (iii) “risks associated with regulatory driven fragmentation in derivatives clearing and banking markets”; (iv) “efforts in relation to the LIBOR transition, market developments, the risks associated with newly created credit-sensitive rates, and transition implications for other jurisdictions;” and (v) the management of climate-related financial risks and other sustainable finance issues. According to the statement, Working Group participants will continue to engage bilaterally on these issues and others ahead of the next meeting planned for this spring.
On November 10, the UK Supreme Court issued a judgment in an appeal addressing whether a claimant can bring data privacy claims in a representative capacity against a global technology company in a class action suit. The claimant sought compensation on behalf of a class under section 13 of the Data Protection Act 1998 (DPA 1998) for damages suffered when the tech company allegedly tracked millions of iPhone users’ internet activity in England and Wales over a period of several months between 2011 and 2012, and used the collected data without users’ knowledge or consent for commercial purposes. The DPA 1998 was replaced by the UK General Data Protection Regulation and the Data Protection Act 2018 but was in force at the time of the alleged breaches and is applicable to this claim, the Court explained in a press summary. The Court also noted that, except in antitrust cases, UK legislation does not allow class actions and Parliament has not yet legislated to establish a class action regime related to data protection claims. The Court noted that the claimant sought to use “same interest” precedent, which allows a claim to be brought “by or against one or more persons who have the same interest as representatives of any other persons who have that interest.”
The Court reasoned that the case was “doomed to fail” because “the claimant seeks damages under section 13 of the DPA 1998 for each individual member of the represented class without attempting to show that any wrongful use was made by [the tech company] of personal data relating to that individual or that the individual suffered any material damage or distress as a result of a breach of the requirements of the Act by [the tech company].” The Court added that users’ “loss of control” over personal data did not constitute “damage” under section 13 of the DPA 1998 because the users were not shown to have lost money or suffer distress. If the case had been allowed to proceed, the tech company could have faced a £3 billion damages award.
On October 19, multiple agencies—the DOJ, SEC and UK’s FCA—announced a coordinated resolution with a European bank related to debt offerings for entities in Mozambique. (See here and here.) In total, fines to U.S. and U.K. authorities reached almost $475 million, and the institution also agreed to forgive $200 million of the debt.
In a related action, a London-based subsidiary of a Russian bank (bank) separately agreed to pay over $6 million to settle SEC charges related to its role in a second 2016 bond offering. According to the SEC’s order, the second offering as structured by the bank and reespondent permitted investors “to exchange their loan participation notes (LPNs) for a direct sovereign bond issued by the Republic of Mozambique” in an earlier bond offering. However, the SEC alleged that the offering materials distributed and marketed by the respondent and bank “failed to disclose the full nature of Mozambique’s indebtedness and, relatedly, its risk of default on the notes.” Furthermore, the SEC alleged that proceeds from the financing from the respondent and bank were supposed to be used exclusively for maritime projects, but in reality, without the bank’s knowledge, only a portion of the loan proceeds was applied towards maritime projects while the rest was diverted to pay kickbacks and make improper payments to Mozambican government officials. Mozambique later defaulted on the financings after the full extent of “secret” debt was revealed.
On July 22, Treasury Secretary Janet L. Yellen and Secretary Antony J. Blinken issued a joint statement commending the UK’s decision to impose additional anti-corruption sanctions under its Global Anti-Corruption Sanctions (GACS) regime. Specifically, the secretaries applauded actions taken by the UK against four corrupt individuals who were previously designated by the U.S., as well as a fifth individual “whose U.S.-based assets purchased with corrupt proceeds were successfully forfeited in U.S. courts.” Yellen and Blinken emphasized that sanctions regimes such as GACS and the U.S. Global Magnitsky sanctions program limit corrupt actors’ access to the international financial system, and added that the U.S. will continue to work with the UK and other allies and partners “to impose tangible and significant consequences on those who engage in corruption, as well as to protect the global financial system.”
On June 25, the DOJ entered into a deferred prosecution agreement (DPA) with the subsidiary of a UK-based global engineering company, in which the subsidiary agreed to pay a fine of approximately $18.3 million related to a conspiracy to violate the FCPA’s anti-bribery provisions. Together with resolutions by a related subsidiary with the SEC, and various foreign authorities, the total resolution will reach over $43 million.
According to the DOJ, between 2011 and 2014, the subsidiary participated in a scheme to bribe officials in Brazil to win an approximately $190 million contract from Petrobras to design a gas-to-chemicals complex in the country. The DOJ stated that the subsidiary admitted to paying bribes in Brazil to win the contract, which involved the participation of an Italian sales agent affiliated with a Monaco-based intermediary company. The DOJ further noted that the subsidiary “took acts in furtherance of the scheme while located in New York and Texas, and earned at least $12.9 million in profits from the corruptly obtained business.”
As part of the DPA, the subsidiary agreed to cooperate with the DOJ’s ongoing or future investigations, to improve its compliance program, and to report to the DOJ on those improvements. The subsidiary’s criminal penalty reflected a 25 percent discount off the bottom of the applicable U.S. Sentencing Guidelines due largely to its cooperation and remediation. The DOJ noted that in addition to cooperation and remediation the resolution reflects a number of factors including, (i) the subsidiary’s “failure to voluntarily and timely disclose the conduct that triggered the investigation”; and (ii) “the nature and seriousness of the offence, which spanned multiple years and involved a high-level executive.”
The SEC simultaneously announced a resolution of a related matter, in which a related subsidiary consented to a cease-and-desist order finding violations of the FCPA’s anti-bribery, books and records, and internal accounting controls provisions. According to the SEC, the subsidiary paid approximately $1.1 million in bribes to obtain the Brazilian contract. Under the terms of the order, the subsidiary agreed to pay $22.7 million in disgorgement and prejudgment interest, in which up to $12.6 million will be offset by disgorgement paid to foreign authorities.
In related proceedings, the subsidiary received provisional court approval for a settlement with the UK’s Serious Fraud Office and settled with several Brazilian authorities. Under the terms of the DPA, the DOJ will credit up to approximately $10.7 million of the criminal penalty to payments the subsidiary makes to the SFO and to Brazilian authorities.
On June 24, the U.S. Treasury Department provided an overview of recent meetings of the U.S.-UK Financial Innovation Partnership (FIP) where Regulatory and Commercial Pillars participants exchanged views on “topics of mutual interest in the U.S. and UK FinTech ecosystems and [sought to] deepen ties between U.S. and UK financial authorities.” As previously covered by InfoBytes, the FIP was created in 2019 as a way to expand bilateral financial services collaborative efforts, study emerging fintech innovation trends, and share information and expertise on regulatory practices. The first meeting of the FIP took place in August 2020 (covered by InfoBytes here). Topics discussed in the most recent meeting included digital payments, central bank digital currencies, regulatory and supervisory technology, innovative financial service testing, and the upcoming U.S.-UK Financial Regulatory Working Group meeting. Participants acknowledged “the continued importance of the ongoing partnership on global financial innovation as an integral component of U.S.-UK financial services cooperation.”
- Buckley Webcast: State supervision, enforcement, and multistate coordination
- Benjamin W. Hutten to discuss “Latest on AML regulations and impact of economic sanctions” at a Mortgage Bankers Association webinar
- Hank Asbill to discuss “Ethical issues at sentencing” at the 31st Annual National Seminar on Federal Sentencing
- Benjamin W. Hutten to discuss “Fundamentals of financial crime compliance” at the Practicing Law Institute
- Benjamin W. Hutten to discuss “Ongoing CDD: Operational considerations” at NAFCU’s Regulatory Compliance & BSA Seminar