Monday Compliance News - Around the World

GCSG's Monday Compliance News is a compilation of some of the previous weeks interesting compliance news bites, from around the world, that we deliver every Monday morning

Identity Fraud Cases Skyrocket in Netherlands - NLTimes.nl

"The number of reports about identity fraud in the Netherlands more than doubled last year, according to figures from the Identity Fraud Hotline." (Click here for the article) - Netherlands

How hackers made off with millions - Thomson Reuters

"It's been a little over a year since the New York Federal Reserve and the SWIFT international transaction system were breached in a cyber-attack that resulted in $81 million stolen from a Bangladesh central bank account - one of the biggest known bank thefts in history" (Click here for the article) - USA, Bangladesh

Report Faults Wells Fargo's Law Department in Sham-Accounts Scandal - Law.com

"The report, released Monday, was commissioned by Wells Fargo last year after the bank agreed to pay $185 million to settle accusations that employees opened as many as 2.2 million unauthorized accounts by transferring funds without customers consent from existing accounts." (Click here for the article) - USA

The money machine: how a high-profile corruption investigation fell apart - Guardian News and Media Limited or its affiliated companies

"The 2014 summit - much like David Cameron's highly publicized global Anti-Corruption Summit in 2016 - was intended to show Britain's determination to live up to its responsibilities.  Instead, the case of the $23m collapsed within a year - when a British judge ruled that the SFO had built its case on 'conjecture and suspicion', and ordered the money returned to its owner." (Click here for the article) - Britain, Ukraine

North Korea oil imports, airline among possible US sanctions targets - Thomson Reuters

"...the Trump administration is focusing its North Korea strategy on tougher economic sanctions, possibly including an oil embargo, banning its airline, intercepting cargo ships and punishing Chinese banks doing business with Pyongyang..." (Click here for the article) - USA, North Korea, China

How one of the world's biggest oil firms secured a $1.3 billion deal mired in corruption allegations - BuzzFeed

"On the evening of 17 February 2016...the chief executive of oil giant Shell, picked up his phone...The topic of their conversation: a 'dawn raid' on the company's headquarters earlier that day by Dutch police investigating a controversial $1.3 billion Nigerian oil deal struck five years previously." (Click here for the article) - Netherlands, Italy, Nigeria

Trump considers trade order that could lead to duties - CNBC

"U.S. President Donald Trump is considering an executive order to launch a trade investigation that could lead to supplemental duties in certain product categories..." (Click here for the article) - USA

Monday Compliance News - Around the World

Barclays CEO pay slashed after he tried to identify whistleblower - CNN Money

"The American boss of one of Britain's top banks will have his pay slashed after he admitted trying to unmask a whistleblower" (Click here for the article) 

Top 50 Airfreight Forwarders - Transport Topics (Click here for the article)

Swedish defense industry uneasy over proposed export controls - Defense News

"A Swedish government plan to introduce a new legislative bill that would restrict arms exports to so-called non-democracies is causing disquiet.." (Click here for the article)

Japan orders Yusen Logistics to shut down customs operations - JOC.com

"Japanese authorities have ordered Yusen Logistics Co. to completely suspend its customs clearance operations in the country for more than two months for violating the Customs Brokerage Act by making false declarations." (Click here for the article)

 

Customer Due Diligence Requirements

On May 11, 2016 the Department of the Treasury, Financial Crimes Enforcement Network (FinCEN) published final rules (81 FR 29397-29458) under the Bank Secrecy Act to clarify customer due diligence requirements for Banks; brokers or dealers in securities; mutual funds; and futures commission merchants and introducing brokers in commodities. 

Unlike most other federal agencies where they've taken the approach to provide guidelines or inferred expectations around customer due diligence, these rules contain explicit customer due diligence requirements.

FinCEN makes the case that there are four core elements of customer due diligence (CDD):

  • Customer identification and verification (already a requirement)

  • Beneficial ownership identification and verification (required by the new final rule)

  • Understanding the nature and purpose of customer relationships to develop a customer risk profile (implicitly required already and will now be explicitly required by the new final rule)

  • Ongoing monitoring for reporting suspicious transactions and, on a risk-basis, maintaining and updating customer information (implicitly required already and will now be explicitly required by the new final rule)

These four core elements are also good basic guidelines for any global business, regardless of industry, with third party relationships.  Companies that fail to maintain an adequate level of oversight of their third parties risk conducting business with people and entities that do not share their same values for integrity.  This can lead to relationships that end with compliance failures that could damage the company's reputation and in some instances result in criminal/civil penalties.

A good third party due diligence program will include these basic elements:

  • Written policy with Executive level support

  • Third Party verification and screening against denied party/restricted party lists as well as for adverse media events

  • Desktop procedures that include when, what and how a third party is to be on-boarded and for how an existing third party relationship is to be monitored (for changes in their risk profile)

  • Red Flags awareness and a process for handling Red Flags as they arise

  • Prioritization of third parties by level of risk and categorization by required levels of due diligence (low, moderate, high)

  • Training    

Global Compliance Solution Group (GCSG) is well versed in assessing and implementing corporate third party due diligence programs.  If you have any questions or needs in this area please contact us directly at info@globalcompliancesg.com

The final rules become effective on July 11, 2016 and covered institutions must fully comply by May 11, 2018.

Key definitions:

  • Third Party - means customers or intermediaries that conduct business on a company's behalf with persons outside of the company and encompasses those contracted in both sales and supply channels.

  • Intermediaries - may include joint venture partners, consortium partners, agents, advisor (e.g. legal, tax, financial, consultant, lobbyist), supplier, vendor, service provider (e.g. communications, logistics, storage, brokers, forwarders, etc.) or distributor/reseller. 

Key link(s):

ISO 37001 Anti-bribery Management Systems - Gets Vote of Approval

On April 14, 2016 the International Organization for Standardization (ISO) announced the draft version of the new ISO 37001 Anti-Bribery Management Systems (ABMS) standard received a 91% vote of confidence. 

The ABMS "is designed to help organizations implement effective measures to prevent and address bribery, and instill a culture of honesty, transparency and integrity."   

The standard is intended to be used by small to large public, private, or voluntary sector companies.  The ABMS standard includes a few basic principles such as:

  • Adopting an anti-bribery policy
  • Appointing a person to oversee anti-bribery compliance
  • Training
  • Risk assessments and due diligence on projects and business associates
  • Implementing financial and commercial controls
  • Instituting reporting and investigation procedures

The standard is expected to be published in late 2016.

Key Links:

The EPA is Proposing to Amend its RMP Regulations

On March 14, 2016 the Environmental Protection Agency (EPA) published a proposed rulemaking (81 FR 13638) that includes major changes to its Risk Management Program (RMP) regulations (40 CFR Part 68). The RMP regulations apply to facilities that hold regulated substances in excess of threshold quantities.  The proposed rulemaking says the amendments are intended to "seek to improve chemical process safety, assist local emergency authorities in planning for and responding to accidents, and improve public awareness of chemical hazards at regulated sources."

The proposed rulemaking includes major changes in the following areas:

Accident Prevention Program

  • All facilities with Program 2 or 3 processes (definition below) would be required to conduct a root cause analysis as part of an incident investigation of a catastrophic release or an incident that could have reasonably resulted in a catastrophic release (i.e., a near-miss).
  • Facilities with Program 2 or 3 processes would be required to contract with an independent third-party to perform a compliance audit after the facility has a reportable release. Compliance audits are required under the existing rule, but are allowed to be self-audits (i.e., performed by the owner or operator of the regulated facility).
  • Facilities with Program 3 regulated processes in North American Industrial Classification System (NAICS) codes 322 (paper manufacturing), 324 (petroleum and coal products manufacturing), and 325 (chemical manufacturing) would be required to conduct a safer technology and alternatives analysis (STAA) as part of their PHA, and to evaluate the feasibility of any inherently safer technology (IST) identified. The current PHA requirements include consideration of active, passive, and procedural measures to control hazards. The proposed modernization effort continues to support the analysis of those measures and adds consideration of IST alternatives.

Emergency Response

  • Facilities with Program 2 or 3 processes would be required to coordinate with the local emergency response agencies at least once a year to ensure that resources and capabilities are in place to respond to an accidental release of a regulated substance.
  • Facilities with Program 2 or 3 processes would be required to conduct notification exercises annually to ensure that their emergency contact information is accurate and complete.
  • Facilities subject to the emergency response program requirements of subpart E of the rule (or “responding facilities”) conduct a full field exercise at least once every five years and one tabletop exercise annually in the other years. Responding facilities that have an RMP reportable accident would also have to conduct a full field exercise within a year of the accident.

Enhanced Availability of Information

  • All facilities would be required to provide certain basic information to the public through easily accessible means such as a facility Web site. If no Web site exists, the owner or operator may provide the information at public libraries or government offices, or use other means appropriate for particular locations and facilities.
  • A subset of facilities would be required, upon request, to provide the Local Emergency Planning Committee (LEPC), Tribal Emergency Planning Committee (TEPC)  [2] or other local emergency response agencies with summaries related to: Their activities on compliance audits (facilities with Program 2 and Program 3 processes); emergency response exercises (facilities with Program 2 and Program 3 processes); accident history and investigation reports (all facilities that have had RMP reportable accidents); and any ISTs implemented at the facility (a subset of Program 3 processes).
  • All facilities to hold a public meeting for the local community within a specified timeframe after an RMP reportable accident.
  • Proposes revisions to clarify or simplify the RMP submission.

Program 1 eligibility requirements. A covered process is eligible for Program 1 requirements as provided in §68.12(b) if it meets all of the following requirements: (1) For the five years prior to the submission of an RMP, the process has not had an accidental release of a regulated substance where exposure to the substance, its reaction products, overpressure generated by an explosion involving the substance, or radiant heat generated by a fire involving the substance led to any of the following offsite: (i) Death; (ii) Injury; or (iii) Response or restoration activities for an exposure of an environmental receptor; (2) The distance to a toxic or flammable endpoint for a worst-case release assessment conducted under subpart B and §68.25 is less than the distance to any public receptor, as defined in §68.30; and (3) Emergency response procedures have been coordinated between the stationary source and local emergency planning and response organizations.

Program 2 eligibility requirements. A covered process is subject to Program 2 requirements if it does not meet the eligibility requirements of either a Program 1 or Program 3 facility. 

Program 3 eligibility requirements. A covered process is subject to Program 3 if the process does not meet the requirements of a Program 1 facility, and if either of the following conditions is met: (1) The process is in NAICS code 32211, 32411, 32511, 325181, 325188, 325192, 325199, 325211, 325311, or 32532; or (2) The process is subject to the OSHA process safety management standard, 29 CFR 1910.119.

A public hearing on the proposed rule will be held on March 29, 2016.  Comments on the proposed rule are due on May 13, 2016.