ACCC: nearly 6,000 businesses affected by scams in 2016

The Australian Competition and Consumer Commission (ACCC)’s Targeting Scams report reveals that Australian businesses lost a total of around $3.8 million due to scams in 2016.

The Report ranks the most common types of scams, including ransomware (when a hacker holds a user’s computer hostage with rogue software), business email compromises schemes, false billing and investment scams. The Report also found that that there had been a four-fold increase in hacking scams between 2015 and 2016.

Organisations need to implement measures that protect the data they hold, not only to prevent losses to scammers but also to avoid penalties for possible breaches of relevant laws. For instance, scammers could also gain access to personal information of the customers of the business, which could amount to contraventions of the Privacy Act 1988. Under the Privacy Act, personal information of another must be protected from misuse, interference and loss.

With this in mind, what are some key strategies you can implement to prevent financial loss and potential compliance breaches? Installing data protection software and staying vigilant against suspicious emails is always a good start. But most of all, organisations need to ensure employees are aware of the risks facing the business, their obligations under various laws, and the consequences if the business falls victim to a scam.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Data Protection, Fraud Awareness and Privacy. Contact us today for more information.

Source: ACCC, Target Scam Report, The Guardian

 

Wrap-up: RegTech Australia 2017

The recent inaugural RegTech Australia cJulian Fenwick, Managing Director of GRC Solutions chairs a discussion at the RegTech eventonference, hosted by InnovationAus, saw the leaders of financial institutions get together with regulators and innovators.

As part of this event, Julian Fenwick, Chairman of the RegTech Association and Managing Director of GRC Solutions, moderated a panel discussion about what the industry can expect in the year ahead. The high-profile panel included Jost Stollmann of Tyro Fintech Hub, Westpac Group’s Rebecca Lim, Mark Adams of ASIC and IBM’s Murray Bruce.

The discussion touched on issues that ranged from artificial intelligence and augmented intelligence to data management and staff engagement. Each panel member shared their personal views as to what they envision the future of RegTech holds in Australia and around the globe.

Another highly rated session discussed Australia’s competitive advantage over our Asian neighbours and how to maintain this position. There was an expressed need for Australian companies to take a more collaborative approach to be truly seen as innovative and cutting edge within the Asian pacific region. There is also a need for Australian companies to invest more in Regtech start-ups. Australian companies can be too risk averse which could stifle creativity and growth within the RegTech sector.

RegTech is forging ahead at an incredible pace and we foresee some huge changes in the way the industry operates. GRC Solutions is looking forward to playing a key role in facilitating and enabling the change.

Optus gives undertaking for misleading and deceptive conduct

Optus has given an enforceable undertaking to the Australian Competition and Consumer Commission
(ACCC) to compensate its customers who received less data and fewer calls and texts inclusions (“inclusions”) than the advertised offer.

In 2013, Optus had advertised that its prepaid customers would receive certain inclusions for a specified period, upon activating or recharging their SIM cards. Two years later, Optus reduced the inclusions and period of usage. These changes also affected customers who had purchased one of the Optus Prepaid Products before the changes were implemented.

Under Australian Consumer Law (ACL), businesses must not engage in conduct that is likely to mislead or deceive. Optus failed to advise its customers to activate or recharge their SIM cards before a certain date so that they could use the inclusions they were promised at purchase.

Optus has accepted that implementing the reduction in inclusions amounted to misleading and deceptive conduct and false misrepresentation under the ACL. It does not matter whether Optus intended to mislead or deceive its customers.

Optus has promised to compensate customers who were affected by its conduct and to not reduce inclusions without meeting certain conditions. Optus has also undertaken to ensure its compliance program accurately reflects its ACL obligations.

Businesses should always ensure their advertisements are based on current and correct information. Customers must always be notified of any changes to products/services so that they can make informed consumer decisions.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Competition and Consumer Protection. Contact us today for more information.

Salt CPD well received at Stockbrokers Conference

Last week’s annual conference organised by the Stockbrokers And Financial Advisers Association (SAFAA) was captivating and thought-provoking. Over two days, industry figure heads and prominent speakers (including former prime minister John Howard) and shared their thoughts on the current issues and challenges facing the industry, and what outlook Australia is facing.

The event was accompanied by a media frenzy. Over two days, many of the Financial Review’s “most read” articles were derived from insights shared by Magellan Financial Group’s Hamish Douglass, ASIC’s chairman Greg Medcraft and JBWere chief executive Justin Greiner’s views on gender diversity.

The SAFAA Conference also saw the office launch of Salt CPD. As the Association’s official e-learning partner, GRC Solutions displayed a new library of SAFAA approved professional development courses that taps into the heart of the problems the industry is facing – such as the increased volume of cyber-attacks on financial services and what to make of the current insider trading cases plaguing the profession.

Many practitioners are a few points short of their yearly CPD target and flocked to the GRC Solutions exhibition booth to enrol, or to find out more about the subscription model on offer.

The SAFAA conference was a resounding success and GRC Solutions is proud to have been part of such a well-organised, professional industry event.

 

 

 

 

 

 

GRC Solutions wins LearnX award for tenth straight year by partnering with ANZ

The Platinum award logo for LearnX

GRC Solutions is very pleased to announce that, in conjunction with ANZ Bank, we have won:

Platinum Award for Best Compliance Training Project at the 2017 LearnX Impact Awards.

The LearnX Impact Awards recognise the exceptional impact of organisational learning, technology and performance in the compliance space.

ANZ has launched a major initiative to invest in training and development across the bank. As part of the program ANZ sought to redevelop its ANZ Compliance Essentials course.

This e-learning course is a core component of the mandatory learning program and is assigned annually to all 60,000 staff members located throughout the bank’s network, in both Australia and other countries.

ANZ selected GRC Solutions to work with them on this project. Given ANZ’s size, global reach and diverse workplace, the requirements for the project were extremely high. ANZ needed a program that maintained the integrity of the compliance content while showcasing its focus on learning and commitment to innovation.
The GRC Solutions team developed interactive, multi-tiered global heat maps that enabled individual learners to self-select relevant content based on their location and job role. The team then created multiple training paths with diverging instances of content to account for differences in compliance responsibilities based on the various locations and role-specific materials, before returning learners to the main learning path.

GRC Solutions is extremely proud to be working with ANZ and for that work to be recognised at the LearnX awards. This is the tenth straight year GRC Solutions’ Salt Compliance training courses have won the “Best Learning Project in Compliance” category.

The LearnX Awards will be presented on September 18 at the Sofitel Sydney Wentworth, following the annual LearnX Conference.

 

What Privacy Awareness Week means for you

Privacy Awareness Week (PAW) ran between 15 and 19 May and is intended to promote awareness of privacy issues and the importance of protecting personal information. This year’s theme for PAW is “Trust and Transparency”, promoting the importance of organisations handling personal information with care.

PAW is an initiative of the Asia Pacific Privacy Authorities, of which the Office of the Australian Information Commissioner (OAIC) is a member.

In Australia, the Privacy Act 1988 regulates how personal information is handled. The Act contains the Australian Privacy Principles, which outline how APP entities, including businesses and government agencies, must handle, use and manage personal information.

Privacy is a hot topic in Australia, thanks to several recent high-profile cases. This includes journalist Ben Grubb’s case in which he unsuccessfully argued that metadata constituted personal information.

Moreover, there is heightened interest in privacy following the announcement that a new privacy reform will come into effect next year. The mandatory data reporting obligation will require APP entities to report breaches involving people’s personal information to both the OAIC and the individuals affected.

This mandatory reporting obligation aims to empower individuals whose personal information has been disclosed due to data breach to take appropriate measures to prevent or reduce financial loss or identity theft.

Privacy concerns have also reared their head because of recent international breaches, such as the WannaCry ransomware attack. The attack affected a wide range of operations, including the UK’s National Health Service, which resulted in the cancellation of medical operations after patients’ records became unavailable.

The OAIC has released a survey about privacy called “Australian Community Attitudes to Privacy Survey (Privacy Survey) Report”. The OAIC has found that 69% of the community feels that the biggest risk for privacy revolves around online services.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Privacy. Contact us today for more information.

Source:Privacy Awareness WeekOAIC, The Guardian, Federal Register of Legislation

Australia’s largest private hospital operator in court for alleged anti-competitive conduct

The Australian Competition and Consumer Commission has commenced a Federal Court action against Ramsay Health Care (Ramsay Health) for allegedly breaching the anti-competitive provisions of the Competition and Consumer Act (CCA).

Ramsay Health is Australia’s largest private hospital operator, with substantial market power in the private health industry. It runs the only private hospital and day surgery facilities in the Coffs Harbour region.

Ramsay Health executives are said to have threatened to restrict or provide access to its operating theatres in Coffs Harbour to surgeons if they established a competing surgical facility in Coffs Harbour.

Under the CCA, businesses with substantial market power like Ramsay Health are prohibited from taking advantage of that power for illegal purposes when dealing with customers, suppliers and competitors.

ACCC alleges that Ramsay Health, by seeking to deter surgeons to start a competing surgical facility, has misused its market power and engaged in anti-competitive conduct in breach of the CCA.

The competition regulator expressed concern that Ramsay Health’s conduct puts consumers at disadvantage because there will be no competitive price for surgeries if businesses are deterred from entering the market.

Businesses with substantial market power must not engage in conduct that causes damage to other businesses, or deters either entry to the market or competition.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Competition and Consumer Law. Contact us today for more information.

Source: ACCC

28 April is World Day for Safety and Health at Work

The World Day for Safety and Health at Work takes place on 28 April, highlighting both the right and the role we all have in making our work environments safe and healthy.

The day, which was first declared by the International Labour Organisation (ILO) in 2003, is an opportunity to focus on what we can all do to prevent work-related injuries, illnesses and deaths.

While work-related fatality rates in Australia are declining, Safe Work Australia still reported that there were 178 fatalities in 2016.

The ILO is using the event to promote the importance of gaining big data about health and safety, citing the “critical need for countries to improve their capacity to collect and utilise reliable occupational safety and health (OSH) data.”

Work health and safety has long been a focus for GRC Solutions, which offers compliance training on the topic for Australia and New Zealand.

New Salt Compliance course on Work Health and Safety (Australia)

On 1 June 2017, GRC Solutions will be launching a new Australian Work Health and Safety (WHS) course, which makes the key concepts of work health and safety more succinct and engaging than ever.  This course follows the updated New Zealand WHS that we released late last year to comply with the new legislation in New Zealand.

The course, which is based on the harmonised Model Laws, places the law in practical context, helping learners understand their workplace health and safety duties and obligations.

Learners will discover how to identify and respond to everyday WHS risks and what to do when a notifiable incident occurs.

All-new scenarios will help you gauge your understanding of each learning outcome. New case studies and formal assessment quiz questions keep you engaged while you learn about the technical details, from PCBUs and health and safety inspectors to enforceable undertakings.

A visually rich new design gives the training a fresh look and feel.

Where possible, we have designated modules to specific responsibilities, so that learners only train in content that is relevant to them.

Sources: Safe Work Australia, International Labour Organisation

 

Proposed changes to Australian foreign bribery laws

The Australian Government has proposed major new foreign bribery laws to overcome challenges in enforcing Australian foreign bribery law.

A man puts money into his suit jacket pocket. The Australian Government has proposed major new foreign bribery laws to overcome challenges in enforcing Australian foreign bribery laws.

The proposed amendments include the following:

  • A new offence where the accused recklessly bribes a foreign official
  • A new corporate offence for failing to prevent foreign bribery.

This offence would follow a similar provision of the UK Bribery Act, making companies automatically liable in the event that its employees, contractors and agents bribe foreign public officials. Companies may be able to raise a defence if they have a system of internal controls and adequate compliance to prevent bribery from occurring.

  • Introduction of the concept of “improperly influencing” a foreign official to obtain an advantage

The Government intends for this new concept to overcome the difficulty of proving that the benefit was “not legitimately due” given that most bribes are disguised as legitimate payments. There are various factors included in the proposal that can be taken into consideration, such as the nature and value of the benefit, in determining whether the accused has “improperly influenced” the relevant officials.

  • The advantage is not required to be gained by the accused and may include a non-business advantage. There is further clarification that if you commit a bribe you will still be found liable even if you don’t receive the benefit directly. Furthermore, the scope of the bribe may include non-business advantages.

If these changes go ahead, they will not only bolster the Government’s aim of creating tougher anti-bribery laws; they will give organisations added incentive to develop adequate compliance programs.


Source:
Department of the Attorney-General

Apple sued for alleged breach of the Australian Consumer Law

The Australian Competition and Consumer Commission (ACCC) has commenced proceedings against Apple, alleging that Apple has made false, misleading or deceptive representations regarding consumer rights.

Apple customers had complained about an error (error 53) which disabled their devices after updating software. The ACCC’s investigation found that Apple had told customers their devices could not be repaired if they had previously been worked on by non-Apple technicians. Apple has since provided customers with remedies for error 53 but the ACCC is concerned with Apple’s misrepresentations about consumer guarantees.
The Australian Consumer Law (ACL) includes consumer guarantees that the quality and other characteristics of goods and services are of an acceptable standard. This is in addition to the manufacturers’ warranties, such as Apple’s one-year limited warranty and Apple Care protection.

Unlike manufacturers’ warranties, the ACL’s consumer guarantees are not limited by time and can’t be excluded by an agreement. In this case, the fact that some Apple customers had their devices repaired by a third party does not negate their right to have their devices later repaired by Apple.

Apple has previously been given a court enforceable undertaking that it would comply with the ACL by educating its employees and consumers about the statutory consumer guarantees. The regulator’s action highlights the importance for businesses to ensure they have policies that comply with the laws. But business should also ensure that their policies are effective, by educating their employees about the underlying laws.

Talk to GRC Solutions today about our Salt Compliance online training library, including our Competition and Consumer Protection courses.

Source: ACCC, Sydney Morning Herald

 

Data breach reporting passed into law

Australian entities that hold personal information about individuals will soon be required to notify those individuals if that information is compromised.

The Privacy Amendment (Notifiable Data Breaches) Bill 2016 (“the Bill”) has recently passed both houses of Parliament, has received Royal Assent and will be introduced into Australian law on 23 February 2018. It is hoped that the new reporting requirements are a step forward in the fight to protect personal information.

The Bill shows the growing importance of data protection in the face of cyber threats, and follows the 2015 release of ASIC’s Cyber Resilience: Health Check Report. The report highlighted the importance of preparedness against cyber attacks.

What is the purpose of the Data Breach Bill?

Cyber security and the protection of personal information has been a growing concern globally for a number of years. Cyber attacks to obtain, use and disclose the private information of individuals are continuing to increase, in both number and severity. Unauthorised access to personal information is particularly damaging where the individual is unaware that a breach has occurred and therefore cannot take steps to minimise its impact.

The purpose of the Bill is to impose mandatory reporting provisions on entities that are currently regulated by the Privacy Act 1988. The reporting provisions create a legal requirement for entities to notify both the individual(s) affected and the Office of the Australian Information Commissioner (OAIC) where they have reasonable grounds to believe there has been an eligible breach of personal information.

It is intended that the data breach reporting requirement will allow individuals whose personal information has been compromised the opportunity to take proactive steps to protect their interests. It is also hoped that the requirement, and the potential implications for an entity’s reputation or standing, will encourage the relevant entities to treat the protection of their client’s personal information as a priority.

What is an eligible data breach and when does a reporting obligation arise?

A data breach is an eligible data breach in the context of reporting obligations where;

  • There has been unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals, or where such information is lost in circumstances that are likely to give rise to unauthorised access or unauthorised disclosure; and
  • A reasonable person would conclude that there is a likely risk of serious harm to any of the affected individuals as a result of the unauthorised access or unauthorised disclosure.

Whether the effect of the breach constitutes serious harm will require an assessment of particular circumstances. Parliament has identified severe physical, psychological, emotional, economic and financial harm, along with serious harm to reputation as examples of where serious harm may occur. However some entities have already raised concerns about the ambiguity of this assessment threshold. It is likely that this will need to be tested to a degree before the Judiciary before the reporting mandate is clear.

In a circumstance where an entity suspects but does not have reasonable grounds to believe that an eligible data breach has occurred the entity must, within 30 days, carry out “a reasonable and expeditious assessment of whether the relevant circumstances constitute an eligible data breach of the entity”.

Notification requirements

The entity must, where practicable, notify the contents of the statement to

  • Each individual to whom the personal information relates; and
  • Each individual considered to be at risk from the eligible data breach;

using the method it would usually employ to communicate with the individual.

If it is not practicable to notify the individuals using the above method, the entity must attempt to do so by publishing the statement on the entity’s website and take any other reasonable steps necessary to publicise the details of the breach to ensure those affected are notified.

Remedial Action

There are a number of exceptions to the reporting requirement under the Bill. One exception is where the entity has taken remedial steps to mitigate the breach, before any serious harm has occurred. The entity will not be required to notify the individual(s) concerned or the OAIC where, as a result of that remedial action a reasonable person would conclude that the unauthorised access or unauthorised disclosure is unlikely to result in serious harm to them.

Consequences for failure to comply

Where an entity has reasonable grounds to believe that a data breach has occurred and fails to meet their reporting obligations, this will be considered an interference with the privacy of an individual for the purposes of the Privacy Act. In such a situation the OAIC will be able to invoke their existing powers to investigate, make determinations and provide remedies in relation to suspected non-compliance.

The Implications for AFSL holders

ASIC has in recent times highlighted the importance of an AFSL holder being vigilant about the protection of their client’s data. It is a critical part of an AFSL holder’s obligations to have considered the risks to their business and clients from cyber threats and identified any weaknesses or areas of particular concern in the current business structure. This may include an audit of IT and data protections by a specialist firm.

Once clear about the cyber risks it faces the AFSL holder needs to take steps to be resilient to cyber attacks. This will include developing a response plan, and in some circumstances the implementation of stronger protection software and IT systems. The AFSL holder’s response plan for a data breach should include, to the extent possible, the information and mitigation advice to be given to clients if a data breach occurs as well as information on how that information will be disseminated. The more quickly the client receives this information, the better likelihood the client’s steps in mitigation will be effective against the breach.

ASIC is clear that an AFSL holder’s ability to respond to, mitigate and recover from a cyber attack will hinge on plans put in place by the AFSL holder before such an attack occurs.

Where to from here?

While the reporting requirement is a step in the right direction some industry groups do not believe it goes far enough to protect client privacy. Issues that have been raised in respect of the data breach laws include; that the obligation only applies to limited types of entities, the high threshold for determining ‘serious harm’ and the exceptions that apply to the obligation. Time will tell whether the data breach laws are effective in their current form.

This article only summarises the Bill and its requirements.

Please contact Sophie Grace for a more detailed discussion about whether the reporting requirements apply to you, and what your obligations may be.

http://sophiegrace.com.au/afsls/data-breach-reporting-passed-into-law/

About the author

Victoria Dryden – Lawyer

The author of the blog post Victoria Dryden – LawyerVictoria works primarily with the legal services team at Sophie Grace Legal Pty Ltd and assists in the drafting and review of legal documentation for participants in the financial services industry. Victoria also supports the Compliance Consultants in the provision of AFSL, ACL and on-going compliance services to clients. Victoria provides advice and legal services to clients and assists with the preparation of legal documentation, negotiation and advocacy on behalf of clients. Victoria also assists in implementing ongoing compliance support and the preparation of AFSL and ACL applications and variations. Victoria is admitted as a Barrister and Solicitor in New Zealand and a Solicitor in New South Wales.

Bringing down the house: analysis of four key real estate markets shows Australia most vulnerable to money laundering

Anti-money laundering is an issue all companies must take seriously. A new Transparency International report found that Australia’s real estate sector has major anti-money laundering deficiencies. The report identified 10 main legal loopholes and regulatory shortcomings allowing criminals to laundering their proceeds by purchasing luxury properties in Australia, Canada, the UK and the US. Australia was the only country assessed to be rated has being deficient in all 10 areas.

Currently, in Australia, real estate agents are outside the scope of anti-money laundering law and have no due diligence or reporting obligations. Although property purchasers’ nationalities are relevant for stamp duty purposes, there are no rules or requirements for checking for PEPs (or their associates), or for the beneficial owners of foreign entity purchasers. Other parties who are commonly involved in the buying and selling of real estate, such as developers, lawyers and accountants, are also not covered by anti-money laundering rules, leaving the onus on customer due diligence and suspicious transaction reporting to financial institutions.

The real estate market has always been popular with criminals as an avenue through which to launder or invest stolen money or other illegally, especially in cities with high, stable property values such as New York, London and Paris. In March 2017, The Australian reported that almost 80 percent of foreign demand for housing in NSW was from Chinese buyers and in 2016, CEO of Juwai.com Charles Pittar said that 70 percent of the Chinese property buyers his company deals with pay with cash.

Transparency International has recommended several reforms to rectify the deficiencies, including widening the scope of anti-money laundering provisions to include entities involved in real estate transactions and enforcing identification procedures on foreign buyers of property.

Are you up to date on your AML/CTF obligations? Contact GRC Solutions today for information about our off-the-shelf and custom online compliance training on customer due diligence, monitoring and reporting obligations and other AML risks.

 

Sources: Transparency International, BoingBoing, SBS News, The Australian

New Australian RegTech Association launches in style

The new RegTech Association launched in spectacular style on Thursday 31 March with “a clear vision to make Australia a global leader in building higher performing, ethical and compliant businesses through RegTech innovation and investment”.

The event, held at Allens Linklaters in Deutsche Bank Place Sydney, was a coming together of “early true believers” in the productive unification of regulation with technology, as Association Chairman (and Managing Director of GRC Solutions) Julian Fenwick put it.

In his introductory address, Mark Adams (SEL – Strategic Intelligence, ASIC) praised the inaugural event and Association founding, highlighting ASIC’s openness to fostering collaborative pathways.

Matt Symons (Director, Red Marker) followed up in his keynote address by thanking Adams, declaring, “I think it’s terrific that you as the regulator are here”. He encouraged everyone to “take out an entrepreneur” from the event for lunch over the next twelve months, ask questions and learn how RegTech can support their organisations.

For the main part of the event, Danny Gilligan (MD, Reinventure Group) moderated a panel session consisting of Anthony Quinn (CEO, Arctic Intelligence), Lisa Schutz (CEO, Verifier), Karen Malzard (Head of Risk, ANZ Wealth) and Annick Donat (CEO, Madison Financial Group).

Discussion was lively, as panellists noted how quickly RegTech had surfaced as a topic of interest worldwide. Anthony Quinn attributed this in part to the “number of scandals” such as the Panama Papers that had rocked the financial services sector globally, which has led to the need for greater compliance frameworks and a “significant increase in the number of local and international regulations”.

Karen Malzard (Head of Risk, ANZ Wealth) observed a common complaint about the burgeoning proliferation of regulations, commenting that “to run a super fund in Australia you have to deal with six different regulators”. She suggested that the solution to this problem should not involve “throwing more people at it”, but coming up with effective tools – and this lay at the heart of the modern RegTech debate.

Annick Donat believes that there is “reg fatigue”, which technology can help to ease.

Gilligan picked up this theme, noting how technology has caused an “increasing liquidity and mobility of data” which makes “automated reporting” easier to achieve.

Malzard also riffed on the notion that RechTech is facilitating standard protocols of data protection and reporting: “Our data is the crown jewel, and we will protect it…working with the regulator to maintain that protection”.

Trust was another theme, as panellists noted the need to challenge the perception that everyone in the financial services sector is criminal and untrustworthy.

Donat enthused that RegTech could help “create a social movement” that will “change behaviour”. “RegTech done well”, she said, will “amplify positive behaviour”.

She added that RegTech can also help regulators extract big data on behavioural trends. “Regulators spend an inordinate amount of time investigating”. RegTech is a “great opportunity for regulators to analyse behaviours”.

Lisa Schutz argued that RegTech was capable of not only “exporting trust” but also “exporting identity”, showcasing organisations and entrepreneurs that are trustworthy and compliant.

Answering a question from the floor about how RegTech can produce innovation (not just automation of processes), Julian Fenwick declared that “the way we encourage innovation is through the collaboration piece” enabled by the Association, which he said can be “the central point to take your problems”.

The formal part of the evening concluded with a ‘speed dating-style’ session in which members of the Association took turns to stand up and introduce their innovative businesses to the engaged and enthralled audience.

 

TABCORP slammed with AUD$45 million penalty for anti-money laundering violations

People inside a room stand around looking at TV screens of horses racing. People are placing bets on the outcome of the race. Gambling corporation TABCORP has agreed to pay AUSTRAC (Australian Transaction Reports and Analysis Centre) a AUD$45 million dollar penalty after failing to comply with anti-money laundering regulations. It’s the largest civil penalty ever in corporate Australia.

Federal Court judge Nye­ Perram yesterday ruled that TABCORP had contravened the Money Laundering and Counter-Terrorism Financing Act 108 times over more than five years.

While TABCORP did not deliberately seek to mislead AUSTRAC, it has admitted it failed to report suspicious gambling activities.

Examples include failing to identify a customer who won $100,000. TABCORP failed to lodge the appropriate information with the agency in the time required by law.

Another example included “credit betting incidents”, whereby a TABCORP agent approved a line of credit, which is illegal, to a customer.

“The penalty of $45 million sends an unequivocal message to the financial and gambling sectors in this country, if you don’t take your AML (anti-money laundering) and CTF (counter-terrorism financing) obligations seriously, we will take action,” AUSTRAC Chief Executive Paul Jevtovic said on Thursday.

It’s not the first time AUSTRAC has taken action against TABCORP, having previously done so in 2015.

The size of this penalty will be a wakeup call for other companies to take their money laundering and terrorism financing obligations seriously.

Source: The Australian, Skynews

GRC Solutions’ Certified Compliance Professional courses in Nairobi and Dubai a big success

Sam Gibbins with the group of attendees at the Certified Compliance Professional courseThe GRC Solutions Singapore team has conducted another two highly successful runs of the Certified Compliance Professional course, in Nairobi, Kenya and Dubai, UAE.

Covering a total of 18 compliance practitioners across these jurisdictions, GRC Solutions continues to prove to be a valuable partner to the compliance profession, working alongside industry and regulators to upskill individual and advance thought leadership across the industry.

The five-day Certified Compliance Professional course is accredited by the International Academy of Business and Financial Management. The content aligns with ISO19600 Compliance Management Standard guidelines and principles.

The course covers both organisational and individual development, with the aim of providing participants with the skills and knowledge to advance to a mature, sustainable state of compliance effectiveness. Participants gain an understanding of strategic compliance, moving away from tactical responses towards significant organisational change.

The course also places the challenges of managing business risk and compliance requirements within the context of the broader regulatory environment, considering the dangers posed by poor conduct risk and compliance culture, financial crime and terrorist financing.

The workshops received acclaim for the way they combined theory with case studies and real-life examples to tie the concepts to practical actions.

A participant from Nairobi said, “The program was relevant and exciting”, with another exclaiming, “The training is very good with lots of information and examples”.

In Dubai, one participant said:

Sam Gibbins takes a selfie with the Certified Compliance Professional attendees “The real insights of market knowledge and case studies was useful. The trainer knowledge was up to date and the real-life examples were related well to the key concepts in the Compliance Risk, AML and Governance area.”

Another declared:

“Sam Gibbins is an excellent trainer, he is clear, accurate, eloquent and made the long and hard course quite fun and digestible. His information was updated, engaging and relevant to the participants. Sam did a great job in making the…sessions fun as well.”

Further runs of the Certified Compliance Professional course are due to take place in Harare, Zimbabwe (March), Kuwait (May), Ghana (May), and Johannesburg, RSA (July).

Contact us for further information on any of these programs or our other offering, including our extensive library of online courseware and tailored content.

We look forward to seeing you on one of our courses soon!

Jetstar and Virgin ordered to pay fine for misleading “drip pricing” practices

Jetstar and Virgin have both been fined for misleading drip pricing practices.The Federal Court has fined Jetstar Airways AUD$545,000 and Virgin Australia $200,000 for breaching the Australian Consumer Law. Both companies were penalised for drip pricing, whereby customers are drawn in by the promise of cheap products only to be saddled with additional fees and charges.

Drip pricing is the practice of advertising an attractive price for goods or services then charging the consumer additional fees on top off the original advertised price. These fees are often unavoidable charges. The fees and charges are added incrementally to the cost of the good or services the further the consumer goes down the purchase timeline.

The ACCC investigated the airlines after becoming concerned that the companies had failed to adequately disclose the extra fees. This left consumers to pay higher prices than those advertised, or more than they intended.

Both Jetstar and Virgin have been implicated for separate instances of misleading advertising over the past three years.

In 2014 the ACCC was unsuccessful in establishing that misrepresentations were made by Jetstar on its website and in its promotional emails.

In a statement, ACCC Chairman Rod Sims warned that consumer guarantees in the airline industry are firmly on the corporate watchdog’s radar.

GRC Solutions’ Competition and Consumer Protection online compliance training modules can bring your staff up to speed on how to avoid false advertising and misleading and deceptive conduct.

Contact us today for more information about our off-the-shelf and customised offerings.

 

Sources: ACCCGizmodo

OzHarvest CEO CookOff 2017

From GRC Solutions CEO Julian Fenwick: Thank you to all those who supported me again in this year’s OzHarvest.

The combined culinary skills and fundraising efforts of Australia’s top chefs and CEOs came to fruition as close to $1.7 million was raised at OzHarvest’s CEO CookOff held at The Cutaway, Barangaroo. The fundraising total will allow OzHarvest to deliver 3.4 million meals to help feed vulnerable people across Australia. Over one thousand special guests from charitable agencies supported by OzHarvest enjoyed a variety of gourmet meals prepared and served by teams of CEOs under the guidance of celebrity chefs, Neil Perry, Matt Moran, Peter Gilmore and Paul Carmichael to name a few.  I was lucky enough to get to cook with Paul Carmichael who taught us how to make a delicious chicken pozole.

OzHarvest Founder and CEO, Ronni Kahn said the flagship fundraiser allows OzHarvest to rescue and redistribute more fresh food, helping to feed people in need at over 900 charities across Australia. Two million people seek food relief each year and many agencies say they could take double to meet demand.

We were also treated to a surprise performance from Aussie music legend, Jimmy Barnes. Donations can still be made to OzHarvest at https://www.ceocookoff.com.au/fundraisers/julianfenwick

Hong Kong’s former leader, Donald Tsang, jailed for 20 months for misconduct

Hong Kong’s former Chief Executive, Donald Tsang Yam-kuen, has become the city’s highest ranked official to be put behind bars.

Mr Tsang, 72, was found guilty of misconduct in public office for failing to disclose a conflict of interest involving a property developer, Bill Wong Cho-bao, and the granting of broadcast licences.

The high profile six-week trial centred on Mr Tsang’s purchase of a luxury three-story apartment from Mr Wong, which he failed to disclose when he approved three applications for radio broadcast licences for Wave Media, a company Mr Wong had a 20 per cent stake in.

The jury concluded Mr Tsang had deliberately concealed his connection to the developer. But they acquitted him of a related misconduct charge involving an interior designer that he nominated for an official honour without declaring that the same designer had renovated his apartment.

The jury could not reach a majority verdict for a bribery charge, again involving the same apartment and property developer. The charge is set to be retried in September.

In handing down the sentence, the judge, Justice Chan, credited Mr Tsang’s dedicated and extensive public service but added that the seriousness of the case was due to Mr Tsang’s official position and the trust placed in him by the people of Hong Kong and China.

The case comes at a time when the public is increasingly interested in the links between public officials and business people, raising suspicions over bribery, corruption and abuse of power.

In 2014, Mr Tsang’s deputy, Rafael Hui, was convicted of misconduct in public office over his own dealings with a billionaire property developer. Hong Kong’s current leader, Leung Chun Ying, is also facing corruption allegations relating to bribery involving Australian engineering firm UGL.

GRC Solutions offers and extensive library of online compliance training courses, including Anti-Bribery and Corruption training. Contact us today for more information about our off-the-shelf and customised course offerings.

 

Privacy laws are tightening

A new amendment to privacy laws will require organisations to notify customers of data breaches.

The Privacy Amendment (Notifiable Data Breaches) Bill 2016 was passed by Parliament on 13 February 2017. The amendment requires organisations to notify individuals and the Australian Information Commissioner where data breaches are likely to result in serious harm.

Failure to comply with the new provisions will incur the same penalties as those for breaching existing privacy law, which includes compensation payments and civil penalties of up to AUD$1.8 million.

The amendment comes at a time of heightened focus on privacy law in Australia and New Zealand. In January, the Federal Court of Australia further clarified the meaning of “personal information” in the Privacy Act, while just last week, the New Zealand Privacy Commissioner recommended stronger penalties for serious data breaches in that country.

Privacy laws also drew media interest recently over so-called ‘metadata’ held by telecommunications companies for access by government agencies. Metadata includes information such as location data stored by mobile phones.

Journalist Ben Grubb took Telstra to court after the telco’s privacy department refused to grant him access to the same metadata it retains for access by government agencies on request.

Grubb argued that he had a right to this metadata because it related to his own personal information, which is the fundamental concept of privacy laws.

The court upheld Telstra’s claim that metadata connected to Grubb’s mobile phone was not specifically about Grubb and so did not amount to personal information.

It should be noted that the Grubb/Telstra case was based on the older instance of the Privacy Act.

When the mandatory data breach reporting amendment will come into effect is not yet known, but it will be within twelve months of Royal Assent.

Source: Parliament of Australia, Gizmodo

Samsung chief Lee Jae-yong arrested on bribery and corruption charges

Many Australian 50 dollar bills.The de facto head of the Samsung empire, Lee Jae-yong, has been arrested and is facing corruption charges relating to bribery, embezzlement, illegal transfer of overseas assets and perjury.

The charges against Mr Lee, known as Jay Y. Lee in many business circles, connect to the national bribery and corruption scandal that led to the impeachment of South Korean President Park Geun-hye in December 2016.

In January 2017, a South Korean court denied an arrest warrant for Mr Lee, citing a lack of evidence. However, investigators have since collected additional evidence and presented this before Judge Han Jeong-seok who felt there was now sufficient grounds to issue the warrant.

Investigators have accused Mr Lee and Samsung of paying bribes totalling AUD$47 million (43 billion Korean won) to President Park’s associate, Choi Soon-sil, to secure government support for the merger of two Samsung affiliates in 2015.

The complex case is exceptionally significant for South Korea’s increasing attempts to target pervasive business and government collusion. If Ms Park’s impeachment is upheld by the Constitutional Court in coming weeks, she will become the country’s first democratically elected leader forced from office.

Samsung is the largest and most profitable family-owned conglomerate, or chaebol, in South Korea, accounting for around 20 percent of the country’s GDP. Mr Lee inherited the reins of the company in 2014 from his father, Lee Kun-hee, who was twice convicted of financial crimes but received suspended sentences and was presidentially pardoned.

While many Koreans fear the high-profile case will hurt the national economy, others welcome the move as a sign that powerful chaebol bosses will be increasingly be held accountable for their actions.

GRC Solutions offers and extensive library of online compliance training courses, including Anti-Bribery and Corruption training. Contact us today for more information about our off-the-shelf and customised course offerings.

 

Sources: The SMH

GRC Solutions appointed eLearning partner for Stockbrokers and Financial Advisers Association

Wednesday 22nd February, Sydney, Australia. In a joint first, GRC Solutions, a global leader in innovative compliance training, has been appointed e-learning partner for the Stockbrokers and Financial Advisers Association (SAFAA).

The partnership coincides with last week’s announcement by Kelly O’Dwyer, Minister for Revenue and Financial Services, that new requirements to raise the competency and ethical conduct standards of financial advisers will commence on 1 January 2019. This includes compulsory education requirements for new and existing financial advisers, supervision conditions for new advisers, an industry-wide benchmark exam and a code of ethics as part of the mandate.

GRC will be offering an array of new online courses that is tailored specifically for SAFAA’s members, including those practitioners who provide tax advice.

“The team at GRC Solutions is thrilled to be partnering with such a highly-regarded industry body,” says GRC Solutions’ Managing Director Julian Fenwick. “The partnership aligns with our focus on servicing the financial services market with high quality, professional compliance and regulatory training.

Andrew Green, Chief Executive of SAFAA says, “We already provide education and training that sets the benchmark in the financial services industry. This new e-learning partnership with GRC will provide members with access to courses that lifts the bar even higher.”

Internationally, GRC also recently announced the appointment of Hong Kong’s HJ Innoxcell as its e-learning affiliate. The partnership improves access to quality compliance e-learning in the Asian market and further consolidates GRC’s strong presence in the region, supported by the Singapore office.

Deutsche Bank fined A$833 million for inadequate anti-money laundering controls

Shadowy figures running away, with American dollars in the background.Deutsche Bank has been fined by both UK and US authorities for failing to implement proper anti-money laundering control frameworks, which resulted in clients illegally moving A$13 billion out of Russia.

Britain’s Financial Conduct Authority (FCA) fined Deutsche Bank A$271 million and the New York Department of Financial Services fined them A$562 million. The authorities cited significant deficits in Deutsche Bank’s global anti-money laundering framework, including inadequate customer due diligence processes and deficient anti-money laundering policies and procedures.

Without sufficient customer information, risk assessment processes and transaction monitoring are ineffective.

As a consequence of these failings, unidentified customers were able to transfer around A$13 billion from Russia to offshore bank accounts using ‘mirror trades’. These trades involved clients purchasing shares in roubles in Moscow then the same stocks were sold through Deutsche Bank’s London branch for US dollars.

Whilst ‘mirror trades’ can be legal, the FCA said that the “covert transfer of those funds out of Russia” and lack of economic purpose was highly suggestive of financial crime. The trades also highlighted the lack of anti-money laundering controls in place at Deutsche Bank.

In imposing the largest penalty for anti-money laundering control failings ever, the FCA highlighted that Deutsche Bank’s actions had exposed the UK and global financial systems to serious risk. As such, the size of the fines is reflective of the seriousness of the anti-money laundering failings.

Criminal investigations by the US Department of Justice and other regulators and law enforcement authorities are ongoing.

This case highlights the complexity of anti-money laundering regulations. GRC Solutions offers an extensive library of online compliance training courses, including Anti-Money Laundering training. Contact us today for more information about our off-the-shelf and customised course offerings.

Sources: The Guardian; BBC

Korean court denies arrest warrant for Samsung head Lee Jae-yong following bribery and corruption probe

A Samsung phone tangled up in headphones and keys. Samsung itself has been tangled up in an bribery and corruption scandal.South Korean court has cited a lack of evidence in denying an arrest warrant for Lee Jae-yong, also known as Jay Y. Lee, the heir-apparent to the Samsung Group empire. Mr Lee was accused of involvement in a national bribery and corruption scandal that led to the impeachment of South Korean President Park Geun-hye in December 2016.

Mr Lee faced charges of bribery, embezzlement and perjury as Samsung is accused of having paid bribes of nearly $US 36.6 million (43 billion Korean won) in exchange for governmental backing of a merger of two Samsung affiliates in 2015. Prosecutors allege that these bribes would ultimately help transfer the control of Samsung to Mr Lee.

The case is part of an ongoing investigation into the actions of Ms Park and close associate, Choi Soon-sil. Ms Park is accused of working with Ms Choi to exchange favours with companies such as Samsung for bribes paid to non-profit foundations backing presidential initiatives. Samsung has admitted to providing funds to such foundations but has consistently denied receiving any business favours.

The denial of the warrant is expected to hamper authorities’ efforts to further investigate Ms Park’s involvement in the bribery scandal.

Mr Lee is part of the third generation of the Lee family to control the Samsung conglomerate. He was widely viewed as spearheading a new style of transparent business, following his father’s own troubled history. Mr Lee’s father, Lee Kun-hee, was convicted of embezzlement and tax evasion but was pardoned twice.

While some business groups are concerned about the impact of the bribery probe on the nation’s economy, many civil organisations are appalled at the growing evidence of ongoing collusion between business and the government.

GRC Solutions offers and extensive library of online compliance training courses, including Anti-Bribery and Corruption training. Contact us today for more information about our off-the-shelf and customised course offerings.

Rolls-Royce fined AUD$1.1 billion in bribery and corruption crackdown

Rolls-Royce has been fined in a bribery and corruption case.

Rolls-Royce has paid $1.1 billion to settle bribery and corruption investigations with authorities in Britain, the United States and Brazil.

The investigation into Rolls-Royce by the US Department of Justice and the UK Serious Fraud Office came following a joint exposé from Fairfax Media and The Huffington Post into Unaoil, a Monaco-based oil industry fixer.

The wide-ranging bribery and corruption investigations revealed that billions of dollars in government contracts were awarded to a number of companies, including Rolls-Royce and an offshore arm of Australian company Leighton Holdings (now CIMIC), as a direct result of bribes.

The US and UK fines were the result of a Deferred Prosecution Agreement (DPA) whereby a company can admit corruption but not face court. For Britain’s Serious Fraud Office (SFO), it was the biggest settlement to date.

Australian authorities are involved in an ongoing global joint investigation with the FBI, US Department of Justice and the SFO into pervasive bribery in the oil industry, particularly involving Unaoil.

The Australian Federal Government is now considering introducing a DPA scheme following the settlement successes in the Rolls-Royce case.

This is not the first bribery and corruption scandal that Rolls-Royce has faced. Increasingly serious regulations and ongoing global cooperation in bribery and corruption investigations, highlight the importance of all organisations tackling bribery and corruption throughout their operations.

GRC Solutions offers an extensive library of online compliance training courses, including Anti-Bribery and Corruption training. Contact us today for more information about our off-the-shelf and customised course offerings.

 

 

 

Singapore jails Swiss bank’s ex-manager in multinational money laundering crackdown

A former manager at a Swiss private bank has been sentenced to 28 weeks in jail and fined $AUD 120,000 for breaching Singapore’s anti-money laundering regulations.Shadowy figures running away, with American dollars in the background.

Early this year, a Singapore court found Jens Sturzenegger, a former branch manager at Falcon Private Bank, guilty of six charges including failing to report suspicious transactions totalling more than $1.7 billion.

Sturzenegger, a Swiss national, is the first foreigner to be charged in Singapore following an ongoing money laundering investigation into Malaysian state investment fund 1Malasia Development Berhad (1MDB).

1MDB, founded by Malaysian Prime Minister Najib Razak, is at the centre of money laundering investigations in at least six countries, including Singapore and the United States. Over $4.76 billion is alleged to have been misappropriated from fund by people close to Razak.

Sturzenegger pleaded guilty to six counts, including lying to police and the Monetary Authority of Singapore (MAS) about his connections to financier Low Taek Jho, a key figure at the centre of the international money laundering investigations into 1MDB.

In October 2016, MAS shut down and withdrew Falcon Private Bank’s Singapore banking licence and imposed a fine of $4.05 million for breaching money laundering and terrorism financing regulations. Fines were also imposed on DBS Bank and UBS for similar regulatory breaches.

GRC Solutions offers an extensive library of online compliance training courses, including Anti-Money Laundering training with specific regional courses for Singapore and Malaysia. Contact us today for more information about our off-the-shelf and customised course offerings.

Source: ABC News; Strait Times; Strait Times

 

More pain for Nurofen with fine increased to AUD$6 million

Pharmaceutical company Reckitt Benckiser is set to pay the highest penalty ever awarded for misleading consumers in Australia over its Nurofen products.

A mortar and pestle mixing drugs. Nurofen is likely to receive a headache from this issue. Earlier this year, the Australian Competition and Consumer Commission (ACCC) sued Reckitt Benckiser for misleading consumers about its “specific pain” product range. The “specific pain” products were marketed as “targeting” specific types of pain and set at a higher price to regular Nurofen.

In fact, all the “specific pain” products contained the same dose of the same active ingredient, ibuprofen lysin 342mg.

The Federal Court condemned the marketing strategy, which the company had persisted with for five years, as being “designed around the creation and promotion of a fiction of difference and choice where none existed”. It also noted that the way the products were marketed created a risk of double-dosing: for example, people suffering different types of pain might take both tablets believing them to each target a specific type of pain, when there was no additional benefit.

The Court ordered Reckitt Benckiser to remove all Nurofen specific pain products from sale within three months and post corrective notices. In December 2016, it increased the company’s fine to $6 million, up from $1.7 million.

Reckitt Benckiser insists it did not intend to mislead consumers, “however, we recognise that we could have done more to assist our consumers in navigating the Nurofen Pain Specific Range.”

The Productivity Commission recently recommended that fines for consumer law breaches should be increased to match the $10 million fine for competition law breaches.

According to ACCC chairman Rod Sims, the ACCC has recently started legal proceedings for a number of similar cases.

GRC Solutions’ Competition and Consumer Protection online compliance training modules can bring your staff up to speed on how to avoid false advertising and misleading and deceptive conduct. Contact us today for more information about our off-the-shelf and customised offerings.

Sources: ABC News; the AFR.

 

GRC Solutions Wins Silver in the 2016 Brandon Hall Group Excellence in Technology Awards Program

Best Advance in Learning Management Technology for Compliance Training

GRC Solutions has won the Silver Award for excellence in technology awards. GRC Solutions, an international leader in innovative compliance training and RegTech, has won a coveted Brandon Hall Group award for excellence in the category of Best Advance in Learning Management Technology for Compliance Training.

GRC Solutions’ Silver Award win was announced on December 15th in Florida, USA. All winners are listed at http://www.brandonhall.com/excellenceawards/past-winners.html.

The award went to GRC Solutions for using its Salt Adaptive platform to deliver anti-money laundering e-learning to American Express.

Mandatory compliance training has become a huge annual burden for companies. Using the new Salt Adaptive technology, companies can save tens of thousands of hours of employees’ time by leveraging adaptive learning technology to dynamically generate compliance training for each individual.

By only training people on what they don’t already know, Salt Adaptive can increase individual engagement with the training as well as reduce staff pushback. Further time and money can be saved by enabling staff to complete training anywhere, in multiple languages, from any device.

At GRC Solutions we know compliance! GRC Solutions provides online legal compliance training under the Salt Compliance brand to hundreds of clients worldwide from financial services, professional services, insurance, pharmaceutical, engineering & construction and many other industries. Our offices are located internationally, from New York and Singapore to New Zealand and throughout Australia.

The award consolidates our reputation as being a top RegTech company that uses innovative training and technology to help clients manage complex regulatory obligations.

GRC Solutions’ content team has years of experience in writing and developing e-learning for compliance. We work with broad-ranging clients to develop specific content areas or custom-built training based on existing materials. We manage ongoing legislative updates and keep the training content refreshed.

“This is a significant win for the team at GRC Solutions. Brandon Hall’s reputation in this area is unsurpassed. We strongly believe in the ROI of adaptive compliance training, and in providing staff with engaging and educative programs. The technology has proven to be extremely effective and easy for our clients to use. We will continue to develop and improve our platform while expanding our library of premium courses.”

Julian Fenwick, CEO, GRC Solutions.

GRC Solutions – Year in Review

2016 is drawing to a close and it has been another fascinating year. Here at GRC Solutions there has been a lot of exciting stuff going on.

In January we opened our New York office, headed up by Matt Wadley, a Brisbane boy who has called the US home for the last 20 years.

map1We launched our Salt Adaptive platform with which we aim to reduce the amount of mandatory training hours using technology that recognises prior learning and improves training effectiveness. The response has encouraged a group of compliance companies to start the International Regulatory Technology (RegTech) Association. The group now has 150 members and is already engaged with regulators here and in Asia.

GRC Solutions has also expanded our presence in Asia with a partnership with Right Shift Solutions in Malaysia and Darlina Djumadi joining our Singapore team. The team also exhibited at the Singapore Fintech Festival, a huge event attended by over 12,000 people.

Over the year we have worked with some amazing clients, including American Express, which is using the Salt Adaptive platform to train over 100,000 people in anti-money laundering in eight languages. This project won us the LearnX Award for Best Compliance Training Program for the ninth year in a row.

In a year that has brought us many tumultuous and unexpected changes to the political landscape, there have also been major corporate compliance issues and scandals. In the spirit of the 12 days of Christmas I give you my top 12:

12. Anti-money laundering

In Singapore there was huge drama when BSI Bank and Falcon Bank licences revoked causing the closure of their operations in the Nation State. In addition, major banks including SCB, DBS, UBS, the private bank Coutts have been fined. The director of a company which engaged in money laundering involving some $1.2 million was jailed for more than two years, with more cases pending.

11. Corruption & Unaoil

I think Melbourne’s Age newspaper described this best: “In the list of the world’s great companies, Unaoil is nowhere to be seen. But for the best part of the past two decades, the family business from Monaco has systematically corrupted the global oil industry, distributing many millions of dollars’ worth of bribes on behalf of corporate behemoths including Samsung, Rolls-Royce, Halliburton and Australia’s own Leighton Holdings”.

10. Foreign Corrupt Practices Act – JP Morgan pays $264m fine

The Securities and Exchange Commission announced that JPMorgan Chase & Co. has agreed to pay over $130 million to settle SEC charges that it won business from clients and corruptly influenced government officials in the Asia-Pacific region by giving jobs and internships to their relatives and friends in violation of the Foreign Corrupt Practices Act (FCPA).

JPMorgan also is expected to pay $72 million to the Justice Department and $61.9 million to the Federal Reserve Board of Governors for a total of over $264 million in sanctions resulting from the firm’s referral hiring practices.

9. South Korean President impeached – The South Korean parliament has voted to impeach their leader, Park Geun-hye, the country’s first female president. Her downfall has resulted from her relationship with an advisor who had no official position within the government.

The adviser, Choi Soon-sil, is the daughter of the founder of an obscure sect called the Church of Eternal Life and a long-time friend of Park. Choi has been indicted on charges of having manipulated the president for personal financial gain, including using her relationship with the President to coerce large companies into donating huge amounts of money to the not-for-profit foundations Choi runs. Choi allegedly siphoned some of that money for personal use.

Hundreds of thousands of people came out to demonstrate and call for the President to resign.

8. Unconscionable Conduct – price hikes for EpiPen

Mylan Pharmaceutical has upped the price of the lifesaving allergy treatment once again. The list price on a two-pack of EpiPens in the US is now $609, up 400% from seven years ago.

We should also mention Turing Pharma’s 5000% price hike on the AIDS medication, Daraprim. Turing CEO Martin Shkreli, one of America’s most hated CEOs, was arrested after being indicted on federal charges of securities fraud. He has since resigned as CEO.

7. ‘Striking tigers and flies’ goes international

Since Xi Jinping took leadership of the Chinese Communist Party over 400,000 officials have been disciplined and a further 200,000 have been prosecuted as a result of the crackdown on corruption – “striking”, as Xi put it in 2014, “tigers and flies at the same time”.

Much of the program is targeted at getting control of the 90 million members of the CCP who for many years have worked to the Chinese proverb shan gao, huangdi yuan meaning “The mountains are high and the emperor far away.” The crackdown aims to limit region powers and remind members who is in charge.

In 2016 the program’s international reach was expanded targeting increasing capital outflows which have been impacting real estate prices from London to Auckland.

6. US$17m Whistle-blower payout – June 9, 2016

The US Securities and Exchange Commission announced a whistle-blower award of over $17 million to a former company employee whose detailed tip substantially advanced the agency’s investigation and ultimate enforcement action. The SEC’s whistleblower program has now awarded over $85 million to 32 whistleblowers since the program began in 2011.

5. Banks cartel behaviour

A five-year investigation by competition authorities in Brussels into rigging of interest rates drew to a close on December 7th 2016 when HSBC, JP Morgan and Credit Agricole were fined €485m (£412m) for colluding to manipulate a crucial benchmark rate. In Australia, the Federal Court has imposed penalties on Australia and New Zealand Banking Group Limited (ANZ) of AUD$9m and Macquarie Bank Ltd AUD$6m for attempted cartel conduct concerning the attempted rigging of the benchmark rate for the Malaysian ringgit.

4. Corruption & FIFA

Technically this is a 2015 case in which fourteen people were indicted in connection with an investigation by the FBI and the US Internal Revenue Service for wire fraudracketeering, and money laundering.

But this case will keep on giving for years to come. In November 2016, Aaron Davidson, a former sports marketing executive who was arrested last year in a US corruption probe involving FIFA pleaded guilty.  So far 17 people and two companies have pleaded guilty.

3. Corruption – 1 MDB

2016 saw the continuation of the 1Malaysia Development Berhad Scandal political scandal. Malaysia’s Prime Minister, Najib Tun Razak, has been accused of channelling over RM2.67 billion (nearly USD 700 million) from 1MDB, a government-run strategic development company, to his personal bank accounts held in his own name at a prominent Malaysian bank.

In a celebrity twist, Leonardo DiCaprio has offered to help US authorities in their corruption probe. The actor’s charity foundation and movie The Wolf of Wall Street allegedly received money that was siphoned off the Malaysian fund.

2. Corporate governance & culture – Wells Fargo

In September 2016, Wells Fargo fired 5,300 people for signing up customers for accounts and credit cards without their knowledge. Two million fake accounts were opened with forged signatures, phony email addresses, and fake PIN numbers, by employees who were pressured from supervisors to meet daily quotas. Wells Fargo has been ordered to pay $185 million in fines

1. Cyber security – Panama Papers

In what has to be the year’s biggest cyber security breach, the files of Panamanian law firm Mossack Fonseca were leaked to German journalist Bastian Obermayer.

Wikipedia describes the Panama Papers as11.5 million leaked documents that detail financial and attorney–client information for more than 214,488 offshore entities; some date back to the 1970s.

The leaked documents contain personal financial information about wealthy individuals and public official which had previously been kept private. While offshore business entities are legal, reporters found that some of the Mossack Fonseca shell corporations were used for illegal purposes, including fraud, kleptocracy, tax evasion, and evading international sanctions.”

According to the International Consortium of Investigative Journalists, “The Panama Papers investigation has produced an almost daily drumbeat of regulatory moves, follow-up stories and calls for more action to combat offshore financial secrecy – including at least 150 investigations in 79 countries and $110 million recouped by governments so far.

Politicians, business executives and thousands of their supporters have responded with vitriol, threats, cyberattacks and lawsuits against reporters who continue to unveil the hidden economic holdings of a global elite.”

In August this year, the president of the Law Council of Australia, Stuart Clark, said that cyber security is a ‘major problem’ for law firms. This seems a slight understatement in the case of Mossack Fonseca.

It is the pure size and reach of this breach that makes the Panama Papers my number one pick for 2016.

So there are my top 12 for the year. No doubt you can think of a few more that I have missed, so feel free to send them through.

From all of us here at GRC Solutions, we hope that you have had a wonderful, safe and merry Christmas and a prosperous New Year!

 

 

 

Highlights of the 2016 Innoxcell Annual Symposium in New York City

Matt Wadley, our business development manager in the USA, recently attended the Innoxcell Annual Symposium on December 6, 2016 in NYC. Here he discusses some of the highlights of the event.

 I looked forward to this event for a number of reasons, including the profile of the attendees, the speakers, and the subject matter up for discussion. But most interestingly, a lot of the conversation was about what the regulatory environment would look like under a Trump administration – more about that later.

Attendees of the Innoxcell Annual Symposium in New York City talk in a roundtable discussion.The Innoxcell Annual Symposium consists of a series of global events in Hong Kong, Beijing, Shanghai, Singapore, Australia and the United States and covers a wide variety of legal and compliance topics. The global span gives the event a more international flavor than that provided by other organizations and many of the topics touched on cross-border issues. While it was a small event, the speakers were of a high quality and the format allowed for a lot of Q&A and discussion generally. Attendees mainly consisted of compliance professionals from law firms and smaller companies in the finance industry.

Cyber Security

With all the hacking in the news, the high-profile data breaches being reported, and the increasing emphasis on the role of Big Data in business, cyber security was a well-represented topic of discussion throughout the day. Scott Warren, the head of the Cybersecurity and Data Privacy practice for Squire Patton Boggs in Asia, presented an excellent history of the evolution of the cyber security landscape. There were several topics that stood out from Scott’s presentation and discussions through the day:

  1. Cyber security presents cross-border challenges

Cross-border issues arising from global commerce are increasingly complicating the picture with respect to cyber security and compliance. In particular, the contrast in compliance requirements between the EU and the rest of the world create numerous scenarios where companies are subject to obligations they may be unaware of. Simply acquiring information from EU customers may require some companies to comply with compliance regulations even where they do not have subsidiaries or a physical presence in the EU.

  1. Companies don’t know they have been hacked

Some companies are completely unaware they have been hacked and their data compromised. While the period is shortening overall, the times between hacking, discovery, and remedy are still much longer that most imagine.

  1. Hackers are targeting law firms

Law firms are increasingly being targeted by hackers. This should come as no surprise. Law firms are recipients and custodians of some of the most valuable data imaginable. However, they have been relatively slow to ensure their physical defenses are sufficient and their processes and procedures are adequate. A lot of this can be credited to the legal profession’s reluctance to look at themselves as simply another vendor (subject to all the necessary security audits) and not simply a trusted advisor/partner.

Regulation

Specific regulations created a lot of interest and discussion:

  • ISO37 001

This international bribery standard has been adopted by more than 37 countries, specifying a series of measures to help organizations prevent, detect, and address bribery. These include adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training, risk assessments, and due diligence on projects and business associates, implementing financial and commercial controls, and instituting reporting and investigation procedures.

  • Department of Financial Services (DFS) Cybersecurity guidelines

The regulation requires banks, insurance companies, and other financial services institutions regulated by the NYS State Department of Financial Services to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York State’s financial services industry. It is expected to come into effect in January 2017 and is significant because it is regulation rather (previously) recommendation.

  • Department of Labor (DOL) Fiduciary Rule

This sweeping will automatically elevate all financial professionals who work with retirement plans or provide retirement planning advice to the level of a fiduciary, bound legally and ethically to meet the standards of that status. While the new rules are likely to have at least some impact on all financial advisors, it is expected that those who work on commission, such as brokers and insurance agents, will be impacted the most. They will not be able to offer or sell financial products that are not in the best interests of their clients.

Trump

The other aspect of regulation that generated a lot of discussion was the potential impact of a Trump administration on the regulatory environment. There has been a lot of speculation of what regulations (if any) may be rolled back and to what extent. Particular attention has been paid to elements of the Dodd-Frank such as the Consumer Financial Protection Bureau and the Volcker Rule. There has also been discussion about rolling back the DOL Fiduciary Rule described above.

The speakers at the conference included former members of the SEC and other regulatory bodies. While they stressed that each regulation and framework should be considered separately with respect to possible repeal or amendment, their overwhelming consensus was that the assumption should be made that nothing would be repealed. Regulations, once in place are hard to reverse for many reasons and companies should assume that their compliance obligations will remain largely unchanged.

Overall it was a very interesting conference, with high quality of speakers and very relevant discussions topics.

 

 

Police expose $29 million Hong Kong-Australia drug money laundering plot

Australian police have uncovered an elaborate money laundering scheme in which a Chinese crime syndicate laundered AUD$29 million in drug money within 10 months.

Australian money. 50 dollar bills sprawled across the table.A joint investigation conducted by Western Australian detectives and the Australian Federal Police found that the syndicate dispersed the money in deposits of up to $40,000 in several Commonwealth Bank and Westpac branches throughout Perth between March and December 2015.

12 Australian-registered companies were set up as fronts for the scheme, with the directors all being Hong Kong nationals on working visas.
“The money was then electronically transferred from the accounts to Sydney-based money remitters within one or two days of the deposit,” the Supreme Court of Western Australia has heard.

One Perth-based recruit is said to have made 11 deposits amounting to $419,970 in just one day.

Another recruit not only made deposits but also helped to import almost 2kgs of methamphetamine into Australia from a drug dealer based in Hong Kong. Justice Jeremy Allanson sentenced the recruit to seven years’ imprisonment for money laundering.

GRC Solutions provides anti-money laundering online training and program reviews.

Source:
The Western Australian

Don’t get caught in the CRS-fire

In September, Singapore and Australia signed a Competent Authority Agreement under the Common Reporting Standard (CRS) to exchange information about residents of each state holding financial accounts with the other state’s financial institutions.

Shadowy figures running away, with American dollars in the background. The CRS is a global protocol developed by the Organisation for Economic Cooperation and Development (OECD) for the automatic exchange of information. Over 96 countries, including the UK, New Zealand, Hong Kong, Japan and Malaysia, have agreed to share information on foreign tax residents’ assets and incomes with relevant tax authorities in other signatory states.

The signing of this agreement – the first of what looks to be many bilateral CRS agreements for Singapore – is a timely reminder that the commencement date for CRS is fast approaching. Australian financial institutions need to be prepared for the additional due diligence and on-boarding processes by 1 July 2017, when its CRS obligations take effect.

You’ll often hear the CRS mentioned in the same breath as the Foreign Account Tax Compliance Act (FATCA). But you will still need to get ready for the CRS even if you’ve already dealt with your FATCA requirements. Though the CRS and FATCA are similar, there are many differences in application, and the CRS is significantly broader in scope.

FATCA is a US law designed to make offshore banking more transparent and to combat tax evasion by US taxpayers. It requires foreign financial institutions to report on the assets and income of US account holders. Financial institutions who don’t comply with FATCA face a 30% withholding on all US-sourced payments and payments from FATCA participants.

GRC Solutions has delivered custom e-learning on FATCA and the CRS and is currently developing a series of facilitated workshops on the automatic exchange of information regimes. Contact us today for more information about our online training content and international workshops.

Insights from Singapore Fintech Festival 2016

Julian Fenwick, Managing Director GRC Solutions, recently attended the inaugural Singapore Fintech Festival. Here he captures insights from the event.

“A network of companies focused on developing common technological solutions to regulatory processes (Regtech) promises to make the financial system both more accessible and more secure.” – Christophe Chazot, Group Head of Innovation, HSBC

Joe Bennett from GRC Solutions talks to attendees from the Singapore Fintech FestivalI have recently returned from a fantastic week at the inaugural Singapore Fintech Festival, one of the largest industry events globally, which drew almost 11,000 people from around the world for a diverse range of events – including a day thought-provoking Regtech Forum attended by well over 1,200 delegates.

Singapore’s innovation ecosystem is a major hub and community that nurtures new Fintech and Regtech innovations. It was great to learn about how The Monetary Authority of Singapore (MAS) is paving the way with this festival and by inviting Fintech and Regtech companies to demonstrate their systems to the regulator, signifying how government, industry, and the innovation community are collaboratively engaging for market impact.

Here are my 4 key learnings from the week of discussions with key leaders and disruptors in the fintech space:

1. Banks need to invest more in Regtech. Most banks only use 30% of their own data because the rest is stored in legacy systems which are too difficult or time-consuming to access. In Australia, Singapore and beyond, banks and other highly regulated industries need to invest in Regtech solutions to help improve outdated legacy systems, bring their costs down and carve out a more competitive profile.

2. Fintech is starting to threaten the banks’ business model. At the same time, compliance costs are going up. With a lack of highly experienced compliance staff available globally, financial institutions will need to rely even more heavily on Regtech solutions to improve compliance outcomes and meet regulator expectations. Fintechs themselves will soon have to think about how they manage compliance.

3. Outcomes not hours. Regulators globally are looking at ways in which they can monitor, measure and improve culture and behaviour particularly in financial institutions. Improvements in the quality of training and learning outcomes for staff are needed – not just training hours for the sake of earning points. Continuing Professional Development (CPD) programs which monitor hours of training are becoming outdated as more sophisticated approaches are evolving.

4. Banks and regulators are under pressure to offer APIs (application programming interfaces). Many Fintech and Regtech solution providers are calling for banks and regulators to offer APIs to allow better access to data, with the aim of creating better efficiency between banks and regulators. The general consensus is that data sharing or ‘data democracy’ is a good idea, but there are issues of commercial secrecy and of individual customers’ privacy to be considered.

Rio Tinto senior managers fired for “consultancy” payments

A paddle wheel in action at a Mine.Rio Tinto has taken action against two of its executives, firing them as a result of payments made to “advisory” services in the African nation of Guinea. The firing demonstrates a tough stance against potential evidence of bribery and corruption.

The mining corporation released Energy and Minerals chief executive Alan Davies and the head of Legal and Regulatory Affairs Debra Valentine after it found that payments of $AUDS14.3 million had been made to an individual for “advisory services” in 2011.

Mr Davies was suspended from all of his duties while Rio Tinto was conducting an internal probe. Mr Davies was accountable for the Simandou iron ore project in Guinea.

When the payments occurred in 2011, Rio Tinto had praised the Guinea government for its constructive engagement with the company.

“The board’s decision does not pre-judge the course of any external inquiries into this matter,” a company declared in a statement. Rio Tinto has referred the matter to the relevant authorities within the United Kingdom, United States of America and Australia.

The company has refused to comment further while the investigations are ongoing.

Mr Davies has claimed that accusations levelled against him are unsubstantiated.

Last month Rio Tinto sold the Simandou iron ore project in Guinea to the Chinese mining giant Chinalco. The deal is expected to make the company up to $US1.3 billion.

Source: ABC News

 

GRC Solutions launches new Australian Privacy course

At GRC Solutions, we know compliance.

We’re proud to announce the launch of our new online Privacy training course in November.

The course boasts a fresh new look and feel that is designed to attract learners’ active engagement without overwhelming them with unnecessary details.

The content puts complicated privacy requirements into practical context using more scenarios and case studies than ever before.

Privacy breacScreenshot of the new privacy coursehes attract wide media interest, making headlines regularly. But while everyone thinks they know what privacy is, they may struggle to understand how the laws work. The requirements under Australian law can be very particular.

Our new Privacy course breaks down those requirements into language our learners can understand. As with all our Salt Compliance e-learning courses, it reaffirms our commitment to developing courses with speed to competence in mind – that is, to helping learners become competent quickly in training topics.

This is balanced against the need to cover the training content in adequate detail, so that our clients can be confident the training meets their requirements and needs under the law.

The introductory module summarises the key concepts. For learners who are tasked with undertaking privacy training every year, this module can also be used as a short piece of refresher training.

Subsequent modules explore the Australian Privacy Principles in more detail. The final module focuses on credit reporting obligations.

As with all Salt Compliance courses, the new Privacy course can be customised to reflect nuances specific to your industry or your company policies, and branded with your company logo and colours.

Don’t judge a herb by its label: ACCC cracks down on “oregano” misrepresentations

Oregano on a table. ACCC is cracking down on misrepresentations of food labeling.Two major consumer herb and spice brands, ALDI Foods Pty Limited (Aldi) and Monde Nissin (Australia) Pty Ltd trading as Menora Foods (Menora), have given enforceable undertakings in relation to the authenticity of their “oregano” products.

In April 2016, consumer advocacy group CHOICE reported on food fraud occurring in the oregano supply chain of a number of brands of oregano sold at supermarkets and independent grocers around Australia. Out of the 12 brands tested, only five contained 100% oregano. The other seven used ingredients other than oregano for over 50% of the product. Ingredients included olive leaves and sumac.

Australian Consumer Law prohibits businesses from making of false or misleading representations in advertising or product packaging. The prohibition extends to information provided by staff or the business’ online presence, including media or social media statements.

Australian Competition and Consumer Commission (ACCC) Chairman Rod Sims said, “By labelling their products as ‘Oregano’, both Aldi and Menora represented to consumers that their products contained only oregano.”

He said, “Suppliers of food products have an obligation to ensure ingredients of their products are accurately labelled and should be able to substantiate any representations made on the packaging that they approve.”

Aldi and Menora have undertaken to regularly obtain test reports to confirm the composition of their ‘Oregano’ products, as well as several other herb and spice products.

The ACCC’s investigation into other suppliers in relation to products labelled as oregano is ongoing.

GRC Solutions is a leading provider of online compliance training on Competition and Consumer law, which covers topics such as advertising, cartel conduct, misuse of market power and product liability. Contact us today for more information.

 Sources: ACCC, CHOICE

Australian regtech start-up expands global reach in Singapore

Sydney-based regulatory technology start-up, GRC Solutions, has been acknowledged with a Premier’s award for its expanding international presence in Asia and North America.

skyline of singaporeGRC managing director, Julian Fenwick, said that the nomination at the New South Wales Premier’s Export Awards in the education and training category was an important step forward for the fintech, as it looked to continue to build its international reach.

 

 

 

 

ACCC enforces against unfair contract terms

A much-discussed new consumer protection law against unfair contract terms comes into effect this week in Australia. As of 12 November the Australian Competition and Consumer Commission (ACCC) moved from educating the business community about the new law to enforcing it.

A person is seen signing a contract. The ACCC will be looking to enforce laws based on unfair contractsAs of 12 November, the consumer protection law against unfair contract terms applies to up to two million small businesses.

“Small businesses sign an average of eight standard form contracts a year and from November 12 these contracts will be covered by a law preventing unfair terms in contracts that are offered on a ‘take-it or leave-it’ basis,” ACCC Deputy Chair Dr Michael Shaper said.

Dr Shaper hailed the “positive engagement” of several prominent companies that had worked with the ACCC over the past year to change their “contract terms that may have been problematic when the new law commences”.

The ACCC details its findings in a new report, “Unfair terms in small business contracts”, in which it cites the most common areas of concern that it experienced in working with businesses from seven different industries, including advertising, telecommunications, retail leasing, independent contracting, franchising, waste management and agriculture.

GRC Solutions recently updated its Competition and Consumer Protection course to take into account the new law. The course already covers a wide range of anti-competitive behaviours and explores consumer protections through wide-ranging issues relating to consumer guarantees and product liability.

Source: ACCC