Mining giant Glencore receives record bribery fine

Glencore, the mining and commodities giant, has been fined a record-breaking £281 million for bribery in five African countries. The company was found to have paid cash bribes to officials in the national oil and gas companies in Cameroon, Equatorial Guinea, Ivory Coast, Nigeria and South Sudan to secure its access to oil. The Serious Fraud Office (SFO) launched an investigation into Glencore in 2019, focused on the activity of the London-based West Africa desk, which sourced and traded crude oil from African countries.

The investigation revealed text messages, large cash withdrawals, and deliberately concealed payments indicating that Glencore paid bribes worth $29 million to secure access to oil in the five African countries. In Nigeria, Equatorial Guinea, and the Ivory Coast, Glencore used local agents to funnel bribes into state-owned oil companies and government ministries, disguising them as unspecified service fees in financial reports. In South Sudan and Cameroon, Glencore executives had a bolder approach. In 2011, two Glencore employees from the West Africa desk flew to South Sudan carrying $800,000 in cash, which they paid via a local agent to officials in the newly established government.

Between 2012 and 2015, another Glencore trader took out $8.2 million in cash from the company’s Swiss cash desk, recorded as office expenses, even though there was not much to indicate that there was an office operating there. These funds, along with $5.5 million of service fees withdrawn in cash by a Nigerian agent, were flown on private jets to Cameroon. The SFO estimates Glencore’s bribery generated a financial benefit of approximately £93.5 million for the company.

The company pleaded guilty in June 2021 to seven counts of bribery, and the penalty fee of £281 million includes a fine, a confiscation order for the profit it obtained from bribes, and the SFO’s costs in full. Glencore received a one-third discount on the fine for pleading guilty to the charges. The confiscation order is the largest ever for an SFO case, and the total amount the company will pay is the highest ever ordered in a corporate criminal conviction. It will be larger than the £264 million fine levied by the UK’s Financial Conduct Authority on NatWest Group in December 2021.

The penalties Glencore will pay in the UK are high but still far below those levied by other authorities. The US Department of Justice said its case against the company related to “a decade-long scheme by Glencore and its subsidiaries to make and conceal corrupt payments and bribes” to foreign officials in Africa and Latin America to secure oil contracts, avoid government audits, and make lawsuits disappear. Glencore also reached an agreement with the Democratic Republic of Congo to pay $180 million over bribery allegations spanning from 2007 to 2018.

The case raised several red flags for financial services, logistics services, and corporations, highlighting the need for greater vigilance and compliance with laws against bribery and corruption. Particularly given the increased focus on bribery offences within the fight against corruption. 

Glencore company chair, Kalidas Madhavpeddi, said the company was now committed to operating transparently “with openness and integrity at the forefront” and has taken “significant action” on improving its ethics and compliance. Two of the individuals involved in the criminal activities were Business Ethics Officers or on the Business Ethics Committee at Glencore’s London office. 

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.