Welcome to the first edition of our round-up of news making the headlines in the world of financial crime and compliance. Our aim is to give you an easily digestible, bite-sized overview of issues that may affect your business.

To read more, please click on the headlines below.

1. NCA makes arrests for abuse of Bounce-Back Loan Scheme and the government creates a new Taxpayer Protection Taskforce

The NCA has arrested three individuals employed by a financial institution in London for making fraudulent claims under the Bounce Back Loan Scheme (BBLS). The arrests were made on 23 January 2021, by the NCA's Complex Financial Crime Team, which alleged that the individuals had claimed £6 million from the BBLS using fraudulent documents and company information. 

The BBLS was introduced by the government to assist small and medium-sized businesses during the COVID-19 pandemic. Between £2,000 and up to 25% of turnover can be borrowed, with no interest payable in the first 12 months. However, as the government was keen to activate the scheme quickly, there is concern among regulators that it put pressure on lenders to forgo detailed Know Your Client checks, increasing the risk of fraudulent claims. 

The NCA has signalled that it intends to continue its investigation into abuse of the BBLS, warning that it has estimated that up to 60% of the loans under the scheme may go unpaid.

In his Spring Budget earlier this month the Chancellor allocated £100m to the investigation and prosecution of those who seek to exploit the government's COVID support schemes. A Taxpayer Protection Taskforce is to be set up by HMRC and it hopes to raise over £2.2bn by 2026. The new Taskforce will recruit more than 1,200 investigators. 

2. Cum-Ex trading scandal - Denmark charges suspects

The Danish State Prosecutor's Office has charged two people for their part in the Cum-Ex scandal, which is a rapidly-widening cross-border tax fraud probe into a large number of financial institutions and individuals. Cum-Ex is the name given to a huge volume of transactions prior to 2012 that involved exploiting a 'loophole' on dividend payments that enabled a number of parties to claim the same tax refund1. 

One of the individuals charged was a hedge-fund manager who specialised in Cum-Ex trades. Sanjay Shah, a British citizen currently living in Dubai, was charged early in January 2021, along with fellow British citizen, Anthony Patterson. Danish prosecutors said that Shah was believed to be the 'mastermind' of Cum-Ex fraud, but Shah's representatives insist that although he took advantage of perceived loopholes in the system, he had done nothing wrong. Further charges are expected against other participants in Cum-Ex trades by the end of March 2021.

Investigations are ongoing in a number of further jurisdictions, including the UK, Belgium, Germany and Norway, with the relevant authorities investigating transactions up to 2012. The transactions involved rapid share trading which obfuscated the identity of the owner of the shares and enabled all buyers and sellers to claim the benefit of the withholding tax certificate issued in respect of the dividend, even though the tax on the issued dividend had only been paid once. The German tax authorities have estimated that Cum-Ex transactions have cost European countries around €55 billion. 

As for the German investigation, international law firm Freshfields Bruckhaus Deringer LLP has made a voluntary payment of €10 million following scrutiny from the Frankfurt General Public Prosecutor's Office (FPPO). The firm's office in Frankfurt was raided twice by the German tax authorities as part of their investigation. As a result of Freshfields' payment, the FPPO has confirmed that it will discontinue its investigation into Freshfields' involvement in Cum-Ex trading.

Cum-Ex presents substantial legal, financial, and reputational risks for institutions with a significant number of additional investigations, criminal prosecutions and civil proceedings expected. In addition, regulatory reviews are now also likely to assess what action institutions have taken in response to the issue.

The biggest challenge for many current senior management teams and heads of legal and compliance will likely be to ascertain whether and to what extent institutions may have been involved in Cum-Ex in the past. Cum-Ex schemes are complex and it is difficult to identify transaction patterns where individual transactions appear legitimate and the overall picture was deliberately concealed. 

A successful investigation should provide the necessary clarity and, if necessary, allow for the early development of an action plan to prepare for an investigation by the relevant authorities, to pursue the path of proactive disclosure, or to prepare for potential exposure to criminal liability.

1 For further information, please see CumEx trades – implications for financial institutions in the UK or CumEx – probably the biggest tax scandal you've never heard of (podcast). 

3. The latest on Deferred Prosecution Agreements

Over the last 6 months, the SFO has entered into just one deferred prosecution agreement, (DPA) with Airline Services Limited (ASL). ASL and the SFO entered into a DPA in October 2020, following allegations of failing to prevent bribes being paid to an agent when negotiating contracts to refit a commercial airline. Under the terms of the DPA, ASL accepted responsibility for the offence of failing to prevent bribery and agreed to pay £2,979,685.76 which was split between a financial penalty, disgorgement and a contribution to the SFO's costs. None of ASL's employees were charged as part of the investigation, which appeared to be solely concentrated on the company. The financial penalty was discounted by 50% as a result of ASL's cooperation with the investigation. 

The DPA was agreed the day before the SFO updated the Deferred Prosecution Agreement chapter of its Operational Handbook which, on 23 October 2020, introduced additional 'suggested' terms of DPAs which SFO investigators are encouraged to use when negotiating DPAs. These are self-reporting of any misconduct that comes to the defendant's attention during the term of the DPA, and requiring the consent of the SFO to the defendant's sale or merger during the term of the DPA. 

The new guidance also encourages SFO investigators to co-operate with international bodies that may be conducting parallel investigations, a point the Director of the SFO, Lisa  Osofsky, emphasised in the SFO's Annual Report and Accounts 2019-2020 stating: 'we have dedicated significant resources to solidifying [domestic and international] relationships at operational and strategic levels'. 

Given the recent dramatic changes to the UK's position internationally following Brexit, the SFO's strategy of seeking enhanced international ties appears to be well-timed. This may indicate a more outward looking stance in the future. 

4. Big Four dominance - Government issues white paper on reform of corporate compliance rules

The Department for Business, Innovation and Skills is poised to issue a white paper detailing reforms of corporate governance rules following three recent independent reviews. The white paper has recently been described as 'imminent' following speculation that its release had been delayed by Downing Street.  The reviews were carried out by the Treasury, the London Stock Exchange and the Competition and Markets Authority, following the government's concerns that the dominance of the Big Four accounting firms was creating a conflict of interest between the audit and advisory services they provide. The white paper is due to have a longer than usual 16-week consultation period owing to the complexity of the new rules and the far-reaching impact it would have on businesses.

Under the reforms, company directors will be personally responsible for the accuracy of a company's financial statements (as opposed to a board of directors as a whole). As a result of these changes, directors will now be expected to personally sign-off all internal processes and play an active role in overseeing risk management. Directors who are in breach of auditing standards could face fines or temporary bans from holding a company officer position.

The reforms are also expected to oblige companies to report in their annual accounts what policies they have in place to achieve environmental and social objectives, including diversity reporting and climate risk. The definition of a 'public interest entity' may also be extended (it currently only applies to public listed companies) to include large private limited companies, universities and charities. Any such extension will raise the compliance burden on those entities. If the reforms are implemented, many more companies will be subject to stricter audit rules as they will come within the remit of compulsory audit regulations, necessitating a separation between the accountant they retain to carry out audit functions and the accountant they instruct for non-audit advice and assistance.

In addition, in November 2020, the Law Commission began an investigation into corporate criminal liability laws after the government asked it for recommendations on reform options following concerns that the law of 'failure to prevent' for corporations was not as extensive as it needed to be in order to tackle corporate non-compliance, particularly given the demise of recent high-profile prosecutions of corporate bodies such as in the SFO's prosecution of Barclay's Bank for allegations of fraud around the two capital raisings in 2008.

The Law Commission's review will consider all aspects of corporate criminal liability laws, including the relationship between criminal and civil law on corporate liability and how corporate criminal liability is dealt with in other jurisdictions. The Commission aims to produce an Options Paper with its official recommendations in late 2021.

5. GameStop fallout - FCA will not compensate losses

In January 2021, a large number of 'amateur' investors brought together by social media platforms, including Reddit, cooperated to purchase shares of the electronic game retailer GameStop in order to drive up the share price and undermine hedge funds, which had bet against the US chain by shorting the stock resulting in an over 600% increase in GameStop's share price in a single week. Initial market analytics suggest that hedge funds which shorted the stock have suffered more than $19 billion in losses so far.  

In light of the volatility over GameStop's share price and the volume of amateur investors who participated (many of them first-time investors), the FCA issued a statement on 29 January 2021, warning investors that "buying shares in volatile markets is risky and you may quickly lose money. These losses are unlikely to be covered by the Financial Services Compensation Scheme”. It also reassured investors that it would continue to monitor the situation and that it was prepared to "take action wherever we see evidence of firms or individuals causing harm to consumers or markets" through, for example, mass targeting of particular stock. 

Several stock trading platforms, including amateur trading app Robinhood, blocked users from performing GameStop trades on 28 January 2021, thus hindering individual investors from participating in the campaign to undermine hedge funds' influence in the stock market. According to US reports, users of the Robinhood platform are considering a class action lawsuit to challenge the legality of trading platforms prohibiting certain trades.

6. Cryptocurrencies - hiding assets in not so plain sight?

As cryptocurrencies become more mainstream, with Tesla being the latest corporation to announce that it will accept Bitcoin as a payment method, regulatory bodies continue to be concerned that cryptocurrencies may be used to hinder asset recovery, either by hiding other assets or by being assets that are hard to track down. 

Although Bitcoin should be easily traceable owing to the digital ledger that records every Bitcoin transaction, cryptocurrency users can combine different crypto-assets (known as 'coin-mix') to make a transaction dependent on the fluctuations of different cryptocurrencies, which can make tracing assets more difficult. This is particularly a problem when considering recovery of crypto-assets that have been stolen, or rendered irrecoverable as a result of fraud. 

The judiciary are becoming more familiar with white-collar crimes involving cryptocurrency as digital fraud cases steadily increase owing to the potentially lucrative and largely unregulated nature of such assets. The Commercial Court recently granted disclosure orders in respect of two crypto-currency exchanges in the unreported case of Ion Science Limited and another v Persons Unknown which involved the first initial coin offering fraud. It was confirmed by the High Court last year in AA v Persons Unknown [2019] EWHC 3556 (Comm) that cryptocurrencies are personal property even though they are intangible. The criminal courts have also been considering this issue since 2018 in the context of the Proceeds of Crime Act 2002. For example, the CPS obtained an order to seize and convert Bitcoin into flat currency in R v Teresko (Sergejs) [2018] Crim LR 81. 

As digital crime becomes more prevalent, the need for a robust response has become more acute. Although UK law enforcement agencies have had the power to demand crypto-passwords, including passkeys, since October 2007 (under section 49 of the Regulation of Investigatory Powers Act 2000), this power has only been used on a handful of occasions. It is likely that enforcement agencies will develop a standard policy regarding the recovery of crypto-assets, or assets that are at risk of being converted into cryptocurrency . Co-operation with international agencies will be essential in this area of law enforcement. Interpol, for example, has a Darknet and Cryptocurrencies Task Force which analyses data on digital criminal activity to help authorities better predict when and where digital crime might occur.

7. Supreme Court limits the extraterritorial powers of the SFO

The Supreme Court has limited the scope of the SFO’s power to compel the production of documents held outside the UK under section 2(3) of the Criminal Justice Act 1987.

In R (on the application of KBR, Inc) v The Director of the Serious Fraud Office [2021] UKSC 2, the Supreme Court unanimously held that the High Court was wrong to find that section 2(3) empowers the SFO to compel foreign companies to produce documents held overseas when there is a 'sufficient connection' between the company and the UK. 

The SFO is therefore not entitled to seek compulsory production of documents held overseas by a foreign company with no business or presence in the UK. Requests for such documents should be pursued by the SFO through international cooperation channels, such as letters of request and mutual assistance processes.

Whilst this decision is a setback for the SFO, the decision does not affect the SFO’s powers in relation to UK companies (wherever their documents may be held) or documents held in the UK by foreign companies. 

8. HMRC impose record fine for breaching money laundering regulations

HMRC has issued a record £28.3 million fine for breach of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the Regulations). The fine was issued to MT Global Limited, a money transfer firm, on 7 January 2021, for 'significant breaches' of the Regulations between July 2017 and December 2019. The breaches included those relating to risk assessments and associated record-keeping and 'fundamental customer due diligence measures'. 

HMRC's Deputy Director of Economic Crime, Nick Sharp, said that HMRC will not hesitate to 'take action against the minority who fail to meet their legal obligations under the regulations'. 

This record fine is a clear warning to other businesses which are obliged to comply with the Regulations. Such businesses should review their anti-money laundering policies and processes as a matter of priority to ensure that they are sufficiently robust and comply with the Regulations. 

HMRC has also confirmed that it will maintain an online 'name and shame' list which identifies businesses that have breached the Regulations, together with details of the breach and the penalty issued.