Episode 132

28th October – 3rd November 2024

Sanctions

This week’s sanctions news starts in the UK, where the Office of Financial Sanctions Implementation (‘OFSI’) has announced the expiration and replacement of a general licence concerning legal services. The Notice and detail on principal changes have been published. The Legal Services General Licence page has also been updated. OFSI has also amended the licence respecting payments to energy companies for gas and/or electricity. OFSI has also removed the licensing ground relating to ‘services to a person connected with Russia by a UK parent company or UK subsidiary of that parent company’, and updated the Russia sanctions: guidance. In terms of additional designations, OFSI has also added six names to the Russia Financial Sanctions Regime, listing them in a Notice, and updated the Consolidated List. The six individuals and corporations are concerned with disseminating disinformation. The European Union has already taken action against these agencies and individuals. In other additions, OFSI has also added six entities for the Myanmar Financial Sanctions Regime, with a Notice confirming the additions. The action was taken in coordination with the European Union and Canada. And finally from the UK, OFSI has issued a reminder about the deadline for submission to the Frozen Asset Review 2024.

In the US, sanctions have been imposed on third-party enablers of Russia’s war against Ukraine. The sanctions target individuals and entities pursuant to Executive Order 14024. The detail of the sanctions can be found in the Department of State’s fact sheet, the Department of the Treasury’s press release, and the Department of Commerce’s press release.

And finally on sanctions news this week, the Special Rapporteur at the United Nations Office of the High Commissioner has raised the issue of sanctions-related justice. ‘Access to justice and to an effective remedy is extremely limited in sanctions environments. This becomes even more challenging in view of the multifaceted sanctions-induced restrictions, the lack of transparency in sanctions designation procedures, the low standards of proof and the severity of imposed penalties…. Furthermore, the presumption of legitimacy of unilateral sanctions policies, the overbroad interpretation of sanctions-related restrictions, the rebuttable presumption of guilt, impediments in accessing legal assistance, as well as non-enforcement of judicial and arbitration decisions, further shrink possible avenues to appeal against such policies and to seek redress…. [Tightening] of legal and policy frameworks concerning sanctions-related matters, …[is]… adversely affecting legal representation and due process.’

Bribery and anti-corruption

On bribery and corruption news this week, the UNODC Regional Office for Southeast Asia and the Pacific has highlighted the corruption issue in the palm oil industry.

In other bribery and corruption news, the International Cricket Council (‘ICC’) has announced the appointment of Sumathi Dharmawardena as the new Independent Chair of the ICC Anti-Corruption Unit.

And finally on bribery and corruption news this week, more from Australia and the robodebt scandal and its impact on the National Anti-Corruption Commission (‘NACC’). The NACC had received criticism for its decision not to investigate six individuals referred to it by the Robodebt Royal Commission. That decision will now be reconsidered after the release of a report this week which suggests that NACC Commissioner, Paul Brereton, ought to have recused himself from decision-making because of a potential conflict of interest from his role as an army reservist creating a link to one of those alleged to be involved in the robodebt scandal. While the NACC Commissioner delegated ‘the decision as to whether to investigate the referrals, …[he ought also to have]… removed himself from related decision-making processes and limited his exposure to the relevant factual information.’ As a footnote to this story, The Australia Institute has suggested this week that the NACC may need reform if it is to recover public confidence following the manner in which it has dealt with the robodebt scandal.

Fraud

On fraud news this week, the Serious Fraud Office (‘SFO’) in the UK has announced a change to the way in which fraud reporting is made. Unless the report is being made by a corporation or a whistleblower, all fraud reports should be made to Action Fraud. ‘This change brings us in line with all 43 national police forces in England and Wales and the National Crime Agency, supporting strong coordination between agencies to emerging fraud threats and building a better picture of fraud across the country.’

In other fraud news from the UK, the Payment Systems Regulator (‘PSR’) has announced the further expansion of its anti-fraud tool ‘Confirmation of Payee’. ‘This expanded rollout means that over 99% of all transactions made through Faster Payments and CHAPS are now safeguarded by this vital anti-fraud measure, offering consumers an important way to protect themselves from fraud.’

Other Financial Crime News

In other financial crime news this week, Companies House in the UK has published its first strategic intelligence assessment. The document is an ‘in-depth analysis of the key threats Companies House faces.’

Now to the first of a couple of webinars by global law firm, Pinsent Masons. The first on ‘FCA investigation and enforcement trends: navigating the latest regulatory risk exposures’ is on 13th November 2024 from 1130am – 1230pm. The second is ‘Tackling Cyber Risks in Sport’ and takes place on 7th November 2024 from 1000am – 1100am.

And finally on other financial crime news this week, direction to some reading. First, the UK’s Financial Intelligence Unit has published Issue 28 of ‘SARs in Action’. This issue deals with various aspects of collaboration to combat financial crime. Secondly, global law firm, Freshfields, has published a reflection on the approach to incentivising financial crime disclosure between the US and UK. This might be allied to what Nick Ephgrave, Director of the Serious Fraud Office in the UK, referred to in his Guardian interview last week on paying whistleblowers and providing immunity from prosecution to those assisting an investigation.

Cyber Crime

We end this week’s financial crime news with a brief round-up of cybercrime news. First, the European Union Agency for Criminal Justice Cooperation has reported that malware used to steal personal data of persons across the European Union, and the rest of the world, has been taken down. ‘A global operation, supported by Eurojust, has led to the takedown of servers of infostealers, … malware used to steal personal data and conduct cybercrimes worldwide. The infostealers, RedLine and META, … targeted millions of victims worldwide, making it one of the largest malware platforms globally. An international coalition of authorities from the Netherlands, the United States, Belgium, Portugal, the United Kingdom and Australia shut down three servers in the Netherlands, seized two domains, unsealed charges in the United States and took two people into custody in Belgium. RedLine and Meta were able to steal personal data from infected devices. The data included saved usernames and passwords, and automatically saved form data, such as addresses, email addresses, phone numbers, cryptocurrency wallets, and cookies. After retrieving the personal data, the infostealers sold the information to other criminals through criminal market places. The criminals who purchased the personal data used it to steal money, cryptocurrency and to carry out follow-on hacking activities.’

And finally on cybercrime news this week, a reminder for firms to come clean over cyber-attacks with news that the Securities and Exchange Commission (‘SEC’) in the US has ‘charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with making materially misleading disclosures regarding cybersecurity risks and intrusions.’ Unisys will pay a $4 million civil penalty; Avaya will pay a $1 million civil penalty; Check Point will pay a $995,000 civil penalty; and, Mimecast will pay a $990,000 civil penalty.’ As Acting Director of the SEC’s Division of Enforcement, Sanjay Wadhwa, stated: ‘…while public companies may become targets of cyberattacks, it is incumbent upon them to not further victimize their shareholders or other members of the investing public by providing misleading disclosures about the cybersecurity incidents they have encountered.’