Money Laundering, Cryptocurrencies and EU Legislation

Money Laundering, Cryptocurrencies and EU Legislation

While new EU rules aimed at tackling money laundering came into effect in early July, critics are already suggesting that the new regulations are obsolete. Commentators are suggesting that the EU needs to rapidly introduce legislation that empowers national regulators to tackle financial crimes and money laundering involving cryptocurrencies such as Bitcoin.

The fifth review of the EU Anti-Money Laundering legislation was kick-started by revelations of money laundering revealed by the Panama Papers expose. The new rules are focused on creating centralised bank account registers to simplify the work of security forces. But national financial intelligence units are poorly organised and they rarely cooperate: thieves can easily obscure their proceeds by moving them between countries.

However, critics are suggesting that the rise of cryptocurrencies means that additional protections are required and the EU needs additional powers to combat the changing face of financial crime. There is currently no single EU force that can coordinate the tracking, recording and prosecution of financial crimes that cross borders.

EU lawmaker Sven Giegold commented: “The Commission cannot hesitate any longer in bringing forward a legislative proposal for a European anti-money laundering authority.”

Before the EU releases further updates to the statute, they will need to allow time for member states to comply with the current release. Many member states are still struggling to implement the previous update, which was issued in 2015. This suggests that many countries are not well placed to defend against the tandem rise in cyber crimes and cryptocurrencies. In this environment, people will continue to have easy access to the tools they need to launder the proceeds of their crimes.

Malta may find itself on the frontline of the battle between regulators and money launderers, as Europe’s smallest country has successfully promoted itself as a digital currency hub, attracting significant investment from major players in the crypto industry.

Here in the UK, new legislation has been proposed to include the penalty of jail time for people who use the UK property market to launder money. This would reduce the attraction for criminals and corrupt officials to stash their funds in British property – a tactic that has inflated the UK property market, making it difficult for many people to buy a home. Campaign group Transparency International estimates that £4.2billion of London real estate is bought with suspicious assets.

Lord Duncan, the UK government minister for Scotland commented: “For too long criminals have been able to use the property industry as a front for investing dodgy funds, hiding dirty money and evading the law. This stops now.”

Anti-Money Laundering Courses from VinciWorks

Keeping up-to-date with money laundering regulations is a constant challenge. Our eLearning solutions are designed to help your teams remain aware of regulations and prepared to take action against crime.

EssentialStudies: GDPR Training and Unparalleled Customer Support

The problem:

This particular customer success story happened a few months ago. Our customer needed to provide GDPR online training to all of their employees before the dreaded May deadline. Motivated by the fear of non-compliance and possible fines, our customer needed the training delivered ASAP. However, it was a requirement to have single sign-on (SSO) in place before rolling out their training.

SSO provides users with a seamless login to their training. Our system checks the user’s machine for a sign on (for example their email account) and uses these credentials to log them in to their training. This saves them time as they don’t have to manually enter their username and password, meaning a user only needs to log in once to access multiple applications.

The problem is that SSO can take time to set-up and with the approaching deadline, our customer didn’t have much time left.

The solution:

But not to worry, as Lukasz, in our Customer Success team, was on hand to help.

Lukasz understood that if we were going to beat the deadline, he needed to arrange a dedicated time slot for the customer’s IT team and the development team of VinciWorks to cooperate on the SSO set-up.

The result:

With dedicated support and our experience in setting up SSO with many other clients, the entire process took only a few hours. The customer was able to roll out GDPR online training across their entire workforce before the May deadline.


Łukasz Tymczak

A guide to the New York sexual harassment laws

The words sexual harassment being written on a typewriter

Governor Cuomo and Mayor De Blasio have been busy putting the city and state on
the right side of #MeToo, the global anti-sexual harassment movement. A flurry of
new laws and requirements on New York State and City businesses have been
added to the books, with more coming into force over the next few months. VinciWorks’ free guide will help to ensure your business is ready for October 9, the key date by which all New York State businesses must provide compliant training on sexual harassment.

Download guide

Continue reading

Six things John Oliver taught us about workplace sexual harassment

Anita Hill and John Oliver

In a recent episode of award-winning John Oliver’s Last Week Tonight, the comedian tackled the issue of sexual harassment in the workplace. The episode was extended to include an interview with Anita Hill, famous for her case against Judge Thomas in 1991. While extremely funny, John Oliver’s take on sexual harassment, coupled with his interview with Anita, gave light to the issues of sexual harassment, the progress, if any, made on tackling the issue over the last three decades and what we can do address it. Here are a few things you may have learned from the episode.

 

1. There is no reason to fear hiring women

While John Oliver ridicules a man who asks “what are the rules?”, there does seem to be a recurring theme throughout the episode – men are worried they will be wrongly accused of sexual harassment. Author and life coach Tony Robins recently came under fire for his anecdote of a man who wouldn’t hire a woman because she was very attractive and it would be “too big a risk”. This fear can be abated by providing clear guidelines on what is considered inappropriate behavior. Combating sexual harassment starts with ensuring a culture of awareness and sensitivity towards the problem. Anita Hill emphasized this, saying that while there are a tiny amount of false accusations, we mustn’t “make rules around the things that rarely happen until we finish up making the rules around the things that are happening regularly.”

Continue reading

Ticketmaster Data Breach: did they act quickly enough?

Data breaches are nothing new.

What has changed recently is the regulations surrounding personal data.

Under the General Data Protection Regulation (GDPR), companies must notify the Information Commissioner’s Office within 72 hours of becoming aware of a breach.

In the case of Ticketmaster’s recent breach, questions remain about whether they reported the loss of data affecting 40,000 customers quickly enough.

Ticketmaster lost the customer data because of a third-party application designed to help them manage customer support requests. The Inbenta software was infected with malware and was passing customer data to a third-party, who then used the information to help them make fraudulent payments.

Ticketmaster claims that up to 40,000 UK customers may have had their data stolen. Customers in the US were not affected in the incident. Ticketmaster is offering customers a 12-month identity monitoring service to help prevent further frauds from occurring.

One of the problems with a data breach of this kind is the avalanche of follow-up crimes that typically occur – not always relying on the actual data lost. This is because criminals use the confusion and concern caused by a major data loss incident to dupe customers into changing passwords – on dummy websites that they control. Ticketmaster is urging customers to only visit genuine Ticketmaster websites on recognised addresses.

Brooks Wallace, cyber-security specialist from Trusted Knight commented: “After an incident like this, criminals from around the world will jump at the chance to try and catch a few unsuspecting people out,” said Brooks Wallace from the cyber-security specialist Trusted Knight. “If you receive any emails purporting to be from Ticketmaster asking for any personal information, discard them. If you need to contact Ticketmaster, type the website address into your browser and log-in that way.”

Questions about the timing of Ticketmaster’s notification surfaced after Monzo, the online bank, reported that they had uncovered evidence that Ticketmaster may have been breached in early April – something they passed on to authorities and to Ticketmaster. Monzo’s discovery followed customer reports of fraudulent transactions. The security team at Monzo analysed the accounts of approximately 50 customers who had all been the victim of fraud and found a pattern: 70% of the affected customers had recently bought tickets from Ticketmaster. Only 0.8% of their entire customer base had used Ticketmaster.

The question that the ICO may want answered is why it took months for Ticketmaster to confirm that a breach had taken place? Was the breach carefully concealed by hackers? Or did Ticketmaster hope to limit the scope of scandal?

Read more about Information Security eLearning from VinciWoks.

Legal professional privilege and the Data Protection Act 2018

A finger print being taken

GDPR, the mammoth new data protection regulation, came into force across the EU in May this year. Alongside it, the Data Protection Act 2018 was passed by the UK Parliament, replacing the DPA 1998 and giving the UK a single source of data protection legislation.

Designed to be read alongside GDPR, the DPA added to the bits of law that GDPR does not cover and expanded on the areas the UK chose to opt-out from or amend. One of these key areas is legal professional privilege. Legal professional privilege is a fundamental human right which allows clients to have open conversations with their lawyers in order to allow lawyers to provide their clients with the best service.

While the GDPR does not include any provisions for legal professional privilege, the DPA 2018 clearly stipulates that the provisions of the act do not apply to personal data that consists of information in respect of which a claim to legal professional privilege could be maintained. This could refer to legal professional privilege in legal proceedings or information in respect of which a duty of confidentiality is owed by a professional legal advisor to a client of the advisor.

Due to these changes, and what they mean for GDPR rights such as subject access requests, VinciWorks has produced a comprehensive guide to the DPA and legal professional privilege, in addition to our in-depth webinar on the Data Protection Act 2018.

Download guide

Continue reading

US sanctions on Iran – avoiding sanctions chaos

Flags of Iran and USA painted on broken wall

What Sanctions Have the US Imposed on Iran?

On Monday August 6, the US reimposed the first round of trade sanctions against Iran that had been suspended following the 2015 international nuclear agreement (Iran Deal). The sanctions officially ‘snapped back’ at one minute past midnight on Tuesday.

The reimposition of sanctions means Iran is prohibited from using US dollars in the global market. US trade in Iranian cars and Iranian metals are banned. Furthermore, permits allowing the import of everyday goods from Iran to the US, from Persian rugs to pistachios, have been revoked. Iranian companies can no longer even get a license to buy US-made commercial aircraft parts.

Continue reading

August News Roundup 2018

Supermarket legally responsible for employee data leak

Supermarket legally responsible for employee data leak

Morrisons was found responsible for leaking thousands of employees’ data. The data was posted online by former senior internal auditor, Andrew Skelton. He posted information such as names, addresses, bank accounts and salaries, and risked Morrisons’ current employees to identity theft and financial loss.

The reason for stealing the employee data may have been a grudge over an incident when he was blamed for dealing legal highs at the workplace.

Skelton was found guilty and jailed for eight years. The company was responsible for breaches of privacy, confidence and data protection laws.

It has already cost Morrisons more than £2m for responding to the misuse of employee data.

 

Two companies sentenced after worker falls from height

Principal contractors Jeff Payne and Brewsters (Poole) Ltd have been fined after 32-year old self-employed builder, Jamie Butler, fell from height while at work.

Butler was working on a project with unsecured scaffolding. This resulted in a 2 metre fall causing a broken wrist and collarbone along with injuries to the head and lower back which required an operation. Both companies pleaded guilty.

Jeff Payne was issued with a 60-hour community service order and to pay costs of £1,125.

Brewsters was fined £2,700 and ordered to pay costs of £1,125. HSE inspector Nicole Buchanan said: ‘This incident could so easily have been avoided by simply carrying out correct control measures and safe working practices’.

 

Employee wins unfair dismissal court case

A Sainsbury’s employee, Kurmajic, was wrongly dismissed because of his comment on a Facebook post. Kurmajic’s colleague had posted photos of a driver’s car stuck on a ramp.

When Kurmajic saw the picture, he posted the name, age and car registration number of the driver in an attempt to question the driver’s capability to drive. During the suspension hearing with the store manager, Kurmajic claimed he would not do it again. However notes from the hearing suggested he would post again if given the chance. He was dismissed following the hearing.

The store manager claimed Kurmajic hurt the company’s reputation. Kurmajic appealed internally insisting that he did not breach the social media policy. The policy referred to ‘customers’ but it was unclear whether the driver was a customer or not. He also claimed that he should have received training regarding the company’s policies.

The judge ruled that the store manager was careless and not familiar with the contents of the policy himself. He should have considered an alternative other than dismissal as there was no proof of damage to the brand.

Modern Slavery Act prosecutions are up – but whose job is it to enforce the Act?

Construction worker

Last week, the Crown Prosecution Service published its first report into Modern day slavery following the introduction of the Modern Slavery Act in 2015. The report showed that there was a 27% increase in the number of suspects charged with slavery offences in 2017/18 compared with the previous year. Referrals of modern slavery allegations have also risen to their highest level and the number of prosecutions is on the increase too.

Awareness increasing

These are all positive signs that the Modern Slavery Act which was introduced in 2015 is beginning to have an effect on ending the scourge of people trafficking, domestic servitude and prostitution. However, a BBC programme, The Prosecutors: Modern Day Slavery, highlighted the ongoing difficulty of actually bringing the perpetrators of these crimes to justice. One of the reasons is the method of spotting and reporting incidents of slavery.

Continue reading