High Court in London Rules Against Maduro Government Claim to $1 Billion+ in Gold Reserves and Contract Proceeds

On July 2, the England and Wales High Court of Justice (Commercial Court) ruled against the Central Bank of Venezuela (BCV) (and, by extension, the government of Venezuelan President Nicolás Maduro) concerning two claims with regard to foreign currency reserves.  According to the Court, the Bank of England (“BoE”) holds gold reserves of approximately $1 billion for the BCV, and Deutsche Bank (“DB”) is obliged to pay the proceeds of a gold swap contract to the BCV in the sum of about $120 million, which court-appointed receivers currently hold.

The crux of the problem before the High Court was the fact that Maduro and the Interim President of Venezuela, Juan Guaidó, had made conflicting claims about the right to give directions to the BoE and DB about what should be done with the gold reserves and the gold swap contract proceeds.  Maduro had added urgency to his claim by asserting, through his representatives, that “he requires the reserves to fight the Covid 19 pandemic in Venezuela.”

With that background, the High Court stated that it had two issues before it:

  1. The “Recognition” Issue: In essence, this issue had to do with which person, Maduro or Guaidó, should be recognized as the leader of Venezuela.  As the Court stated, “Pursuant to the “one voice” doctrine the court must accept as conclusive an unequivocal statement by [Her Majesty’s Government (HMG)] recognising a foreign sovereign state or the leader or government of a foreign sovereign state.”

On this issue, the Court concluded that HMG does recognize Guaidó in the capacity of the constitutional interim President of Venezuela and as Head of State, that the meaning of that recognition was “unequivocal,” and that that recognition was conclusive pursuant to the “one voice” doctrine.

    1. The Justiciability Issue: This issue had to do with whether, as stated by the ad hoc BCV Board that Guaidó appointed, “the act of state doctrine prevents the English court from entertaining any challenge to the validity under Venezuelan law of the legislative or executive acts by which the relevant appointments have been made.” On this issue, the Court concluded, after an extended discussion of the act of state doctrine, that doctrine precluded inquiry into the validity of certain acts by Guaidó and the Venezuelan National Assembly, stating that they were foreign acts of state and were non-justiciable.  Accordingly, it further held that it lacked jurisdiction because of subject matter immunity.

Note: Although the Maduro government could pursue a further appeal in the United Kingdom courts, the reasoning of the High Court is sound and unlikely to provide a basis for reversal.  In any event, the practical effect of the High Court’s decision is to ensure that Guaidó’s BCV Board remains in control of the contested gold reserves and contract proceeds, and to deny Maduro, who has been actively pursuing those reserves since 2018, the opportunity to pocket them for himself.

Hiscox Cyber Readiness Report Finds Nearly 600 Percent Increase in Cyber Losses, Larger Losses from Ransomware

On June 22, Bermuda-based insurance provider Hiscox Ltd. announced the release of its fourth annual Cyber Readiness Report.  The basis for the report is an online survey of 5,569 public- and private-sector professionals, responsible for their organization’s cyber security strategy, from Belgium, France, Spain, the Netherlands, the Republic of Ireland, the United Kingdom, and the United States, who completed the survey between December 2019 and February 2020.

Key findings in the report included the following:

  • Cyber Losses:  Total cyber losses, based on the survey responses, increased from $1.2 billion to nearly $1.8 billion. One United Kingdom financial services firm had the highest reported cyber losses ($87.9 million), and a United Kingdom professional services firm had the highest loss from any one cyber event ($15.8 million.  Overall, the most heavily targeted sectors were financial services, manufacturing and technology, media, and telecoms.  Irish firms suffered the highest median costs (more than $103,000).
  • Cyberthreat Focus on Larger Firms: More than half of enterprise-scale firms with 1,000-plus employees (51 percent) reported at least one cyber incident, compared to 39 percent for the whole sample, and reported the most incidents (a median 100) and breaches (80).
  • Ransomware: More than 6 percent of all respondents – one in six of those attacked – paid a ransom after a malware attack. The highest losses that any one company targeted with ransomware (which could include other cyber events) was more than $50 million.  “Whether a ransom was paid or not, the average losses for firms subjected to a ransomware attack were nearly twice those of firms confronted by malware on its own – $927,000 compared with $492,000.”
  • Cyber Readiness: The number of firms that achieved “expert” status in Hiscox’s cyber readiness model – which measures firms’ alignment with best practice in four areas: strategy oversight, 0 resourcing, technology, and process — increased from 10 percent to 18 percent. U.S. and Irish firms had the highest percentage of “expert” status rankings (24 percent), while France showed the greatest improvement (18 percent, increasing from 6 percent). Overall, twice as many firms responded to a breach by adding new security and spending more on employee training.
  • Cyber Security Spending: Respondents’ average spend on cyber security increased by 39 percent, from $1.47 million to $2.05 million. French firms had the highest average spend ($3.1 million), closely followed by Spanish and U.S. firms ($2.6 million and $2.4 million, respectively). The United Kingdom’s average spend increased dramatically, from just under $900,000 to $1.5 million.  In addition, firms ranked as “experts” spent an average of $4.2 million over 12 months on cyber security, while firms at the other end of the scale (“novices”) spent an average of $1.3 million.
  • Greater Cyber Responses: Approximately twice as many firms responded to a cyber event by taking extra measures to combat the hackers. For example, 25 percent (compared with 11 percent in 2019) increased spending on employee training after an attack.  Nearly three-quarters of respondents (72 percent) plan to increase their cyber security budgets by 5 percent or more in the coming year (an increase from 67 percent in 2019).
  • Cyber Insurance Coverage: The proportion of respondents who said that they have purchased cyber insurance as a result of a previous cyber event has risen steadily over the past three Hiscox reports, from 9 percent to 20 percent. Slightly more than one-quarter of firms (26 percent) reported that they had a standalone cyber policy, and 18 percent reported that they planned either to purchase standalone coverage or add it as coverage to their policies.  Nearly half (45 percent) of firms ranked as “experts” said that they had a standalone cyber policy.

Note: Hiscox concluded overall that the sharp increase in the frequency and severity of cyber events “is a trend that should concern everyone involved in cyber security.”  Information-security teams should use this report to benchmark their companies’ own states of cyber readiness and incorporate its findings into reporting to senior executives.

A Biblical Plague Threatens Food Supplies on Multiple Continents

For some people, the phrase “a plague of locusts” evokes only the memory of the Old Testament account of the swarms of locusts that devastated Egypt.  For many people around the world, that phrase today is now evoking genuine and immediate fear.

Earlier this year, locust swarms swept across at least ten countries in East Africa, devouring hundreds of thousands of acres of cropland.  At that time, it was projected that locust swarms could increase by 500 times and move into still more African nations.

Recent news reports indicate that the reach of locust swarms has extended well beyond east Africa.  In late May, CBS News reported that locust swarms were now attacking parts of eight western states in India.  Although such swarms typically move from Pakistan between July and October and remain concentrated in Rajasthan, “weather conditions have helped the swarms spread into neighboring states.”  Those swarms pose a tremendous threat to food supplies in the region, as a swarm of 40 million locusts can consume enough food for 35,000 people.

Pakistan too has been enduring vast devastation by locust swarms.  The Guardian reported in late May that Pakistan is suffering “the worst plague of locusts in recent history, which has caused billions of dollars in damage and led to fears of long-term food shortages.”  That plague is likely to have catastrophic effects on a country “where agriculture accounts for 20% of GDP and 65% of the population live and work in agricultural areas.”

In addition, just last week Argentina and Brazil reportedly “are monitoring the movement of a 15-square-kilometer locust swarm in Argentina’s northeast.”  So far, according to various authorities and specialists, the swarm “had not caused significant damage to crops” in either country, perhaps because predicted lower temperatures would limit the locusts’ movement.  The potential risk to crops in the region is nonetheless significant.  Argentina and Brazil “are among the world’s largest soy and corn exporters,” and growers in one Brazilian state “feared the locusts would enter the[ir] state where corn is still being harvested and wheat being grown.”  In addition, the swarms, which reportedly entered Argentina from Paraguay, are also heading toward Uruguay.

Note:  These reports indicate that locust-driven risks to regional food and feed insecurity, ranging from moderate to overwhelming, are now prevalent in multiple regions of the world.  Strategic-risk and food security-risk analysts should closely monitor further developments with these locust swarms through the balance of the summer.

Anti-Corruption Agencies Issue Report on Global Mapping of Anti-Corruption Authorities

On May 25, the French Anti-Corruption Agency (AFA), in partnership with the Council of Europe’s Group of States against Corruption (GRECO), the OECD, and the international Network of Corruption Prevention Authorities (NCPA), issued a report that provided global mapping of anti-corruption authorities (ACAs) around the world.  ACAs have long been an object of anti-corruption efforts around the world; Article 6 of the United Nations Convention against Corruption (UNCAC) provides that States Parties should ensure the existence of one or more bodies that prevent corruption, and other regional conventions have similarly advocated the need for anti-corruption oversight and prevention bodies.

The report was based on data provided by 171 national authorities from 114 countries and territories, including ACAs from every geographic region of the world.  It has two principal aims: “helping anti-corruption practitioners to better understand ACAs’ characteristics and needs”; and “identify[ing] common trends and challenges, and to explore concrete avenues for cooperation between, and with, ACAs.”

The report’s main conclusions included the following topics:

  • Diversity of Anti-Corruption Institutional Arrangements: The report stated that “[t]here is no universally accepted model for shaping national integrity systems, but the centralized single-agency approach to the anti-corruption mandate seems to be predominant.” Of the responding authorities, 74 percent (84 of 114 countries) were responses from a single authority.
  • GRECO Membership and Adoption of the OECD Anti-Bribery Convention: 43 percent of respondents were from GRECO Member States, and 48 percent were from countries that adopted the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.
  • ACAs’ Power to Investigate and Prosecute: 63 percent (108) of responding ACAs responded that they were authorized to conduct investigations and/or criminal proceedings, and 79 authorities reported that they could pursue legal persons. The report, however, also said that the survey indicated “ACAs are more used to investigate and prosecute individuals for corruption than companies,” which might indicate a need “to further enforce the responsibility of legal persons for corruption in accordance with Article 2 of the OECD Anti-Bribery Convention.”
  • Availability of Sanctions Mechanisms: Fewer than half (48 percent) of responding ACAs reported that they have sanction mechanisms, and those mechanisms in 56 ACAs were mainly administrative.
  • Prevalence of National Anti-Corruption Strategies: A clear majority (89 percent) of respondents reported that they were involved in the creation and execution of a national strategy on anti-corruption.
  • Asset and Interest Declarations: 39 percent of respondents (66 of 171) stated that their organizations were in charge of managing asset and/or interest declarations of senior public officials, but ACAs did not seem to be primarily responsible for their management.
  • Obligations to Establish Codes of Conduct: 75 percent reported that their countries had an obligation to establish a code of conduct. 73 percent (125) stated that that obligation extended to the public sector, but only 17 percent (29) reported that that that obligation extended to the private sector (mostly companies).
  • Risk Mapping: The survey showed “that, in comparison with codes of conduct, risk mapping is not such a widespread practice at the international level.” 56 percent said that risk mapping was an obligation in their countries, and only 12.8 percent (22) said that this obligation was applicable to both the public and private sectors, mainly to companies.
  • ACAs’ Major Expectations Toward NCPA: Nearly all respondents (165 of 171) indicated that they expect more exchange of best practices between peers, and 69 percent (118) expressed interest in strengthening the exchange of operational information.
  • International Directory of ACAs: 83 percent of ACA respondents stated that they wished to share their contact details with other ACAs.

Note: This report is encouraging for anti-corruption observers, to the extent it shows a significant measure of national-level commitment by numerous countries to establishing and maintaining anti-corruption authorities.  At the same time, it indicates that many countries that signed the UNCAC or regional anti-corruption conventions still have some distance to go in implementing anti-corruption prevention or oversight bodies with genuine authority, as well as anti-corruption preventive measures.  As that slowness to delegate such authority to national and subnational authorities is not likely to end soon, the ACA directory mentioned in the report may be the most promising means in the immediate future for fostering closer cooperation and good-practices and information exchanges between ACAs in multiple countries.

UK Financial Conduct Authority Fines Commerzbank London £37.8 Million for Anti-Money Laundering Failures

On June 17, the United Kingdom Financial Conduct Authority (FCA) announced that it fined Commerzbank AG (London Branch) £37,805,400 for failing to put adequate anti-money laundering (AML) systems and controls in place over a five-year period between October 2012 and September 2017.

The FCA stated that its investigation identified “failings in a number of areas.”  Those areas included three categories of failures by Commerzbank London:

  • Failure to conduct “timely periodic due diligence on its clients.” This failure, according to the FCA, “resulted in a significant number of existing clients not being subject to timely know-your-client checks.” For example, by March 1, 2017, “1,772 clients were overdue updated due diligence checks. A material number of these clients were able to continue to transact with the bank’s London branch due to the implementation of an exceptions process.” That process “was not adequately controlled or overseen and which became ‘out of control’ by the end of 2016.
    • The FCA’s Final Notice in the case made clear that the backlog occurred, in part, because the bank’s first and second lines of defense tasked with carrying out key AML controls were understaffed throughout the period under review.  For example, in mid-2016, the bank’s Financial Crime Team in Compliance consisted of just 3 full-time employees; in mid-2018, after the bank acknowledged the need for a dramatic increase in the team’s staff, it increased the staffing to 42 full-time employees.
  • Failure to address “long-standing weaknesses in its automated tool for monitoring money laundering risk on transactions for clients.” For example, in 2015 the bank found that 40 high-risk countries were missing, and 1,110 high-risk clients had not been added, to its transaction monitoring tool. The Final Notice further stated that that tool “was not fit for purpose, and did not have access to key information from certain of Commerzbank’s transaction systems.”
  • Failure to have “adequate policies and procedures in place when undertaking customer due diligence on clients.”

As a result of these failures, the FCA determined that Commerzbank “breached Principle 3 of the FCA’s Principles for Businesses, which requires firms to have adequate risk management systems in place.”

The FCA made specific reference to the fact that Commerzbank London “was aware of these weaknesses and failed to take reasonable and effective steps to fix them despite the FCA raising specific concerns about them in 2012, 2015 and 2017.”  It also observed that these weaknesses

persisted during a period when the FCA was publishing guidance on steps firms could take to reduce financial crime risk as well as taking enforcement action against a number of firms in relation to AML controls. Despite these clear warnings, the failures continued.

At the same time, the FCA credited the bank with three actions responsive to those failures:

  • Undertaking “a significant remediation exercise to bring its AML controls into compliance.” The FCA noted that a “Skilled Person” — i.e., a third party whom the FCA may engage, under the Financial Services and Markets Act (as amended), to provide views on aspects of a regulated firm’s activities if the FCA is concerned or wants further analysis — had completed work on testing the effectiveness of those enhancements.
  • Conducting “an extensive look-back exercise to identify suspicious transactions during the period in question.
  • Voluntarily implementing “a wide-ranging business restriction, which included temporarily stopping taking on new high-risk customers and suspending all new trade finance business activities.”

The FCA stated that because the bank agreed to resolve the matter at an early stage of the investigation, it qualified for the standard 30 percent discount; without that discount, the financial penalty would have been £54,007,800.

Note: AML compliance officers should read not only the FCA release, but the detailed 50-page Final Notice, to get a full sense of the reasons for and dimensions of the bank’s AML failures.  They also should brief senior management in their firms about the highlights of the FCA’s action, and use the case as an opportunity for benchmarking their firm’s AML programs against the AML failures and determining where their internal training might usefully be revised.

In this case, Commerzbank London was fortunate in that the FCA acknowledged that there was no evidence that the bank’s failings had occasioned or facilitated financial crime.  Any financial firm that allows similar long-term AML program failures to occur, however, cannot assume that it will be so lucky.