Over the past few months, companies from a wide range of jurisdictions and industries had to pay hundreds of millions of dollars in fines for alleged failures of compliance and due diligence. In this blog, we dive deeper into some of these enforcement actions and draw out lessons companies can learn to mitigate the legal, financial, reputational and strategic risks of a regulatory breach. We also explain how Nexis Solutions® can help to transform your due diligence approach.
Heavy fines show regulators’ readiness to enforce gaps in compliance and due diligence
Regulators around the world appear to be more willing than ever before to take enforcement action against a company if its activities – or those of its subsidiaries and third parties – do not comply with legislation. Allegations of bribery and corruption have been a major driver of recent fines. High-profile examples include:
- US and Brazil: In December 2022, a multinational conglomerate agreed to pay over $160 million to resolve bribery investigations by regulators in the US and Brazil. The company was alleged to have paid a multi-million pound bribe to a senior official in a Brazilian state-owned oil company in an attempt to win a lucrative building contract.
- West Africa and UK: In November 2022, a multinational mining firm was fined over £280 million after a UK investigation into bribery in exchange for preferential access to oil in five countries in West Africa. The investigation was pursued in parallel with regulators in the US, Netherlands and Switzerland.
- France: In November 2022, an aerospace firm was given a fine of around €16 million in a French court to resolve an investigation into bribery in Libya and Kazakhstan over a decade ago.
- UK: In December 2022, the UK’s financial regulator fined a global bank over £107 million for alleged gaps in its anti-money laundering controls. This included failing to verify the information business customers provided about what business they would do.
- United Arab Emirates: In February 2023, the UAE’s Central Bank fined a financial services company more than $490,000 for allegedly breaching anti-money laundering and counter-terrorism financing laws. The regulator pointed to an “overall weak compliance culture” in the company.
Regulatory focus on ESG and human rights due diligence is growing
While legislation against corporate bribery and corruption has generally been in place for decades, more recent legislation has introduced new requirements for companies to carry out environmental and human rights due diligence. This trend is reflected in recent developments including:
- UK and Nigeria: In February 2023, more than 11,000 residents in Nigeria launched a court case in the UK against a multinational oil company over the alleged impact of its activities on drinking water, air quality, farmland and fishing stocks.
- US: In November 2022, it was announced that a financial services company would pay $4 million to settle claims that it did not sufficiently assess ESG factors in some of the investment products it offered.
With Germany’s Supply Chain Due Diligence Act coming into force in January 2023, and similar legislation expected to follow in other countries soon, we are likely to see more and more examples of enforcement action in this area. Companies should therefore retool their due diligence approach to include data on ESG factors.
Five lessons for companies from recent enforcement actions
Recent fines reveal five key trends in the approach taken by regulators. Companies should ensure they are aware of these trends, and consider them while auditing their own compliance and due diligence operations. These trends are:
- Enforcement action reflects strengthening legislation: Countries continue to pass laws with ever more stringent due diligence requirements upon companies. For example, the fine in the UAE followed recent laws obliging companies to do more to tackle money laundering, and new guidelines about customer due diligence.
- Mutual legal assistance is accelerating: Most of the investigations mentioned in this blog involved cross-border collaboration between regulators. This willingness to share information and work together makes it even more likely that corporate compliance breaches will be detected. As a senior US official said when announcing a recent bribery fine, the US “will work together with our partners, both domestic and foreign, to hold companies accountable for their criminal conduct”.
- Compliance failures carry multiple facets of risk: The fines above clearly inflicted legal and financial damage on the companies involved. But they also incurred reputational risk as the investigation and its outcome made newspaper headlines, and strategic risk as companies had to divert their focus from business-as-usual to cooperate with the investigation and subsequently strengthen their compliance regime. CEOs remember this when considering how much resource to allocate to compliance.
- Incentives for compliance are available: In one case mentioned above, the US regulator revealed that the company received a 25% reduction on the possible fine in recognition that it proactively disclosed new evidence and subsequently strengthened its compliance programme after an alleged breach was revealed. The US strengthened its incentives for cooperation further by updating its Corporate Enforcement Policy in January 2023.
- Global due diligence is needed: A recurring theme in the enforcement actions in this blog is that companies were fined for their alleged activities in a different country from their headquarters. This reinforces the need to carry out due diligence using global data which covers all countries where third parties and suppliers operate.
Nexis Solutions: cutting through the noise to surface insights to mitigate regulatory risks
This blog makes an overwhelming case for companies to do more to mitigate the financial, legal, reputational and strategic risks of a compliance failure. The best way to do this is to leverage data and technology to strengthen your due diligence process. This will help you to better detect any indication of wrongdoing happening within your business or by a customer, supplier or other third party.
Nexis Solutions helps firms to implement a more efficient and effective due diligence process to identify and mitigate third party risk by providing companies with authoritative data from the most relevant sources, including:
- News data to identify reputational risk of third parties.
- PEPs and sanctions data to identify third parties which may require enhanced due diligence.
- ESG data to assess third parties’ compliance with growing expectations from regulators and the public around human rights and environmental due diligence.
- Company data to help to build a picture of a company’s structure, directors and beneficial owners.
We support firms to deploy technology across these sources to improve their approach to due diligence and risk management. For example:
- Nexis Diligence ™ supports an effective due diligence process with our extensive archives and news searches going back more than 40 years.
- Nexis® Entity Insight provides customised risk monitoring for businesses, helping to monitor specific entities and risk categories.
- Nexis® Data as a Service delivers an unrivalled collection of licensed and web content, deep archives and data, through our flexible data APIs.