UK Competition and Markets Authority Directs HSBC and Santander to Refund Money to Clients for Violating Retail Banking Market Investigation Order

On November 29, the United Kingdom Competition and Markets Authority (CMA) announced that it was directing global banks HSBC and Santander to refund money to customers for multiple breaches of Part 6 of the CMA’s Retail Banking Market Investigation Order (Order).

In 2018, after the CMA’s retail banking market investigation “identified a number of competition problems in both the personal current account (PCA) and small and medium-sized enterprise (SME) banking markets,” the CMA Order came into force.  Part 6 of that Order, as the CMA stated, “ensures customers receive text alerts before banks charge them for going into an unarranged overdraft, giving them time to take action to avoid any charges.”

Starting in February 2018, however, both HSBC and Santander “failed to send alerts in all of the circumstances required by the CMA.”  HSBC reportedly breached the Part 6 requirements twice:

  • Breach One: The CMA’s Directions to HSBC explained that its first breach stemmed from HSBC’s commitment “to implementing its ‘unsociable hours’ policy to minimize disturbance to customers.” That meant, according to the CMA, that HSBC “did not contact customers between 10:45pm and 7:30am on weekdays and 10:45pm and 10am on weekends and bank holidays.”  As a result, HSBC did not send alerts to customers during those specified hours

even though HSBC continued to charge customers for using an unarranged overdraft. This meant that customers who triggered an Alert between 10:45pm and 11:45pm (when balances were calculated) did not get an Alert that complied with the Order and continued to be charged by HSBC. Most customers received an Alert the next day after incurring the charge, which is in breach of the Order.

  • Breach Two: The CMA’s Directions stated that

HSBC’s systems for storing the mobile phone numbers of customers that applied for PCAs through certain application methods (including its digital current account, digital credit card and digital loans applications) stored numbers in a format that was incompatible with the text alert system used to comply with Part 6 of the Order. As a result, HSBC did not process these Alerts and some customers were not notified before incurring charges related to unarranged overdrafts.

Santander reportedly breached the Part 6 requirements six times:

  • Breach One: Santander failed to enroll some customers’ mobile phone numbers into its system of Alerts in two specific situations: (1) “where a customer previously registered for email Alerts has added a mobile phone number for Alerts to be sent to, their mobile phone number has not been registered”; and (2) “when a customer updates the mobile phone number registered for Alerts, Santander has de-registered the old number, but has not been registering the new number.”
  • Breach Two: Santander “Santander failed to issue an Alert to each customer who at the start of the day (10.00) was in an arranged overdraft position at the end of the previous day (22.00) and a direct debit (but no other payment) is processed overnight (between 22:00 and 05:00) that puts them into an unarranged position.”
  • Breach Three: Santander “failed to provide an Alert where the amount authorised and withheld on an account exactly matches the value of a single direct debit amount being processed and no other payments are made.”
  • Breach Four: Santander “On 72 occasions, Santander failed to send Alerts to customers until later in the day (after 10.00) due to high volumes of overnight batch payment processing.”
  • Breach Five: “Certain of Santander’s retail platforms that capture new customer data allow a customer’s mobile telephone number to be stored in data fields that are not specific to mobile telephones. This means that such numbers are not enrolled for mobile alerts, because Santander’s alerts system only uses numbers stored in the mobile field. As a consequence of Santander not enrolling some of their customers into its system, these customers have not received Alerts when required by the Order.”
  • Breach Six: The CMA noted that there were “limited instances where three categories of error message were generated within Santander’s alerts system resulting in alerts not being sent.”

In both HSBC’s and Santander’s case, the CMA deemed their failure to issue the alerts a serious matter.  With regard to HSBC, it stated that to date (November 29), approximately 115,754 of HSBC’s  customers have been affected.  HSBC committed to refunding all affected customers and has already started to refund those customers, with an estimated total of £8 million in refunds.  With regard to Santander, it stated that Santander “has been unable to provide figures for the numbers of customers affected or the value of refunds to be made for each of the six breaches.”

N.B.:  These cases generally indicate the importance of companies’ making timely preparations for full implementation of compliance requirements and measures by the time that those requirements come into force.  They also indicate the importance of banks’ paying attention to even small details that, whether or not inadvertently overlooked, cause needless hardship for customers and needless cost and reputational damage to the banks.

OECD Global Forum on Transparency and Exchange of Information for Tax Purposes Issues 10th Anniversary Report

Last month, the Organization for Economic Cooperation and Development (OECD) Global Forum on Transparency and Exchange of Information for Tax Purposes (Global Forum) issued its 10th Anniversary Report.  The Report contains a number of metrics that show the state of multinational progress over the past decade in implementing the international tax transparency and exchange of information standards:

  • The Global Forum has increased from 89 to 158 member jurisdictions, including all OECD and G20 countries, all international financial centers (IFCs), and an increasing number of developing countries.
  • Information critical for the administration and enforcement of taxes is available in three key domains:
    • Banking Secrecy: Through the Global Forum’s exchange of information on request (EOIR) process, the Global Forum has reviewed 125 jurisdictions.  “[P]ractically all of them have removed bank secrecy for the purpose of exchanging information.” Since 2009, the number of those jurisdictions with bank secrecy restrictions on the access to and exchange of banking information has decreased sharply from 70 to 3.  In addition, “with 100 jurisdictions having committed to exchange information by 2018, the landscape of global tax transparency has changed dramatically, putting an end to the long-lasting era of banking secrecy for tax purposes.”
    • Ownership and Bearer Shares: Approximately 90 percent of Global Forum members “do not permit the issuance of bearer shares, or have in place arrangements for identifying the owners.” More than 40 jurisdictions “40 jurisdictions have either abolished bearer shares, or introduced adequate custodial or non-custodial arrangements for identifying their owners since 2009.”
    • Accounting Records: “[A] a majority of Global Forum members had deficiencies in the availability of accounting records, including 30 jurisdictions having received unsatisfactory assessments between 2010 and 2016.” Practically all of those members, however, have addressed those gaps, “and the focus has now shifted to ensuring that these provisions are effectively enforced and supervised.”
  • The Convention on Mutual Administrative Assistance in Tax Matters – “the most advanced and comprehensive multilateral instrument available for all forms of tax co-operation to tackle tax evasion and avoidance” – has 130 participants, consisting of all G20 and OECD countries, all major IFCs, and a growing number of developing countries. 120 of those participants have now put the Convention into force, which equates to  nearly 8,000 bilateral agreements.
  • The number of requests between jurisdictions for information has more than doubled between 2009 and 2018. In 2018, for example, there were 22,7217 such requests.  In addition, the response times for such requests have improved overall.  While percentages vary from one jurisdiction to another, approximately 90 percent of requests are answered within one year and only about 10 percent take more than one year.
  • A critical development with regard to combating banking secrecy and detecting tax evasion has been the commencement of the Global Forum’s standard for automatic exchange of information (AEOI) on financial accounts of non-residents. With the AEOI process, In 2017, information exchanges on such accounts increased from more than 11 million financial accounts in 2017 to 47 million financial accounts in 2018.  The latter figure reflected a total value of €9 trillion in the financial accounts.  Moreover, the number of AEOI exchanges increased by 36 percent between 2018 and 2019.

The Report also states the Global Forum’s plans for future action, including:

  • “[C]ontinue ensuring that all jurisdictions effectively participate in EOIR, do not fall back and continue advancing the transparency and exchange of information agenda as a matter of high priority”;
  • “Delivering the effective implementation of the AEOI standard and the level playing field [as] a key objective;” and
  • Continuing to expand its programs of technical assistance to developing nations.

N.B.:  The Global Forum’s report reflects considerable progress since 2009 in improving tax transparency and increasing international cooperation on banking secrecy and tax evasion.  What the Report does not state is that while the number of  jurisdictions that provide banking secrecy and facilitate tax evasion has been decreasing, the remaining jurisdictions offering such services will undoubtedly require even greater efforts by the Global Forum and its members, over the next decade and beyond, to make tax transparency a truly global phenomenon.

Westpac Chairman, CEO, and Director Resign As Money-Laundering Scandal Continues to Envelop Westpac

On November 26, various media reported that the Chairman of Westpac Banking Corporation (Westpac), Lindsay Maxsted, as well as Westpac’s Chief Executive Officer (CEO), Brian Hartzer, and a Westpac senior non-executive director announced their resignations.  Hartzer’s last day as CEO is reportedly December 2, while Maxsted is expected to step down by mid-2020.

Those resignations are directly traceable to the Australian Transaction Reports and Analysis Centre (AUSTRAC)’s November 20 filing in Australia’s Federal Court for civil penalties against Westpac.  The ASUSTRAC filing charges Westpac with pertaining to some 23 million alleged violations of the Australian Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act 2006.

On November 24, Westpac reportedly “announced a response that included appointing an external expert to investigate its failings”  In a November 26 teleconference, however Maxsted stated that when company officials met with investors on November 25, however, investors ”made it clear they required sterner action.”

The principal reason for the intensity of adverse reaction by the public and elected officials was the AUSTRAC statement that Westpac had failed to “carry out appropriate customer due diligence on transactions to the Philippines and South East Asia that have known financial indicators relating to potential child exploitation risks.” That failure, as further described in its statement of claim, extended  to “failing to introduce appropriate detection scenarios to detect known child exploitation typologies, consistent with AUSTRAC guidance and their own risk assessments.”

In the teleconference, Maxsted admitted that as soon as he read AUSTRAC’s statement of claim, he was “horrified by what was in it,” and that details that AUSTRAC presented regarding transactions made by 12 customers were “shocking.”  He also stated that Westpac’s board and management wanted to demonstrate accountability, but that  “further turnover of the board would be ‘very dangerous’.”

N.B.:  In his teleconference, Maxsted cautioned that “we don’t want to go too far so that it’s very disruptive to the business.”  That admonition, though well-intentioned, is being overtaken by events.  Even though Westpac has announced a Response Plan that promises “immediate fixes,” “lifting our standards,” and “protecting people,” it reportedly now faces multiple investigations into the scandal by the Australian Federal Police, the Australian Securities and Investments Commission, and the Australian Prudential Regulation Authority.

This recent series of events demonstrates not only how quickly a public crisis can arise for a company, but why financial institutions need to establish and maintain effective compliance programs, such as AML/CTF, to minimize the risks of facing such crises.

U.S. Civil Engineering Company Agrees to Pay $1.6 Million Fine to Resolve Federal Election Campaign Act Violations

On November 22, the U.S. Department of Justice announced that a U.S.-based civil engineering company, Dannenbaum Engineering Corporation (DEC), and its parent company, Engineering Holding Corporation (EHC), agreed to enter into a deferred prosecution agreement (DPA) to resolve a criminal investigation involving violations of the Federal Election Campaign Act (FECA) involving a multi-year conduit contribution scheme.  That resolution included DEC’s agreement to pay a $1.6 million fine.

The Department stated that according to the two companies’ admissions made in connection with the DPA,

from 2015 through 2017, DEC and EHC made $323,300 in illegal conduit contributions through various employees and their family members to federal candidates and their committees. DEC corporate funds were used to advance or reimburse employee monies for these contributions. DEC did not reveal to any of the federal candidates that the corporation was the true source of the contributions. The object of the scheme was for DEC, its CEO James Dannenbaum, and a former employee to gain access to and potentially influence various candidates for federal office, including candidates for the presidency as well as the Senate and House of Representatives.

The Department also stated that it reached the resolution with DEC “based on a number of factors, including DEC’s cooperation with the investigation, the internal investigation conducted and the significant remedial measures taken.”  Those remedial measures included

  • DEC altering its board structure to ensure that the former CEO, Dannenbaum, “does not control the board”;
  • Stopping “all politically-related payments to its employees (including, but not limited to, payments treated as “marketing advances”), which resulted in a cessation of these expenditures; and
  • Hiring and/or designating a full-time chief governance and compliance officer.

The Department briefly noted that it “also took into account the companies’ inability to pay a fine,” but nonetheless obtained the $1.6 million fine.  Finally, it stated that the former CEO Dannenbaum was charged in a separate criminal information.

N.B.: Corporate compliance officers should take note of this resolution and – particularly because the 2020 Presidential election campaign is underway — use it as reminder to relevant corporate executives about the importance of adhering to the companies’ policies concerning campaign contributions.  Candidates for federal office and campaign fundraisers are not the only categories of people whom the Department can prosecute under the FECA.

AUSTRAC Seeks Civil Penalties Against Westpac for 23 Million+ AML/CTF Violations

On November 20, the Australian Transaction Reports and Analysis Centre (AUSTRAC) announced that it had applied to the Federal Court of Australia for civil penalty orders against a leading Australian financial institution, Westpac Banking Corporation (Westpac).  AUSTRAC stated that the requested civil penalty orders “relate to systemic non-compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act).”

AUSTRAC alleged that Westpac “contravened the AML/CTF Act on over 23 million occasions,” and had two major deficiencies on its AML/CTF program: (1) “Westpac’s oversight of the banking and designated services provided through its correspondent banking relationships”; and (2) “Westpac’s oversight of its AML/CTF Program, intended to identify, mitigate and manage the money laundering and terrorism financing risks of its designated services.”  These failures in oversight, in AUSTRAC’s view, “resulted in serious and systemic non-compliance with the AML/CTF Act.”

In particular, AUSTRAC alleged five major categories of failures by Westpac:

  1. Failure to appropriately assess and monitor “the ongoing money laundering and terrorism financing risks associated with the movement of money into and out of Australia through correspondent banking relationships.” In this regard, AUSTRAC asserted that Westpac “has allowed correspondent banks to access its banking environment and the Australian Payments System without conducting appropriate due diligence on those correspondent banks and without appropriate risk assessments and controls on the products and channels offered as part of that relationship.”
  2. Failure to report more than 19.5 million International Funds Transfer Instructions (IFTIs) to AUSTRAC over nearly five years, for transfers both into and out of Australia. AUSTRAC described IFTIs as “a key source of information from the financial services sector that provides vital information into AUSTRAC’s financial intelligence to protect Australia’s financial system and the community from harm.”  According to AUSTRAC, the late incoming IFTIs received from four correspondent banks “alone represent over 72% of all incoming IFTIs received by Westpac in the period November 2013 to September 2018 and amounts to over $11 billion dollars.”
  3. Failure to “pass on information about the source of funds to other banks in the transfer chain.” This failure, in AUSTRAC’s view, “deprived the other banks of information they needed to understand the source of funds to manage their own AML/CTF risks.”
  4. Failure to “keep records relating to the origin of some of these international funds transfers.”
  5. Failure to “carry out appropriate customer due diligence on transactions to the Philippines and South East Asia that have known financial indicators relating to potential child exploitation risks.” AUSTRAC specifically charged that Westpac “failed to introduce appropriate detection scenarios to detect known child exploitation typologies, consistent with AUSTRAC guidance and their own risk assessments.”

The concise statement that AUSTRAC filed with the Federal Court in this case did not specify the total amount of civil penalties that AUSTRAC is seeking.  It did state, however, that Westpac had contravened the AML/CTF Act on more than 23 million occasions, with each contravention “attracting a civil penalty between [AUD]$17 million and $21 million.”

N.B.:  AUSTRAC’s application is only the first step in the civil-penalty process for AML/CTF Act violations.  The Federal Court is responsible for deciding on the relief that AUSTRAC has requested, including declaratory relief, money penalties, and costs.

In a statement, Westpac Chief Executive Brian Hartzer conceded that the allegations were “serious and important.”  “These issues should never have occurred and should have been identified and rectified sooner,” Hartzer said, adding, “It is disappointing that we have not met our own standards as well as regulatory expectations and requirements.”

Ultimately, if Westpac continues to admit to its culpability to these program failures and cooperates with AUSTRAC, Westpac can only hope that it will reach a resolution with AUSTRAC no larger than Commonwealth Bank of Australia (CBA) did last year with AUSTRAC.  In June 2018, CBA reached an AUD$700 million resolution with AUSTRAC for “serious breaches of anti-money laundering and counter-terrorism financing (AML/CTF) laws.”

In the meantime, Hartzer and the Westpac board of directors are contending with an upsurge of community outrage that media reports of the AUSTRAC action have prompted.  The most significant factor that apparently prompted widespread public hostility is AUSTRAC’s allegation that Westpac “ought to have detected 12 customers who made almost 3000 transactions to the Philippines – including a person convicted of child exploitation and another doing deals with a person later arrested for running live child sex shows as having transfer patterns indicative of child exploitation.”  Even Australian Prime Minister Brian Morrison weighed in on the controversy, insisting that the bank have “a confident plan” to address ”the clear weaknesses they’ve had in their systems that have allowed this to take place,” and “some understanding of the accountability for when these things happen.”

For these reasons, other Australian banks should have their compliance teams peruse the AUSTRAC filings with care, and use AUSTRAC’s allegations as points of comparison with the state of their own AML/CTF programs.  Australian banks are still grappling with the effects of the Royal Commission report on banking sector misconduct that was released earlier this year.  They should need no further prodding to take the initiative in identifying and remediating any significant flaws in their AML/CTF programs.