Skip to content

Global Investigations and Enforcement bulletin: Our pick of the top trends and business tips around the world, October 2023

24 October 2023

As we are nearing the end of 2023, we reflect on some key developments over August and September, and give our take on what we expect to see for the remainder of the year.


Greenwashing continues to take centre stage as inaccurate claims of green credentials continue to be actively enforced in the UK, primarily by the Advertising Standards Authority (ASA) and the Competition and Markets Authority (CMA). The Financial Conduct Authority (FCA) also published a Dear Chair letter in July1 outlining its ESG principles and proposed a new regime, the Sustainability Disclosure Requirements (SDR), which includes a general anti-greenwashing rule, requiring that all claims relating to the sustainability profile of the product/ service are ‘clear, fair, and not misleading’ (or in other words, proportionate and not exaggerated).2 The greenwashing rule in particular, if approved, will be implemented from Q4 2023 onward.

Corporate governance – The Financial Reporting Council (FRC) is consulting on an overhaul of the UK corporate governance code, with the aim of holding boards and directors accountable for their accounts. This comes following a series of high profile business collapses and other scandals arising from corporate governance failures in recent times, including CBI, McDonalds, and the BBC. 3

In the US, the SEC fined Deutsche Bank’s ‘DWS’ subsidiary $25 million for failing to live up to its ESG-promises and having inadequate anti-money laundering policies. This concludes the probe that was initiated by a whistleblower, DWS’ former head of ESG, Desiree Fixler.


For many companies, the public interest in and importance of ESG is impossible to ignore. Companies that make claims as to their green credentials should think carefully about the evidence they have to support those claims. We have seen that regulators are increasingly proactive when it comes to greenwashing enforcement and new legislation and guidance is being considered.

Those in the regulated sector should also refer to any additional guidance put out by their regulator, as well as any industry-wide standards.

Internally, it would be prudent for companies to conduct supply chain due diligence, especially when there are the involvement of other third parties or other jurisdictions.


  1. Authorised ESG and sustainable investment funds: improving quality and clarity (
  2. CP22/20: Sustainability Disclosure Requirements (SDR) and investment labels (
  3. Restoring trust in audit and corporate governance: government response to consultation on strengthening the UK’s audit, corporate reporting and corporate governance systems (

Whistleblowing safeguards need to be upheld

In the UK, the Competition and Markets Authority (CMA) have raised the amount that will be rewarded to whistle-blowers who report unlawful cartel activity, from £100,000 to £250,000.

The proposed Whistleblowing Bill remains far on the horizon, as it is still undergoing its 2nd reading in the House of Commons at the time of writing.

From 17 December 2023, the EU Whistleblowing Directive will expand to include a wider range of companies (including those with 50-249 employees) who will be required with the directive (Article 26(2) TFEU) and have in place ‘channels and procedures for internal reporting and follow-up’.1

In the US, the Securities and Exchange Commission (SEC) in August announced awards totalling more than £104 million to seven whistle blowers in connection with a successful enforcement action, which represents the fourth-largest ever award issued by the SEC.2

The seven individuals provided documents to the SEC which supported the allegations of misconduct, sat for interviews and identified other potential witnesses. This assistance either led to the opening of an investigation or significantly contributed to an investigation.

This was followed shortly after by two whistle-blowers being awarded $15 million by the CFTC.

In September, the SEC fined Monolith (private energy company) and CBRE Inc (a commercial real estate services and investment firm) for requiring departing employees to sign agreements to waive their financial award after filing successful whistle blower claims. Monolith were fined $225,000 for violating whistle-blower safeguards and impeding the SEC’s whistle-blower program from February 2020 to March 2023; while CBRE were fined $375,000 in civil penalties. The SEC are sending a clear message that whistleblowing safeguards should apply to public and private companies alike.


It is in the company’s best interest to maintain adequate whistleblowing hotlines and procedures to deal with claims appropriately. The risk of not doing so, or in the cases above, requiring departing employees to waive their financial award after a whistleblowing claim, effectively amounts to a violation of the whistleblowing safeguards. These safeguards should apply to private and public companies alike.


  1. EUR-Lex – 02019L1937-20230502 – EN – EUR-Lex (
  2. | SEC Awards More Than $104 Million to Seven Whistleblowers

Commodities Global Compliance Forum

On 28 September 2023, we hosted our second Compliance Forum where Barry Vitou interviewed Billy Jacobson.

Billy has had roles as the Co-General Counsel and Chief Compliance Officer at one of the world’s largest oilfield service companies, served as a federal prosecution (including as Assistant Chief for FCPA Enforcement in the DOJ’s Fraud Section) and has been appointed an independent compliance monitor. Please get in touch if you would like a copy of the recording of September’s session.

Our next Compliance Forum will take place on 5 December virtually and they are a great way to learn from and network with other professionals within the compliance industry. Please click here to register.

Hong Kong Securities and Futures Commission Regulatory Update

On 21 June 2023, the Hong Kong Securities and Futures Commission (“SFC”) issued its 2022/2023 Annual Report (the “2022/2023 Report”). The 2022/2023 report provides an overview of the SFC’s regulatory work for the year under review, offering some insight into enforcement trends.

A key milestone was a change in leadership, with Julia Leung being appointed CEO following Ashley Alder stepping down after his 11 years at the helm to join the FCA in the UK. As a result, a focus of the work done in the 2022/2023 period largely appeared to be on wrapping-up existing investigations (which resulted in HK$41.7m in penalties). There was also a focus on reform, with a public consultation on proposals to amend the Securities and Futures Ordinance to facilitate more effective enforcement action.

As a result, the coming year is likely to be significant, with possible changes to the enforcement infrastructure in tandem with new enforcement strategies flowing from fresh leadership. As a result, people and individuals under the SFC’s jurisdiction should stay abreast of these developments in order to ensure their ongoing compliance.

Personal devices

In October 2022 we wrote about the risks of using personal devices and third-party messaging apps for business communications in the wake of fines levied by the SEC and CFTC against sixteen banks.1 At around the same time the US attorney general announced that the DOJ’s criminal division had been asked to look at the use of personal devices and messaging apps in the context of corporate compliance programmes.

In the UK the FCA had already raised concerns about the use of third-party messaging apps in January 2021 as a result of the Covid pandemic requiring people to work from home.2 This was followed by reports in October 2022 that it had issued information requests to a number of banks requiring information about their use of WhatsApp and other messaging apps. However, it is the UK regulator Ofgem (Office of Gas and Electricity Markets) who has been the first UK regulator to issue a fine for such failings.3

In August, Ofgem, which is the UK’s energy regulator, fined Morgan Stanley & Co International plc (“MSIP”) £5.41m for not recording and retaining electronic communications made by wholesale energy traders, on privately owned phones via WhatsApp, between January 2018 and March 2020. But for Morgan Stanley’s cooperation the fine would have been £7,730,213 but that cooperation earnt them a 30% discount.

The MSIP fine highlights that simply having a policy that prohibits the use of third-party messaging apps and personal devices is not enough. While MSIP did have policies in place and had taken some steps to try to ensure that the policy was conveyed to staff, Ofgem concluded that the measures MSIP took were not sufficient. This was because MSIP had not taken reasonable steps to monitor compliance with its policy and it was only after Ofgem had identified that MSIP traders had been using WhatsApp that MSIP took steps to address it.


This is a timely reminder to all businesses, and particularly those in the regulated sector, to ensure that they have robust and properly implemented policies and procedures in respect of acceptable communication channels for business related communications. What amounts to a business communication for recording and retention purposes can vary but will include all communications relating to potential and actual trades.



Fraud, Bribery and Corruption

In August, Entain, the gambling group that owns Ladbrokes, announced that they had set aside £585 million for a potential fine in connection with an investigation by HMRC for a Section 7 Bribery Act offence of failing to prevent bribery in relation to its Turkish sport betting business. The DPA negotiations are expected to conclude before the end of the year.

In the same month, the Madagascan President’s Chief of Staff and another associate were charged with bribery offences relating to securing licences for a mining operation. This followed an investigation by the NCA’s International Corruption Unit.1

In September, four individuals were charged by the SFO for fraud which led to the collapse of the Patisserie Valerie bakery chain in 20189.

Turning to legislative updates, the UK’s Economic Crime and Corporate Transparency Bill continues to be a hot topic in Parliament having gone through a recent ‘ping pong’ between the Houses. On 5 September, MPs voted to exclude small/ medium enterprises (SMEs) from the proposed failure to prevent fraud offence. The House of Lords disagreed with this and proposed that it should include SMEs but exclude ‘micro-organisations’. A week later the House of Commons rejected this proposal by a majority. It appears this will continue to be subject to a number of amendments from both Houses in the coming months but as it currently stands the proposed offence will only apply to ‘large organisations’ or those that satisfy two of the following criteria in the financial year preceding the offence:

  • More than £36 million in turnover,
  • More than £18 million in total assets, and
  • More than 250 employees.

Meanwhile in July, a bipartisan majority of the US Senate approved the Foreign Extortion Prevention Act (FEPA) which makes it a crime for a foreign official to demand or accept a bribe from an US person or company, or any people while in the territory of the US, in connection with obtaining or retaining business.

On 4 October, Nick Ephgrave QPM took over as director of the Serious Fraud Office. He is the first non-lawyer to take up this role, having previously served as the Assistant Commissioner of the Metropolitan Police Service and Chief Constable for Surrey Police. Most recently, he was Chair of the National Police Chiefs’ Council Criminal Justice Co-ordination Committee and held roles on the Criminal Procedure Rules Committee and at the Sentencing Council. He has stated that he is “committed to building the strong, dynamic and pragmatic authority the UK needs to fight today’s most heinous economic crimes”.


  1. Madagascan President’s Chief of Staff charged with bribery – National Crime Agency


In August, the UK High Court rejected the first sanctions designation challenge brought under UK’s Russia Sanctions regime under the Sanctions and Anti-Money Laundering Act 2018 (SAMLA).1 The challenge was brought by Eugene Shivdler, who was a UK-US businessman, who submitted that his designation was unlawful. The court ruled that ‘Whilst the effects of designation are serious….the effects of designation are temporary and reversible, not fixed and permanent…he is simply deprived of the use of his property for the period it is thought necessary to maintain the sanctions’.

In September, the EU delisted three Russian businessmen from their sanctions list, having previously been added to the list and subject to an asset freeze for suspected ties to the Kremlin. One of the businessmen, Alexander Shulgin, was successful in his case against sanctions at the European Court of Justice, with the court ordering his delisting as there was insufficient evidence of his influence as a ‘leading business person’.

OFSI also flexed its new enforcement muscles in August, using for the first time its Disclosure enforcement power to name and shame an entity which had breached financial sanctions, by making funds available to a designated person without a licence2. These disclosure enforcement powers are used where a breach is considered “moderately severe”.


The notices OFSI publishes of its use of its disclosure enforcement powers or monetary enforcement powers will usually include “compliance lessons” which is recommended companies familiarise themselves with and consider whether their internal controls are in line with those lessons.


  1. High Court Judgment Template (