Corporate crime and investigations - What now for 2024?
22 February 2024
Enforcement action involving significant monetary penalties against corporates continued to define the economic crime landscape in 2023.
Law enforcement agencies and regulators globally targeted crypto-asset firms given their perceived exposure to fraud, money laundering and sanctions evasion, and continued to focus on the gambling, financial services, and natural resources sectors.
We continued to see the emergence of ESG as an enforcement priority with landmark fines imposed for greenwashing.
Economic sanctions remained at the top of the compliance agenda for many businesses against the backdrop of new sanctions measures in response to Russian aggression. The focus for competent national authorities shifted from implementation to investigation and enforcement against companies for violating sanctions.
The past year has also seen significant legislative developments aimed at enhancing prosecutors' toolkits for tackling financial crimes, improving transparency (including access to beneficial ownership information), and introducing measures to encourage self-reporting of corporate misconduct.
The key priorities for in house legal and compliance teams should be:
Understand your risks: risk assessment remains foundational to an effective compliance framework and should be periodically refreshed, particularly to reflect exposure to emerging risks and to ensure that risks are assessed holistically where a product or business area may be exposed to a combination of financial crime risks (for example, laundering of proceeds of a sanctions violation).
Refresh policies and procedures: recent legislative change means that policies and procedures may need to be uplifted to ensure they remain fit for purpose. This is particularly important in jurisdictions where an adequate procedures defence is available or demonstrating the existence of systems and controls to prevent the alleged conduct is considered a mitigating factor.
Update compliance training programmes: bespoke, targeted training which is informed by the company’s risk exposure is critical to ensuring that staff at all levels of the organisation, particularly those in front-office/sales roles, can identify red flags and know how to escalate concerns. Regular Board level and senior management training is also important to ensure key decision makers are aware of current trends and risk areas within the business.
We take a deeper look into the developments and trends in particular corporate crime areas, together with our predictions for 2024.
The US continues to lead the way on ABC enforcement, particularly in terms of extraterritorial reach, with non-US based multinationals making substantial contributions to the penalties pot. And we continued to see successful prosecutions against individuals, including the former managing director of an investment bank who was sentenced to ten years imprisonment and ordered to forfeit US$35 million for breaches of the FCPA and money laundering laws.
The UK also saw success in terms of prosecuting individuals. In March, the UK's Serious Fraud Office (SFO) secured its first DPA related conviction. The year ended with the second largest penalty (£615 million) paid under the UK DPA regime for alleged failures to prevent bribery. Notably, the penalty was secured by the Crown Prosecution Service (CPS) following an HMRC investigation, rather than the SFO. The National Crime Agency has also been busy, ending the year with charges being made against a UK based banker for accepting bribes.
Asia has also been active, with a continued focus on prosecution of individuals rather than corporates. In Indonesia, the owner of PT Duta Palma Group was found guilty of illegally using state land for his personal benefit, resulting in a state loss of approximately US$65 billion. He was sentenced to 15 years imprisonment and ordered to pay US$2.8 billion. And we continue to see prosecutions of high-profile senior officials in respect of decisions they made (e.g., on procurement) which are claimed to have caused state losses (so criminal liability is engaged).
Other developments in 2023 should ensure that enforcement activity remains high in 2024. In December the US passed the Foreign Extortion Prevention Act (FEPA), which makes it illegal for foreign officials to solicit or receive a bribe from any domestic person or company in the US – "the demand side" of bribery. In Australia, the Government introduced a Bill to strengthen the country's foreign bribery laws. Largely modelled on UK bribery legislation, the Bill introduces a new corporate offence of failing to prevent foreign bribery. That, together with the bigger fines that can now be imposed as a result of a decision of Australia’s highest court earlier this year, may lead to more enforcement action in Australia. Interactions by and with Commonwealth "public officials" will also be more closely scrutinised following the launch of the National Anti-Corruption Commission in July. The independent agency will investigate and report on 'serious or systemic' corruption involving Commonwealth public officials.
In the UK the SFO has faced much criticism, having closed two major investigations into allegations of corruption amid much criticism. But we are already seeing changes being made by new SFO Director Nick Ephgrave. As a former Assistant Commissioner of the Metropolitan Police Service, he is the first non-lawyer appointed to the role. Expect to see an increase in the intensity and rigour of investigations under his leadership, as the SFO makes the most of its additional pre-investigation disclosure powers under the Economic Crime and Corporate Transparency Act 2023. And in Europe, the European Commission has proposed a directive to harmonise corruption enforcement and the penalties levied across member states.
Self reporting and cooperation remain a theme. In October, the US DOJ announced a new M&A "safe harbor" provision: acquiring companies that report misconduct uncovered during pre- or post-acquisition within six months of closing will benefit from a presumption of non-prosecution. No doubt other jurisdictions will keep a close eye on this in deciding whether to follow suit.
We also saw increased shareholder activism in the courts on the back of bribery convictions and investigations. Examples include the lawsuits brought by global investors against a Swiss based commodity trading and mining company, and US action against a Mexican broadcaster that was settled for US$95 million.
Verdict: In 2023 we continued to see significant fines and high levels of enforcement activity. Regulators and law enforcement across the globe continue to focus on bribery of foreign public officials and corruption schemes operated through third party intermediaries.
Continued enforcement activity characterised by the imposition of significant financial penalties has defined the AML landscape in 2023.
As predicted, enforcement authorities have targeted crypto-market participants. In the US, the world's largest cryptocurrency exchange agreed to plead guilty, pay a fine of US$4.3 billion and appoint a monitor to resolve the US DOJ’s investigation into violations of the Bank Secrecy Act of failure to register as a money transmitting business and related sanctions violations. In January, virtual currency business Coinbase agreed to pay a fine of US$50 million to settle an investigation by the New York Department of Financial Services which established that Coinbase’s KYC/CDD procedures, transaction monitoring system, suspicious activity reporting and sanctions compliance systems were inadequate for a firm of its size and complexity. Coinbase agreed to invest a further US$50 million to remediate its compliance programme over the next two years.
The gambling sector also faced heightened scrutiny. In May 2023, a gaming and entertainment group agreed a AU$450 million penalty relating to historical breaches of Australia’s AML laws in connection with its casino business, including failure to implement a transaction monitoring system commensurate with the risks faced by the business. In the UK, three gambling businesses owned by William Hill agreed in March to pay a record £19.2 million in fines for AML violations, including failure to scrutinise the source of customer funds and providing insufficient information on risk in their AML staff training.
2023 saw continued enforcement action against banks for systems and controls weaknesses, including the failure to: (i) conduct effective customer risk assessments and due diligence on high-risk customers, (ii) act where concerns have been identified by the second line compliance function, and (iii) address previously identified regulatory concerns. In the UK, the FCA announced fines against four firms while the US Federal Reserve fined a global investment bank US$186 million.
And we saw a continued uptick in AML enforcement in Asia. Notably, the Monetary Authority of Singapore imposed fines on three banks and an insurer for failing to conduct adequate due diligence when dealing with persons with links to Wirecard AG. The fines illustrate the contagion effect of financial crime risk where there are cross-border payment flows.
There were also significant policy developments which will shape the future AML landscape. At the EU level, institutions continued negotiating a new legislative framework which will include a single, harmonised rulebook on CDD and other core AML requirements in the form of a directly applicable Regulation. Provisional agreement was reached on the new European Anti-Money Laundering Authority, which will have extensive supervisory and investigative powers (although its seat is yet to be determined). In the UK, the Economic Crime and Corporate Transparency Act introduced major changes to improve transparency and empower Companies House with new tools to take action to deter money laundering.
Verdict: We expect enforcement activity to continue throughout 2024, particularly against firms in higher-risk sectors such as crypto assets and gambling. We also expect lawmakers to continue driving transparency and improving the availability and quality of beneficial ownership information. We predict that de-banking will become a regulatory priority in 2024 with closer scrutiny of firms’ decisions for declining new, or offboarding existing, customers. Compliance teams should ensure that decisions are properly documented with a clear rationale recorded when customer relationships are terminated due to money laundering or broader financial crime concerns.
'Greenwashing' continues to be a key focus, as is DDO compliance (in Australia), insider dealing (particularly given the expanded legislation in the UK) and off-channel communications.
Corporate 'greenwashing' remains a global concern. The Australian corporate regulator, ASIC, ended the year by imposing its first penalty in a greenwashing case in the financial services industry. Although not yet approved by the Federal Court, it is expected that a penalty of AUS$11.3 million will be imposed for misleading statements regarding sustainability of investments. This is one of three civil penalty proceedings commenced by ASIC alleging misleading conduct and representations to the market regarding ESG practices. ASIC has confirmed that greenwashing will remain a focus in 2024. Future areas of regulatory interest are likely to be net zero statements and targets and the use of terms such as 'carbon neutral', 'clean' or 'green'. Australia's competition regulator, ACCC, has also been active in the greenwashing space and recently published guidance on making claims about the environmental benefits of products and services.
In the UK, the FCA finalised its sustainability disclosure and anti-greenwashing rules in November. The anti-greenwashing rules will come into force in May 2024 and will require regulated firms to ensure that any communication about financial products and services in the UK is clear, fair, consistent, and not misleading with respect to the sustainability profile of a product or service.
Focus also fell on the increasing risk of market manipulation posed by financial influencers ('finfluencers') on social media platforms. Retail investors represent a growing share of the investor community, and investment guidance provided on social media is an emerging area of risk. In the UK, new rules came into place to ensure that the promotion of crypto assets must now comply with the financial promotions regime. The UK FCA is currently analysing the results of a Guidance Consultation on how financial promotion requirements apply to promotions on social media.
In Australia, proceedings were brought by ASIC against an online trader and personality known as 'Fibonarchery', who used falsely held accounts to trade on the ASX and artificially increase the price of stocks. He was sentenced to 2.5 years imprisonment (but was released on a good behaviour bond) and received a pecuniary penalty.
Indonesia also saw a high-profile case involving finfluencers who were involved in online trading fraud and money laundering activities through a binary options platform. The finfluencer, known as Indra Kenz, was found guilty of inviting people to join an illegal online gambling platform through false information and misusing the money received from this activity. He was sentenced to 15 years imprisonment and ordered to pay US$7 million for his role as an affiliate of the platform. As a result of this case, the Indonesian authorities are now more active in investigating online investment platforms and crypto-based investments. We expect this trend to continue.
Insider dealing remains a focus. In the UK, the Insider Dealing (Securities and Regulated Markets) Order 2023 came into force on 15 June 2023. This significantly expands the number of regulated markets and type of securities to which the criminal offence of insider dealing could apply and aligns the scope of the criminal offence with the civil offence under the UK Market Abuse Regulation. Enforcement is a priority: in an ongoing high-profile criminal trial brought by the FCA, a former investment bank analyst and his brother, a City lawyer, are accused of six counts of insider dealing between July 2016 and December 2017, as well as three counts of fraud relating to loans they obtained to fund their trading.
Meanwhile, in the US, two former biotech executives pleaded guilty to insider trading in buying stock in a biotech company before the success of a new drug produced by the company was publicly announced. They were sentenced to three years' probation and ordered to pay a fine.
In Australia, ASIC has commenced multiple civil penalty cases regarding design and distribution obligations (DDOs) including against a social trading and multi-asset investment company. ASIC alleges that the screening test used to assess whether retail clients were within its target market for a CFD product was inadequate. ASIC has also had increasing recourse to interim stop orders (it has issued at least 80 since Ashurst first reported their use in August 2022), which prevent financial product issuers from offering new products in circumstances where ASIC believes there has been non-compliance with DDOs.
In the US, the SEC and CFTC have commenced a number of enforcement actions against firms in relation to "off-channel communications", specifically firms that fail to maintain records of employee communications on personal devices which relate to the firm’s business. The US regulators' two-year crackdown on Wall Street's use of unapproved messaging apps has so far resulted in more than US$2 billion in fines. This interest in off-channel communications may well emerge in other jurisdictions in the near future.
Verdict: 'Greenwashing' continues to be on the radar for regulators worldwide, and listed companies should pay close attention to ESG-related disclosures. We also predict ongoing scrutiny of the growing number of 'finfluencers' on social media platforms, as well as enforcement action in relation to DDO compliance (in Australia) and insider dealing (particularly given the expanded legislation in the UK). Regulators are likely to show ongoing interest in off-channel communications and we expect increasing focus on non-financial misconduct, especially in the UK.
Fraud has been a priority in the UK this year. The UK Economic Crime and Corporate Transparency Act 2023 introduced a new failure to prevent fraud offence, which enables the SFO to proactively target large organisations for fraud offences committed for their benefit by persons acting on their behalf.
However, while the new offence will require enhancements to corporate compliance programmes, it remains to be seen whether it will be backed up by effective enforcement. While the SFO was quick to use the failure to prevent bribery offence, we are yet to see a prosecution for either of the failure to prevent the facilitation of tax evasion offences, which were introduced in 2017. That said, the successful SFO prosecution of the three Bailli Steel executives behind the US$500 million bank fraud, and the noticeable speed with which the new SFO Director has reacted to recent fraud investigations, suggests a more active approach as we move into 2024.
In the US, crypto fraud dominated the headlines; two separate criminal cases saw the successful prosecution of the CEOs of two of the world’s largest cryptocurrency exchanges. Sam Bankman-Fried, the founder of now-bankrupt FTX, was found guilty on all counts for defrauding his customers in one of the biggest financial frauds on record. And, in Turkey, the CEO of Thodex cryptocurrency was found guilty and sent to prison for 11,196 years for defrauding investors of millions of dollars.
Crypto tax evaders have also become a target for enforcement; in November, 48 countries (including the UK, EU member states, and the US) issued a joint statement to combat the criminal use of crypto assets to avoid or evade tax under the Crypto-Asset Reporting Framework (CARF). In line with this, the International Organization of Securities Commissions recently released a report finalising policy recommendations for crypto and digital asset markets. The report will likely play a crucial role in shaping a global regulatory approach to address the substantial risk of crypto fraud.
Tax fraud in general was a key enforcement focus in 2023. Headline cases include The Trump Organization being hit with the maximum fine of US$1.6 million for a tax fraud scheme going back at least ten years. Two ringleaders of a gang involved in Northern Ireland's largest ever tax fraud probe were sentenced to prison. The end of 2023 saw HMRC's record £653 million civil settlement with Mr Ecclestone and the extradition of the British hedge fund trader wanted by Danish authorities for allegedly masterminding a £1.44 billion tax fraud scheme from the UAE to Denmark. In Frankfurt, the trial of a senior tax lawyer for aiding and abetting tax fraud highlights the risk to the advisers as well as those committing the offence.
The role of auditors in the fight against fraud came under scrutiny in 2023. The UK's regulatory body imposed a record £21 million fine for failures in relation to the audit of Carillion. The regulator will have new powers to hold directors to account, and we expect enhanced due diligence on behalf of external auditors to continue into 2024. Businesses should prepare for this heightened regulatory regime and expect their audit partners to be more sceptical when preparing their yearly audits.
Verdict: Crypto crime will continue to be a prevalent and growing threat and we expect to see increased regulation on this front. New prosecutorial tools should ensure that enforcement activity remains high, with a focus on holding corporates accountable for actions of senior managers and others acting on their behalf. Organisations need to ensure their policies and procedures adequately address the broader economic crime risk now posed by legislative change.
Russia continued to dominate in 2023. Although the pace of new sanctions were slower than in 2022, the UK, the EU and the US in particular introduced significant new Russia-related prohibitions this year, including measures targeting legal services (UK), and Russia’s iron, steel and gold exports, with measures on diamonds to follow in early 2024. Numerous individuals and entities have been designated as targets of asset freezes. A comprehensive list of all Russian sanctions imposed by the UK, EU, Australia and Japan since the Russian invasion of Ukraine can be found in our Russia Sanctions tracker.
Preventing circumvention and evasion was an area of focus. Western governments worked together to frustrate Russia's efforts to bypass Western sanctions. This included measures aimed at stopping the supply of Western items critical to Russia's weapons systems and its military development. The UK, US, and EU each published (or updated) a list of "High Priority" battlefield/military items. Joint guidance issued by Australia, Canada, New Zealand, the UK, and the US (the Export Enforcement Five) encouraged businesses to undertake due diligence to ensure that the final destination of these items is not Russia. The EU also published guidance setting out due diligence expectations to prevent circumvention of Russian sanctions. The UK’s NCA has published two red alerts warning about evasion techniques in respect of exports of gold and other "high risk" goods.
This year also saw the introduction of substantive measures targeting the role of "third countries" in circumvention and evasion. The UK and the EU introduced a ban on imports of Russian-origin iron and steel products that have been processed in third countries. The EU also tightened up existing measures to prohibit trade via third countries where there is a high risk of onward transit to Russia. The measures were not confined to trade restrictions. In April 2023, the UK Government designated two Cypriot individuals described as "financial fixers" to Roman Abramovich and Alisher Usmanov; and, in November, it targeted various individuals and entities that it described as "third country enablers fuelling Russia's war revenues". The US imposed sanctions on hundreds of third-country individuals and entities across multiple countries who support Russia's sanctions evasion through illicit finance and supply networks.
The US remains top of the charts for enforcement, imposing 14 monetary penalties totalling just over US$1.5 billion. However, in the US and elsewhere, we haven't yet seen the increase in Russian sanctions enforcement action that many were expecting. In the UK, a handful of fines of up to £1 million were imposed for Russian trade sanctions violations. The UK’s Office of Financial Sanctions Implementation (OFSI) used its disclosure enforcement powers for the first time in August to publish details of a breach of Russian financial sanctions by a fintech firm. The UK has allocated £50 million in funding towards improved enforcement of the UK’s sanctions regime. In the EU, though work continues on legislation that will add sanctions breaches to the list of EU-level crimes (currently, enforcement is a matter for individual member state law), we have seen little enforcement activity.
Russia is not the only jurisdiction to watch, particularly where US sanctions and export controls are concerned. The US has several active sanctions regimes which have seen developments this year, including for Iran, Venezuela and Myanmar. The US also reinforced export controls on advanced chips and semiconductor manufacturing equipment destined for China. In September, the UK, France, and Germany agreed to maintain existing sanctions which would otherwise have expired beyond the October deadline under the 2015 nuclear deal with Iran. In October, the US, UK, and Canada imposed a further round of sanctions on the Myanmar military regime. Individual sanctions have already been imposed by the US, UK, and the EU on certain Hamas members for their roles in the October attacks in Israel.
Geopolitical events will drive sanctions activity in 2024. Sanctions arising from the Israel-Palestinian conflict may also have consequences for Iran, given its links to Hamas and Hezbollah. China will continue to be a focus for Western governments, both as a platform for circumvention of sanctions on Russia, and as a result of US-China decoupling. From an EU perspective, coups in Niger and Gabon, as well as political instability in the area and the development of Islamic terrorist movements in sub-Saharan Africa, may lead to both individual and sectoral sanctions.
Verdict: We expect to see a continued focus on Russia, and on circumvention and evasion, in particular the role of third countries. There will be more enforcement action. We may also see focus shift to events in the Middle East, in particular Gaza, Israel and Palestine, and possibly China, as geopolitical concerns come to the fore.
Authors: Rani John, Ruby Hamid, Tom Cummins, Hillman Sembiring, Alexander Dmitrenko, Sophie Law, Neil Donovan, Charlotte Ball, Anthony Asindi, Vicki Tang, Srishti Natesh, Edward Elliott, Jacqui Turner, Tristan Bramble, Eleanor Robinson, Melvin Cheung, Yerin Cho, Rebecca Akroyd
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.