Cartel case leads to first criminal cartel prosecution

Shipping cartel conduct attracts one of the biggest fines everThe Federal Court has issued an AUD$25 million fine in relation to a shipping cartel. It’s one of the largest fines ever recorded under the existing competition regime. It also marks the first successful prosecution under current criminal cartel laws.

According to the Australian Competition and Consumer Commission (ACCC), it’s the first time in 100 years that “a cartelist was convicted, sentenced and fined for a breach of the criminal law”.

The recipient is Nippon Yusen Kabushiki Kaisha (“NYK”), one of the world’s largest shipping conglomerates.

NYK admitted to striking deals with other carriers not to alter their market shares or try to win business from each other. The deals involved the importation of Nissan, Suzuki, Honda, Toyota and Mazda vehicles.


Cartel penalty is big. But it could have been bigger.

NYK’s fine is the second biggest in ACCC history. But remarkably, it could’ve been worse.

This is because the Court issued a 50 percent discount on the penalty in recognition of NYK’s guilty plea. It also took into account the conglomerate’s “past and future assistance and cooperation” with ACCC investigations.

Significantly, NYK’s cartel began back in 1997. Yet this operation only focused on conduct occurring between 2009 and 2012, since Australia’s current criminal cartel provisions (under Competition and Consumer Act, or “CCA”) didn’t exist until 2009.


ACCC lessons from the shipping cartel case

Over the past three years, the ACCC has devoted an expanding range of resources to investigating cartels.

ACCC Chairman Rod Sims said the penalty “sends a strong warning to the industry and the business community at large. The [Commonwealth Director of Public Prosecution] and ACCC can and will criminally prosecute cartel conduct.”

He also noted that the case highlighted how the authorities could exercise leniency in the face of early engagement and cooperation.

NYK has encountered several anti-cartel challenges worldwide.

Sources: ACCC, Australian Competition Law Blog, AFR


GRC Solutions offers a wide-ranging library of Salt Compliance online training, including a Competition and Consumer Protection suite of courses. Contact us today for more information.

Commonwealth Bank anti-money laundering breach allegations


The Commonwealth Bank of Australia (CBA) is dealing with allegations that it committed over 50,000 anti-money laundering breaches.

On 3 August 2017, Australia’s financial intelligence agency, AUSTRAC, started civil proceedings against CBA.

AUSTRAC claims CBA breached the Anti-Money Laundering and Counter-Terrorism Financing Act 53,700 times.

The allegations concern CBA’s roll out in May 2012 of its Intelligent Deposit Machines (IDMs), which customers use to deposit cash and cheques.

It’s said CBA failed to identify certain deposits made via the machines as suspicious. Nor did it submit correct transaction reports to AUSTRAC in the correct time – which can attract fines of up to AUD$18 million.


Commonwealth Bank’s role in assessing money laundering risks

The CBA case highlights the role banks play in assessing ML/TF risk. Financial institutions must uphold high standards to combat ML/TF.

The law imposes various obligations on ‘reporting entities’ such as CBA. For example, there’s a key obligation to establish a AML/CFT program to identify, mitigate and manage ML/TF risk.

According to AUSTRAC, CBA did not adequately assess the machines’ money laundering and terrorism financing (ML/TF) risk between May 2012 and September 2015. In particular, AUSTRAC says CBA failed to:

  • comply with its AML/CFT program
  • carry out ongoing due diligence
  • report 53,506 threshold transactions totalling $624.7 million
  • report suspicious transactions totalling over $77 million


Fintech and regtech implications of Commonwealth Bank case

For the Bank’s part, it argues that the breaches occurred as a result of a coding error. This error, the Bank says, prevented its machines from raising the red flag on so-called ‘threshold transactions’ of over $10,000.

For this reason, commentators, in analysing CBA’s use of deposit machines, will almost inevitably focus their scrutiny on the rise of technology in financial services, or ‘fintech’.

But fintech is only part of the story. The other part concerns ‘regtech’.

Regtech – the use of technology to facilitate regulation and promote cultures of compliance – is a burgeoning field. And it’s rapidly transforming the way organisations are preventing and identifying breaches.

So this case poses an interesting question about how regtech can assist reporting entities like CBA. Does a better way exist to embed ‘compliance by design’ into deposit machine technology?

Or to put things differently: what’s the most effective, most secure way to identify red flags, before either reporting entities or the regulators have to identify suspicious transactions manually?



GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Anti-Money Laundering. Contact us today for more information.

GRC Solutions partners with RHT Compliance Solutions, the leading and largest standalone compliance consultancy in Southeast Asia

Through our partnership, RHT Compliance Solutions will be able to offer their clients access to GRC Solutions’ award-winning Salt Web Compliance Learning Management System.

The partnership will grant companies across Southeast Asia access to legal and compliance training content built by an expert team in line with international standards and benchmarks.

GRC Solutions is a recognised leader in the online compliance training market. Our e-Learning promotes speed to competence: we want your staff to get the most out of their online compliance training in the shortest possible time. We’ve helped hundreds of private, government and not-for-profit organisations around the world build resilient cultures in the face of complex and evolving regulatory obligations.

Our training covers regulatory compliance, risk and ethics. We develop content for many industries, including financial services, professional services, insurance, pharmaceutical, engineering and construction.

As a specialist compliance eLearning publisher, we know what works in compliance training and can help you reduce mandatory training hours, minimise pushback from employees and improve training outcomes.

For further information, please contact Sam Gibbins or Darlina Djumadi.

Egg-producer handed ‘record’ AUD$1m fine over false free-range labelling

Eggs on the ground. One of the eggs has been smashed open.One of Australia’s largest egg producers has been fined AUD$750,000 by the Federal Court and ordered to pay $300,000 more in court costs for falsely labelling some of its products free range – the largest fine in Australian history for a breach of its kind.

The Australian Competition Consumer Commission brought the action against WA company Snowdale Holdings – the company behind six WA egg labels and one of the biggest supermarket suppliers in the state – over its farms in Carabooda and the Swan Valley.

In May 2016, the Federal Court found the company guilty of misleading customers after ACCC investigations revealed the company sold 71 percent of its eggs as ‘free range’ between 2012 and 2013 and had made claims the eggs were laid by hens that were able to go outdoors and roam freely.

The Federal Court heard that half the chickens probably never got outside because the sheds were overstocked, with 17,000 chickens kept in a barn and some barns holding up to 14 chickens per square meter. Under current national standards, chickens must have “meaningful and regular” outdoor access, and there must be no more than one chicken per square metre, to claim free-range status.

The court also heard that Snowdale’s “Free Range Eggs by Ellah” were advertised as being sourced from the Swan Valley farm, but they were consolidated from both properties and put indiscriminately into cartons.

The Humane Society International (HSI) has said the landmark fine was a “major victory for Australian consumers” against a company that has been “charging a premium for eggs produced in anything but free-range conditions for 14 years”, according to HIS Director Verna Simpson.

ACCC commissioner Mick Keogh said consumers paying for premium products should have an expectation they will not be “duped” by producers making false claims. “This is the highest penalty that a court has ordered in relation to misleading ‘free range’ egg claims,” he said. “It reflects the seriousness of Snowdale’s conduct and the importance of egg producers being truthful about marketing claims they make.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Competition and Consumer Protection. Contact us today for more information.

Source: Sydney Morning Herald


Officer charged under new WHS legislation for lacking due diligence

A Ferris wheel rideA South Australian amusement ride operator has been convicted in the wake of a fatal incident involving its “Airmaxx” ride at the Royal Adelaide Show.

In September 2014 an eight year old girl suffered fatal injuries when she was ejected from the Airmaxx.

C, J Sons Amusements Pty Ltd owned and operated the Airmaxx. One of its officers was convicted by the South Australian Employment Tribunal for failing to exercise health and safety due diligence under the South Australian Work Health and Safety Act 2012.

The Tribunal fined the operator AUD$94,500 for failing to provide and maintain the plant in a safe condition and have safe systems of work in place in relation to the risk of death or serious injury.

The Tribunal also imposed a $63,000 penalty against the director for her failure to exercise due diligence to ensure that the operator complied with its duties under the WHS Act (Section 27).

The director failed to take due diligence steps to ensure:

  • repairs, maintenance and inspection of the equipment was performed by appropriately qualified persons
  • safe systems of work were maintained, and policies and procedures for the operation of the equipment were in place
  • the operator had appropriate systems and processes in place to record maintenance and repair work undertaken on the equipment, as well as recording hazards, risks or injuries relating to the operation of the equipment
  • the equipment was appropriately registered and that it was not used until its design registration was authorised

While the Tribunal noted that both the operator and the director had been let down by the experts it relied upon, the director had “ample opportunities” to be more careful in her duty to discharge the due diligence obligations of an officer.

Moreover, the Tribunal found that while the operator and director did not behave with reckless intent, the lack of due diligence and the way in which they “did not necessarily cover everything they ought to have” could not be excused.

The Tribunal’s emphasis on deterrence in relation to “significant risk” reinforces the need for employers to have in place safety corporate governance structures at the highest levels, and for directors and officers to take appropriate steps to show they are performing due diligence.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Work Health and Safety. Contact us today for more information.

Source: Ashurst

GRC Solutions acquires renowned compliance division of COBA

GRC Solutions Pty Ltd has recently acquired the compliance division business of COBA (Customer Owned Banking Association). The compliance division is responsible for developing a range of resources, including compliance manuals, guides, training content and associated services.

“This is a fantastic development that will showcase the complementary strengths of both businesses,” GRC Solutions Managing Director Julian Fenwick says.

“GRC Solutions has a longstanding commitment to developing and delivering premium quality compliance training to a wide range of industries, including an ever-expanding base of financial services clients.”

“COBA and its compliance division are highly regarded in the financial services sector for their thought leadership in advocacy, advice and training.”

“Our priority is to ensure that the compliance business maintains the same high standards for which it’s renowned, with its team of exceptional lawyers and compliance advisers.”

“We look forward to seeing how each business can enhance the other and elevate the profile of our combined people, training products and services.”


What the incoming European data protection laws mean to your business

The European Union flag with the Union Jack displayed in the background The European Union (EU) General Data Protection Regulation (GDRP) takes effect from 25 May 2018. The GDRP aims to preserve individuals’ rights to have their personal data protected in today’s global and digital era.

The EU GDRP will apply to Australian businesses if they have an office in the EU or offer goods and services in the EU or monitor behaviour of individuals in the EU. Businesses that need to comply with the GDRP but lack an office in the EU will have to appoint a representative as a point of contact for the supervising authority, the European Data Protection Supervisor.

The GDRP and Australian laws are similar in some respects. For instance, both laws apply to personal information that identifies or can identify an individual. But Australian businesses should note that the GDRP deems a wide range of data to be personal information, including location data, online identifiers and physical identifiers. There are extensive requirements for businesses under the GDRP, including appointing a “privacy champion” in certain situations, choosing data controllers that provide sufficient guarantee and undertaking a compulsory data protection impact assessment.

Failure to comply with the requirements of the GDRP may result in penalties up to €20 million or 4% of the business’ worldwide turnover, whichever is greater. Given the severity of penalties, businesses should take a proactive role in understanding GDRP and ensure they implement a compliant personal data handling regime. This means an organisation’s officers aren’t the only ones who need to have an extensive understanding of the requirements – employees who collect, use and manage personal information need to as well.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Privacy and Cyber Security/Data Protection. Contact us today for more information.

Source: OAIC, EDPR, Australasian Lawyer


Millions of dollars of celebrity’s jewellery linked to 1MDB case

Australian model Miranda Kerr is the latest celebrity to be caught up in Malaysia’s 1Malaysia Development Berhad (1MDB) corruption and money laundering scandal.

Malaysian financier Low Taek Jho gifted Kerr USD$8 million worth of jewellery allegedly paid for with funds misappropriated from the 1MDB fund. Kerr recently turned the jewellery over to US authorities and has not been accused of any wrongdoing.

1MDB investors have also alleged that the 2013 Hollywood film The Wolf of Wall Street was partly financed with diverted 1MDB funds. Actor Leonardo DiCaprio has returned USD$12 million worth of artwork and a Marlon Brando Oscar statuette given to him by 1MDB financiers.

The US Justice Department has sought to collect USD $1.7 billion worth of goods bought with misappropriated 1MDB funds. So far this has included a luxury yacht, a Bombadier jet, real estate in New York, Los Angeles and London, as well as Kerr’s jewellery and DiCaprio’s Picasso painting.

The 1MDB scandal first made headlines in 2015, with allegations that Malaysian Prime Minister Najib Tun Raza had siphoned off almost USD$700 million from the government fund for national development for his own personal benefit. Malaysia’s first lady was also accused of receiving $30 million in jewellery paid for by the stolen funds.

Law enforcement agencies in countries including the US, Singapore, Hong Kong, the UAE and Switzerland have been conducting their own investigations into the issue, and taking action to freeze accounts and recover assets. The cases are ongoing.

Want to learn more about anti-bribery and corruption or anti-money laundering? GRC Solutions offers off-the-shelf e-learning, bespoke content and face-to-face workshops. Contact us today for more information.

Why diversity and equality matters: the cautionary tale of Uber

Legendary management consultant Peter Drucker once said, “Culture eats strategy for breakfast”. Perhaps Uber – and particularly its recently-departed CEO Travis Kalanick – had never heard of the quote or decided that revenue and expansion were more important than treating employees with basic decency.

Taxis on a dark ominous looking streetFormer Uber employee Susan Fowler blew the whistle on the infamous start-up in a now-famous blog post back in February. Her article detailed how a select few individuals within Uber were deemed untouchable. Not only were they immune to any complaints of sexual harassment, Kalanick went so far as to publicly acknowledge them as embodying the 14 core values of the organisation.

When people talk about Uber, they’re often referencing its status as one of the prized darlings of Silicon Valley and its fabled rise from tiny start-up to a titanic taxi-industry disrupter. Today, the company is valued at $70 billion and operates in 83 different countries.

But as Fowler’s article demonstrates, even a giant “success story” like Uber is not immune to the reputational damage caused by poor workplace culture. Nor can it escape other costs, including paying compensation to victims of harassment and the costs of replacing staff who can no longer work in hostile environments.

Uber is not the first company whose serious corporate culture issues have made international news. Sadly, too many organisations normalise sexism and too many victims and other employees are discouraged from speaking out against it. It’s startling to think that Uber’s harassment problems could have remained buried, and its business model unquestioned, if it hadn’t been for one brave female engineer taking a stand. Diversity and equality training has been around long enough now that staff expect their employers to take harassment claims seriously, and that they will not be victimised for blowing the whistle on toxic behaviour.

GRC Solutions offers Diversity and Equality training for staff at all levels within an organisation – both online learning courses that everyone take or tailored workshops for small groups or management. Contact us today to find out how we can help.

Google fined record $3.57 billion by European Union for anti-competitive behavior

European Union regulators have slapped a record €2.42Bn ($AU3.57 billion) fine on U.S tech giant Google for breaching antitrust rules with its online shopping service.

Following a seven-year long investigation of Google’s search engine practices in the European Union, the EU competition watchdog, the European Commission has alleged Google denied “consumers a genuine choice” by unfairly promoting its shopping platform (Google Shopping) in internet searches to the detriment of its rivals. The fine is the highest ever imposed in Europe for anti-competitive behavior.

The Commission has accused Google to have “abused its market dominance as a search engine by giving an illegal advantage to another Google product”. Investigators found Google acted illegally by giving priority placement to its own shopping service, while relegating results from rivals to areas where potential buyers were much less likely to click.

The action was prompted by scores of complaints by rivals including US consumer review website Yelp, TripAdvisor, UK price comparison site Foundem, News Corp and lobbying group Fair Search.

EU competition commissioner Margrethe Vestager described the action as “illegal under EU antitrust rules”, and has said it “denied other companies the chance to compete on the merits and to innovate”.

It gave the Californian company 90 days to stop or face fines of up to 5 percent of the average daily worldwide turnover of parent company Alphabet.  Alphabet has more than $120 billion in cash, including about $73 billion in accounts outside of Europe.

Google has maintained that it was trying to package its search results in a way that made it easier for consumers to find what they wanted. Google has said it will review the Commission’s decision in detail as it considers an appeal.

The EU has also accused the Silicon Valley tech giant of abusing its market position by imposing restrictions on Android device manufactures and mobile network operators.

Talk to GRC Solutions today about our Salt Compliance online training library, including our Competition and Consumer Protection courses.

The human factor

On 19 June, BBC News ran the following story: “Sensitive personal details relating to almost 200 million US citizens have been accidentally exposed by a marketing firm contracted by the Republican National Committee. The 1.1 terabytes of data include birthdates, home addresses, telephone numbers and political views of nearly 62% of the entire US population. The data was available on a publicly accessible Amazon cloud server. Anyone could access the data as long as they had a link to it…”

The huge database was hosted online but the data lacked any type of protection from public access. While there is no evidence of any malintent by the marketing firm, the fact that this event went unnoticed until data security firm UpGuard discovered it by accident, points to the biggest challenge in protecting organisations from cyberattacks and keeping data secure: the human factor.

Cybercrime the number-one threat

Australia’s financial services sector is leading the way when it comes to tackling cyber threats. ASX research into the risks of cyberattacks on Australian businesses shows the majority of boards are alive to the potential impact from the loss of key information and data assets.

But organisations’ increased awareness in cyber threats has been met with a significant increase in cyberattacks. The WannaCry attack in May was said to be the biggest ransomware attack in history (affecting 230,000 organisations in 150 countries). Now, news articles warn us daily of the likelihood of even bigger attacks.

Dan Tehan, Minister Assisting the Prime Minister on cybersecurity says, “Cybercrime is the number one threat that the business community is facing. The cost is conservatively put at $1 billion a year to our economy.” Research undertaken by the Australian Computer Society indicates the average cost of a cyberattack to an Australian business is about $276,000.

Digital literacy

Despite these stark warnings, human error – the risk posed by employees clicking on malicious emails or not changing passwords – is still not adequately addressed. It is estimated that nearly two-thirds of Australian companies see cyber breaches as an “IT issue” rather than a major business risk. While most organisations offer employees some security awareness training, the vast majority of employees have inadequate levels of digital literacy.

The Sans Institute estimates that 95 percent of cyberattacks start with spear phishing emails that target a specific individual. It is really a no-brainer that everyone within an organisation should know the range of issues they need to look out for. A telling example comes from the 2016 US presidential election. Hillary Clinton’s campaign chairman John Podesta’s Gmail account was hacked after a fake email from the URL “” prompted him to change his password. To this day, many speculate that ongoing hacks and cyber interference damaged Clinton’s campaign beyond repair and cost her the Presidential title.

Countering carelessness

Cybersecurity is as much about people as it is about technical defence. Everyone – not just IT staff – needs a basic understanding of cyberthreats and how to recognise them. This way, employees are aware of the threats they face and the part they are expected to play in guarding against them. The better informed everyone within an organisation is, the less likely it is that the organisation will fall victim to an attack.

Keep it relevant

As with any training program, relevance is key. Why? The more learning is tailored towards a specific type of firm or job role, the more it will “stick”. Research shows time and again that effective learning is learning that is relevant. In other words, if you don’t find the learning engaging, it is probably not going to sink in.

Talking about which…

Any reputable Cybersecurity training program should, as a minimum, include the following topics:

  • Social engineering (tricking people into giving up sensitive or confidential information)
  • Information handling
  • Phishing (an email with a link or attachment embeds malicious code and gives a hacker a route in)
  • Password management
  • Bring your own device (BYOD)
  • Removable media (i.e. USB keys)
  • Remote working
  • Social media


SAFAA accredited e-learning

GRC Solutions have developed a Cybersecurity CPD course that is accredited by the Stockbrokers and Financial Advisers Association. The e-learning delves into the topics mentioned before and gives a well-rounded overview, including recent cases and FS-related examples. It has been developed with Australian retail and institutional stockbroking firms and investment banks in mind.

The learning platform easily connects to most learning management systems meaning all the benefits of personalised e-learning are there – including reporting capabilities. Individual subscriptions are available as well as a subscription package to a range of RG146 topics.

Salt CPD is not a tick-and-flick exercise: it is a carefully developed program designed to help advisers and brokers grow their skills and maintain high levels of competency.

For further information, visit:

or email us:


ACCC: nearly 6,000 businesses affected by scams in 2016

The Australian Competition and Consumer Commission (ACCC)’s Targeting Scams report reveals that Australian businesses lost a total of around $3.8 million due to scams in 2016.

The Report ranks the most common types of scams, including ransomware (when a hacker holds a user’s computer hostage with rogue software), business email compromises schemes, false billing and investment scams. The Report also found that that there had been a four-fold increase in hacking scams between 2015 and 2016.

Organisations need to implement measures that protect the data they hold, not only to prevent losses to scammers but also to avoid penalties for possible breaches of relevant laws. For instance, scammers could also gain access to personal information of the customers of the business, which could amount to contraventions of the Privacy Act 1988. Under the Privacy Act, personal information of another must be protected from misuse, interference and loss.

With this in mind, what are some key strategies you can implement to prevent financial loss and potential compliance breaches? Installing data protection software and staying vigilant against suspicious emails is always a good start. But most of all, organisations need to ensure employees are aware of the risks facing the business, their obligations under various laws, and the consequences if the business falls victim to a scam.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Data Protection, Fraud Awareness and Privacy. Contact us today for more information.

Source: ACCC, Target Scam Report, The Guardian


Wrap-up: RegTech Australia 2017

The recent inaugural RegTech Australia cJulian Fenwick, Managing Director of GRC Solutions chairs a discussion at the RegTech eventonference, hosted by InnovationAus, saw the leaders of financial institutions get together with regulators and innovators.

As part of this event, Julian Fenwick, Chairman of the RegTech Association and Managing Director of GRC Solutions, moderated a panel discussion about what the industry can expect in the year ahead. The high-profile panel included Jost Stollmann of Tyro Fintech Hub, Westpac Group’s Rebecca Lim, Mark Adams of ASIC and IBM’s Murray Bruce.

The discussion touched on issues that ranged from artificial intelligence and augmented intelligence to data management and staff engagement. Each panel member shared their personal views as to what they envision the future of RegTech holds in Australia and around the globe.

Another highly rated session discussed Australia’s competitive advantage over our Asian neighbours and how to maintain this position. There was an expressed need for Australian companies to take a more collaborative approach to be truly seen as innovative and cutting edge within the Asian pacific region. There is also a need for Australian companies to invest more in Regtech start-ups. Australian companies can be too risk averse which could stifle creativity and growth within the RegTech sector.

RegTech is forging ahead at an incredible pace and we foresee some huge changes in the way the industry operates. GRC Solutions is looking forward to playing a key role in facilitating and enabling the change.

Optus gives undertaking for misleading and deceptive conduct

Optus has given an enforceable undertaking to the Australian Competition and Consumer Commission
(ACCC) to compensate its customers who received less data and fewer calls and texts inclusions (“inclusions”) than the advertised offer.

In 2013, Optus had advertised that its prepaid customers would receive certain inclusions for a specified period, upon activating or recharging their SIM cards. Two years later, Optus reduced the inclusions and period of usage. These changes also affected customers who had purchased one of the Optus Prepaid Products before the changes were implemented.

Under Australian Consumer Law (ACL), businesses must not engage in conduct that is likely to mislead or deceive. Optus failed to advise its customers to activate or recharge their SIM cards before a certain date so that they could use the inclusions they were promised at purchase.

Optus has accepted that implementing the reduction in inclusions amounted to misleading and deceptive conduct and false misrepresentation under the ACL. It does not matter whether Optus intended to mislead or deceive its customers.

Optus has promised to compensate customers who were affected by its conduct and to not reduce inclusions without meeting certain conditions. Optus has also undertaken to ensure its compliance program accurately reflects its ACL obligations.

Businesses should always ensure their advertisements are based on current and correct information. Customers must always be notified of any changes to products/services so that they can make informed consumer decisions.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Competition and Consumer Protection. Contact us today for more information.

Salt CPD well received at Stockbrokers Conference

Last week’s annual conference organised by the Stockbrokers And Financial Advisers Association (SAFAA) was captivating and thought-provoking. Over two days, industry figure heads and prominent speakers (including former prime minister John Howard) and shared their thoughts on the current issues and challenges facing the industry, and what outlook Australia is facing.

The event was accompanied by a media frenzy. Over two days, many of the Financial Review’s “most read” articles were derived from insights shared by Magellan Financial Group’s Hamish Douglass, ASIC’s chairman Greg Medcraft and JBWere chief executive Justin Greiner’s views on gender diversity.

The SAFAA Conference also saw the office launch of Salt CPD. As the Association’s official e-learning partner, GRC Solutions displayed a new library of SAFAA approved professional development courses that taps into the heart of the problems the industry is facing – such as the increased volume of cyber-attacks on financial services and what to make of the current insider trading cases plaguing the profession.

Many practitioners are a few points short of their yearly CPD target and flocked to the GRC Solutions exhibition booth to enrol, or to find out more about the subscription model on offer.

The SAFAA conference was a resounding success and GRC Solutions is proud to have been part of such a well-organised, professional industry event.







GRC Solutions wins LearnX award for tenth straight year by partnering with ANZ

The Platinum award logo for LearnX

GRC Solutions is very pleased to announce that, in conjunction with ANZ Bank, we have won:

Platinum Award for Best Compliance Training Project at the 2017 LearnX Impact Awards.

The LearnX Impact Awards recognise the exceptional impact of organisational learning, technology and performance in the compliance space.

ANZ has launched a major initiative to invest in training and development across the bank. As part of the program ANZ sought to redevelop its ANZ Compliance Essentials course.

This e-learning course is a core component of the mandatory learning program and is assigned annually to all 60,000 staff members located throughout the bank’s network, in both Australia and other countries.

ANZ selected GRC Solutions to work with them on this project. Given ANZ’s size, global reach and diverse workplace, the requirements for the project were extremely high. ANZ needed a program that maintained the integrity of the compliance content while showcasing its focus on learning and commitment to innovation.
The GRC Solutions team developed interactive, multi-tiered global heat maps that enabled individual learners to self-select relevant content based on their location and job role. The team then created multiple training paths with diverging instances of content to account for differences in compliance responsibilities based on the various locations and role-specific materials, before returning learners to the main learning path.

GRC Solutions is extremely proud to be working with ANZ and for that work to be recognised at the LearnX awards. This is the tenth straight year GRC Solutions’ Salt Compliance training courses have won the “Best Learning Project in Compliance” category.

The LearnX Awards will be presented on September 18 at the Sofitel Sydney Wentworth, following the annual LearnX Conference.


What Privacy Awareness Week means for you

Privacy Awareness Week (PAW) ran between 15 and 19 May and is intended to promote awareness of privacy issues and the importance of protecting personal information. This year’s theme for PAW is “Trust and Transparency”, promoting the importance of organisations handling personal information with care.

PAW is an initiative of the Asia Pacific Privacy Authorities, of which the Office of the Australian Information Commissioner (OAIC) is a member.

In Australia, the Privacy Act 1988 regulates how personal information is handled. The Act contains the Australian Privacy Principles, which outline how APP entities, including businesses and government agencies, must handle, use and manage personal information.

Privacy is a hot topic in Australia, thanks to several recent high-profile cases. This includes journalist Ben Grubb’s case in which he unsuccessfully argued that metadata constituted personal information.

Moreover, there is heightened interest in privacy following the announcement that a new privacy reform will come into effect next year. The mandatory data reporting obligation will require APP entities to report breaches involving people’s personal information to both the OAIC and the individuals affected.

This mandatory reporting obligation aims to empower individuals whose personal information has been disclosed due to data breach to take appropriate measures to prevent or reduce financial loss or identity theft.

Privacy concerns have also reared their head because of recent international breaches, such as the WannaCry ransomware attack. The attack affected a wide range of operations, including the UK’s National Health Service, which resulted in the cancellation of medical operations after patients’ records became unavailable.

The OAIC has released a survey about privacy called “Australian Community Attitudes to Privacy Survey (Privacy Survey) Report”. The OAIC has found that 69% of the community feels that the biggest risk for privacy revolves around online services.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Privacy. Contact us today for more information.

Source:Privacy Awareness WeekOAIC, The Guardian, Federal Register of Legislation

Australia’s largest private hospital operator in court for alleged anti-competitive conduct

The Australian Competition and Consumer Commission has commenced a Federal Court action against Ramsay Health Care (Ramsay Health) for allegedly breaching the anti-competitive provisions of the Competition and Consumer Act (CCA).

Ramsay Health is Australia’s largest private hospital operator, with substantial market power in the private health industry. It runs the only private hospital and day surgery facilities in the Coffs Harbour region.

Ramsay Health executives are said to have threatened to restrict or provide access to its operating theatres in Coffs Harbour to surgeons if they established a competing surgical facility in Coffs Harbour.

Under the CCA, businesses with substantial market power like Ramsay Health are prohibited from taking advantage of that power for illegal purposes when dealing with customers, suppliers and competitors.

ACCC alleges that Ramsay Health, by seeking to deter surgeons to start a competing surgical facility, has misused its market power and engaged in anti-competitive conduct in breach of the CCA.

The competition regulator expressed concern that Ramsay Health’s conduct puts consumers at disadvantage because there will be no competitive price for surgeries if businesses are deterred from entering the market.

Businesses with substantial market power must not engage in conduct that causes damage to other businesses, or deters either entry to the market or competition.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Competition and Consumer Law. Contact us today for more information.

Source: ACCC

28 April is World Day for Safety and Health at Work

The World Day for Safety and Health at Work takes place on 28 April, highlighting both the right and the role we all have in making our work environments safe and healthy.

The day, which was first declared by the International Labour Organisation (ILO) in 2003, is an opportunity to focus on what we can all do to prevent work-related injuries, illnesses and deaths.

While work-related fatality rates in Australia are declining, Safe Work Australia still reported that there were 178 fatalities in 2016.

The ILO is using the event to promote the importance of gaining big data about health and safety, citing the “critical need for countries to improve their capacity to collect and utilise reliable occupational safety and health (OSH) data.”

Work health and safety has long been a focus for GRC Solutions, which offers compliance training on the topic for Australia and New Zealand.

New Salt Compliance course on Work Health and Safety (Australia)

On 1 June 2017, GRC Solutions will be launching a new Australian Work Health and Safety (WHS) course, which makes the key concepts of work health and safety more succinct and engaging than ever.  This course follows the updated New Zealand WHS that we released late last year to comply with the new legislation in New Zealand.

The course, which is based on the harmonised Model Laws, places the law in practical context, helping learners understand their workplace health and safety duties and obligations.

Learners will discover how to identify and respond to everyday WHS risks and what to do when a notifiable incident occurs.

All-new scenarios will help you gauge your understanding of each learning outcome. New case studies and formal assessment quiz questions keep you engaged while you learn about the technical details, from PCBUs and health and safety inspectors to enforceable undertakings.

A visually rich new design gives the training a fresh look and feel.

Where possible, we have designated modules to specific responsibilities, so that learners only train in content that is relevant to them.

Sources: Safe Work Australia, International Labour Organisation


Proposed changes to Australian foreign bribery laws

The Australian Government has proposed major new foreign bribery laws to overcome challenges in enforcing Australian foreign bribery law.

A man puts money into his suit jacket pocket. The Australian Government has proposed major new foreign bribery laws to overcome challenges in enforcing Australian foreign bribery laws.

The proposed amendments include the following:

  • A new offence where the accused recklessly bribes a foreign official
  • A new corporate offence for failing to prevent foreign bribery.

This offence would follow a similar provision of the UK Bribery Act, making companies automatically liable in the event that its employees, contractors and agents bribe foreign public officials. Companies may be able to raise a defence if they have a system of internal controls and adequate compliance to prevent bribery from occurring.

  • Introduction of the concept of “improperly influencing” a foreign official to obtain an advantage

The Government intends for this new concept to overcome the difficulty of proving that the benefit was “not legitimately due” given that most bribes are disguised as legitimate payments. There are various factors included in the proposal that can be taken into consideration, such as the nature and value of the benefit, in determining whether the accused has “improperly influenced” the relevant officials.

  • The advantage is not required to be gained by the accused and may include a non-business advantage. There is further clarification that if you commit a bribe you will still be found liable even if you don’t receive the benefit directly. Furthermore, the scope of the bribe may include non-business advantages.

If these changes go ahead, they will not only bolster the Government’s aim of creating tougher anti-bribery laws; they will give organisations added incentive to develop adequate compliance programs.

Department of the Attorney-General

Apple sued for alleged breach of the Australian Consumer Law

The Australian Competition and Consumer Commission (ACCC) has commenced proceedings against Apple, alleging that Apple has made false, misleading or deceptive representations regarding consumer rights.

Apple customers had complained about an error (error 53) which disabled their devices after updating software. The ACCC’s investigation found that Apple had told customers their devices could not be repaired if they had previously been worked on by non-Apple technicians. Apple has since provided customers with remedies for error 53 but the ACCC is concerned with Apple’s misrepresentations about consumer guarantees.
The Australian Consumer Law (ACL) includes consumer guarantees that the quality and other characteristics of goods and services are of an acceptable standard. This is in addition to the manufacturers’ warranties, such as Apple’s one-year limited warranty and Apple Care protection.

Unlike manufacturers’ warranties, the ACL’s consumer guarantees are not limited by time and can’t be excluded by an agreement. In this case, the fact that some Apple customers had their devices repaired by a third party does not negate their right to have their devices later repaired by Apple.

Apple has previously been given a court enforceable undertaking that it would comply with the ACL by educating its employees and consumers about the statutory consumer guarantees. The regulator’s action highlights the importance for businesses to ensure they have policies that comply with the laws. But business should also ensure that their policies are effective, by educating their employees about the underlying laws.

Talk to GRC Solutions today about our Salt Compliance online training library, including our Competition and Consumer Protection courses.

Source: ACCC, Sydney Morning Herald


Data breach reporting passed into law

Australian entities that hold personal information about individuals will soon be required to notify those individuals if that information is compromised.

The Privacy Amendment (Notifiable Data Breaches) Bill 2016 (“the Bill”) has recently passed both houses of Parliament, has received Royal Assent and will be introduced into Australian law on 23 February 2018. It is hoped that the new reporting requirements are a step forward in the fight to protect personal information.

The Bill shows the growing importance of data protection in the face of cyber threats, and follows the 2015 release of ASIC’s Cyber Resilience: Health Check Report. The report highlighted the importance of preparedness against cyber attacks.

What is the purpose of the Data Breach Bill?

Cyber security and the protection of personal information has been a growing concern globally for a number of years. Cyber attacks to obtain, use and disclose the private information of individuals are continuing to increase, in both number and severity. Unauthorised access to personal information is particularly damaging where the individual is unaware that a breach has occurred and therefore cannot take steps to minimise its impact.

The purpose of the Bill is to impose mandatory reporting provisions on entities that are currently regulated by the Privacy Act 1988. The reporting provisions create a legal requirement for entities to notify both the individual(s) affected and the Office of the Australian Information Commissioner (OAIC) where they have reasonable grounds to believe there has been an eligible breach of personal information.

It is intended that the data breach reporting requirement will allow individuals whose personal information has been compromised the opportunity to take proactive steps to protect their interests. It is also hoped that the requirement, and the potential implications for an entity’s reputation or standing, will encourage the relevant entities to treat the protection of their client’s personal information as a priority.

What is an eligible data breach and when does a reporting obligation arise?

A data breach is an eligible data breach in the context of reporting obligations where;

  • There has been unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals, or where such information is lost in circumstances that are likely to give rise to unauthorised access or unauthorised disclosure; and
  • A reasonable person would conclude that there is a likely risk of serious harm to any of the affected individuals as a result of the unauthorised access or unauthorised disclosure.

Whether the effect of the breach constitutes serious harm will require an assessment of particular circumstances. Parliament has identified severe physical, psychological, emotional, economic and financial harm, along with serious harm to reputation as examples of where serious harm may occur. However some entities have already raised concerns about the ambiguity of this assessment threshold. It is likely that this will need to be tested to a degree before the Judiciary before the reporting mandate is clear.

In a circumstance where an entity suspects but does not have reasonable grounds to believe that an eligible data breach has occurred the entity must, within 30 days, carry out “a reasonable and expeditious assessment of whether the relevant circumstances constitute an eligible data breach of the entity”.

Notification requirements

The entity must, where practicable, notify the contents of the statement to

  • Each individual to whom the personal information relates; and
  • Each individual considered to be at risk from the eligible data breach;

using the method it would usually employ to communicate with the individual.

If it is not practicable to notify the individuals using the above method, the entity must attempt to do so by publishing the statement on the entity’s website and take any other reasonable steps necessary to publicise the details of the breach to ensure those affected are notified.

Remedial Action

There are a number of exceptions to the reporting requirement under the Bill. One exception is where the entity has taken remedial steps to mitigate the breach, before any serious harm has occurred. The entity will not be required to notify the individual(s) concerned or the OAIC where, as a result of that remedial action a reasonable person would conclude that the unauthorised access or unauthorised disclosure is unlikely to result in serious harm to them.

Consequences for failure to comply

Where an entity has reasonable grounds to believe that a data breach has occurred and fails to meet their reporting obligations, this will be considered an interference with the privacy of an individual for the purposes of the Privacy Act. In such a situation the OAIC will be able to invoke their existing powers to investigate, make determinations and provide remedies in relation to suspected non-compliance.

The Implications for AFSL holders

ASIC has in recent times highlighted the importance of an AFSL holder being vigilant about the protection of their client’s data. It is a critical part of an AFSL holder’s obligations to have considered the risks to their business and clients from cyber threats and identified any weaknesses or areas of particular concern in the current business structure. This may include an audit of IT and data protections by a specialist firm.

Once clear about the cyber risks it faces the AFSL holder needs to take steps to be resilient to cyber attacks. This will include developing a response plan, and in some circumstances the implementation of stronger protection software and IT systems. The AFSL holder’s response plan for a data breach should include, to the extent possible, the information and mitigation advice to be given to clients if a data breach occurs as well as information on how that information will be disseminated. The more quickly the client receives this information, the better likelihood the client’s steps in mitigation will be effective against the breach.

ASIC is clear that an AFSL holder’s ability to respond to, mitigate and recover from a cyber attack will hinge on plans put in place by the AFSL holder before such an attack occurs.

Where to from here?

While the reporting requirement is a step in the right direction some industry groups do not believe it goes far enough to protect client privacy. Issues that have been raised in respect of the data breach laws include; that the obligation only applies to limited types of entities, the high threshold for determining ‘serious harm’ and the exceptions that apply to the obligation. Time will tell whether the data breach laws are effective in their current form.

This article only summarises the Bill and its requirements.

Please contact Sophie Grace for a more detailed discussion about whether the reporting requirements apply to you, and what your obligations may be.

About the author

Victoria Dryden – Lawyer

The author of the blog post Victoria Dryden – LawyerVictoria works primarily with the legal services team at Sophie Grace Legal Pty Ltd and assists in the drafting and review of legal documentation for participants in the financial services industry. Victoria also supports the Compliance Consultants in the provision of AFSL, ACL and on-going compliance services to clients. Victoria provides advice and legal services to clients and assists with the preparation of legal documentation, negotiation and advocacy on behalf of clients. Victoria also assists in implementing ongoing compliance support and the preparation of AFSL and ACL applications and variations. Victoria is admitted as a Barrister and Solicitor in New Zealand and a Solicitor in New South Wales.

Bringing down the house: analysis of four key real estate markets shows Australia most vulnerable to money laundering

Anti-money laundering is an issue all companies must take seriously. A new Transparency International report found that Australia’s real estate sector has major anti-money laundering deficiencies. The report identified 10 main legal loopholes and regulatory shortcomings allowing criminals to laundering their proceeds by purchasing luxury properties in Australia, Canada, the UK and the US. Australia was the only country assessed to be rated has being deficient in all 10 areas.

Currently, in Australia, real estate agents are outside the scope of anti-money laundering law and have no due diligence or reporting obligations. Although property purchasers’ nationalities are relevant for stamp duty purposes, there are no rules or requirements for checking for PEPs (or their associates), or for the beneficial owners of foreign entity purchasers. Other parties who are commonly involved in the buying and selling of real estate, such as developers, lawyers and accountants, are also not covered by anti-money laundering rules, leaving the onus on customer due diligence and suspicious transaction reporting to financial institutions.

The real estate market has always been popular with criminals as an avenue through which to launder or invest stolen money or other illegally, especially in cities with high, stable property values such as New York, London and Paris. In March 2017, The Australian reported that almost 80 percent of foreign demand for housing in NSW was from Chinese buyers and in 2016, CEO of Charles Pittar said that 70 percent of the Chinese property buyers his company deals with pay with cash.

Transparency International has recommended several reforms to rectify the deficiencies, including widening the scope of anti-money laundering provisions to include entities involved in real estate transactions and enforcing identification procedures on foreign buyers of property.

Are you up to date on your AML/CTF obligations? Contact GRC Solutions today for information about our off-the-shelf and custom online compliance training on customer due diligence, monitoring and reporting obligations and other AML risks.


Sources: Transparency International, BoingBoing, SBS News, The Australian

New Australian RegTech Association launches in style

The new RegTech Association launched in spectacular style on Thursday 31 March with “a clear vision to make Australia a global leader in building higher performing, ethical and compliant businesses through RegTech innovation and investment”.

The event, held at Allens Linklaters in Deutsche Bank Place Sydney, was a coming together of “early true believers” in the productive unification of regulation with technology, as Association Chairman (and Managing Director of GRC Solutions) Julian Fenwick put it.

In his introductory address, Mark Adams (SEL – Strategic Intelligence, ASIC) praised the inaugural event and Association founding, highlighting ASIC’s openness to fostering collaborative pathways.

Matt Symons (Director, Red Marker) followed up in his keynote address by thanking Adams, declaring, “I think it’s terrific that you as the regulator are here”. He encouraged everyone to “take out an entrepreneur” from the event for lunch over the next twelve months, ask questions and learn how RegTech can support their organisations.

For the main part of the event, Danny Gilligan (MD, Reinventure Group) moderated a panel session consisting of Anthony Quinn (CEO, Arctic Intelligence), Lisa Schutz (CEO, Verifier), Karen Malzard (Head of Risk, ANZ Wealth) and Annick Donat (CEO, Madison Financial Group).

Discussion was lively, as panellists noted how quickly RegTech had surfaced as a topic of interest worldwide. Anthony Quinn attributed this in part to the “number of scandals” such as the Panama Papers that had rocked the financial services sector globally, which has led to the need for greater compliance frameworks and a “significant increase in the number of local and international regulations”.

Karen Malzard (Head of Risk, ANZ Wealth) observed a common complaint about the burgeoning proliferation of regulations, commenting that “to run a super fund in Australia you have to deal with six different regulators”. She suggested that the solution to this problem should not involve “throwing more people at it”, but coming up with effective tools – and this lay at the heart of the modern RegTech debate.

Annick Donat believes that there is “reg fatigue”, which technology can help to ease.

Gilligan picked up this theme, noting how technology has caused an “increasing liquidity and mobility of data” which makes “automated reporting” easier to achieve.

Malzard also riffed on the notion that RechTech is facilitating standard protocols of data protection and reporting: “Our data is the crown jewel, and we will protect it…working with the regulator to maintain that protection”.

Trust was another theme, as panellists noted the need to challenge the perception that everyone in the financial services sector is criminal and untrustworthy.

Donat enthused that RegTech could help “create a social movement” that will “change behaviour”. “RegTech done well”, she said, will “amplify positive behaviour”.

She added that RegTech can also help regulators extract big data on behavioural trends. “Regulators spend an inordinate amount of time investigating”. RegTech is a “great opportunity for regulators to analyse behaviours”.

Lisa Schutz argued that RegTech was capable of not only “exporting trust” but also “exporting identity”, showcasing organisations and entrepreneurs that are trustworthy and compliant.

Answering a question from the floor about how RegTech can produce innovation (not just automation of processes), Julian Fenwick declared that “the way we encourage innovation is through the collaboration piece” enabled by the Association, which he said can be “the central point to take your problems”.

The formal part of the evening concluded with a ‘speed dating-style’ session in which members of the Association took turns to stand up and introduce their innovative businesses to the engaged and enthralled audience.


TABCORP slammed with AUD$45 million penalty for anti-money laundering violations

People inside a room stand around looking at TV screens of horses racing. People are placing bets on the outcome of the race. Gambling corporation TABCORP has agreed to pay AUSTRAC (Australian Transaction Reports and Analysis Centre) a AUD$45 million dollar penalty after failing to comply with anti-money laundering regulations. It’s the largest civil penalty ever in corporate Australia.

Federal Court judge Nye­ Perram yesterday ruled that TABCORP had contravened the Money Laundering and Counter-Terrorism Financing Act 108 times over more than five years.

While TABCORP did not deliberately seek to mislead AUSTRAC, it has admitted it failed to report suspicious gambling activities.

Examples include failing to identify a customer who won $100,000. TABCORP failed to lodge the appropriate information with the agency in the time required by law.

Another example included “credit betting incidents”, whereby a TABCORP agent approved a line of credit, which is illegal, to a customer.

“The penalty of $45 million sends an unequivocal message to the financial and gambling sectors in this country, if you don’t take your AML (anti-money laundering) and CTF (counter-terrorism financing) obligations seriously, we will take action,” AUSTRAC Chief Executive Paul Jevtovic said on Thursday.

It’s not the first time AUSTRAC has taken action against TABCORP, having previously done so in 2015.

The size of this penalty will be a wakeup call for other companies to take their money laundering and terrorism financing obligations seriously.

Source: The Australian, Skynews

GRC Solutions’ Certified Compliance Professional courses in Nairobi and Dubai a big success

Sam Gibbins with the group of attendees at the Certified Compliance Professional courseThe GRC Solutions Singapore team has conducted another two highly successful runs of the Certified Compliance Professional course, in Nairobi, Kenya and Dubai, UAE.

Covering a total of 18 compliance practitioners across these jurisdictions, GRC Solutions continues to prove to be a valuable partner to the compliance profession, working alongside industry and regulators to upskill individual and advance thought leadership across the industry.

The five-day Certified Compliance Professional course is accredited by the International Academy of Business and Financial Management. The content aligns with ISO19600 Compliance Management Standard guidelines and principles.

The course covers both organisational and individual development, with the aim of providing participants with the skills and knowledge to advance to a mature, sustainable state of compliance effectiveness. Participants gain an understanding of strategic compliance, moving away from tactical responses towards significant organisational change.

The course also places the challenges of managing business risk and compliance requirements within the context of the broader regulatory environment, considering the dangers posed by poor conduct risk and compliance culture, financial crime and terrorist financing.

The workshops received acclaim for the way they combined theory with case studies and real-life examples to tie the concepts to practical actions.

A participant from Nairobi said, “The program was relevant and exciting”, with another exclaiming, “The training is very good with lots of information and examples”.

In Dubai, one participant said:

Sam Gibbins takes a selfie with the Certified Compliance Professional attendees “The real insights of market knowledge and case studies was useful. The trainer knowledge was up to date and the real-life examples were related well to the key concepts in the Compliance Risk, AML and Governance area.”

Another declared:

“Sam Gibbins is an excellent trainer, he is clear, accurate, eloquent and made the long and hard course quite fun and digestible. His information was updated, engaging and relevant to the participants. Sam did a great job in making the…sessions fun as well.”

Further runs of the Certified Compliance Professional course are due to take place in Harare, Zimbabwe (March), Kuwait (May), Ghana (May), and Johannesburg, RSA (July).

Contact us for further information on any of these programs or our other offering, including our extensive library of online courseware and tailored content.

We look forward to seeing you on one of our courses soon!

Jetstar and Virgin ordered to pay fine for misleading “drip pricing” practices

Jetstar and Virgin have both been fined for misleading drip pricing practices.The Federal Court has fined Jetstar Airways AUD$545,000 and Virgin Australia $200,000 for breaching the Australian Consumer Law. Both companies were penalised for drip pricing, whereby customers are drawn in by the promise of cheap products only to be saddled with additional fees and charges.

Drip pricing is the practice of advertising an attractive price for goods or services then charging the consumer additional fees on top off the original advertised price. These fees are often unavoidable charges. The fees and charges are added incrementally to the cost of the good or services the further the consumer goes down the purchase timeline.

The ACCC investigated the airlines after becoming concerned that the companies had failed to adequately disclose the extra fees. This left consumers to pay higher prices than those advertised, or more than they intended.

Both Jetstar and Virgin have been implicated for separate instances of misleading advertising over the past three years.

In 2014 the ACCC was unsuccessful in establishing that misrepresentations were made by Jetstar on its website and in its promotional emails.

In a statement, ACCC Chairman Rod Sims warned that consumer guarantees in the airline industry are firmly on the corporate watchdog’s radar.

GRC Solutions’ Competition and Consumer Protection online compliance training modules can bring your staff up to speed on how to avoid false advertising and misleading and deceptive conduct.

Contact us today for more information about our off-the-shelf and customised offerings.


Sources: ACCCGizmodo

OzHarvest CEO CookOff 2017

From GRC Solutions CEO Julian Fenwick: Thank you to all those who supported me again in this year’s OzHarvest.

The combined culinary skills and fundraising efforts of Australia’s top chefs and CEOs came to fruition as close to $1.7 million was raised at OzHarvest’s CEO CookOff held at The Cutaway, Barangaroo. The fundraising total will allow OzHarvest to deliver 3.4 million meals to help feed vulnerable people across Australia. Over one thousand special guests from charitable agencies supported by OzHarvest enjoyed a variety of gourmet meals prepared and served by teams of CEOs under the guidance of celebrity chefs, Neil Perry, Matt Moran, Peter Gilmore and Paul Carmichael to name a few.  I was lucky enough to get to cook with Paul Carmichael who taught us how to make a delicious chicken pozole.

OzHarvest Founder and CEO, Ronni Kahn said the flagship fundraiser allows OzHarvest to rescue and redistribute more fresh food, helping to feed people in need at over 900 charities across Australia. Two million people seek food relief each year and many agencies say they could take double to meet demand.

We were also treated to a surprise performance from Aussie music legend, Jimmy Barnes. Donations can still be made to OzHarvest at

Hong Kong’s former leader, Donald Tsang, jailed for 20 months for misconduct

Hong Kong’s former Chief Executive, Donald Tsang Yam-kuen, has become the city’s highest ranked official to be put behind bars.

Mr Tsang, 72, was found guilty of misconduct in public office for failing to disclose a conflict of interest involving a property developer, Bill Wong Cho-bao, and the granting of broadcast licences.

The high profile six-week trial centred on Mr Tsang’s purchase of a luxury three-story apartment from Mr Wong, which he failed to disclose when he approved three applications for radio broadcast licences for Wave Media, a company Mr Wong had a 20 per cent stake in.

The jury concluded Mr Tsang had deliberately concealed his connection to the developer. But they acquitted him of a related misconduct charge involving an interior designer that he nominated for an official honour without declaring that the same designer had renovated his apartment.

The jury could not reach a majority verdict for a bribery charge, again involving the same apartment and property developer. The charge is set to be retried in September.

In handing down the sentence, the judge, Justice Chan, credited Mr Tsang’s dedicated and extensive public service but added that the seriousness of the case was due to Mr Tsang’s official position and the trust placed in him by the people of Hong Kong and China.

The case comes at a time when the public is increasingly interested in the links between public officials and business people, raising suspicions over bribery, corruption and abuse of power.

In 2014, Mr Tsang’s deputy, Rafael Hui, was convicted of misconduct in public office over his own dealings with a billionaire property developer. Hong Kong’s current leader, Leung Chun Ying, is also facing corruption allegations relating to bribery involving Australian engineering firm UGL.

GRC Solutions offers and extensive library of online compliance training courses, including Anti-Bribery and Corruption training. Contact us today for more information about our off-the-shelf and customised course offerings.


Privacy laws are tightening

A new amendment to privacy laws will require organisations to notify customers of data breaches.

The Privacy Amendment (Notifiable Data Breaches) Bill 2016 was passed by Parliament on 13 February 2017. The amendment requires organisations to notify individuals and the Australian Information Commissioner where data breaches are likely to result in serious harm.

Failure to comply with the new provisions will incur the same penalties as those for breaching existing privacy law, which includes compensation payments and civil penalties of up to AUD$1.8 million.

The amendment comes at a time of heightened focus on privacy law in Australia and New Zealand. In January, the Federal Court of Australia further clarified the meaning of “personal information” in the Privacy Act, while just last week, the New Zealand Privacy Commissioner recommended stronger penalties for serious data breaches in that country.

Privacy laws also drew media interest recently over so-called ‘metadata’ held by telecommunications companies for access by government agencies. Metadata includes information such as location data stored by mobile phones.

Journalist Ben Grubb took Telstra to court after the telco’s privacy department refused to grant him access to the same metadata it retains for access by government agencies on request.

Grubb argued that he had a right to this metadata because it related to his own personal information, which is the fundamental concept of privacy laws.

The court upheld Telstra’s claim that metadata connected to Grubb’s mobile phone was not specifically about Grubb and so did not amount to personal information.

It should be noted that the Grubb/Telstra case was based on the older instance of the Privacy Act.

When the mandatory data breach reporting amendment will come into effect is not yet known, but it will be within twelve months of Royal Assent.

Source: Parliament of Australia, Gizmodo

Samsung chief Lee Jae-yong arrested on bribery and corruption charges

Many Australian 50 dollar bills.The de facto head of the Samsung empire, Lee Jae-yong, has been arrested and is facing corruption charges relating to bribery, embezzlement, illegal transfer of overseas assets and perjury.

The charges against Mr Lee, known as Jay Y. Lee in many business circles, connect to the national bribery and corruption scandal that led to the impeachment of South Korean President Park Geun-hye in December 2016.

In January 2017, a South Korean court denied an arrest warrant for Mr Lee, citing a lack of evidence. However, investigators have since collected additional evidence and presented this before Judge Han Jeong-seok who felt there was now sufficient grounds to issue the warrant.

Investigators have accused Mr Lee and Samsung of paying bribes totalling AUD$47 million (43 billion Korean won) to President Park’s associate, Choi Soon-sil, to secure government support for the merger of two Samsung affiliates in 2015.

The complex case is exceptionally significant for South Korea’s increasing attempts to target pervasive business and government collusion. If Ms Park’s impeachment is upheld by the Constitutional Court in coming weeks, she will become the country’s first democratically elected leader forced from office.

Samsung is the largest and most profitable family-owned conglomerate, or chaebol, in South Korea, accounting for around 20 percent of the country’s GDP. Mr Lee inherited the reins of the company in 2014 from his father, Lee Kun-hee, who was twice convicted of financial crimes but received suspended sentences and was presidentially pardoned.

While many Koreans fear the high-profile case will hurt the national economy, others welcome the move as a sign that powerful chaebol bosses will be increasingly be held accountable for their actions.

GRC Solutions offers and extensive library of online compliance training courses, including Anti-Bribery and Corruption training. Contact us today for more information about our off-the-shelf and customised course offerings.


Sources: The SMH

GRC Solutions appointed eLearning partner for Stockbrokers and Financial Advisers Association

Wednesday 22nd February, Sydney, Australia. In a joint first, GRC Solutions, a global leader in innovative compliance training, has been appointed e-learning partner for the Stockbrokers and Financial Advisers Association (SAFAA).

The partnership coincides with last week’s announcement by Kelly O’Dwyer, Minister for Revenue and Financial Services, that new requirements to raise the competency and ethical conduct standards of financial advisers will commence on 1 January 2019. This includes compulsory education requirements for new and existing financial advisers, supervision conditions for new advisers, an industry-wide benchmark exam and a code of ethics as part of the mandate.

GRC will be offering an array of new online courses that is tailored specifically for SAFAA’s members, including those practitioners who provide tax advice.

“The team at GRC Solutions is thrilled to be partnering with such a highly-regarded industry body,” says GRC Solutions’ Managing Director Julian Fenwick. “The partnership aligns with our focus on servicing the financial services market with high quality, professional compliance and regulatory training.

Andrew Green, Chief Executive of SAFAA says, “We already provide education and training that sets the benchmark in the financial services industry. This new e-learning partnership with GRC will provide members with access to courses that lifts the bar even higher.”

Internationally, GRC also recently announced the appointment of Hong Kong’s HJ Innoxcell as its e-learning affiliate. The partnership improves access to quality compliance e-learning in the Asian market and further consolidates GRC’s strong presence in the region, supported by the Singapore office.

Deutsche Bank fined A$833 million for inadequate anti-money laundering controls

Shadowy figures running away, with American dollars in the background.Deutsche Bank has been fined by both UK and US authorities for failing to implement proper anti-money laundering control frameworks, which resulted in clients illegally moving A$13 billion out of Russia.

Britain’s Financial Conduct Authority (FCA) fined Deutsche Bank A$271 million and the New York Department of Financial Services fined them A$562 million. The authorities cited significant deficits in Deutsche Bank’s global anti-money laundering framework, including inadequate customer due diligence processes and deficient anti-money laundering policies and procedures.

Without sufficient customer information, risk assessment processes and transaction monitoring are ineffective.

As a consequence of these failings, unidentified customers were able to transfer around A$13 billion from Russia to offshore bank accounts using ‘mirror trades’. These trades involved clients purchasing shares in roubles in Moscow then the same stocks were sold through Deutsche Bank’s London branch for US dollars.

Whilst ‘mirror trades’ can be legal, the FCA said that the “covert transfer of those funds out of Russia” and lack of economic purpose was highly suggestive of financial crime. The trades also highlighted the lack of anti-money laundering controls in place at Deutsche Bank.

In imposing the largest penalty for anti-money laundering control failings ever, the FCA highlighted that Deutsche Bank’s actions had exposed the UK and global financial systems to serious risk. As such, the size of the fines is reflective of the seriousness of the anti-money laundering failings.

Criminal investigations by the US Department of Justice and other regulators and law enforcement authorities are ongoing.

This case highlights the complexity of anti-money laundering regulations. GRC Solutions offers an extensive library of online compliance training courses, including Anti-Money Laundering training. Contact us today for more information about our off-the-shelf and customised course offerings.

Sources: The Guardian; BBC

Korean court denies arrest warrant for Samsung head Lee Jae-yong following bribery and corruption probe

A Samsung phone tangled up in headphones and keys. Samsung itself has been tangled up in an bribery and corruption scandal.South Korean court has cited a lack of evidence in denying an arrest warrant for Lee Jae-yong, also known as Jay Y. Lee, the heir-apparent to the Samsung Group empire. Mr Lee was accused of involvement in a national bribery and corruption scandal that led to the impeachment of South Korean President Park Geun-hye in December 2016.

Mr Lee faced charges of bribery, embezzlement and perjury as Samsung is accused of having paid bribes of nearly $US 36.6 million (43 billion Korean won) in exchange for governmental backing of a merger of two Samsung affiliates in 2015. Prosecutors allege that these bribes would ultimately help transfer the control of Samsung to Mr Lee.

The case is part of an ongoing investigation into the actions of Ms Park and close associate, Choi Soon-sil. Ms Park is accused of working with Ms Choi to exchange favours with companies such as Samsung for bribes paid to non-profit foundations backing presidential initiatives. Samsung has admitted to providing funds to such foundations but has consistently denied receiving any business favours.

The denial of the warrant is expected to hamper authorities’ efforts to further investigate Ms Park’s involvement in the bribery scandal.

Mr Lee is part of the third generation of the Lee family to control the Samsung conglomerate. He was widely viewed as spearheading a new style of transparent business, following his father’s own troubled history. Mr Lee’s father, Lee Kun-hee, was convicted of embezzlement and tax evasion but was pardoned twice.

While some business groups are concerned about the impact of the bribery probe on the nation’s economy, many civil organisations are appalled at the growing evidence of ongoing collusion between business and the government.

GRC Solutions offers and extensive library of online compliance training courses, including Anti-Bribery and Corruption training. Contact us today for more information about our off-the-shelf and customised course offerings.

Rolls-Royce fined AUD$1.1 billion in bribery and corruption crackdown

Rolls-Royce has been fined in a bribery and corruption case.

Rolls-Royce has paid $1.1 billion to settle bribery and corruption investigations with authorities in Britain, the United States and Brazil.

The investigation into Rolls-Royce by the US Department of Justice and the UK Serious Fraud Office came following a joint exposé from Fairfax Media and The Huffington Post into Unaoil, a Monaco-based oil industry fixer.

The wide-ranging bribery and corruption investigations revealed that billions of dollars in government contracts were awarded to a number of companies, including Rolls-Royce and an offshore arm of Australian company Leighton Holdings (now CIMIC), as a direct result of bribes.

The US and UK fines were the result of a Deferred Prosecution Agreement (DPA) whereby a company can admit corruption but not face court. For Britain’s Serious Fraud Office (SFO), it was the biggest settlement to date.

Australian authorities are involved in an ongoing global joint investigation with the FBI, US Department of Justice and the SFO into pervasive bribery in the oil industry, particularly involving Unaoil.

The Australian Federal Government is now considering introducing a DPA scheme following the settlement successes in the Rolls-Royce case.

This is not the first bribery and corruption scandal that Rolls-Royce has faced. Increasingly serious regulations and ongoing global cooperation in bribery and corruption investigations, highlight the importance of all organisations tackling bribery and corruption throughout their operations.

GRC Solutions offers an extensive library of online compliance training courses, including Anti-Bribery and Corruption training. Contact us today for more information about our off-the-shelf and customised course offerings.