Fines for corporate crimes fell by more than half last year from €20bn (US$22.6bn) to just €8.7bn (US$9.9bn), according to a report released by researcher AML Intelligence. There were 67 corruption, bribery and fraud fines issued in 2021 worth a total of €5.8bn (US$6.6bn). The highest of these was a €2bn (US$2.5bn) fine issued to airline Boeing for fraud conspiracy charges relating to misleading regulators about the safety of its aircraft. This compares to €9bn (US$10.25bn) of fines issued in 2020 for the same category of crimes.
The value of fines for breaching anti-money-laundering (AML) laws dropped by almost 77 per cent from €11.5bn (US$13.1bn) in 2020 to just €2.6bn (US$2.96bn) in 2021. Most were issued to banks for deficiencies and failures with their AML policies, procedures and processes. In addition, 17 firms and banks were fined for breaking sanctions.
The US retained its reputation as the key global enforcer. India came second, having issued 34 fines, and the UK was third with 30 (although the UK ranked second in terms of the value of the fines charged).
Tech consultancy Everstream Analytics has highlighted the top five supply chain risks that global companies should prepare for in the next 12 months.
Its 2022 Risk Report lists worldwide water shortages; ocean freight bottlenecks; remote working and workplace safety; shifting production methods from “just-in-time” to “just-in case”; and increased regulatory scrutiny (especially around sustainability disclosure and more comprehensive reporting requirements).
The Financial Reporting Council (FRC) has warned that it expects to increase the number of investigations it carries out over the next three years, partly because its remit has broadened and partly owing to “external factors”, including current economic stresses on companies.
Setting out its enforcement approach, the FRC said it would use “a mix of hard regulatory and softer influencing levers” appropriate to its objectives. It has adopted a “four faces” model for regulation, with each “face”– system partner, facilitator, supervisor and enforcer – determining how severely it believes it needs to act to encourage and enforce compliance.
According to the key performance indicators set out by the FRC last year, the regulator concluded, settled or closed just 20 per cent of its enforcement case investigations within its two-year target.
Climate risks dominate global concerns in the World Economic Forum’s (WEF’s) Global Risks Report 2022. The main long-term risks relate to climate, while the most important shorter term global concerns include societal divides, livelihood crises and mental health deterioration.
The WEF predicts that a global economic recovery will be volatile and uneven for the next three years. Its latest report explores four areas of emerging risk – cyber security, competition in space, a disorderly climate transition, and migration pressures.
It argues that each of these will require global coordination if it is to be managed successfully.
The value of penalties paid by global financial services firms in 2021 fell to half the total paid in 2020, while the number of fines issued was fewer than a quarter of the total for the previous year.
According to research by compliance technology firm Fenergo, this decrease is largely because regulators imposed fewer multi-billion-dollar fines. During the pandemic, regulators were generally unable to initiate as many on-site investigations as in a typical year.
The report found that enforcement actions against financial institutions and their employees totalled US$5.4bn for violating anti-money-laundering (AML)and data privacy regulations. This compares with US$10.6bn in 2020. Financial institutions paid around 176 fines for compliance breaches in 2021 compared with approximately 760 in 2020. The value of fines for data privacy breaches fell by 82 per cent (US$17.4m). Most ($11.5m) of these were for GDPR breaches in Europe.
Employees of financial institutions also faced regulatory penalties in 2021, with 16 individuals collectively fined US$16.5m for their role in AML-related compliance breaches.
The latest Audit Committee Practices Report, a collaborative report developed by professional services firm Deloitte’s Center for Board Effectiveness and the Center for Audit Quality, indicates that audit committees are increasingly taking responsibility for enterprise risk management (ERM) and for cyber security.
Over two-fifths of respondents (42 per cent) said their audit committees were responsible for overseeing ERM in their organisations, while a third said this was the responsibility of the board. A fifth said responsibility fell to the risk committee.
Over half (53 per cent) said that their audit committee is responsible for overseeing cyber security, and 48 per cent said that it was also responsible for overseeing data privacy security in their business.
Sixty per cent of FTSE-350 companies do not fully comply with the UK’s Corporate Governance Code, according to research by Thomson Reuters.
The researchers examined the annual reports of 272 companies in the FTSE-350 as well as Thomson Reuters’ records of AGM meetings. They also found that only 45 per cent of FTSE-100 companies reported that they were fully compliant with the code. Among FTSE-250 companies, compliance was even lower at 37 per cent.
Companies believe effective privacy management improves trust and transparency and provides a return on investment. According to technology vendor Cisco’s latest Data Privacy Benchmark Study, 83 per cent of respondents said their response to privacy laws has had a positive impact on their business, while 90 per cent said they would not buy from an organisation that did not properly protect its data.
The survey found the average privacy budget had risen 13 per cent from US$2.4m last year to US$2.7m this year. It also found the increased spend paid off.
Respondents estimated their average return on investment on data privacy management to be 1.8 times the cost. This trend has been consistent for the past three years.
Moreover, 94 per cent of respondents said their organisations report one or more privacy-related metrics to the board, typically around privacy programme audit findings, personal data breaches and the results of privacy impact assessments.
This article was published in March 2022.