On October 11, the International Swaps and Derivatives Association, Inc. (ISDA) announced that 18 major global banks (G-18) agreed to sign the Resolution Stay Protocol, which was designed to support cross-border resolution and reduce systematic risk and is a significant step for banks that are considered “too-big-to-fail.” Effective January 2015, the Protocol will allow participating counterparties to “opt into certain overseas resolution regimes via a change to their derivatives contracts.” The Protocol will be applicable to new and existing trades and will likely extend to firms beyond G-18 banks in 2015.
On September 22, 2014, following a two-month trial, a federal jury in the Eastern District of New York ruled in favor of a group of 297 individual plaintiffs in a civil suit accusing Arab Bank PLC, headquartered in Amman, Jordan, of supporting terrorism. Linde vs. Arab Bank PLC, No. 1:04-CV-2799 (E.D.N.Y. filed July 2, 2004).
In summary, the plaintiffs alleged that Arab Bank was liable under the U.S. Anti-Terrorism Act, 18 U.S.C. § 2331, et seq. (the “ATA”), for the deaths and/or severe injuries resulting from acts in international terrorism that occurred between 2001 and 2004, because the bank had processed and facilitated payments for Hamas and other terrorist or terrorist-related organizations, their members, the families of suicide bombers, or Hamas front organizations.
What this means for financial institutions, particularly foreign banks that increasingly face the potential reach of U.S. laws and plaintiffs, remains to be seen. But there are three take-aways worthy of immediate consideration.
Law Firm Expansion to Further Assist Clients with Global Litigation, Financial Crimes Compliance, Privacy/Data Protection & FCPA Needs
WASHINGTON, DC / LONDON, ENGLAND (September 8, 2014) – BuckleySandler LLP, a leading financial services and criminal & civil enforcement defense law firm, announced today the opening of its first international office, located in London. James T. Parkinson has relocated from the firm’s Washington, DC office to be its London partner-in-residence, enabling the firm to better assist its clients with their global regulatory, litigation, enforcement, financial crimes, FCPA, digital commerce, privacy/data security and anti-money laundering needs.
“As the enforcement, regulatory and litigation challenges facing our clients globalize, it has become apparent that we need to be in London to enable us to meet our clients’ global needs,” explained BuckleySandler Chairman and Executive Partner Andrew L. Sandler. “Jamie’s move to London and our evolving strategic partnerships with global law firms with complementary practices are important steps in enabling the firm to assist clients in their global challenges and expand our global financial crimes practice.”
“I am excited to be relocating to London to better enable the firm to meet the global needs of our clients and expand our global financial crimes practice. Our new London presence is a significant part of BuckleySandler’s overall development of a strong capability to advise clients on comprehensive solutions to regulatory and enforcement problems on a global basis,” noted Parkinson. “This is an important initiative for the firm and a welcome professional opportunity for me.”
Sandler added, “With Jamie in London and the firm expanding our strategic partnerships, we are now able to respond immediately to client needs on a global basis.”
BuckleySandler’s London address: 16 St Martin’s Le Grand, London EC1A 4EN.
With more than 150 lawyers in Washington, New York, Los Angeles, Chicago and London, BuckleySandler provides best-in-class legal counsel to meet the challenges of its financial services industry and other corporate and individual clients across the full range of government enforcement actions, complex and class action litigation and transactional, regulatory and public policy issues. Operating in the United Kingdom as BuckleySandler International LLP, a limited liability partnership incorporated in England and Wales, for the practice of US law. The Firm represents numerous national and international leading financial services institutions. Online: www.buckleysandler.com; Twitter: https://twitter.com/BuckleySandler; InfoBytes Blog: http://www.infobytesblog.com.
On August 6, in remarks at a financial technology conference, the UK’s Chancellor of the Exchequer, George Osborne, outlined the UK government’s plans for the UK to become a world leader in financial innovation and financial technology. Mr. Osborne noted the UK’s science and technology resources and its history of leading the way in financial innovation. He called for new means of banking and payments for consumers and businesses that go beyond just viewing statements online and that “bypass traditional banks altogether, and lend money directly – through peer-to-peer platforms.” Mr. Osborne believes that “with the right backing from government,” London can become “the Fin Tech capital of the world.” To that end, he detailed the government’s plans to support financial innovation, including by: (i) establishing an appropriate tax regime for the industry; (ii) committing funds for government investment programs; (iii) establishing a favorable regulatory regime; (iv) creating a new partnership between Innovate Finance and the British Business Bank to champion financial innovation and technology; and (v) launching a “major program of work exploring the potential of virtual currencies and digital money.” For example, as part of the regulatory changes, Mr. Osborne described several pieces of legislation, including those that will: (i) require the large UK banks to “pass on information on small businesses they reject for loans, so that FinTech Companies and alternative lenders can step in and offer finance instead”; and (ii) allow consumers to use their smart phones to pay in checks.
On July 4, the European Banking Authority (EBA) released an Opinion that outlines for the EU Council, the European Commission, and the European Parliament requirements that would be needed to regulate virtual currencies. The EBA identified more than 70 risks across several categories and numerous causal drivers for those risks, including that (i) a virtual currency scheme can be created, and then its function subsequently changed, by anyone, and in the case of decentralized schemes, by anyone with a sufficient share of computational power; (ii) payer and payee can remain anonymous; (iii) virtual currency schemes do not respect jurisdictional boundaries and may therefore undermine financial sanctions and seizure of assets; and (iv) market participants lack sound corporate governance arrangements. To address those drivers, the EBA believes a regulatory framework would need to comprise, among other elements: (i) governance requirements for certain market participants; (ii) segregation of client accounts; (iii) capital requirements; and (iv) the creation of “scheme governing authorities” accountable for the integrity of a virtual currency scheme and its key components, including its protocol and transaction ledge. Given that the creation of such a regulatory framework will take time, the EBA recommends that European national prudential regulators take action in the immediate term to discourage financial institutions from buying, holding or selling virtual currencies while no regulatory regime is in place. In addition, the EBA recommends that EU legislators consider declaring market participants at the direct interface between conventional and virtual currencies, such as virtual currency exchanges, to become “obliged entities” under the EU Anti Money Laundering Directive and thus subject to its anti-money laundering and counter terrorist financing requirements. The EBA report follows a recent reportby the inter-governmental Financial Action Task Force (FATF) that provides an overview of virtual currency terms, markets, risks, and law enforcement actions announced to date.
On June 25, the American National Standards Institute (ANSI) issued a call for organizations with an interest in security to participate in an advisory committee to a new International Organization for Standardization (ISO) technical committee. The ISO is planning to restructure its security sector to consolidate the work of three existing technical committees—Societal security; Fraud countermeasures and controls; and Management system for quality of private security company operations. The new committee will begin work on January 1, 2015 and will cover standardization in the field of security including but not limited to general security management, business continuity management, resilience and emergency management, fraud countermeasures and controls, security services, and homeland security. Organizations interested in participating in the advisory committee must contact ANSI by July 4, 2014.
On May 13, the European Court of Justice held that an internet search operator is responsible for the processing of personal data that appear on web pages published by third parties, and that an individual has a right to ask a search engine operator to remove from search results specific links to materials that include the individual’s personal information. The court considered the issue in response to questions referred from a Spanish court about the scope of a 1995 E.U. directive designed to, among other things, protect individual privacy rights when personal data are processed. The court determined that “by searching automatically, constantly and systematically for information published on the internet, the operator of a search engine ‘collects’ data within the meaning of the directive,” and further determined that the operator “processes” and “controls” individual personal data within the meaning of the directive. The court held that a search engine operator “must ensure, within the framework of its responsibilities, powers and capabilities, that its activity complies with the directive’s requirements,” including by, in certain circumstances, removing “links to web pages that are published by third parties and contain information relating to a person from the list of results displayed following a search made on the basis of that person’s name,” even when publication of that person’s information on those pages is lawful. Further, the court held that although the search engine operator’s processing operations take place outside of the E.U., the operator is covered by the directive because the operator also has operations in an E.U. member state that were “intended to promote and sell, in the Member State in question, advertising space offered by the search engine in order to make the service offered by the engine profitable.”
On May 8, OFAC released enforcement information regarding “apparent violations” of the Cuban Assets Control Regulations by Canadian subsidiaries of a U.S. insurance company. The U.S. company self-reported 3,560 apparent violations that occurred between January 2006, and March 2009, and agreed to remit $279,038 to settle potential civil liability. OFAC stated that over a more than three-year period two Canadian subsidiaries issued or renewed property and casualty insurance policies that insured Cuban risks of a Canadian company, and that one of the subsidiaries maintained a D&O liability insurance policy that insured certain directors and officers of three Cuban joint venture partners of a Canadian corporation. Separately, another subsidiary sold, renewed, or maintained in force individual or annual multi-trip travel insurance policies in which the insured identified Cuba as the travel destination. The civil penalty reflects OFAC’s balancing of aggravating and mitigating factors, including the actual knowledge of the company and certain members of management of the violative conduct; and the company’s self-disclosure, cooperation, and advance remediation.
On May 8, OFAC issued regulations to implement recent Executive Orders establishing sanctions against Russian individuals and entities related to the situation in Ukraine. The Ukraine-Related Sanctions Regulations, 31 C.F.R. Part 589, implement Executive Order 13660 of March 6, 2014, Executive Order 13661 of March 17, 2014, and Executive Order 13662 of March 20, 2014. Consistent with its prior practice, OFAC published the regulations in abbreviated form and plans to provide a more comprehensive set of regulations, which may include additional interpretive and definitional guidance and additional general licenses and statements of licensing policy.
On April 18, OFAC announced that a privately held travel services provider based in the Netherlands but majority-owned by U.S. persons agreed to pay nearly $6 million to resolve allegations that over a roughly six-year period the company’s business units mostly outside the U.S. provided services related to travel to or from Cuba, which assisted 44,430 persons. OFAC states that such business activities constitute alleged violations of the Cuban Assets Control Regulations. The company voluntarily self-disclosed the alleged violations to OFAC, the vast majority of which occurred prior to such disclosure. OFAC claims that the company (i) failed to exercise a minimal degree of caution or care regarding its obligations to comply with OFAC sanctions against Cuba by processing unauthorized travel related transactions for more than four years before recognizing that it was subject to U.S. jurisdiction; (ii) processed a high volume of transactions and assisted a large number of travelers, which caused significant harm to the objectives of the Cuban Assets Control Regulations; and (iii) failed to implement an adequate compliance program. OFAC’s Cuba Penalty Schedule sets a base penalty for the alleged violations at $11,093,500, which was reduced given that (i) the conduct at issue was the company’s “first violation”; (ii) the company provided substantial cooperation during OFAC’s investigation of the alleged violations, including by agreeing to toll the statute of limitations and by providing OFAC with detailed and well-organized documents and information; and (iii) the company already has taken significant remedial action in response to the alleged violations.
On April 15, BAFT, an international financial services association for organizations engaged in international transaction banking, announced the creation of a new Anti-Money Laundering and Know Your Customer Trade Finance Sound Practices working group. The group will focus on the needs of the transaction banking industry’s heightened focus on maintaining compliance with increasing regulatory expectations involving AML, combating the financing of terrorism, and KYC practices. The group will review “red flags” identified in different jurisdictions, identify common challenges, and develop best practices, which it will consolidate and publish for use by other trade practitioners.
On April 3, Martin Wheatley, Chief Executive of the UK Financial Conduct Authority (FCA), which took over responsibility for overseeing consumer credit markets in the UK on April 1, 2014, identified the FCA’s most “immediate priority” as ensuring “providers of credit, as well as satellite services like credit broking, debt management and debt advice, have sustainable and well-controlled business models, supported by a culture that is based on ‘doing the right thing’ for customers.” He explained that the FCA wants to expand financial service providers’ focus on compliance with specific rules to include “wider FCA expectations of good conduct.” Referencing a paper the FCA published on April 1, the day it began overseeing consumer credit markets, Mr. Wheatley stated that consumer credit providers need to consider how they engage with consumers in vulnerable circumstances. On this issue, the FCA also announced a “competition review” of the UK credit card market to determine, among other things, “how the industry worked with those people who were in difficult financial situations already.”
On March 6, the FTC released a memorandum of understanding (MOU) it signed with the UK’s Information Commissioner’s Office (ICO), which is designed to strengthen the agencies’ privacy enforcement partnership. The FTC stated that over the last several years it has worked with the ICO on numerous investigations and international initiatives to increase global privacy cooperation. The MOU establishes a formal framework for the agencies to provide mutual assistance and exchange of information for the purpose of investigating, enforcing, and/or securing compliance with certain privacy violations. The FTC also announced a joint project with the European Union (EU) and Asia-Pacific Economic Cooperation (APEC) economies to map together the requirements for APEC Cross Border Privacy Rules and EU Binding Corporate Rules, which is designed to provide a practical reference tool for companies that seek “double certification” under the APEC and EU systems, and shows the substantial overlap between the two.
On March 4, the UK FCA released the results of its most recent review of sales incentives at retail financial firms. The FCA’s review revealed that retail banks have made progress in changing their financial incentive structures in response to the FCA’s supervisory focus on the issue starting in September 2012, which led to new guidance issued in January 2013. The FCA’s initial focus on the issue derived from its concerns about incentive structures that, among other things, allegedly fueled the sale of payment protection plans and other add-on products. Despite the broad progress, the FCA reports that roughly one in 10 firms with sales teams had higher-risk incentive scheme features where it appeared they were not managing the risk properly at the time of the FCA’s assessment. It believes firms should concentrate on, among other things (i) checking for spikes or trends in the sales patterns of individuals to identify areas of increased risk; (ii) better monitoring behavior in face-to-face sales conversations; and (iii) managing risks in discretionary incentive schemes and balanced scorecards, including the risk that discretion could be misused. The FCA states that given the progress made, it is not proposing any rule changes at this time, but it intends to keep financial incentives on its agenda for 2014.
On February 28, the UK Financial Conduct Authority (FCA) announced final rules for consumer credit providers, including new protections for consumers in credit transactions. The FCA states that the most drastic changes relate to payday lending and debt management. For example, with regard to “high-cost short-term credit,” the new rules will (i) limit to two the number of loan roll-overs; (ii) restrict to two the number of times a firm can seek repayment using a continuous payment authority; and (iii) require creditors to provide a risk warning. Among other things, the new rules also establish prudential standards and conduct protocols for debt management companies, peer-to-peer lending platforms, and debt advice companies. The policy statement also describes the FCA’s risk-based and proactive supervisory approach, which the FCA states will subject firms engaged in “higher risk business” that “pose a potentially greater risk to consumers” to an “intense and hands on supervisory experience” and will allow the FCA to levy “swift penalties” on violators. The new rules take effect April 1, 2014. The FCA plans next to propose a cap on the cost of high-cost, short-term credit.