Skip to content

Global Investigations and Enforcement Bulletin: Our pick of key emerging trends around the world, August 2022

19 January 2022

Welcome to our August 2022 edition of the HFW Global Investigations and Enforcement Bulletin where we share what we consider to be the most important developments and trends in compliance and enforcement in recent months around the world and give our tips.

In this edition we look at the move from the imposition of sanctions to enforcement. We expect to see increased activity and cooperation among regulators globally in policing sanctions.

We also look at the rise of ESG where regulators and action groups are becoming increasingly active in scrutinising claims made and taking action where they consider unsustainable sustainability claims are made. We look at some simple steps businesses can take to reduce risk.

We also pick out some recent developments in the enforcement staples of bribery and money laundering and flag the use of draconian tax authority powers in Australia as a trojan horse for other economic crime enforcement. Finally, we look at the new national security powers in China and Hong Kong.

Two consistent themes emerge.

The importance of due diligence in prevention of problems and cooperation between countries in investigations and enforcement.

Compliance programs and due diligence remain critical to prevention. From a practical perspective we strongly recommend businesses “document, document, and document” the steps taken to comply. Evidence of the compliance steps taken will be critical if a regulator enquires about the steps taken to prevent a problem.

We know that the global regulatory maze can be daunting. Please contact your usual HFW contact or any of our Global Regulatory team if you have any questions. We are pleased to help.

Sanctions – a move from imposition to enforcement

There has been a blizzard of new sanctions imposed since Russia invaded Ukraine which we know businesses have, at times, found hard to keep up with.

On 22 June 2022, the director at the Office of Financial Sanctions Implementation ( OFSI) indicated that they are nearing the end of the implementation stage, following several months of scaling up the Russian sanctions regime and that enforcement is becoming the larger priority. Regulators have scaled up the teams dealing with sanctions enforcement significantly in recent weeks.

The shift to enforcement is also reflected more widely in Europe, where senior Brussels officials are considering creating an EU-wide sanctions authority to oversee sanctions enforcement amongst member states, recognising that coordination and consistent implementation is now the main priority for effective enforcement. The US has launched Task Force Kleptocapture whose remit is to enforce the sanctions and other measures put in place in response to the Russian invasion.

Enforcement in Australia has typically lagged its main trading partners across a range of white-collar crimes, including foreign bribery, AML and sanctions. That is changing for a number of reasons, including enhanced capabilities via the newly established Australian Sanctions Office (in 2020) and international scrutiny and critique of enforcement outcomes. Australian agencies are also increasingly cooperating and actively looking for new targets to demonstrate their bona fides and effectiveness.

In that context, like the US (Magnitsky Act), UK and EU, Australia recently significantly broadened its sanctions framework to include a discretion to sanction for transnational “thematic issues” of concern, regardless of where that conduct occurred. Those themes include serious human rights and corruption issues, which heightens the risk of future wide-ranging sanctions and investigation or prosecution for related corruption or AML issues.

While the UAE and Saudi Arabia has not imposed sanctions, the US Treasury has urged Middle Eastern banks to comply with Russian sanctions in the context of the extraterritorial effect of the US sanctions regime.

TIP: Effective due diligence on your customers and business partners will help avoid problems. It should include whether such things as corruption or AML risks may trigger thematic sanctions or other criminal liabilities. If your business receives an enquiry about sanctions compliance from the authorities please contact us.

Environment, Social, and Corporate Governance (ESG) – claims targeted by regulators and non-governmental organisations

As Europe experiences a summer heatwave, climate change has been firmly in the headlines. In the meantime, ESG claims are coming under increasing scrutiny in the media. At the same time regulators are likewise firing warning shots about businesses making overblown claims.

In the UK the Financial Conduct Authority ( FCA) has flagged ESG claims as one it is watching. The UK Advertising Standards Agency is also in on the act recently ruling against a supermarket banning their ‘Plant Chef’ vegan burgers advertisements after claims that the burgers were ‘better for the planet’ were found to be unsubstantiated.

In Germany, police raided the premises of DWS, a subsidiary of Deutsche Bank, on 31 May 2022 as part of a joint BaFin and SEC investigation into greenwashing claims. Reportedly a whistle-blower previously raised concerns internally but was fired.

Investigators allege DWS had misled customers into buying financial products which were irregularly labelled as sustainable investments. Deutsche are conducting an internal investigation into the matter which remains ongoing.

At the same time the aviation sector has become the focus for the likes of ClientEarth, who in May issued proceedings against KLM for greenwashing. ClientEarth had previously written to KLM demanding that it withdraw marketing, failing which it would launch proceedings including in respect of its “Fly Responsibly” campaign and its “commitment to taking a leading role in a more sustainable future for aviation” which ClientEarth allege is misleading.

In June, Greenpeace published a detailed report into the seven biggest European Airline groups finding that they are failing to take sufficient measures to reduce CO2 emissions in line with the Paris Agreement and highlighted similar criticisms of their behaviour to that claimed by ClientEarth against KLM.

In summary, against a backdrop of a lack of common ESG standards, a global desire to buy or invest in “ESG” products and services, many businesses are making unsustainable ESG claims. In light of this, regulators are increasingly sitting up and taking notice while non-governmental organisations are issuing warnings and, in the case of KLM, bringing lawsuits. ESG has the hallmarks of being a focus of regulatory and litigation in the years to come.

TIP: Businesses should take extreme care when making ESG claims. which should be accurate, verifiable and documented. We recommend legal input in respect of ESG claims given the litigation and regulatory risk now associated with them.

Bribery – an enforcement staple

In the US and UK, corporate bribery continues to be a priority for law enforcement agencies. On 21 June, commodities trader Glencore Energy pleaded guilty in the UK to bribery charges. At the same time, unusually Glencore entered guilty pleas in the US and agreed to pay a $1.1 billion settlement where the US Department of Justice was running a parallel investigation.

Glencore’s guilty plea in the UK represents another corporate criminal resolution by way of guilty plea. The guilty plea follows Petrofac’s guilty plea in October 2021. Before this, Sweett Group Plc pleaded guilty to the failure to prevent bribery offence in 2016 in respect of conduct in UAE. Our team represented one of the companies which previously pled guilty. In the right circumstances a corporate guilty plea can have its advantages (for example no power of the court to impose a monitor or ongoing obligations of cooperation) and debarment risk can be minimised through ‘self cleansing’.

In Saudi Arabia, following changes to the anti-bribery legislation in 2019, which saw private bribery being criminalised, there is marked increase in enforcement activity in the Kingdom. The anti-corruption authority, Nazaha, oversaw the prosecution of numerous government officials and company employees on charges of bribery and abuse of power including the imprisonment of a former judge and a former ambassador in June 2022. The UAE and KSA governments have made it clear that they are serious about clamping down on bribery and corruption in those countries, albeit there are significant challenges and bribery risks remain prevalent in the region.

TIP: Due diligence and an effective compliance program can prevent bribery and is a critical line of defence is misconduct occurs. If subject to bribery investigations and enforcement, a strategic approach to dealing with the investigation, interactions with law enforcement and consideration of resolution avenues are key.

Money laundering – enforcement risk for the conduct of third parties

Money laundering has long been a staple of enforcement focus. However, regulators have recently made the jump to criminal corporate prosecutions.

In the UK, National Westminster Bank Plc’s ( NatWest) conviction in October 2021 is an example of the FCA’s first criminal prosecution for money laundering, some 15 years after the regulations first came in force. NatWest pleaded guilty to breaching the Money Laundering Regulations 2007 and failing to prevent money laundering; they was fined £264 million.

The UAE had a Financial Action Task Force ( FATF) assessment in 2020 and in March 2022, the UAE was placed on the grey list. The FATF determined that while the UAE had made “significant progress” in combatting money laundering, terrorism financing and facilitating international cooperation, further progress is required to ensure investigations and prosecutions of money laundering cases are “consistent with UAE’s risk profile”.

A FATF grey listing in itself is of concern but does not have a direct impact. It would not automatically lead to restrictions on businesses and foreign currency transfers, for example. However, international regulators require firms to have enhanced AML provisions in place for blacklist and grey list countries. Regulators require regulated firms, especially financial institutions, to screen customers from such countries with extra care, both at the onboarding stage and on an ongoing basis.

In another example of increasing global enforcement risk, the People’s Bank of China ( PBOC), the central bank and primary financial regulator of the People’s Republic of China (PRC), published a draft version of an amended Anti-Money Laundering (AML) Law in June 2021.

The new AML Law significantly increases penalties for offences and has potential extraterritorial effect. In particular, under the new law, non-financial institutions, individuals, and other organisations (such as property developers or real estate agencies, accounting firms, and precious metal exchanges) will be subject to new AML obligations.

TIP: Businesses should ensure their anti-money laundering systems and controls, and customer due diligence in particular, are up to date.


Against a backdrop of squeezed public finances following over two years of pandemic the hunt is on for governments to fill the coffers. Anecdotal evidence suggests that tax collection agencies are becoming increasingly aggressive in their pursuit of tax evaders and those who do not comply with the rules.

In Australia, this includes a focus on multijurisdictional operations and overseas tax liabilities and arrangements. Australian authorities are well aware that overseas tax issues can mask serious corruption. The ATO collaborates closely with other agencies and its extensive powers to investigate and compel production of materials can reveal potential corruption issues that warrant investigation. This translates to a significantly increased risk of investigation for foreign bribery offences.

Following the implementation of Value Added Tax in the UAE in 2018, the UAE government has announced that corporation tax will be implemented on business profits commencing on or after 1 June 2023. The Federal Tax Authority oversees the administration of tax in the UAE and has swiftly demonstrated that it is one of the most active regulators in the UAE in ensuring businesses comply with their obligations under the relevant federal legislation.

TIP: Ensure that enquiries from taxation authorities are promptly complied with and that records are kept up to date, including to demonstrably capture the legitimate rationale and basis for addressing overseas tax arrangements or outcomes.

National Security

In Hong Kong, there continues to be legislative focus on national security.

Effective from 8 October 2021, the Personal Data (Privacy) (Amendment) Ordinance 2021 (the Amendment Ordinance) introduced a robust regime to combat doxxing (seeking and personal data of a targeted person and publishing the data without consent on the Internet). The Amendment Ordinance criminalises doxxing activities. Depending on the severity, doxxing offences are categorised into two tiers where the penalty for the more serious tier could be a fine of HK$1 million and imprisonment for 5 years on conviction.

The Amendment Ordinance also empowers the Privacy Commissioner for Personal Data to carry out criminal investigations and institute prosecutions for doxxing-related offences, including to issue cessation notices to request the removal of doxxing messages. Non-compliance of a cessation notice is an offence with consequences of a fine and imprisonment on conviction.

New regulations in the PRC such as the Data Security Law ( DSL) and Personal information Protection Law (PIPL) also became effective in 2021. The DSL focuses primarily on national security-related and industrial data, while the PIPL can be seen as the PRC’s answer to Europe’s GDPR. Although these two PRC laws diverge in some areas of focus from Hong Kong’s Amendment Ordinance mentioned above, the DSL and PIPL codify the integrated foundation of the PRC’s strict framework for handling, controlling, processing, and transferring data.

Moreover, the PRC continued to expand its data compliance and enforcement framework in several targeted ways during the first half of 2022 by issuing final regulations that dictate when companies must undertake both internal and external (read government-driven) security assessments prior to cross-border data transfer, and further adding to the list of industry-specific data regulations crafted at the Ministry level. The new PRC laws also provide for enhanced penalties when a company violates them, ranging from rectification notices, to fines up to five percent of the previous year’s turnover, and loss of business licenses and potential criminal prosecution in cases deemed severe.

On 30 June 2020, the Law of the People’s Republic of China on Safeguarding National Security in the Hong Kong SAR (the National Security Law) came into effect in Hong Kong. The National Security Law was enacted to prevent, suppress and impose punishment for four categories of offence, namely, secession, subversion, organisation and perpetration of terrorist activities, and collusion with a foreign country or with external elements to endanger national security in relation to the Hong Kong SAR. National Security Law applies extra-territorially to offences committed in and outside Hong Kong. Penalties for National Security Law offences on conviction range from a fine to life imprisonment for individuals and from suspension of operation to revocation of license for businesses.

TIP: Businesses with a presence in Hong Kong and or China should be familiar with the impact of the new laws on national security as well as data security on their business operations and conduct employee training where necessary.