Trade security Journal

In your hands Liability for the human rights impacts of foreign subsidiaries and subcontractors russian strategic companies: new rules for foreign investors Mergers and takeovers: uK strengthens national security scrutiny Eu agrees Countering Money Laundering by Criminal Law directive an overview of Israeli data protection law 1 Trade Security Journal Issue 6 Canada’s use of its national security power Issue 8. June 2018 IN THIS ISSUE

IssuE 8, JuLy 2018 froM ThE EdITor

3 nEws round-uP As we head into deep summer, C-Suite in the firing line there is (if this latest iteration of of FCPA enforcement the Trade Security Journal is to be believed) no letting up in the world of compliance. These pages reviews need for forced reveal that regulation and labour law enforcement remain vigorously promulgated and enforced (if not China cuts number of always and everywhere with the industry sectors not same energy, conviction or open to foreign capacity) – and that new frontiers investment from 63 to 48 of technology create their own challenges. New CBP rule ‘to All readers will be aware of address ongoing aviation the growing focus on human security threats’ rights issues attached to supply chains. In this and recent issues, Drinks maker charged we can see that this is a truly with FCPA offences global development. 5th AML Directive Meanwhile, Gil Rosen’s article on Israel’s data protection regime tackles cryptocurrencies Are you liable for the human rights impacts of foreign subsidiaries? is a reminder that while there are OFAC adds facets to 23 few in the world who aren’t rough diamond GDPR-aware, other jurisdictions reporting scheme 9 bLoCKChaIn 21 ModErn sLaVEry also possess laws that must be respected and articles from Blockchain in the supply Modern Slavery Act Kazakh businessman Canada and Russia and the UK chain: where are we tabled in Australian ordered to provide prove – if proof was ever needed now? Parliament information on litigation – that CFIUS isn’t the only funding source national security regime in play… 16 naTIonaL sECurITy 25 daTa PrIVaCy BREXIT, elusive though it may New powers for Aussie Acquisition of Russian An overview of Israeli be, is everywhere at the moment. intelligence agencies strategic companies: new data protection law But as our interviewee Caroline rules for foreign Barraclough explains, it has put Glencore subsidiary investors 29 busInEss CrIME wider supply chain issues in the subpoenaed in relation limelight in a way that they The UK agencies dealing to FCPA and AML docs haven’t hitherto enjoyed. Given 17 naTIonaL sECurITy with business crime – an their increasingly mind-boggling SFO brings criminal US: Stricter regulation of overview complexity, that, perhaps is at proceedings against foreign investments and least one good thing to have Unaoil exports advances: an 32 naTIonaL sECurITy emerged from the triggering of update Article 50? Index ‘encourages Mergers and takeovers: Tom Blass continuous UK strengthens national 18 daTa PrIVaCy July 2018 improvement’ in mining security scrutiny California passes historic best practice online privacy law 34 aML # Civil forfeiture orders in &#%) 19 aML Jersey !&#  EU agrees Countering Money Laundering by 35 anTI-CorruPTIon Criminal Law Directive Italy’s new Anti-Mafia Code 19 CybEr sECurITy Cyber fraud – Ireland’s 38 naTIonaL sECurITy Central Bank takes Canada’s use of its    %)!#%&  #%$ "%$! action national security power !# $&$#$ $&! %#%!#$

&$$ $%#%! " $ (#&$!#!#  '$%!#$ 20 CybEr sECurITy ##$ %!'#$ $%# % $ %! $&#%)$#&% ) #$!& %#  ! ) & # )#   (#%' Vietnam: 16th draft of  !'#'(!$#%"#!%%! (          *$&$!%$ %! $&#%)"!(# Issue 8. June 2018 the Law on Shutterstock.com Ali / Hasan photo: Sk Cover TSJ talks Brexit and customs with Cybersecurity Caroline Barraclough 12

2 Trade Security Journal Issue 8 NEWS ROUND-UP

C-suite in the firing line of FCPA enforcement

More than 50% of all individuals they only had a general charged with a violation of the suspicion that bribes could be FCPA were their corporation’s occurring without any direct CEO, President, Vice-President or confirmation or involvement Director. themselves. The statistic is amongst key findings of a new study by US law Amongst the conclusions of the firm Arent Fox of individual report are that there are no signs liability under the FCPA which that the Trump administration will looks at the cases of ‘every be more lenient on FCPA offences individual charged’ between 1 than its predecessor. ‘With the new January 2005 and 31 December administration’s first year behind 2017 – i.e., 180 individuals, us,’ the study’s authors write, ‘it’s working for 81 different interesting to note 2017 recorded companies, over the past 13 years. the second-highest number of Other headline findings are Individuals charged with a violation of the FCPA most likely to be from C-suite. individual FCPA prosecutions that: since 1977. And with the highest percentage of criminal individuals involved in bribe formalization of the “FCPA l The most civil and/or criminal cases (94%), followed closely schemes under $500,000; 73% Corporate Enforcement Policy,” charges for violating the FCPA by Venezuela (93%) and China of individuals in bribe schemes it’s fair to presume companies will arose from bribes occurring in (67%). of between $500,000 and $1 be forced to disclose individual Latin America (30%), Asia l Just under half of all million; and 67% for bribe “wrongdoers” now more than (28%), and Africa (24%). The individuals charged (45%) schemes of between $1 million ever ... Doing nothing – even when countries in those regions were involved in bribes and $10 million. you only have a general suspicion associated with the most schemes of between $1 million l More than one in 10 of bribery – is risky. Remember charges are Mexico, Venezuela, to $10 million. One-third were individuals (13%) were more than 1 in 10 such individuals Argentina, China, and Nigeria. involved in bribes schemes of charged criminally, even when were charged criminally.’ n l Almost all bribe schemes under $1 million. involving China, Mexico, and l For every range of bribes under The full report is at: Venezuela resulted in criminal $10 million, an overwhelming https://www.arentfox.com/sites/default/files/2018- charges for the individuals majority of individuals were 06/2018_CSuite_FCPA_Risk_Assessment_20180427.pdf involved. Mexico had the charged criminally: 70% of

Hong Kong High Court reviews need for forced labour law

Immigration, human rights slavery, servitude and forced or lawyers and others (including compulsory labour (but does not apparent victims of human explicitly prohibit human trafficking and forced labour) are trafficking). looking forward to the outcome of ‘Relying on the jurisprudence a two-day judicial review, heard of the European Court of Human by the Hong Kong High Court in Rights concerning similar issues May, which considers whether arising under the European Hong Kong should introduce a Convention on Human Rights, law on forced labour. Judge Zervos ruled in the The issue was first brought to claimant’s favour, declaring that in the fore in 2016 after a Pakistani failing to have his case recognized man, known as Zn, won a legal as one potentially involving battle against Hong Kong’s human trafficking for forced Immigration Department, Hong labour, which prevented further Kong Police Force and the Labour Does Hong Kong need a law on forced labour? We should know soon. appropriate action, his rights had Department. Zn had been lured been denied.’ from his country to Hong Kong Peter Chang, knowledge Hong Kong Special According to Chang, Judge under false pretences, had his lawyer at Freshfields notes: Administrative Region Zervos ‘confirmed that the passport withheld, received ‘Zn eventually sued the Government (HKSARG) and government has positive threats against himself and his departments before the High relevant government authorities’ obligations under Article 4 to enact family, and was subjected to Court of Hong Kong. In a process response to the claimant’s measures to ensure the prohibition violence. known as judicial review, whereby complaints had resulted in a of forced or compulsory labour, Each of the government individuals are granted access to denial of protection under the law including criminalizing and agencies he approached, it was courts to challenge decisions made – specifically, Article 4 under penalizing offenders, and shown, had ignored his claims that by public authorities, High Court Section 8 of the Hong Kong Bill of introducing appropriate measures he was a victim of human Justice Mr. Kevin Zervos was Rights Ordinance (Cap 383) (the to recognize and investigate such trafficking. invited to determine whether the HKBORO), which prohibits cases upon detecting red flags.’ n

3 Trade Security Journal Issue 8 NEWS ROUND-UP

China cuts number of industry sectors closed to foreign investment from 63 to 48

Effective from 28 July, China will network of trunk railway lines be reducing the number of l Railway passenger transport industry sectors in which foreign companies entities are restricted from l International marine transport - investing – demonstrating, say ation companies lawyers, the country’s willingness l International shipping agencies to take real steps to encourage l Purchase and wholesale of rice, further growth. wheat and corn The Special Administrative l Construction and operation of Measures on Access to Foreign gas stations Investment (Negative List) (2018 l Banks (previous restrictions on Version), or ‘Nationwide Negative the proportion of foreign equity List’, introduced by the Ministry of no longer apply) Commerce and National Development and Reform A new FTZ Negative List Commission, replaces the Negative reduces, from 95 to 45, the number List introduced in 2017, and of restricted sectors in Free Trade reduces the number of restricted The walls are being taken down on FDI into certain industry sectors. Zones in which non-Chinese areas of the economy from 63 to 48. companies may invest. The It also increases the ratio of inclusion in that list of ‘ivory equity that a non-Chinese l Exploration and exploitation of l Design, manufacture and carvings and tiger bone processing’ company may have in entities in graphite maintenance of general aircraft (previously prohibited investment those sectors. Amongst those areas l Smelting and separation of rare l Construction and operation of areas, now permitted) will provide which were prohibited but are now earth and smelting of tungsten power grids little comfort to those concerned by permitted are l Manufacture of special use l Construction and operation of wildlife trafficking and welfare. n vehicles and new energy l the manufacture of weapons vehicles and ammunition l Design, manufacture and baker McKenzie fenXun has produced a comprehensive briefing on the changes at: l business premises for Internet repair of ships (including https://f.datasrvr.com/fr1/718/43991/2018-237.pdf access services sections)

New CBP rule ‘to address ongoing aviation security threats’

A new interim rule published by data ‘to implement a mandatory program requires the inbound Russian Metrojet Flight 9268 above the US Customs and Border Air Cargo Advance Screening carrier or other eligible party to Egypt’s Sinai Peninsula in October Protection (‘CBP’) reflects CBP’s (ACAS) program for any inbound electronically transmit specified 2015, and the attempted onboard efforts to address ‘ongoing aviation aircraft required to make entry advance cargo data (ACAS data) to suicide attack on a commercial security threats,’ the agency says. under the CBP regulations that will CBP for air cargo transported aircraft in February 2016 after take- The rule pertains to the have commercial cargo aboard.’ onboard U.S.-bound aircraft as off in Mogadishu, Somalia,’ all of submission of advance air cargo It explains: ‘The ACAS early as practicable, but no later which, it says, ‘underscore the than prior to loading of the cargo persistent threat to commercial onto the aircraft. The ACAS aviation and emphasize the program enhances the security of importance of aviation security.’ Drinks maker charged with FCPA offences the aircraft and passengers on US- The rule would formalise a Beverage maker Beam Suntory Inc. has agreed to pay more than bound flights by enabling CBP to pilot programme, active since 2010, $8 million to resolve FCPA charges arising from improper payments perform targeted risk assessments by which cargo reports are sent to made by its Indian subsidiary, the SEC has announced. on the air cargo prior to the the US government prior to cargo According to the SEC order, ‘[F]rom 2006 through 2012 Beam’s aircraft’s departure for the United loading. Indian subsidiary used third-party sales promoters and distributors to States. These risk assessments will Trade association Airlines for make illicit payments to government employees to increase sales identify and prevent high-risk air America says that while it is still orders, process license and label registrations, and facilitate the cargo from being loaded on the reviewing the language of the distribution of Beam’s distilled spirit products...reimbursed the third- aircraft that could pose a risk to the interim final rule, it has ‘long parties for the illicit payments through the use of fabricated or inflated aircraft during flight.’ advocated for formalisation of the invoices, and then falsely recorded the expenses at the subsidiary level.’ In explaining the rationale for [pilot] program... and we look The SEC’s order also found that during this period Beam failed to devise the new rule, CBP cites ‘…the forward to working closely with and maintain a sufficient system of internal accounting controls. Christmas Day 2009 attempt to [Customs and Border Protection Without admitting or denying the allegations, the company agreed bring down a US-bound passenger and the Transportation Safety to pay disgorgement of $5,264,340, prejudgment interest of $917,498, plane via the use of plastic Administration] to ensure the and a civil penalty of $2 million. explosives hidden in a terrorist’s smoothest possible implement - underwear, the explosion aboard ation.’ n

4 Trade Security Journal Issue 8 NEWS ROUND-UP

5th AML Directive tackles cryptocurrencies

On 9 June, the 5th Anti-Money and to more effectively countering Laundering Directive entered the terrorist financing.’ EU statute books – introduced in In a briefing on the changes, 2016 as part of the European lawyers at Linklaters point out that Commission’s ‘action plan’ to the Directive ‘now requires ‘strengthen the fight against Member States to impose sanctions terrorist financing’. on companies or trusts that breach The Directive makes bold their basic obligation to hold amendments to the 4th AML adequate, accurate and current Directive (which has been in place information on their beneficial since 2015) pertaining in particular ownership,’ whilst also to: (i) regulation of virtual significantly broadening access to currencies; (ii) information on beneficial ownership information: beneficial owners; (iii) use of New regime will make it more difficult for criminals to profit from the ‘For corporate entities, any prepaid cards; (iv) powers of anonymity offered by cryptocurrencies. member of the general public is financial intelligence units (‘FIUs’) now required to be granted access. and supervisors; and (v) due controls on the financial The preamble to the Directive For trusts, access to beneficial diligence for high-risk countries. transactions from and to these explains its underpinning ownership information is extended A fact sheet published by the countries.’ principles: ‘Recent terrorist attacks beyond regulators, FIUs and EU on the Directive explains that it The new regime will make it have brought to light emerging regulated entities conducting due will now apply ‘to entities which more difficult for criminals to profit new trends, in particular regarding diligence to any natural or legal provide services that are in charge from the anonymity hitherto the way terrorist groups finance person that can demonstrate a of holding, storing and transferring afforded by virtual currencies. The and conduct their operations. legitimate interest (a concept that virtual currencies, to persons who Directive states: ‘The inclusion of Certain modern technology Member States will be required to provide similar kinds of services to providers engaged in exchange services are becoming increasingly define in their national laws in those provided by auditors, services between virtual currencies popular as alternative financial terms that should not be limited to external accountants and tax and fiat currencies and custodian systems, whereas they remain pending litigation but which advisors which are already subject wallet providers will not entirely outside the scope of Union law or should be flexible enough to to the 4th Anti-Money Laundering address the issue of anonymity benefit from exemptions from legal facilitate preventive work in AML directive and to persons trading in attached to virtual currency requirements, which might no / CFT by the authorities, NGOs and works of art’ – such entities being transactions, as a large part of the longer be justified. investigative journalists).’ obliged to ‘identify their customers virtual currency environment will ‘In order to keep pace with In addition, information on and report any suspicious activity remain anonymous because users evolving trends, further measures beneficial ownership of trusts and to the FIUs’. can also transact without such should be taken to ensure the similar arrangements must now be There is also an obligation to providers. To combat the risks increased transparency of financial recorded in a central register in all improve checks on transactions related to the anonymity, national transactions, of corporate and other cases. involving high-risk third countries: FIUs should be able to obtain legal entities, as well as of trusts EU Member States are obliged ‘Member States will have to ensure information allowing them to and legal arrangements having a to implement the Directive into that the sectors dealing with associate virtual currency structure or functions similar to national law no later than 18 countries presenting strategic addresses to the identity of the trusts, with a view to improving months from publication in the EU deficiencies in their Anti-Money owner of virtual currency. In the existing preventive framework Journal. n Laundering and Counter addition, the possibility to allow Terrorism financing regimes listed users to self-declare to designated The directive is at: https://eur-lex.europa.eu/legal- by the European Commission authorities on a voluntary basis content/EN/TXT/?uri=uriserv:OJ.L_.2018.156.01.0043.01.ENG&toc=OJ:L:2018:156:TO.pdf apply systematic enhanced should be further assessed.’

OFAC adds facets to rough diamond reporting scheme The US Office of Foreign Assets Control (‘OFAC’) or exported from, the United States must be diamonds must retain the original says it is ‘amending the Rough Diamonds accompanied by an original Kimberley Process Kimberley Process Certificate for a period of Control Regulations to clarify several reporting Certificate. ‘The certificate must be provided as at least five years from the date of requirements and remove another, clarify follows: importation (see also 19 CFR 12.152); which entity may issue Kimberley Process (iii) The person identified as the ultimate Certificates for the export of rough diamonds (i) The original certificate must be presented consignee (see Customs Directive 3550– from the United States, clarify the steps immediately upon demand to US Customs 079A) on the Customs Form 7501 Entry necessary to validate a Kimberley Process and Border Protection in connection with an Summary or its electronic equivalent filed Certificate, add two definitions that define importation or exportation of rough with US Customs and Border Protection in rough diamond packaging requirements and diamonds; connection with an importation of rough Kimberley Process voided certificates, and (ii) The person identified as the ultimate diamonds must provide the certificate to the make certain technical and conforming consignee (see Customs Directive 3550– US Bureau of the Census immediately after changes to the penalties section of the 079A) on the Customs Form 7501 Entry entry of the shipment in the United States. regulations.’ Summary or its electronic equivalent filed The certificate must be provided by faxing it From now on (inter alia), the rules hold that with US Customs and Border Protection in to (800) 457–7328 or by other methods as a shipment of rough diamonds imported into, connection with an importation of rough permitted by the US Bureau of the Census.’

5 Trade Security Journal Issue 8 NEWS ROUND-UP

Kazakh businessman ordered to provide information on litigation funding source

Kazakh businessman Ilyas that she is meeting the legal costs Khrapunov has been ordered by from her own wealth, by seeking the UK High Court to provide ‘full from Mr Khrapunov disclosure of and proper disclosure’ about how the ways and means by which that he is funding his defence of a claim is being achieved, against which by BTA Bank. the truth of the assertion can then Parties to litigation are not be tested.’ usually required to disclose their In making this finding, the source of legal funding, but judge emphasised that a ‘potent respondents to a standard form factor’ in her decision was ‘the freezing order must disclose importance of maintaining, and ‘where the money is to come from’ being seen to maintain, the before spending any money on effectiveness of the court’s orders’. legal expenses. The High Court’s ‘The court held that the balance decision, says Andrew Barns- tipped in favour of ordering the Graham of Pinsent Masons, is ‘a The defendant in the case has been ordered to provide ‘full and proper disclosure sought, chiefly because helpful example of the balancing disclosure’ about how he is funding his defence. the bank had demonstrated a real exercise which the Court performs risk that Mr Khrapunov’s real when considering applications for Khrapunov and Ablyazov are multiple breaches of WFOs in source of funding was not his wider disclosure of a respondent's currently subject to worldwide contempt of court are capable of mother but rather Mr Ablyazov,’ source of funding’. freezing orders (‘WFOs’) and the constituting the ‘unlawful means’ said Barns-Graham. ‘However, the Khrapunov is the son-in-law of bank also has outstanding part of an action of ‘conspiracy to court also sought to mitigate the Mukhtar Ablyazov, the former judgments against Ablyazov. injure by unlawful means’. adverse impact of the order on Mr chair of BTA Bank. Ablyazov is Earlier this year, the Supreme Khrapunov told the bank that Khrapunov and his mother by alleged to have embezzled some $6 Court confirmed that the bank was his mother was funding his legal ordering Mr Khrapunov “only” to billion worth of the bank’s funds entitled to sue Khrapunov in the costs, but the bank believed that she disclose what he “knows or may by and Khrapunov is alleged to have English courts, upholding the was doing so using funds deriving reasonable enquiry find out”, and assisted him in dissipating and decisions of two lower courts. The from Ablyazov’s assets, in breach of by ordering that the information be concealing his assets. Both bank successfully argued that the WFOs. It therefore applied for disclosed subject to a an order for further disclosure. The “confidentiality club”, in response bank’s evidence included evidence to Ms Khrapunova’s concern that that Khrapunov was planning to the Kazakh state would use it set up a trust in Dubai, with his against her in separate litigation. mother as beneficiary, which Importantly, the court also would give her access to certain emphasised that the evidential assets under his control but burden is on claimants and not on purportedly owned by individuals respondents in applications for known to have previously acted as additional disclosure. nominees for Ablyazov, and that he ‘There is no hard-and-fast rule may in fact have already done so. It which makes clear what specific also referred to prior findings of the information a respondent must Court of Appeal to the effect that provide about its source of legal there was a good arguable case that funding. This varies from case to Khrapunov had lied in his asset case, making it essential for both disclosure. sides to seek carefully considered Patricia Robertson QC, sitting legal advice. On the one hand, the as a High Court judge, ordered the courts are mindful of the need to disclosure, finding: ‘As the police freezing injunctions and evidence stands, the bank has ensure they are being complied shown there to be a real risk that with; on the other hand, they are the WFOs may be being breached equally on guard against claimants by channelling to Ms Khrapunova who use freezing injunctions and/or to [a connected company] oppressively or for ulterior funds which may belong to Mr purposes,’ he said. n Ablyazov. That risk makes it reasonable for the bank to seek to This article first appeared on Out- At last he had found the Regulatory Guidelines. probe beyond the assertion in Ms law.com, published by law firm Khrapunova’s witness statement Pinsent Masons.

Trade security Journal welcomes your news. Email: [email protected]

6 Trade Security Journal Issue 8 NEWS ROUND-UP

New powers for Aussie intelligence agencies

From 1 July, new legislation has security and vulnerability to been enforced which grants hacker attack Australian intelligence agencies l exercise coercive powers to enhanced powers of surveillance direct companies and and new functions. government to improve their Inter alia, the Intelligence cyber security Services Amendment (Establish - ment of the Australian Signals This is strongly opposed by Directorate) Act 2018 puts the some in parliament, including Australian Signals Directorate some members of the Cabinet.’ (‘ASD’) on a new footing as an They add: ‘Given the constant independent statutory agency evolution and sophistication of reporting directly to the Minister cybercrime, ASD's increased for Defence. New legislation will grant Australian intelligence agencies enhanced powers of powers are a welcome addition to a The ASD incorporates the surveillance and increased powers to fight cybercrime. national approach to cybercrime Australian Cyber Security Centre defences. Whether this will lead to (‘ACSC’) which includes: similar means, cybercrime In a briefing on the new Act by fewer cyber-attacks and fewer data undertaken by people or law firm Gilchrist Connell, lawyers and financial losses suffered by l CERT , the contact for organisations outside Australia’. Katherine Czoch and James Duffy insureds covered under cyber cyber security issues affecting It says, ‘Cybercrime will be note: policies, remains to be seen. It is major Australian businesses defined…as meaning “activities ‘It has been reported that there more likely that ASD’s combative l The Australian Federal Police, that involve committing a serious is a push, backed by Home Affairs efforts will be directed towards who investigate and respond to crime by, or facilitated by, the use Minister Peter Dutton, to further prominent or large-scale cyber - cybercrime of national of electromagnetic energy, whether expand the powers of ASD to attacks, rather than individually significance guided or unguided or both”. This enable it to collect intelligence on targeted attacks, such as phishing l The Australian Criminal broad definition will capture two Australians, by giving ASD the scams, which can still cause Intelligence Commission categories of crimes—those ability to: significant loss. Notably, ASD’s l Cyber investigations and committed against information remit is confined to combating security specialists from the and communications technology l shut down computers within overseas cyber interference rather Australian Security Intelligence systems (such as hacking) and Australia, by targeting than hacks originating Organisation those that involve the use of Australian criminals, terrorists domestically. This demonstrates a l Strategic intelligence analysts technology to facilitate traditional and paedophiles significant limitation on ASD’s from the Defence Intelligence offences (such as fraud). Serious l conduct covert cyber powers, however some members of Organisation crime is defined in section 3 as penetration tests on Australian Cabinet are considering a broader meaning conduct that, if engaged companies to test their cyber scope for ASD.’ n A government-published back - in within or in connection with ground document on the Act says Australia, would constitute an The act is at: that under the legislation, a new offence against an Australian law https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result? power given the ASD is ‘to prevent punishable by imprisonment for a bId=r6047 and disrupt, by electronic or period exceeding 12 months.’

From the publisher of WorldECR

The Export Compliance Manager’s Handbook (published May 2017).

For full information go to https://www.worldecr.com/wp- content/themes/worldecr-child/ECMH-information.pdf

Dual-use Export Controls of the European Union (published December 2015) For full information go to https://www.worldecr.com/wp- content/uploads/eu-dual-use-export-controls.pdf

7 Trade Security Journal Issue 8 NEWS ROUND-UP

Glencore subsidiary subpoenaed in relation to FCPA and AML docs

Oil trading company Glencore has In December, advocacy and Gertler, sanctioned by the US Congolese authorities. At the announced that its Glencore Ltd human rights group Public Eye Treasury in December 2017, and beginning of 2009, Glencore subsidiary received a subpoena on announced that it had filed a described by OFAC as ‘an granted one of Gertler’s offshore 2 July from the US Department of criminal complaint against international businessman and companies a loan worth USD 45 Justice to ‘produce documents and Glencore with the Swiss Attorney billionaire who has amassed his million, contingent upon the other records with respect to General (Glencore is registered in fortune through hundreds of success of these negotiations. compliance with the Foreign Zug) relating to its activities in the millions of dollars’ worth of Following this intervention, Corrupt Practices Act and United Democratic Republic of Congo opaque and corrupt mining and Katanga was able to secure a States money laundering statutes. (‘DRC’). oil deals in the Democratic sensational reduction in the The requested documents relate to It said that from 2007 Glencore Republic of the Congo.’ signing bonus from USD 585 to the Glencore Group’s business in had been acquiring stakes in Public Eye said that Paradise USD 140 million. According to Nigeria, the Democratic Republic copper and cobalt mines worth Papers revelations had shown that Resource Matters, an NGO, of Congo and Venezuela from 2007 billions of dollars in the DRC, a ‘Katanga, the mining company Katanga allegedly paid the to present. Glencore is reviewing country that epitomises the which Glencore was in the process Congolese government a sum four the subpoena and will provide resource curse – and taking major of taking over, issued a mandate to times lower than most of its further information in due course risks in doing so, such as Dan Gertler on several occasions competitors.’ Glencore and Gertler as appropriate.’ partnering with businessman Dan for him to negotiate with the deny any wrongdoing. n

SFO brings criminal proceedings against Unaoil

The UK’s Serious Fraud Office This relates to alleged corrupt In a statement made following had a devastating impact on the (‘SFO’) has commenced criminal payments to secure the award of a the announcement of the first business of the Unaoil group, with proceedings against oil solutions contract worth US$733 million to charges brought, the company a number of companies in the operator Unaoil Monaco SAM and Leighton Contractors Singapore said: ‘March 2016, the Unaoil group having to go into liquidation Unaoil Ltd (owned by the Monaco- PTE Ltd for a project to build two group and the Ahsani family were as a result, the remaining core team based Ahsani family) as part of an oil pipelines in southern Iraq.’ the subject of a number of press of employees is working hard in ongoing corruption prosecution. It The SFO added that Unaoil articles, which contained Iraq to ensure that Unaoil’s follows charges already brought Monaco SAM ‘has been allegations that certain individuals obligations to its customers are met against four individuals for alleged summonsed with two offences of had paid bribes to assist other in relation to existing engineering conspiracy to make corrupt conspiracy to give corrupt companies to win business. These and construction contracts, and to payments to secure the award of payments, contrary to section (1) of allegations have been vigorously ensure that monies owed to Unaoil contracts in Iraq. The SFO said that the Criminal Law Act 1977 and denied. As a result of the articles, are received in order to allow the Unaoil Ltd has been ‘summonsed section 1 of the Prevention of the UK SFO commenced an company to make payments to its with two offences of conspiracy to Corruption Act 1906. The charges investigation which is ongoing. At creditors.’ In June, the company give corrupt payments, contrary to relate to alleged corrupt payments this time, it is not possible to said it was commencing legal section (1) of the Criminal Law Act to secure the award of contracts in provide further comment on the action against Fairfax Media in 1977 and section 1 of the Iraq to Unaoil’s client SBM investigation... While the press relation to ‘malicious and Prevention of Corruption Act 1906. Offshore.’ articles and the investigations have damaging allegations.’ n

Index ‘encourages continuous improvement’ in mining best practice

Resource companies Anglo- environmental, social and companies from 16 home countries gap between what companies say American, Vale and Newmont are governance (EESG) issues, with the operating, between them, more about their activities and the amongst those heading the latest emphasis on leading practice and than 700 sites in over 40 producing evidence of concrete action iteration of the newly-established learning.’ countries. remains. Responsible Mining Index – the The Foundation says the Index The Index ‘focuses largely on Isabelle van Notten, co-founder brainchild of the Responsible assesses companies ‘from the company-wide behaviour, while of the Responsible Mining Index, Mining Foundation, part-funded perspective of what society can also looking at site-level actions at said: ‘We do not believe in by the Dutch and Swiss reasonably expect of large-scale 127 mine sites, in order to provide “naming and shaming”. We find it governments. The Index is mining companies and examines a snapshot of information more effective to show companies intended to ‘encourage continuous the extent to which companies are disaggregated to the level of how they are performing. We are improvement in responsible addressing a range of EESG issues individual mining operations.’ already seeing that the Index is mining across the industry by in a systematic manner across all The Foundation says that the having an influence in practice. transparently assessing the policies their mining activities and Index shows that mining can be Companies are asking us what and practices of large, throughout the project lifecycle.’ sustainable and its worst impacts they need to do to improve. And geographically dispersed mining It includes 30 (publicly-listed, avoided – if companies adopt best other stakeholders are taking note companies on a range of economic, state-owned and private) practice. But it also says that the of the results.’ n

8 Trade Security Journal Issue 8 NEWS FEATURE: BLOCKCHAIN

Blockchain in the supply chain: where are we now?

Though nascent technology, blockchain is a step closer to becoming embedded in the supply chain as projects evolve from pilots to platforms in 2018. The distributed ledger technology (‘DLT’), which originally powered cryptocurrency Bitcoin, is seen by many (amongst them the World Economic Forum) as the key to revolutionising not just the financial markets but the global shipping industry and other elements of the supply chain. TSJ reports.

n January 2018, global remain in the receiving yard ecosystem was available for all industries. ‘Then, the vision of shipping and logistics while vulnerable goods spoil. parties involved at any time a transparent, secure, I company Maersk Through blockchain and everywhere?’ asks paperless supply chain would announced a joint venture technology, permissioned Wolfgang Lehmacher, World have become a reality.’ with IBM to provide an ‘open participants in the supply Blockchain pilots have been global trade digitalisation chain will have access to and run across a range of industry platform’, which uses visibility of all data in near real Blockchain is seen by sectors. In 2017 a collaboration blockchain to move and track time, as invoices or customs its proponents as a way between British Airways, goods digitally across clearance documents are to address Heathrow Airport and IT international borders. uploaded to an immutable company SITA analysed the Blockchain is seen by its ‘master ledger’. As the system inefficiencies which efficacy of the technology in proponents as a way to is decentralised and encrypted account for billions of syncing and sharing address inefficiencies which it is considered very secure operational flight data. UPS is account for billions of dollars and difficult to hack. dollars lost by the currently examining how lost by the shipping industry ‘What if information such shipping industry. blockchain might be used in its which currently uses 60-year- as the provenance of goods, customs brokerage business, old EDI (electronic data tariff codes, classification data, whilst Wal-Mart already uses a interchange) and paper-based import/export data and Economic Forum’s head of blockchain app to track systems to track cargo and certificates, manifests and supply chain and transport products back to source, which record approval from customs loading lists, customs values, industries in a recent paper on both reassures consumers as to and ports authorities. status information, and all the suitability of blockchain food origin and provides At present if a vital other information about goods and blockchain-based DLT to feedback to stores on re- document is lost, cargo can within the supply chain the port, harbour and terminal stocking.

The new company initially plans to commercialize two core capabilities aimed at digitizing the global supply chain from end-to-end:

n A shipping information pipeline will provide end- to-end supply chain visibility to enable all actors involved in managing a supply chain to securely and seamlessly exchange information about shipment events in real time. n Paperless Trade will digitize and automate paperwork filings by enabling end-users to securely submit, validate and approve documents across organizational boundaries, ultimately helping to reduce the time and cost for clearance and cargo movement. Blockchain-based smart contracts ensure all required approvals are in place, helping speed up approvals and reducing mistakes.

Statement from Maersk announcing its blockchain joint venture with IBM, February 2018

9 Trade Security Journal Issue 8 NEWS FEATURE: BLOCKCHAIN

As well as food safety to revolutionise supply chains, verification, blockchain has and will serve as an extinction what is blockchain? potential applications in the level event for companies that Blockchain is a distributed ledger technology (‘DLT’) – a ‘master’ healthcare and the consumer provide little value besides ledger – that establishes a secure, transparent, immutable record products industries as well as acting as the middleman, an of all the transactions that take place within a network in near real for freight forwarders and issue that pervades the supply time. Each data entry, or block, is linked to the previous entry and ports and customs authorities. chain industry,’ predicts Emin secured using cryptography. It also contains a timestamp and the General Motors, Proctor and Gun Sirer, professor of transaction data. End-users Gamble and Agility Logistics computer science at Cornell can securely submit, validate are amongst those which have University. ‘Blockchains and and approve documents expressed interest in smart contracts can function as required in the shipping process such as invoices, a IBM/Maersk’s new platform. neutral points of rendezvous, digital bill of lading, or bringing mutually distrusting customs clearance how blockchain works parties together and documents which are then with other technology in eliminating the inefficiencies in visible to all of the the supply chain the middle. They also enable permissioned participants. Blockchain works hand in better and more informed Once recorded, data cannot hand with other ‘open source’ financing and refactoring of be altered without alteration cloud-based technologies goods in shipment.’ of the previous blocks, which including artificial intelligence, requires the consensus of the IoT and analytics. Integral to risks of using blockchain participants in the network. the use of blockchain in the in the supply chain supply chain is the use of No one can dispute the smart contracts. There is no set advantages of a transparent, further reading: For more information on how blockchain works definition of a ‘smart contract’, swift and streamlined supply and can be applied to supply chains and trade security, see issue 5 but it is generally defined as an chain, although there are still of Trade Security Journal. automated tool that applies challenges to overcome. templates to each new data ‘Although security experts say entry before it is uploaded to that blockchain is secure, there that ‘bugs’ in the smart their personal information, the ledger. In theory this is the question of the smart contracts could render funds leading to their data on the should reduce the risk of contract software applications inaccessible (liveness failures) chain being corrupted. Other fraud, theft or duplication that on which the supply chain or send them to the wrong risks are that the underlying can occur in the EDI or paper- relies,’ says Jeffrey Neuberger, parties in an irretrievable platform will run into based systems. If all the technology partner at manner (safety failures). ‘scalability bottlenecks’ and be elements of the contract do not Proskauer Rose. ‘Smart There is also the unable to handle the load tally, the information or ‘block’ contract data security issues is conundrum – which could be placed on it by demanding will not be added to the one major area of risk we do solved by future developments applications, and the blockchain. not have today.’ – of participants losing the possibility that interactions on ‘Smart contracts are poised Gun Sirer points to the risk ‘keys’ that give them access to the blockchain will expose business relationships or other intimate business data, such as business volume. ‘There is the risk that the technology does not do ‘This new company marks a milestone everything it is supposed to do in our strategic efforts to drive the and that it is not tested at a digitization of global trade. The level of full adoption,’ says potential from offering a neutral, open Neuberger. digital platform for safe and easy ways The decentralised system of exchanging information is huge, and all players across the supply chain also means that no single party stand to benefit.’ is in control, instead being ruled by consensus. ‘This Vincent Clerc, chief commercial officer at Maersk and future chairman of the requires new, perhaps board of the new joint venture innovative systems of group governance that will likely experience some growing pains’, says Stuart Levi, co- head of Skadden’s intellectual property and technology group. ‘In addition, it may be challenging to get all of the players in a supply chain to participate in a system.’

10 Trade Security Journal Issue 8 NEWS FEATURE: BLOCKCHAIN

Compliance implications blockchain-based platform,’ subject to the GDPR are agenda. The supply chain, Blockchain has been described says Levi. ‘However, some permissioned blockchains for logistics and transport as being in the ‘Wild West’ issues, such as regulatory which data erasure and other industries, including the ports, phase of development, as the oversight, may need to evolve. GDPR cornerstones are less of need to play an active role in regulatory and legal landscape Regulators have generally an issue and [compliance] the process of standardisation has not yet caught up with the been proactive in discussing could be effected through and security.’ pace of technological these issues, but may not move consensus of the nodes.’ A Compliance practice will innovation. Nevertheless – and quickly enough to ‘node’ is a copy of the have to evolve to deal with the despite the lack of accommodate the roll-out of blockchain that exists on a prospect of a de-centralised standardised definitions of this new technology. It computer or other hardware network in which risk is borne concepts such as the ‘smart remains to be seen whether the device. equally by all of the contract’ – seven US states industry is willing to wait for The imposition of some participants. The liability have enacted or adopted laws the regulatory process to uniformity and standardis - model of companies participat - concerning blockchain and provide guidance.’ ation over blockchain is also a ing in blockchain will need to smart contracts: Arizona, key concern for participating be reviewed, and new skill sets Delaware, Illinois, Nevada, GdPr quandary industries. Interested parties will be required: ‘Smart Tennessee, Vermont, and The ‘right to be forgotten’ are pushing for change, contract security is an esoteric Wyoming; whilst Hawaii, imposed by the EU’s General including the Blockchain in field within computer security,’ New York, Colorado, Data Protection Regulation Trucking Alliance (BiTA) – says Gun Sirer. ‘Compliance Nebraska, Vermont, Virginia, (‘GDPR’) in May also poses a whose members include UPS practitioners will have to retain Florida, Maryland and North potential hurdle to the way and FedEx – which is working the services of professionals.’ Dakota are evaluating bills blockchain operates. The to establish blockchain focused on blockchain or decentralisation of inform ation standards and education for Looking to the future cryptocurrencies. is difficult to reconcile with the the freight industry. If the various obstacles are Most regulators are taking privacy rights of an individual, Lehmacher has also overcome, how soon could a ‘wait and see’ approach, even in a supply chain that highlighted the pressing need blockchain become an integral however. The European relies on commercial, non- for the development of part of the supply chain? It Securities and Markets personally identifiable data. standards whether on an seems likely to become a Authority (‘ESMA’) recently ‘Many supply chains ‘industry, global or national feature of the financial markets, released a report on how DLT contain information regarding level’ for blockchain which handle virtual assets, applies to the securities responsible individuals who concerning its ‘terminology, sooner than of the tangible but market, highlighting some could be protected under the development, deployment and sometimes cumbersome regulatory grey areas. Its GDPR,’ says Michael Nonaka, security’. ‘Boards have to take supply chains that handle current position is that DLT a data privacy and action,’ he writes in the recent physical goods. Estimates from can fit within the existing cybersecurity partner at paper. ‘Companies need to market commentators range regulatory framework – for the Covington & Burling. ‘That recruit C-suite experts who from between two years and a time being. said, most of the blockchain take the board onto the decade. The IBM/Maersk ‘In many cases, the existing solutions being evaluated by journey of cybersecurity – enterprise will be watched with laws can apply equally to a supply chains that would be starting with setting the board interest. n

   #  

#        "

 !     #!"!  #!      "    $#  %    %"         !#"   

Trade security Journal back issues are available. Contact [email protected] for information

11 Trade Security Journal Issue 8 TALKING TRADE SECURITY KARL ATTARD Brexit, the boardroom and beyond

As the UK’s withdrawal from the EU looms closer, Deloitte’s Caroline Barraclough talks with TSJ about Brexit and the way it has raised the profile of Customs and supply chain issues in the boardroom.

12 Trade Security Journal Issue 8 TALKING TRADE SECURITY

roline Barraclough leads Deloitte’s company with a massive global footprint. authorised economic operator (‘AEO’), as UK Global Trade Advisory team. That is what the Brexit development well as discussions in relation to who can C She has a background in trade does, it makes the focus on customs more be an exporter, which has resulted and compliance, risk management and strategic. Customs is still operational in continues to result in much debate supply chain planning and is currently nature, but people need to think about it between Member State authorities advising businesses on the potential in a broader sense than that, and Brexit impact of Brexit on customs duty and has allowed us to have the right TsJ: Are companies who might benefit supply chains. Before working at Deloitte discussions at the right levels. from having AEO status generally aware she was Global Customs and Excise of the AEO scheme? Director at Japan Tobacco International. TsJ: When people are structuring their Caroline Barraclough: Not always…but compliance programmes, is there again, Brexit has raised awareness of all TsJ: You have been a director at Deloitte anything in particular they tend to these issues, and meant that they’re being UK for over four years. How has the role overlook? given greater coverage by the media. developed over that time? Caroline Barraclough: The thing that we Before the referendum we would rarely Caroline Barraclough: I came in as a always come across – and again, this is have had a head of tax or CFO asking senior manager leading a small team. As where the Brexit focus is helping – is that [about the potential benefits of AEO]. director, the role has evolved in terms of often people outsource, say, customs Now people are reading about these the management of a larger team and declarations to a third-party customs things in, for example, The Financial focusing on complex global organisations broker, without recognising that they Times, and increasingly senior people are We have recently grown to 10 people, remain ultimately responsible. asking questions about them. and we are recruiting again. Typical issues that we might find Another significant development ourselves discussing with a client can which has generated a lot of work for us TsJ: Does this reflect the importance of then include: ‘Is the declaration in your lies in the excise legislation around the issues you’re dealing with? What has name? Are you the importer of record? AWRS [Alcohol Wholesaler Registration come to the fore now that had not Because if so, it is your responsibility to Scheme] and its related due diligence previously? Is it ‘all about Brexit’ or are ensure everything has been done requirements. We have seen HMRC there other concerns? correctly.’ It is important to break those being very active in terms of checks — Caroline Barraclough: Yes, it is Brexit, issues down. From a compliance point of and we’ve partnered with them on some but Brexit has raised awareness of related view, what people often overlook are excise due diligence workshops where customs and excise issues; so even if it those links with third parties. they’ve come in to talk about what they went away tomorrow, they are now expect to see from companies affected. firmly on the agenda of CFOs and heads TsJ: What would you flag as the most of tax, whereas previously they may have important developments in customs and TsJ: Like other government departments, been managed by more operational parts excise in recent years? HMRC has had to make cuts in spending of the business (for example logistics or Caroline Barraclough: The Union recently. Has reduced funding affected its warehousing). Customs Code and obviously Brexit have remit as regards tax, and customs and been the key developments. The Union excise? TsJ: So that is a positive consequence? Customs Code highlighted a number of Caroline Barraclough: The cuts have Caroline Barraclough: Senior-level issues that pushed people to act in definitely been across the piece, however people are now thinking about customs different ways: for example, the there are areas where HMRC has issues much more strategically than they guarantees linked to the use of regimes of invested. For example, in relation to had. My in-house position [before joining customs warehousing and inward alcohol excise, HMRC highlighted how Deloitte] was very much more a strategic processing led to more people much revenue was being lost, which than a day-to-day role – and for a considering whether to become an allowed it to shift people and invest; so

‘Brexit has raised awareness of related customs and excise issues, so even if it went away tomorrow, they are now firmly on the agenda of CFOs and heads of tax.’ Caroline Barraclough

13 Trade Security Journal Issue 8 TALKING TRADE SECURITY

we have seen more activity there because There is definitely a gap between helping them work towards making ‘no HMRC saw where there was a gap in technology and the speed of adoption. regret’ decisions – having what they need revenue and shifted resources to manage You do come across some clients that are to have in place, without going too far that. Generally, we do see a lot more quite advanced in their understanding, and needing to scale back. cases going through to central helplines, and know about things like that, but so it is more difficult to get that direct generally, no. TsJ: Where do you think that the Brexit contact in many cases unless the client But there has definitely been a shift uncertainties have hit the supply chain has a direct allocated HMRC towards doing things differently. We hardest? relationship. have seen that internally as well. Clients Caroline Barraclough: Where we have are interested in looking at how they can seen most of the discussion focused is TsJ: What do you consider to be the automate their processes – for example, where there is a supply chain that brings main supply chain challenges for UK and how they can use robotics to build a goods into the UK, houses them in a EU companies (Brexit aside)? customs declaration. A lot of our focus distribution centre, and then sends them Caroline Barraclough: The main now is on the technology that we are on to Ireland, as an example. In this challenge lies in having a really good producing to work in these areas. The scenario there is a flow in terms of EU understanding of your supply chain and technology shift is huge. traffic (or rest of the world traffic) coming making sure that you have the right into the UK then out again to Ireland, people managing the process and TsJ: So, it must be difficult to anticipate which potentially gives you a double engagement at senior levels of the the extent of future developments and duty point if you keep that supply chain organisation. Customs sits across so the need to accommodate them? in place post-Brexit. many parts of a company’s activities, but Caroline Barraclough: I think so. People we often find that different elements of always say, ‘We don’t want to do TsJ: How do you advise clients right now, the business are not linked in properly, so anything yet because we don’t know when so little is certain? it’s crucial to have an overview of that enough.’ So, one of the first things that Caroline Barraclough: What we have and to consider it from all the relevant we tell them is to focus on the things that been doing with a lot of clients is an angles. they do know. For example, and going impact assessment, trying to give them Again, undertaking a Brexit mapping back to the Brexit example, we know that something tangible, a scenario of most (or highlights the importance of knowing acquisitions and despatches are going to least) change. This is something that those supply chains in detail and what it become imports and exports. So, we many organisations have started to do means from a customs perspective. know that there will be an import and because they want to put provisions in export declaration needed for everything the books, or record it during a board TsJ: Clearly, technology is developing unless we remain part of the single meeting, so they understand the worst- fast, with potential implications for the market, which the UK has committed to case scenarios and can start building supply chain. Are companies taking stock coming out of. from there. of and evaluating those developments We’re talking through with our clients We have a technology tool that takes with the attention they deserve? the differences between the known and readily-available data, such as Caroline Barraclough: Probably not, no. the unknown (in all its permutations) and management support system (‘MSS’)

‘Regardless of their own state of Brexit readiness, companies have to be sure that their suppliers are also ready. If their supplier isn’t ready, there’s a gap. That’s why engaging across the supply chain is so important.’ Caroline Barraclough

14 Trade Security Journal Issue 8 TALKING TRADE SECURITY

data from HMRC, and Intrastat returns data which the client has submitted to Get to know... HMRC, and we run an analysis which indicates the potential duty in a scenario Authorised Economic Operator: AEO of most and least change and the The AEO scheme is based on the Customs-to-Business partnership introduced by administrative costs. the World Customs Organisation (‘WCO’) and enables traders ‘who voluntarily meet So, we might lose some free trade a wide range of criteria work in close cooperation with customs authorities to agreements that the UK as part of the EU assure the common objective of supply chain security and are entitled to enjoy currently benefits from. Where a benefits throughout the EU.’ potential duty cost is attached to those The programme is open to ‘all supply chain actors [and] covers economic changes, the tool will calculate what the operators authorised for customs simplification (AEOC), security and safety (AEOS) particular impact might be. It also or a combination of the two.’ calculates the extent of the administrative burden. Union Customs Code We do work with some clients where The EU describes the Union Customs Code (‘UCC’) as ‘a key element of the ongoing the duty is not as significant as the actions to modernise EU customs [providing] a comprehensive framework for administrative impact. That drives customs rules and procedures in the EU customs territory adapted to modern discussions about governance models trade realities and modern communication tools.’ and whether they should, for example, Though it entered into force on 1 May 2016, some transitional arrangements continue to outsource or build a team still apply in particular as regards ‘customs formalities which are still in the internally. process of being gradually transitioned to electronic systems.’ TsJ: Are small businesses, which won’t Alcohol Wholesaler Registration Scheme be able to access this kind of technology, The Alcohol Wholesaler Registration Scheme (‘AWRS’) is a UK requirement ‘for likely to be harder hit by the impacts of anyone who sells, offers or exposes for sale or arranges to sell alcohol to other these changes? businesses on or after the point at which excise duty is payable, to be approved by Caroline Barraclough: Yes, exactly. Small HM Revenue and Customs.’ businesses will be affected but also larger businesses (and there are many of them) that have never imported or exported before and don’t even know what a customs declaration is and those who do why engaging across the supply chain is Caroline Barraclough: One area is that of not currently have any reporting of EU so important. autonomous duty suspensions and movements (for example if they do not quotas. Very crudely, UK legislation qualify for making Intrastat returns). TsJ: And the timescale is looking states that if you have to go outside the Intrastat returns track EU acquisitions increasingly tight… EU for a product and you can prove that and despatches although there is a Caroline Barraclough: Definitely. In the it cannot be sourced inside the EU, then threshold so not all businesses have such example of Ireland, as we discussed, an you can apply for a duty suspension on a requirement today. organisation can decide to ship direct to that product. The UK has a smaller pool. HMRC’s EU exit team is trying to Europe, bypassing the UK. But, in So is the UK going to do the same? engage with those organisations. And by practice, we have seen that many HMRC has said that the legislation will working through freight-forwarders and organisations do not want to make be a ‘lift and shift’, but these are things others, we’re trying to raise awareness changes to their supply chain and, as that we are being asked about frequently among organisations who might be such, may be considering, for example, and the detail isn’t quite there yet for unaware of their reporting requirements. using a customs warehousing regime. businesses to consider. But you’ve got to be prepared, and you TsJ: But businesses haven’t exactly been have to have the appropriate processes, TsJ: By when, do you think, can we well informed as to what they might controls and systems in place to make the expect to see some clarity? expect, and how they might adapt… application, and that alone can be a six- Caroline Barraclough: As far as customs Caroline Barraclough: Lots of companies month project. is concerned, a white paper was due out have been expecting a gradual flow of The same is true with becoming an just before the end of June which is now information to inform their decision Authorised Economic Operator. In due, we understand, in July. This should making. We’ve always suspected – and addition to the authorisation period, determine the preferred customs model – said – that would likely as not be the case, ensuring business readiness can take up i.e., the maximum facilitation or the but it has led to some frustration. to or more than a year. And if lots of customs partnership. Subsequently, In the light of that, companies have to companies are taking the same steps, following the October European Council decide whether they should wait to see they’re going to hit HMRC’s resource summit, there may be more clarity, in the lay of the land after Brexit, or begin point at the same time, possibly particular with regards to whether proactively looking at different scenarios. bombarding it with such applications. agreement and ratification of the EU Regardless of their own state of Brexit Withdrawal Bill is looking likely. readiness, companies have to be sure that TsJ: Tell us about other customs & excise their suppliers are also ready. If their developments on the horizon which TsJ: We shall wait and see… supplier isn’t ready, there’s a gap. That’s might impact on the supply chain? Caroline Barraclough: Exactly. n

15 Trade Security Journal Issue 8 BULLETINS

Acquisition of Russian strategic companies: new rules for foreign investors By Natalia A. Drebezgina, Alan Kartashkin, Alyona N. Kucher, Dmitri V. Nikiforov, Maxim A. Kuleshov, Anna V. Maximenko and Elena Klutchareva, Debevoise & Plimpton LLP www.debevoise.com

n 12 June 2018, Federal Law No. provide information on its beneficiaries, 122-FZ dated 31 May 2018 (the beneficial owners or controlling persons Links and notes ‘Law’) became effective, to FAS Russia regardless of the 1 Strategic companies are companies engaged in o activities of strategic importance to the defence and significantly changing the regulatory jurisdiction of its incorporation. security of the state (‘strategic activities’). Article 6 of The beneficiaries and beneficial Federal Law No. 57 on Foreign Investment in regime for acquisition of Russian Commercial Entities with Strategic Importance for strategic companies1 by foreign owners are defined in the Russian laws National Defense and National Security, dated 29 April 2008, establishes the list of strategic activities and investors. The adoption of the Law was on combatting money laundering and includes 47 types of business that are regarded driven by the need to improve the financing of terrorism.2 The controlling strategic, including, among others, manufacture of arms and military hardware; activity of ensuring foreign investment climate and liberalise persons are determined pursuant to the aviation safety; development of aviation equipment, its regime. criteria of control set forth by the Law on including dual-purpose aviation equipment; TV broadcasting in a territory whose population The Law: Strategic Companies. constitutes 50% or over 50% of the population of a The government of the Russian constituent entity of the Russian Federation, etc. l repeals certain prohibitions or Federation will stipulate the regulations 2 A beneficiary is a person for whose benefit a client commits transactions with monetary and other assets, restrictions on the acquisition of on disclosure of information on in particular, on the basis of an agency agreement, a control over Russian strategic beneficiaries, beneficial owners and commission agreement or a trust management agreement; a beneficial owner is an individual who companies by offshore companies and controlling persons of foreign entities. In ultimately, directly or indirectly (through a third introduces prohibitions and cases where it is not apparent that the party), owns/has a majority shareholding of more than 25% in the capital of a legal entity or has the restrictions for non-disclosing transaction involves acquisition of ability to control its actions (Article 3 of Federal Law investors (as defined below); control over a strategic company, the No. 115-FZ on Money Laundering and Financing of Terrorism, dated 7 August 2001). l changes the approach to the foreign investor can disclose its 3 The public companies are Russian and foreign entities determination of aggregate control beneficiaries in a request for clarification that are issuers of securities (or depositary receipts representing such securities) listed and/or admitted to over a strategic company; as to whether the transaction requires a trading on the Moscow Exchange or Saint-Petersburg l enhances the authority of the Federal strategic clearance. Exchange or exchanges included in the list of foreign financial intermediaries. This list is approved by Antimonopoly Service of the Russian Non-disclosing investors are barred Instruction No. 4393-U of the Bank of Russia dated 30 Federation (‘FAS Russia’) and from obtaining control over a strategic May 2017 and includes, inter alia, the London Stock Exchange, the New York Stock Exchange and the Hong l withdraws benefits afforded to company (in particular, from acquiring Kong Stock Exchange. foreign investors from offshore 25% or more of the total votes in strategic companies owned by Russian subsoil users or more than 50% of total citizens. votes in other strategic companies) or control over strategic companies, non- acquiring fixed production assets of a disclosing investors must receive Prohibitions and restrictions for non- strategic company, the value of which preliminary approval of the disclosing investors represents 25% or more of the balance Governmental Commission for Control Previously, investors from certain over Foreign Investments in the Russian offshore jurisdictions such as Jersey, The Law repeals certain Federation for acquisition of: Guernsey, British Virgin Islands, among others, were effectively barred from prohibitions or restrictions on l the right to directly or indirectly acquiring control over strategic the acquisition of control dispose of more than 5% of the total companies and needed strategic votes in a strategic subsoil user, or investments clearance for acquisition of over Russian strategic l the right to directly or indirectly certain minority positions regardless of companies by offshore dispose of more than 25% of the total the ultimate ownership of these offshore votes in another strategic company or companies (in many cases, Russian companies and introduces other options for blocking the nationals). The Law removes this prohibitions and restrictions decisions of its corporate bodies. requirement and treats all offshore and for non-disclosing investors. foreign jurisdictions equally by imposing Aggregate control restrictions on non-disclosing foreign The Law also amends the rules for investors. sheet value of the assets of such strategic calculating aggregate shares of non- Pursuant to the Law, a non-disclosing company as of the last reporting date. disclosing investors not belonging to the investor is an investor that does not In addition to prohibiting acquiring same group of persons. Previously, the

16 Trade Security Journal Issue 8 BULLETINS

Law on Strategic Investments required control rule will not apply to calculation foreign nationals who are also Russian that shares of all offshore companies be of shares of foreign investors that are citizens are no longer considered foreign aggregated for determination of control shareholders of a public company within investors and may not claim any benefits over a strategic company even if such the meaning of Article 11 of the Russian granted by the laws on foreign offshore companies did not fall within Tax Code.3 Therefore, in determining investments. the same group of persons. Practically, it whether such foreign investors have leads to situations where an offshore control over a strategic company, only Authority of FAS Russia company could not buy, for example, 2% the votes owned by their group of The Law authorises FAS Russia to of votes in a strategic subsoil user, if other persons will be taken into account. provide guidance on the application of offshore companies already held more the Law on Strategic Companies. This is than 23% of votes in the same strategic Applicability of foreign investor a new provision that was not in the subsoil user. benefits previous version of the Law on Strategic The Law provides that the aggregate Entities controlled by Russian persons or Companies. n

Stricter regulation of foreign investments and exports advances: an update By Theodore W. Kassinger, Greta Lichtenbaum, David J. Ribner, O’Melveny & Myers www.omm.com

n 27 June 2018, the White House indicated by such transactions. of critical technologies’ to assess and to issued a Statement from the The President’s announcement is a make any modifications to US export o President Regarding Investment surprising change from the direction he controls. This directive anticipates the Restrictions announcing President laid down in his 29 May 2018 decision to enhanced export control process Trump’s determination that the pending impose ’specific investment restrictions mandated by FIRRMA ’to identify Foreign Investment Risk Review and enhanced export controls for Chinese emerging and foundational technologies’ Modernization Act (‘FIRRMA’) provides persons and entities related to the that are essential to US national security. the tools to ‘combat the predatory acquisition of industrially significant Only a few days ago, news media investment practices that threaten our technology.’1 reported that the President would invoke critical technology leadership, national The Statement came a day after the the International Emergency Economic security, and future economic House of Representatives passed its Powers Act to impose a cap of 25% voting prosperity’, and, upon enactment, will be version of FIRRMA (H.R. 5841) on a vote equity on Chinese origin investments in implemented to address ‘the concerns ’industrially significant’ US companies, regarding state -directed investment in FIRRMA will substantially with potentially lower limits in some critical technologies identified in the cases and without distinguishing among Section 301 investigation.’ FIRRMA will revise the scope and state -owned and private Chinese substantially revise the scope and operation of the Committee companies.2 The plan reportedly would operation of the Committee on Foreign on Foreign Investment in the have barred US companies from Investment in the United States (‘CFIUS’), contributing further technology to joint which reviews foreign investments in US United States (‘CFIUS’). ventures in China to which they are businesses and seeks to resolve any party, and may have asserted jurisdiction potential national security threats of 400 to 2, and eight days after the Senate over licences by US companies of certain passed its version of the bill (S. 2098), as technologies to Chinese persons – an amendment to the National Defense authority that the administration sought Authorization Act for Fiscal Year 2019. in earlier versions of FIRRMA. Links and notes The bills will now move to a Conference The proposal reportedly also 1 https://www.omm.com/resources/alerts-and- publications/alerts/client-alert-stricter-regulation-of-forei Committee to resolve the differences contemplated a two-track CFIUS process, gn-investments-advances-on-two-fronts/ between the two versions. with one track specific to China. 2 By comparison, FIRRMA will require parties to file at In addition to the announcement As late as Monday 25 June, Assistant least short -form declarations of transactions involving a foreign entity in which a foreign government has a regarding investment restrictions, the to the President Peter Navarro strongly ’substantial interest’ will acquire a ’substantial interest’ President directed the Secretary of indicated the President would issue a in a US critical infrastructure or critical technology company. Commerce to ‘lead an examination of China -specific order. issues related to the transfer and export The President’s Statement aligns with

17 Trade Security Journal Issue 8 BULLETINS

Secretary of the Treasury Mnuchin’s that common framework, however, it especially when state -owned enterprises comments earlier where he emphasised remains likely that CFIUS will effectively are among the investors. Separately, that tightened rules would apply to implement the concepts that the agencies will move aggressively to investments from all countries, not China administration apparently came close to identify and to impose greater controls alone. Adoption of the FIRRMA adopting. Through rulemakings and on exports of critical technologies, framework will provide transparency informal practice, CFIUS will set a higher including prevention of technology and consistency regarding foreign bar for investments from China (and transfers to foreign business partners investment reviews by CFIUS. Within other ’countries of special concern’), and joint ventures. n

California passes historic online privacy law By Sarah Bruno, Donna McPartland, Eva Pulliam, Casey Perrino and Jason Sarfati, Arent Fox www.arentfox.com

ithin hours of its unanimous information is sold or disclosed and maintain reasonable security practices, passing in both the California the categories of third parties with the law allows for a private right of w State Senate and Assembly, whom personal information is shared. action. When certain requirements are Governor Jerry Brown signed the l The right to object to the sale of met, individual consumers may sue to strongest online privacy law in the personal information. recover damages between $100 and $750 country, the California Consumer l The right to access personal per incident or actual damages, Privacy Act of 2018. The law is the first of information, including the right to whichever is greater. its kind and may fundamentally change request the deletion of personal Many have noted the similarities how Silicon Valley does business. information, subject to certain between the California Consumer The bill was rushed through both exceptions. Privacy Act and the European Union’s houses to prevent a stricter initiative l The right to equal service and price, recently implemented General Data from being sent to the polls in even when exercising privacy rights. Protection Regulation. While the rights November. That initiative was proposed Companies are allowed, however, to contained in the new law mirror some by a San Francisco real estate developer charge consumers different prices or sections of the GDPR, there are some named Alastair Mactaggart and garnered notable differences. For instance, the nearly twice the number of signatures California law does not set a deadline for needed to qualify for consideration on While the rights contained in notifying consumers of a data breach, November’s ballot. It contained more the new law mirror some though California’s requirement that requirements and broader penalties and sections of the GDPR, there breaches be reported ‘without allowed consumers to sue companies in unreasonable delay’ may be viewed as almost any situation where their privacy are some notable differences. overlapping with the GDPR. Further, or security was compromised. fines do not come close to the enormous Mactaggart agreed to withdraw his provide different levels of services, if fines for violations of the GDPR. measure if lawmakers approved a those differences are directly related The California Consumer Privacy Act watered-down version. to the value provided to the consumer does not go into effect until 1 January Thus, after years of sluggish progress by the consumer’s data. 2020 and changes are anticipated as on privacy reform, the Consumer Privacy major tech companies and business Act was passed. Additionally, companies can offer interest groups will likely lobby to The law ensures the following rights: financial incentives for the further dilute the bill. The California collection/sale/deletion of personal legislature is also expected to pass l The right to know the categories and information. ‘cleanup bills’ to make any necessary specific pieces of personal inform - Furthermore, the law allows the corrections to the law over the next 18 ation collected from consumers, the attorneys general to initiate enforcement months, and there is a possibility that categories of sources from which the actions. Fines can reach up to $7,500 per federal privacy legislation will be enacted personal information is collected, and violation. Where personal information is that would preempt this California law. the business purpose for collecting or subject to an unauthorised access and Therefore, the law that comes into force sharing the personal information. exfiltration, theft, or disclosure when a in 2020 may be different from the bill that l The right to know whether personal company fails to implement and was just passed. n

18 Trade Security Journal Issue 8 BULLETINS

EU agrees Countering Money Laundering by Criminal Law Directive By Shearman & Sterling www.shearman.com

n 7 June 2018, the Council of the account any aggravating factors for Links and notes European Union and the sentencing. European Parliament announced In addition, the new Directive Parliament’s press release is available at: o http://www.europarl.europa.eu/news/en/press- their agreement on new EU criminal establishes corporate liability for money room/20180605IPR05049/eu-wide-penalties-for-money-l sanctions for money laundering. The laundering in certain circumstances and aundering-deal-with-council. proposed Countering Money provides for corporates to face various Council's press release is available at: http://www.consilium.europa.eu/en/press/press- Laundering by Criminal Law Directive sanctions, such as exclusion from releases/2018/06/07/eu-agrees-new-rules-to-make-sure- will complement the Fifth Money entitlement to public benefits or aid, money-laundering-criminals-are- punished/pdf?_sm_au_=iVVTRnDvR5rsNrvq. Laundering Directive, which was temporary or permanent exclusion from details of the agreed fifth Money Laundering directive adopted in May 2018. public tender procedures, grants and are available at: https://finreg.shearman.com/eu-fifth- The new Directive establishes concessions, temporary or permanent money-laundering-directive-adopted. minimum rules on the definition of disqualification from the practice of criminal offences and sanctions in the commercial activities, placing under area of money laundering. Member judicial supervision, judicial winding-up relation to EU criminal sanctions for States will be required to implement and temporary or permanent closure of market manipulation where the UK has national laws providing for money the establishments used for committing implemented its own national regime laundering offences by individuals to be the offence. instead. punishable by a maximum term of The new Directive also includes rules The new Directive must now be imprisonment of at least four years. for establishing jurisdiction and for formally adopted by the Council and National laws will continue to provide cross-border cooperation between Parliament. It will enter into force 20 days for additional measures, such as fines, Member States. after it has been published in the Official temporary or permanent exclusion from The UK, Ireland and Denmark will Journal of the European Union and Member public tender procedures, grants and not adopt the new Countering Money States will have up to 24 months to concessions, and national laws will also Laundering by Criminal Law Directive. transpose the new provisions into provide for national courts to take into In the UK, this follows the approach in national law. n

Cyber fraud – Ireland’s Central Bank takes action By Seán O’Reilly and Conor O’Donovan, Ronan Daly Jermyn www.rdj.ie

ppian Asset Management was the first imposition of a sanction by €650,000 of a client’s funds as a result of ('Appian'), an Irish based and the Central Bank where there has been a cyber fraud. The Central Bank, following a owned asset manager, has been loss of client funds from cyber fraud as a an investigation, stated that Appian's fined €443,000 by the Central Bank for direct result of the firm’s regulatory failures were in the following areas: breaches of regulation regimes covering breaches client asset protection, anti-money The breaches, which have been l It had defective controls to protect laundering, and fitness and probity. This admitted by Appian, led to the loss of client assets against fraud;

19 Trade Security Journal Issue 8 BULLETINS

l It had inadequate policies and correspondence from the fraudster case demonstrated serious deficiencies in procedures to monitor transactions, contained a number of spelling and its governance arrangements, risk detect and report money laundering grammatical errors which were not management, compliance oversight, and and provide its staff with appropriate consistent with the profile of the real systems of internal control. These training; and client, that of a competent business - failings, combined with a culture in l It failed to ensure that an employee, person. The fraudster induced Appian to which clients’ instructions were given performing a role that might expose pay the proceeds of the redemption in to primacy over security and regulatory Appian to financial, consumer or two separate corporate accounts outside concerns, rendered the Firm exposed to regulatory risk, was fit for that role. of Ireland, which is where the real client the cyber fraud that occurred. It placed resides. The fraudster then requested that client assets at heightened risk and that These failures led to the success of a the payments be split into smaller risk crystallised. The Central Bank views fraudster who, posing as the real client amounts with the intent of avoiding UK such fundamental failings as completely over a two-month period, requested the banking controls and subsequently unacceptable.’ liquidation of €650,000 of the client's provided incorrect account names twice The Central Bank’s action underlines assets to be paid into two third-party UK and incorrect payment details once. the importance of cyber fraud prevention accounts. These red flags did not trigger a in a modern corporate governance code The Central Bank found that Appian commensurate response from Appian. and culture with the design, had processed the request despite the Seána Cunningham, the Central implementation and updating of an presence of a number of red flags, Bank’s Director of Enforcement and Anti effective cyber fraud prevention plan, a signalling potential fraud and money Money Laundering, commenting on the matter for which responsibility should be laundering. For example, the e-mail issue, stated: ‘Appian's failures in this assumed at board level. n

Vietnam: 16th draft of the Law on Cybersecurity By Yee Chung Seck and Thanh Son Dang, Baker McKenzie www.bakermckenzie.com

ollowing the release of the 15th draft of the Law on Cybersecurity in Public consultation f January, the National Assembly has published the 16th draft (‘the Draft Law’) The full text of the Draft Law is available at: on its website for public consultation. The http://duthaoonline.quochoi.vn/DuThao/Lists/DT_DUTHAO_LUAT/View_Deta Draft Law, in comparison with the 15th il.aspx?ItemID=1382&LanID=1497&TabIndex=1 draft, has further updated the local offices and data localisation requirements for The Draft Law is still open for public consultation. Relevant parties can submit feedback offshore telecommunic ations and Internet via the following link: service providers. The Draft Law remains http://duthaoonline.quochoi.vn/DuThao/Lists/DT_DUTHAO_LUAT/View_Deta largely the same in other respects. The il.aspx?ItemID=1382&TabIndex=6 following are noteworthy updates. No specific deadline has been set for submitting feedback in relation to this draft. Stricter local office and data localisation requirements (Article 28) Previously, Article 27.4 of the 15th draft national cyber infrastructure, but only The Draft Law now requires offshore had provided that offshore if (i) 10,000 or more Vietnamese users entities, when providing telecommunic - telecommunications and Internet service use such service or (ii) the government ations and Internet services in Vietnam, to providers must: so requests. have headquarters or representative offices in Vietnam and store within the l Have headquarters or representative In the latest version, the 10,000 or more territory of Vietnam (i) personal data of offices in Vietnam; and Vietnamese user threshold and users in Vietnam, and (ii) other important l Store within the territory of Vietnam government request that triggered the data collected and/or generated from the data of Vietnamese users and other local office and data localisation use of Vietnam’s national cyber important data collected and/or requirement have been removed from infrastructure as stipulated by the generated from the use of Vietnam’s what is now Article 28. government.

20 Trade Security Journal Issue 8 BULLETINS

The Draft Law narrows the type of Internet service providers to fall within The language of the aforementioned users’ data that are subject to data the purview of this provision. provision is vaguely worded. It could be localisation requirements from ‘data’ in considered a new restriction on general to ‘personal data’. However, a Cross-border data transfer restriction transferring and storing data outside of precise definition of the term ‘personal (Article 42) Vietnam. On the other hand, it could be data’ is absent from the Draft Law. The Draft Law has a new subsection interpreted to mean that only the personal The Draft Law changes the scope of under Article 42.2 (formerly Article 41.2 data of users in Vietnam and other data subjects from ‘Vietnamese users’, of the 15th draft) – Article 42.2(c). This important data collected and/or generated which includes users with Vietnamese provides that offshore telecommunicat - from the use of Vietnam’s national cyber nationality only, to ‘users in Vietnam’, ions and Internet services provider are infrastructure as stipulated by the which includes all users of any nationality required to, among other things, only government are allowed to be stored who use services within Vietnam. store within the territory of Vietnam within Vietnam (other information, such In sum, a plain reading of the law personal data of users in Vietnam and as information of users using services suggests that the scope of this other important data collected and/or outside Vietnam, would not be allowed to requirement has been broadened, which generated from the use of Vietnam’s be stored within Vietnam). Further in effect would mean that it is easier for national cyber infrastructure as stipulated guidance may be needed to clarify the overseas telecommunications and by the government. language of Article 42.2(c). n

Modern Slavery Act tabled in Australian Parliament By Abigail McGregor, JP Wood and Jacob Smit, Norton Rose Fulbright www.nortonrosefulbright.com

he Assistant Minister for Home chains of the reporting entity and any body’ of each reporting entity or an entity Affairs, the Hon Alex Hawke MP, entities that the reporting entity owns in a position to influence or control each T has tabled the Modern Slavery Bill or controls; reporting entity (for a company, this will 2018 in Parliament. The new reporting l describe the actions taken by the be the board of directors) and otherwise regime will have a significant impact on reporting entity and any entity it owns by at least one reporting entity. It must be larger businesses operating in or from or controls, to assess and address signed (electronically) by a ‘responsible Australia. The Modern Slavery Bill those risks, including due diligence member’ of the approving entity, requires businesses based, or operating, and remediation processes (the Bill normally a company director or secretary. in Australia, which have an annual notes that those actions may include The statement must then be sent or consolidated revenue of more than the development of policies and uploaded to the (soon to be established) AUD100 million, to report annually on processes to address modern slavery register of modern slavery statements to the risks of modern slavery in their risks and training for staff about be run by the Commonwealth operations and supply chains, and modern slavery); Government and freely accessible on the actions to address those risks. Entities not l describe the process of consultation internet. caught by this threshold can opt in. with: The Bill stipulates that Under the Bill, businesses will be s any entities that the reporting entity Commonwealth corporate entities and required annually to submit a ‘modern owns or controls; and companies that meet the monetary slavery statement’ that complies with the s in the case of a reporting entity threshold will also be required to report. following mandatory criteria (which may covered by a joint statement, the Further, the Commonwealth Government change as the Bill passes through entity giving the statement; and will be required to report on behalf of all Parliament and is referred to a committee l include any other information that the non-corporate Commonwealth entities. for consideration). In summary, the reporting entity, or the entity giving The introduction of this Bill comes statement must: the statement, considers relevant. after several government inquiries and consultations into the prevalence of l identify the reporting entity; Entities can report on behalf of their modern slavery in Australia and globally, l describe the structure, operations and subsidiaries and entities they control by and is modelled on the UK’s Modern supply chain of the reporting entity; publishing a ‘joint statement’. Slavery Act 2015, but with some l describe the risks of modern slavery The modern slavery statement must significant differences. practices in the operations and supply be approved by the ‘principal governing The Bill will likely become law later

21 Trade Security Journal Issue 8 BULLETINS

this year, as is or with amendments. We seek information and understanding from anticipate that the first reporting year for their group entities and suppliers about Preparing for the new reporting businesses reporting in accordance with the modern slavery risks in their supply regimes an Australian financial year will be 2019- chains and how best to manage them. At minimum, businesses that have not 20, although this will depend upon the Suppliers to the Commonwealth already done so should consider taking the progress of the Bill. Government ought to expect that their following steps: modern slavery strategies will be n Map the organisation’s structure, Business impact of modern slavery interrogated as agencies develop their businesses and supply chains. statements own response to the Act. In addition, n Formulate policies in relation to modern The new reporting regime will impact businesses with at least AUD 50 million in slavery – this will involve collating significantly on the way that Australian annual consolidated revenue and one or current policies, identifying gaps, businesses deal with their suppliers, more employees in New South Wales will adapting existing policies and contractors and customers. Reporting need to comply with the NSW Modern formulating new policies, as needed. entities will need to act quickly to get Slavery Act, passed on 21 June 2018. n Carry out a risk assessment – identify ready to comply with the new regime and These new reporting requirements will those parts of the business operations smaller suppliers will also be affected. impose a regulatory burden on and supply chains where there is a risk Businesses that operate in Australia businesses, but there are opportunities of modern slavery taking place. n Assess and manage identified risks – and already report under UK laws may too. Reporting entities can use the this may include carrying out further find it easier to comply with the opportunity to review their procurement due diligence in the entity’s operations Australian reporting requirements, but and risk management processes and and supply chains and reviewing and they will still need to watch out for check whether they are effective in adapting contract terms and codes of differences in the two regimes and adapt identifying and addressing not just conduct with suppliers. their reporting accordingly – this includes modern slavery risks but other legal, n Consider and establish processes and verifying that they have complied with commercial and reputational risks in their KPIs to monitor the effectiveness of the the Australian mandatory criteria. operations and supply chains. steps taken to ensure that modern Although the Commonwealth This continues to be a complex slavery is not taking place in the reporting regime is currently targeted at undertaking and we anticipate the new business or supply chains n Carry out remedial steps where modern larger businesses – those with annual reporting regimes will prompt businesses slavery is identified. gross consolidated revenue of at least to create new and innovative tools to help n Develop training for staff on modern AUD 100 million – there will inevitably be them better understand and manage their slavery risks and impacts. a ‘trickle-down’ effect as reporting entities risks. n

Business and Human Rights Customs and Import Trade “The firm is absolutely superior. It always Defense Trade and National Security provides a rapid response and represents Export Controls and Economic Sanctions great value for money. In addition, it has FCPA and International Anti-Corruption a pragmatic outlook that translates to a Internal Investigations very business-friendly approach.” International Trade Remedies - Chambers and Partners Trade Policy White Collar Defense

Miller & Chevalier Chartered . 900 16th Street NW . Washington, DC 20006 . millerchevalier.com

22 Trade Security Journal Issue 8 HUMAN RIGHTS

When might a parent company be liable for the human rights impacts of its foreign subsidiaries and subcontractors?

Courts in jurisdictions including the UK, Canada and the US have shown they are open to the arguments asserting parent company liability for subsidiaries abroad. Multinationals would do well to develop processes for identifying and mitigating human rights risks in their global operations and supply chains, write Chris Walter, Hannah Edmonds-Camara and Julia Steinhardt.

laimants in human rights litigation emphasised that a parent company will by its operations because of its are increasingly asserting parent not automatically owe a duty of care knowledge and expertise; or C company liability for negative towards those affected by its subsidiary’s l knew, or ought to have known, that its human rights impacts connected to the operations. However, as previously subsidiary’s system of work was activities of their foreign subsidiaries and established, a duty of care may be owed unsafe and that the subsidiary or its affiliates within their global operations to employees of a foreign subsidiary in employees would rely on the parent’s and supply chains. This article considers certain circumstances: where harm was superior knowledge. recent judgments of courts in the UK and reasonably foreseeable, there was a across North America. These relationship of proximity between the The Court went further; a duty might developments will be important for subsidiary’s employees and the holding be owed not only to employees of the parent companies assessing legal and company, and it is fair, just and foreign subsidiary but also to non- reputational risks associated with their reasonable to impose a duty of care. In employee third parties impacted by the global operations. Vedanta, the Court of Appeal noted that operations of the subsidiary. Although these circumstances may arise where the there have been no reported cases of a uK Court of appeal’s recent approach parent: parent company owing a duty of care to to human rights claims against third parties affected by its foreign English parent companies brought in l is directly responsible for devising a subsidiary’s operations, this did not connection with operations abroad material health and safety policy, the ‘render such a claim unarguable. If it were In a landmark ruling in November 2017 – adequacy of which is relevant to the otherwise, the law would never change.’ Lungowe & Ors v. Vedanta Resources PLC & dispute; In this case, the claimants convinced Anor [2017] EWCA Civ 1528 – the UK l controls the operations which give rise the Court that it was arguable that the Court of Appeal dismissed jurisdictional to the claim; various factors described above were challenges by English-headquartered l is well-placed to protect employees of present. Therefore, Vedanta might have parent company Vedanta Resources PLC the subsidiary and/or those affected owed a duty of care, making the case and its Zambian subsidiary Konkola Copper Mines Plc (‘KCM’). The court has allowed claims made by 1,826 Zambian citizens – relating to personal injury, damage to property, loss of income and loss of amenity and enjoyment of land arising from pollution and environmental damage allegedly caused by KCM’s operation of the Nchanga copper mine – to proceed to be heard on the merits. The Court confirmed that where a defendant company is domiciled in England and Wales, the English court cannot decline (mandatory) jurisdiction to hear a claim, even if the court of another non- contracting state may provide a more appropriate forum. In deciding whether there was a ‘real issue to be tried’ between the claimants and the parent company, the Court of Appeal considered whether it was arguable that Vedanta could have owed a duty of care to the claimants. The court Claims arising from human rights damage are being heard by courts in the UK and North America.

23 Trade Security Journal Issue 8 HUMAN RIGHTS

inappropriate for summary dismissal. courts appear to be taking a similar Nevsun has recently sought the Canadian KCM, the Zambian subsidiary, was also a approach to parent company liabilities in Supreme Court’s permission for a further necessary and proper party to the claim. connection with alleged human rights appeal against this decision, arguing that A key factor that had been taken into impacts caused by their operations it was inappropriate for a British account in the High Court’s initial ruling abroad. Columbia judge to assess a sovereign on jurisdiction was that there was a real In 2013, the Ontario Superior Court state’s conduct and describing the ruling risk that the claimants would not obtain rejected a motion to dismiss a claim as ‘out of step’ with common law and the justice before the courts in Zambia. against Toronto-headquartered parent international consensus. The approach of English courts to any company, Hudbay Minerals Inc on Parent companies in the US also similar claims in the future remains fact- jurisdictional grounds. The Guatemala- continue to face legal challenges relating specific and therefore uncertain, however. to their foreign operations and supply In February 2018, a divided Court of Human rights impacts chains. Allegations that Arab Bank Appeal rejected an appeal by two financed and facilitated organisations Nigerian communities against a refusal to connected to foreign involved in attacks against Israeli citizens hold London parent company Royal subsidiaries can also result in were recently presented before the US Dutch Shell (‘RDS’) responsible for oil Supreme Court. In a divided decision on pollution in the Niger Delta by its significant costs for 24 April 2018, the court ruled that Nigerian subsidiary. The parties agreed alternative dispute claimants cannot use the Alien Tort that the approach taken by the Court of Statute (‘ATS’) to sue foreign corporations. Appeal in Vedanta was arguably correct. resolution. This decision resolves a split in the However, the claimants had failed to approach taken by various US circuits establish that RDS had a sufficient level of based claimants alleged that the parent and is expected to close the door on control over its Nigerian subsidiary to company was responsible for negligent further human rights litigation under the warrant the imposition of a duty of care. management of security personnel in the ATS. However, cases have also been The court specified that parent companies context of a forced land eviction, resulting brought in multiple states in relation to with mandatory policies to ensure that in violation of their human rights. US consumer protection laws, with local controls are in place should be Although the Guatemalan company claimants arguing that they would not distinguished from parent companies that allegedly responsible for engaging the have purchased or paid as much for directly seek to exert control and security personnel was not HudBay’s products had they been informed that the influence over their subsidiaries, with subsidiary at the time of the alleged ingredients were sourced from regions only the latter potentially having a duty wrongdoing – HudBay had acquired the recognised as being at high risk of forced of care. In the circumstances, the court subsidiary a year after the alleged events labour and child labour. held that it was not fair, just or reasonable – the court held that it was possible that to impose a duty of care on RDS. the parent company had owed a duty of outside of the court room: executive In essence, this decision shows that a care towards the claimants and that the crackdowns and arbitration parent company’s issue of mandatory claim should be allowed to proceed. settlements policies, standards and manuals which More recently, in 2017, the British Human rights impacts connected to apply to the subsidiary is unlikely to be Columbia Court of Appeal confirmed that foreign subsidiaries can also result in sufficient in itself to establish a parent a claim against mining company Nevsun significant costs for alternative dispute company duty of care towards people Resources Ltd for alleged activities by its resolution. In the wake of the 2013 Rana impacted by its foreign operations. foreign subcontractor could proceed to be Plaza factory collapse in Dhaka, unions Whereas Vedanta Resources held an 80% heard on the merits. Eritrean claimants shareholding in KCM and was arguably allege that they were forced to work at a continues on page 28 involved in KCM’s direct management, mine by Nevsun’s the RDS subsidiary operated its pipeline local subcontractor pursuant to a joint venture with three (owned by the Eritrean other parties, including another state), amounting to

corporation that held the majority slavery, crimes against / Shutterstock.com a katz shareholding. As a result, the Court found humanity, forced that RDS had limited leverage to labour, and torture. influence avoidance of the alleged This decision is the breaches. first in which a While both judgments considered Canadian appellate jurisdictional issues only, they also court has permitted a provide useful insights into how courts mass tort claim for might determine the extent of a UK slavery to proceed. company’s duty to third parties abroad. Again, a key consideration taken a transatlantic trend? into account by the UK courtroom developments are not court was the fact that isolated. In Canada – a crucial jurisdiction the claimants faced a for the global extraction sector, as more possible lack of access than half of publicly listed mining parent to justice before the / Shutterstock.com a katz companies are headquartered there – Eritrean courts. Protestors call for compensation for the families of Rana Plaza victims.

24 Trade Security Journal Issue 8 DATA PRIVACY

An overview of Israeli data protection law

While the GDPR has drawn the headlines and attention, recent updates to Israel’s data protection laws should not go unnoticed, writes Gil Rosen.

ike many businesses around the the Registrar interprets the Israeli data names, addresses and means of world, this May Israeli businesses protection laws and how the Registrar is communication with the subjects, so long L were coming to terms with the likely to exercise his enforcement as the information itself is not of a entering into force of the European powers. character that will harm the privacy of Union’s new General Data Protection the subjects and provided that the owner Regulations (‘GDPR’) and its extra- Israeli data protection of the collection does not own any other territorial enforcement ramifications. In general, Israeli data protection law collections of data. However, Israeli data protection law has governs the ownership, holding and Personal data is any data relating to also been in the process of getting a major management of databases, the collection, the personality, personal status, intimate update and the country’s Privacy storage and processing of personal data affairs, state of health, economic status, Protection (Data Security) Regulations on those databases, the transfer to third professional qualifications and opinions 5777-2017 (‘PPDSR’) also came into force parties, including transfers abroad of and beliefs of an individual. The types in May. This article provides an personal data and the rights of data of personal data emphasised in the overview of Israeli data protection law. subjects (i.e., the individuals to whom previous sentence are also classified as the personal data relates). ‘sensitive personal data’. The basics In Israel, a database must be In Israel, the right to privacy is set out in Unlike the GDPR, the Israeli registered with the Registrar, if any of the the Basic Law: Human Dignity and following apply: Liberty 5752- 1992. While Israel does not data protection laws do not have a written constitution as such, its set provide the Israeli l it contains personal data relating to of ‘Basic Laws’ set out Israel’s authorities with extra- more than 10,000 individuals, constitutional rights, so the right to l it contains sensitive personal data, privacy is a constitutional right in Israel. territorial powers. l the database contains personal data of Israel’s privacy laws were expanded individuals that did not provide the upon with the Protection of Privacy Law A database is defined as a collection data themselves or the data was not 5741-1981 (‘PPL’), which became the of personal data kept by magnetic or sent on their behalf or with their principal legislation regarding privacy optic means that is intended for approval, and introduced controls on databases computer processing, except for l the database belongs to a public body, holding personal information. collections of data which are intended or Various regulations have been entirely for personal, non-commercial l the database is used for direct promulgated under the PPL, including use. Also excluded are collections only of marketing. Privacy Protection (Transfer of Data to Databases Abroad) Regulations 5761- 2001 and the PPDSR being the latest and arguably most significant. Additionally, there is legislation dealing with specific sectors and types of data. These include the Patient Rights Law 5756-1996, the Genetic Information Law 5761-2000, and the Credit Data Law 5776-2016. Various privacy and data protection requirements are also fleshed out in Israeli case law. For the sake of brevity, this article focuses on the PPL and PPDSR.

Governing authority The Privacy Protection Authority (‘PPA’), which is the Israeli regulatory and enforcing authority for Israel’s data protection regulations, is headed by the Israeli Database Registrar (‘Registrar’). The Registrar issues formal guidelines with respect to data protection compliance. While the guidelines are non-binding, they do inform as to how

25 Trade Security Journal Issue 8 DATA PRIVACY

It is illegal to own or manage an provide the data to another as a revoked and access codes deleted. unregistered database if that database business, including direct marketing; 3. Documenting any event in which it is must be registered by law. Israel’s data (ii) databases owned by public bodies; suspected that personal data may protection laws apply to owners, and (iii) databases that include any have been compromised, used or managers and controllers of databases. information regarding the personal accessed without permission. Where Unlike the GDPR, the Israeli data life of a person, medical data, data possible, this should be achieved protection laws do not provide the Israeli regarding a person’s mental state, automatically (‘Security Event authorities with extra-territorial powers. genetic information protected by the Documentation’). Genetic Information Law 5761-2000, 4. Database owners may not allow rights of data subjects remote access to databases with The PPL provides individuals with the It is illegal to own or manage mobile devices without taking following rights with respect to personal appropriate precautions to restrict data relating to them held on databases: an unregistered database if access to authorised persons and to that database must be prevent penetration onto the systems. l the right to inspect and receive a copy 5. Ensuring that the infrastructure, of the personal data, except for certain registered by law. processes and security procedures of exceptions such as relating to physical the database remain technologically and mental health and where the information on a person’s political or up to date. Hardware and software information relates to an on-going religious beliefs, criminal history, should be updated when necessary criminal investigation; certain communication data, and only compatible components l the right to demand the correction of biometric information and used. incorrect information; information regarding a person’s 6. Databases must not be connected to l the right to have the personal data assets, debts, liabilities and economic the internet or to any other public deleted under certain circumstances, status. network without appropriate steps particularly in connection with direct l Databases requiring a high level of having been taken to adequately mailing lists. security These are any of the protect the database from penetration following: (i) databases that would and unauthorised access. Additionally, PPL prohibits any form fall under points (i) or (iii) of data processing of an individual’s enumerated above in connection with Security measures required by all personal data unless it is in strict databases requiring an intermediate categories except for databases accordance with the purposes for which level of security, but which hold managed by individuals it was collected and the data subject has personal data relating to at least These include: provided their informed consent (which 100,000 individuals; (ii) any of the may be express or implied). Data subjects databases that would otherwise be a 1. Appointing a security supervisor who may also withdraw their consent at any database requiring an intermediate will be responsible for the security of time. level of security, but in respect of the databases and compliance with which over 100 people are authorised the data protection laws, although the security measures to access them. security supervisor will not be held The PPDSR sets out various security personally liable for violations. measures that databases are required to security measures for all categories Security supervisors will be directly take to protect the systems and data held PPDSR sets out certain security measures subject to the database manager and on them. The PPDSR also divides that owners of all databases must adopt. responsible for drawing up suitable databases into four distinct categories These include: procedures for securing the database and the category that a database falls into (see below) and implementing and informs the database owners and 1. Preparing a document describing the tracking compliance with the managers of the level of security database (the ‘Database Description’), procedures. Database owners must measures that they must adopt. including a general description of its provide the security supervisors with The database categories are as follows: collection of personal data and its use sufficient tools for them to be able to and processing of the data, the types perform their tasks. l Databases managed by an individual of data collected, details of any 2. Preparing a document setting out With certain exceptions, these are transfers of personal data abroad, information security procedures and databases managed by an individual details regarding the database rules regarding the physical location or a legal entity that is owned by an manager and security supervisor of the databases and their security and individual and no more than two (where one must be appointed) and the various levels of authorisation to other persons are authorised to access the principal risks of a security breach access the personal data. Each person the databases. and measures taken to prevent the authorised to access the database must l Databases requiring a basic level of breach. The Database Description be provided with access to the parts of security These are databases that do must be amended immediately the procedures that are applicable to not fall into one of the other three following any material change. them. Procedures must also provide a categories. 2. Appropriate steps must be taken to risk analysis and set out procedures l Databases requiring an intermediate verify that all access to the database is for dealing with the risks. Also to be level of security These fall into one of authorised. Persons who are no longer covered are rules regarding how to the following categories: (i) databases, employed by the database owner deal with events in which data may the main purpose of which is to must have their access immediately have been compromised. Database

26 Trade Security Journal Issue 8 DATA PRIVACY

owners must consider at least once a year whether the procedures require Transferring personal data abroad updating for any reason. The Privacy Protection (Transfer of Data to Databases Abroad) Regulations 5761- 3. Maintaining a document that details 2001, provides that personal data may only be transferred to countries whose laws the structure of the database (the ensure a level of protection no lesser than the level of protection of data provided ‘Structure Document’), including the for by the Israeli Law. Additionally, the law requires that the personal data communications and information security components, database l is gathered and processed in a legal and fair manner; structure and a list of its systems, l is held, used and delivered only for the purpose for which it was received; including its infrastructure, l must be accurate and up to date; l the data subject must have the right to inspect the data relating to them; and telecommunications and security l there must be mandatory obligations to take adequate security measures to protection and operating system protect the data. software. A diagram of the network on which the database operates, Personal data may also be transferred abroad if any of the following apply: showing the connections among its different components must be l the data subject has consented to the transfer; included in this document. l the consent of the data subject cannot be obtained, but the transfer is vital to 4. Adopting appropriate procedures for the protection of their health or physical wellbeing; verifying the suitability and l the data is transferred to a corporation under the control of the owner of the trustworthiness of employees and database and they have guaranteed the protection of privacy after the transfer; l the data is transferred to a person bound by an agreement with the owner of the candidates who will be provided with database requiring the recipient to comply with the same obligations imposed on access to the databases. Database the database owner in Israel; owners must also ensure that l the data was made available to the public or was opened for public inspection by candidates and employees have a legal authority; undergone suitable data protection l the transfer of data is vital to public safety or security; training and have been made aware of l the transfer of data is mandatory according to Israeli Law; or their obligations under the law. l the data is transferred to a database in a country which is a party to the 5. Setting different levels of access to the European Convention for the Protection of Individuals with Regard to Automatic database for each employee Processing of Sensitive Data; or which receives data from Member States of the depending on each employee’s role. European Community, under the same terms of acceptance; or in relation to which the Registrar of Databases announced, in an announcement published in An up-to-date list setting out the Israel’s Official Gazette called Reshumot that data may be transferred to that different access levels of each country. employee and their roles must be maintained. In all of the cases in which personal data is transferred from an Israeli database 6. Prior to engaging any third-party abroad, the owner must obtain a written guarantee from the recipient to ensure that contractors to provide services that the recipient is taking adequate measures to ensure the privacy of data subjects will require the contractor access to and that the data will not be transferred to other persons. the database, the owner must determine what risks are involved in allowing the contractor access to the security procedures more concrete once every two years for existing database and enter into a written details on the means for identifying employees and new employees should agreement with the contractor and verifying who is accessing the receive training as close as possible to covering issues such as the kind of database and how the database is the commencement of their personal data the contractor will have being accessed. employment. access to, the kind of processing that 2. At least once every 24 months, the 5. Verification of the identity of the contractor will be engaged and database should be subjected to authorised persons should be, as far as permitted to perform, the duration of internal or external testing in order to is possible, by physical means under the engagement, and what will be ensure that the database continues to the sole control of the authorised done with the personal data at the end comply with legal and technical person. If verification is by passwords, of the engagement (returned, requirements. Testing must be then the security procedures must destroyed, etc.). conducted by appropriately qualified provide details regarding the strength 7. Information concerning access to the persons, but not by the security of passwords, the maximum number database, authorisations, verifications supervisor. of times an incorrect password may be of identity and events in which data 3. Suitable means must be adopted to entered before further action is may have been compromised must be record access to and exit from the required, and the regularity with maintained and kept secure for at least physical sites of databases and the which passwords must be changed. two years. equipment brought in or taken out of 6. Employing a means of automatically from the sites. recording access and attempted access Security measures required by owners 4. Periodic training must be provided to to databases and the identity of the of databases requiring an intermediate persons authorised to access the individuals involved (‘Security or high level of security databases to ensure that they have the Recordings’). Security Recordings These include: requisite knowledge to comply with must be reviewed periodically to the security procedures and the law. determine if there are any security 1. Considering and including in the Training should be provided at least problems that need to be rectified.

27 Trade Security Journal Issue 8 DATA PRIVACY

7. Any serious security event must be rectify any weaknesses that are undergone- a fair amount of evolution reported immediately to the Registrar, discovered. over the years. They are now relatively including details of all steps taken 2. Reviewing at least once a quarter all sophisticated and tailored to reflect the following the event. Following Security Event Documentation to technological advances that have been consultation with the head of the determine if any changes are required made in the area of databases over the Israeli National Cyber Security to the security procedures to better last few years. It is thanks to these laws Authority, the Registrar may order the secure the database. that the EU considers Israel to be one of owners to notify the individual whose the countries that it approves data personal data may have been at risk The precise nature of the measures transfers to. However, like GDPR, the from the event. ‘Serious security taken by each database to comply with most important rules which are events’ are defined differently for their requirements described above will contained in the PPDSR are very new and databases requiring a high level of very much depend on what is appropriate it is likely to take some time and cases for security and those requiring an in each case taking into account the nature businesses to fully get to grips with their intermediate level of security. of the personal data held on a database compliance requirements and an and the sensitivity level of that data. understanding as to how the Security measures required by owners Conclusion requirements will be interpreted and of databases requiring a high level of Israel’s data protection laws have enforced by the Registrar. n security Owners of databases requiring a high level of security must also adopt the Gil Rosen is a senior lawyer with the Tel Aviv law firm Ady following measures: Kaplan & Co. He is qualified and licensed to practice as an Israeli lawyer and solicitor of England & Wales. His work involves 1. Performing penetration testing and advising businesses on international commerce, including security surveys on the database at advising on export control and data protection regulations. least once every 18 months to determine the database’s vulnerability [email protected] to internal and external attack and to take appropriate action in order to

Continued from page 24 sanctions were imposed against 52 Looking ahead persons and affiliated persons, many of What is clear from the evolving case law representing Bangladeshi textile workers whom were corporate entities. Under EO in the UK, Canada and the US is that the launched a second arbitration in the 13818, the US administration can also human rights bar remains active and permanent court at the Hague under the impose sanctions or similar punitive continues to press multinationals ‘Bangladesh Accord’, an agreement measures against not only those directly regarding their operations abroad and signed by fashion brands with supply involved in corruption and human rights alleged impacts of their global operations. chains implicated in the factory collapse. abuses, but also persons who materially In some jurisdictions, claimants are The unions alleged delays in developing assist, sponsor or provide financial, having a degree of success in persuading promised factory safety features, and material or technological support for or the courts that there is at least an arguable successfully negotiated a landmark goods or services to the relevant activities case to be heard against parent $2.3m settlement with a multinational or persons. companies. Legislative developments and apparel brand. Businesses may run the risk of being potentially expensive arbitrations are also Pockets of regulation are also designated under this broad posing risks for companies that operate increasing exposure for businesses. In authorisation by virtue of relationships globally. Multinationals will no doubt be December 2017, for example, President with third parties. This executive order tracking litigation and other Trump signed Executive Order 13818, suggests a need for businesses to ensure developments in this space and might which authorises sanctions against that their compliance and KYC consider – if not already – developing persons involved in serious human rights programmes incorporate human rights processes for identifying and mitigating abuses or corruption. Following its due diligence of their customers, vendors human rights risks in their global signing, in the course of two days, and business partners. operations and supply chains. n

Chris Walter is a partner, Hannah Edmonds-Camara is an associate, and Julia Steinhardt is a trainee in the Business and Human Rights Practice at Covington. [email protected] [email protected]

28 Trade Security Journal Issue 8 BUSINESS CRIME

The UK agencies dealing with business crime – an overview

Aziz Rahman outlines the powers and functions of the Serious Fraud Office, Financial Conduct Authority and National Crime Agency and explains how defence teams should respond to them.

usiness crime can often involve l A threat to the UK’s commercial or interview if it believes they have relevant multiple companies, individuals financial interests. information. Section 2 interviews are not b and countries. As a result, it can be l High actual or potential financial loss. carried out under caution and are not investigated by numerous agencies l Significant actual or potential subject to the Police and Criminal across a number of jurisdictions. economic harm. Evidence Act 1984, which governs the This article focuses on the three main l Significant public interest. conduct of most interviews. An UK agencies: the Serious Fraud Office individual cannot refuse to answer a (‘SFO’), Financial Conduct Authority The cases that the SFO handles can be question in a Section 2 interview. Failure (‘FCA’) and National Crime Agency complex, lengthy and involve many to cooperate with one can lead to up to (‘NCA’). It is by no means exhaustive but resources. Cases that it decides to not two years’ imprisonment. does touch on the key issues investigate may be passed to the City of The SFO has told lawyers that they surrounding the activities of all three. London Police or other police forces. The have no automatic right to accompany a The SFO, FCA and NCA all have large old rule that the SFO only investigated client that is compelled to attend a amounts of expertise, experience, legal cases that involved more than £1m no Section 2 interview. If a lawyer wants to power and resources at their disposal. attend a Section 2 interview, they must But a defence team with its own high As the SFO is an argue why they should be allowed to do levels of experience and expertise can so, and also agree to restrictions on their challenge the conduct of such an agency investigation and prosecution role. – or the assumptions it makes – in order agency, it cannot carry out to dismantle the case against their client. deferred prosecution agreements arrests. These are carried As the SFO, however, is an investigation The serious fraud office out for it by the police. and prosecution agency, it cannot carry The SFO is ‘one of a kind’: while it has a out arrests. These are carried out for it by set annual budget, it can nonetheless the police. Yet the SFO’s powers are far request additional funding from HM longer applies – essentially rendered from limited. It can prosecute Treasury (so-called ‘blockbuster fund- obsolete by the ever-escalating value of individuals and corporates – and has ing’) for large cases as and when they financial crime. other options at its disposal. arise. It works under what is called the When the SFO does accept a case for The SFO can decide to offer a deferred Roskill model, which involves a team of investigation, it has a wide range of prosecution agreement (‘DPA’) as an investigators, accountants, prosecut ors, unique powers under Section 2 of the alternative to a prosecution. Introduced experts and counsel being assigned to an Criminal Justice Act 1987, the Act which into UK law by Schedule 17 of the Crime investigation from the earliest stages. created the SFO. The SFO can use Section and Courts Act 2013, a DPA allows the When deciding whether to investigate 2 to compel any individual or SFO (or Crown Prosecution Service, a case, the SFO considers whether it organisation to provide it with ‘CPS’) to offer a corporate the chance to involves: information or documents or attend an avoid being prosecuted by meeting

29 Trade Security Journal Issue 8 BUSINESS CRIME

certain conditions. These conditions can gives people the right of access to any include paying a financial penalty or material of theirs that has been seized, Links and notes compensation, cooperating with the while the Attorney General’s Guidance further reading prosecution of individuals or making on Disclosure (December 2013) laid down https://www.legislation.gov.uk/ukpga/19 changes to working practices. If the guidelines on the seizure of digital 87/38/contents conditions stipulated in the DPA are met, material. http://www.legislation.gov.uk/ukpga/20 the corporation is not prosecuted. But it 13/22/schedule/17/enacted can be if it fails to meet them. unexplained wealth orders http://www.legislation.gov.uk/ukpga/20 From 31 January this year, the SFO, the 17/22/contents/enacted Representation NCA, FCA, HM Revenue & Customs https://www.sfo.gov.uk/ The fact that the SFO has lawyers and CPS have also had unexplained https://www.fca.org.uk/ involved in its cases from the very start wealth orders (‘UWOs’) at their disposal. does not mean it is beyond legal Introduced into UK law by the https://www.fca.org.uk/www.nationalcri meagency.gov.uk/ challenge. If anything, it emphasises the Criminal Finances Act 2017, a UWO need for anyone investigated by the SFO gives an authority the right to make an – or any agency, for that matter – to seek individual explain how they managed to legal representation at the earliest acquire an asset, such as a house. If the admissibility of evidence or the opportunity if they are being treated as a individual does not cooperate with the reliability of witness testimony. suspect. UWO or does not give what is This must be representation that can: considered to be a satisfactory The financial Conduct authority explanation, the authority can begin civil The Financial Conduct Authority (‘FCA’) l Match the investigating agency’s recovery proceedings under the was created by the Financial Services Act lawyers when it comes to experience Proceeds of Crime Act 2002 (‘POCA’) to 2012. It regulates 56,000 financial firms and expertise in business crime law. seize that asset. that provide services to customers and l Gather the relevant information and Civil recovery is a tool that the maintains the integrity of the UK’s evidence. authorities will use as an alternative to financial markets. It investigates l Mount a robust, intelligent defence criminal prosecution. As an example, in individuals and organisations and has the against SFO allegations. recent months, the SFO has recovered power to ban financial products for up to l Argue, where possible, a client’s right £4.4M from Chadian diplomats who had a year. Last year, it issued £229m in fines. not to incriminate themselves when been bribed by a Canadian energy Since April 2014, it has also been interviewed. company that was seeking development responsible for regulating the consumer contracts in the African country. credit industry. It can be worth a company seeking The introduction of UWOs shifts the While it does not have the SFO’s legal advice about carrying out an burden of proof onto the subject of the extensive range of powers, it is similar to internal investigation if it suspects order. The person now has to prove that the SFO in that its investigators do not wrongdoing. This can ensure that it they acquired an asset legitimately have powers of arrest, it has lawyers identifies the problem before it comes to instead of the authority having to show working on investigations from the the attention of an investigating agency. that it was gained through criminal earliest stages, and it has the power to The company then has the opportunity to activity. To prove this will require bring criminal prosecutions. Since last self-report the problem which can, in obtaining all relevant information, year, it also has civil recovery powers, as producing compelling evidence to back a a result of the Criminal Finances Act, The NCA is the UK’s most person’s claim that the asset was acquired which amended POCA to make it an legitimately and, where necessary, enforcement authority. prominent organisation negotiating with the authority. The FCA is well resourced, it carries when it comes to tackling We will have to see how popular out what are often lengthy investigations UWOs become with the authorities. But and has penalised some of the biggest international corruption and a skilled lawyer may be able to have an financial institutions with heavy fines. In bringing civil recovery action order discharged if the authority has not 2015, Barclays was fined £284m for forex to recover the proceeds of followed the application procedure manipulation while Deutsche Bank was properly. Such outcomes are common ordered to pay £227m the same year for crime. regarding search warrants and manipulating Libor and Euribor. The production orders. It could well be the FCA can fine, prosecute or impose same when it comes to challenging restrictions on those it investigates. many cases, lead to more lenient UWOs; regardless of which authority is While it does not have the Section 2 treatment than if an investigating agency seeking one. powers that the SFO can use, the FCA can: had discovered the illegal activity for Such challenges to procedure are itself. defence options when any authority l withdraw a firm’s authorisation; Speaking from experience, it must be begins an investigation. Checking l prohibit individuals from carrying on remembered that an investigating agency procedures have been followed when regulated activities and suspend firms can be challenged at all stages of an warrants and orders are obtained, when and individuals from undertaking investigation over the reliability of a raid is carried out and when material is regulated activities; information and material that it plans to seized can uncover mistakes by the l fine firms and individuals who breach use as evidence. Section 21 of the Police investigating authority. Challenges can its rules, commit market abuse or and Criminal Evidence Act (‘PACE’) also be made at any time to the breach competition laws;

30 Trade Security Journal Issue 8 BUSINESS CRIME

l apply to the courts for injunctions, has many responsibilities, including drug corrupt overseas officials, bribery around restitution orders, winding-up and and human trafficking, missing persons the world that has links to UK companies other insolvency orders; and organised crime, to name just a few. and cross-border bribery that has a UK l bring criminal prosecutions to tackle But when it comes to business crime, it is link. The ICU also helps foreign law financial crime, such as insider the major investigating agency for money enforcement agencies with international dealing, unauthorised business and laundering and the leading UK authority corruption investigations. false claims to be FCA-authorised. on economic crime that crosses borders. While the ICU is supported by the Its role means that it works closely Department for International With such a range of powers, it is with the SFO and is the main point of Development and is seen as part of the essential that anyone investigated by it contact for foreign and international law battle against corruption-related poverty, seeks appropriate legal representation. enforcement agencies. The NCA also its remit is not limited to developing receives and acts upon suspicious activity countries. national Crime agency reports (‘SARs’) filed by banks and But it uses many of the same In February this year, the National Crime financial institutions. procedures as the other agencies Agency (‘NCA’) became the first agency As an authority, it has a global reach. mentioned here. It is, therefore, an to issue UWOs (two, investigating assets Its International Corruption Unit (‘ICU’), organisation that has many powers – but totalling £22m belonging to a politically formed three years ago, investigates is not an organisation that cannot be exposed person or ‘PEP’). This, arguably, money laundering in the UK involving challenged. n can be seen as an indicator of its willingness to use all options available to it. The NCA is the UK’s most prominent Aziz Rahman is the senior partner of Rahman Ravelli, a UK law organisation when it comes to tackling firm specialising in the fields of business crime, including international corruption and bringing serious fraud and commercial fraud, regulatory matters, civil recovery action to recover the commercial litigation and serious crime. proceeds of crime. Created in 2013 to [email protected] replace the Serious Organised Crime Agency (‘SOCA’), the NCA has powers of arrest, prosecution and civil recovery. It

trade security? let’s talk. /ŶƚĞƌŶĂƟŽŶĂůƚƌĂĚĞƐĞĐƵƌŝƚLJŝŶǀŽůǀĞƐŝƐƐƵĞƐďŽƚŚŽůĚĂŶĚŶĞǁ͕ŝƐƐƵĞƐƚŚĂƚƌŽǁĞůůΘDŽƌŝŶŐĂĚǀŝƐĞƐŐůŽďĂů       ĐŽŵƉĂŶŝĞƐŽŶĞǀĞƌLJĚĂLJ͘^ƵƉƉůLJĐŚĂŝŶƐĞĐƵƌŝƚLJ͕ĚŝƐƚƌŝďƵƚĞĚůĞĚŐĞƌƚĞĐŚŶŽůŽŐLJ͕ĐŽŶŇŝĐƚŵŝŶĞƌĂůƐ͕^Z͕ƐƵƉƉůLJ             ĐŚĂŝŶĂƵĚŝƚƐĂŶĚĂƵƚŽŵĂƟŽŶ͕ĂŶĚŐůŽďĂůĐŽŵƉůŝĂŶĐĞƐƚƌĂƚĞŐŝĞƐ͘^ĂŶĐƟŽŶƐĐŽŵƉůŝĂŶĐĞ͕ĂŶƟͲĐŽƌƌƵƉƟŽŶ͕      ŐůŽďĂůƐŽůƵƟŽŶƐ͕ŝŶǀĞƐƚŵĞŶƚƌĞŐƵůĂƟŽŶ;&/h^Ϳ͕ĂŶĚD>ĐŽŵƉůŝĂŶĐĞ͘ƌŽǁĞůůůĂǁLJĞƌƐĂŶĚƉƌŽĨĞƐƐŝŽŶĂůƐ   ĂƌĞůĞĂĚĞƌƐŝŶĚĞǀĞůŽƉŝŶŐƐƚƌĂƚĞŐŝĞƐ͕ĞƐƉĞĐŝĂůůLJŝŶĚŝƐƌƵƉƟǀĞĂŶĚƚƵƌďƵůĞŶƚƟŵĞƐ͘dŚĞƚĞĂŵƉƌŽǀŝĚĞƐ   ƐŵĂƌƚƐŽůƵƟŽŶƐĨŽƌĐůŝĞŶƚƐďLJĚĞǀĞůŽƉŝŶŐƚĂŝůŽƌĞĚĐŽŵƉůŝĂŶĐĞƉƌŽŐƌĂŵƐ͕ĐŽŶĚƵĐƟŶŐĐŽŵƉůĞdžŝŶƚĞƌŶĂů    ŝŶǀĞƐƟŐĂƟŽŶƐ͕ƉƌŽǀŝĚŝŶŐŐƵŝĚĂŶĐĞŽŶĞƚŚŝĐĂůƐŽƵƌĐŝŶŐĂŶĚĂŶƟͲŝůůŝĐŝƚĮŶĂŶĐŝŶŐ͕ĐŽƵŶƐĞůŝŶŐŽŶĂǀŽŝĚŝŶŐĂŶĚ   ŵĂŶĂŐŝŶŐƌĞƉƵƚĂƟŽŶĂůƌŝƐŬ͕ĂŶĚĂĚǀŝƐŝŶŐŽŶĞŶĨŽƌĐĞŵĞŶƚƉƌŽĐĞĞĚŝŶŐƐ͕ƚŽŶĂŵĞĂĨĞǁ͘dŚĞƌŽǁĞůůΘDŽƌŝŶŐ  ƚĞĂŵŚĂƐďĞĞŶƌĞĐŽŐŶŝnjĞĚďLJ   Chambers USA͕ Chambers Global͕ Legal 500͕ĂŶĚ  Best Lawyers͘

CROWELL.COM/INTERNATIONAL-TRADE

31 Trade Security Journal Issue 8 NATIONAL SECURITY

Mergers and takeovers: UK strengthens national security scrutiny

The UK and European Union are moving towards far tighter controls on foreign direct investments into sensitive industries, writes Richard Tauwhare.

he UK government has widened 2002 that came into force on 11 June.3 The The UK government estimates that the circumstances in which it may government may now intervene in a these changes will result in up to 29 T block mergers and takeovers of transaction if it believes that the merger additional transactions per year coming businesses in the military, dual-use, may raise national security concerns and into scope for potential intervention, but computing hardware and quantum the target business: with only between one and six per year technology sectors. Further posing a sufficient concern to justify the strengthening of the UK rules is expected a) has an existing 25% or greater share of issue of a public interest intervention later this year. In parallel, work is supply of relevant goods and services notice by the Secretary of State. This may moving forward in the EU on a new in the UK (the previous threshold, lead to the merger proceeding, Regulation to increase co-operation that a transaction had to result in the potentially on the basis of undertakings between Member States and to expand merging parties’ share of supply given by the parties, or to orders to the role of the Commission in reviewing increasing to 25% or more, will remedy, mitigate or prevent any adverse sensitive foreign investment. continue to apply); and effects to the public interest or (in Foreign direct investment is b) has a UK turnover of £1 million or extremis) to block the merger altogether. increasingly seen as a potential threat to over (the previous threshold was The UK government does not national security. While the US is £70 million) and is involved in: anticipate that transactions affected by developing measures1 to strengthen s export controlled items, specifically, these changes will raise other public scrutiny of foreign (particularly Chinese) the development or production of, interest or competition-related concerns investment, the UK and the EU are or the holding of technology and the changes do not require taking similar – albeit less radical – steps. concerning, military or dual-use businesses to take any direct action, since items (not all items subject to export the UK retains a voluntary notification united Kingdom controls are covered – those on the mergers system for both competition and The issues in the UK have been in the EU Human Rights List or subject to public interest considerations. If headlines following the offer from a US temporary export controls are businesses consider that a transaction excluded); may raise national security concerns, If businesses consider that a s computer hardware, specifically, the they are encouraged to contact the ownership, creation or supply of relevant department as early as possible transaction may raise intellectual property relating to the before the transaction concludes. national security concerns, functional capability of: computer Further measures will be announced they are encouraged to processing units, the instruction set architecture for contact the relevant such units and computer code department as early as that provides low level control for such units; and the design, possible before the maintenance or provision of transaction concludes. support for the secure provisioning or management of ‘roots of trust’ of computer company, EchoStar, for the UK’s largest processing units and satellite company, Inmarsat. This comes computer code that provides on the heels of the takeover of UK low level control for such engineer GKN by the Melrose of the US, units; and of the UK’s chip designer, Arm, by s quantum technology, Japan’s SoftBank. Each raised specifically: research, fundamental questions over how far the development or production of UK’s ‘strategic assets’ should be in goods or supply of service foreign hands. involving: quantum Following consultations in 2017,2 the computing or simulation; UK government concluded that quantum imaging, sensing, measures to manage the national security timing or navigation; risks of mergers and takeovers should be quantum communications; or strengthened. As an initial step, it made quantum resistant two amendments to the Enterprise Act cryptography.

32 Trade Security Journal Issue 8 NATIONAL SECURITY

in a White Paper later this year. On the programmes with a significant share of basis of the earlier consultations, these EU funding, critical infrastructure or Links and notes might involve expanding the scope of sensitive technologies) may be affected, 1 https://www.dechert.com/knowledge/onpoint/2018/5/t he-coming-storm--cfius-reform-and-considerations- scrutiny to a broader range of although decisions would ultimately for-private-eq.html?utm_source=vuture&utm_medium transactions and/or introducing a remain for Member States to take. =email&utm_campaign=onpoint mandatory notification regime for The Council (EU Member States) has 2 https://info.dechert.com/10/9730/december-2017/eu- and-uk-foreign-investment-and-national-security-(1).a foreign investment in critical also decided on its position and will start sp?sid=0ee47f27-6b06-420b-8428-428221789d36 infrastructure or technologies. But the negotiations with the Parliament with a 3 https://www.gov.uk/government/publications/enterpris government’s intentions remain to be view to agreeing on the new Regulation e-act-2002-guidance-on-changes-to-the-turnover-and- share-of-supply-tests-for-mergers made clear. by early next year. 4 https://ec.europa.eu/info/law/better- The new UK provisions do not impose regulation/initiatives/com-2017-487_en European union any legal obligation on any business, The changes in the UK do not affect the therefore they need take no immediate European Commission’s existing powers action as a direct consequence of the security-related concerns. For mergers under the EU Merger Regulation. amendments coming into force. But brought into scope of government However, work is moving forwards in companies and investors should intervention as a result of the Brussels on the Commission’s proposal nonetheless familiarise themselves with amendments, parties may wish to for a new Regulation4 establishing a the implications of the amendments so as voluntarily notify the government as they framework for screening of foreign direct to be well placed ahead of any future are currently able to do for mergers investments into the EU. relevant merger that might raise national which already qualify for intervention. n The International Trade Committee of the European Parliament last month voted to adopt a strengthened version of Richard Tauwhare, a former UK diplomat, is a senior director in the Commission’s proposals that would the London office of international law firm, Dechert. He has increase cooperation between Member extensive experience in UK, EU and U.S. export controls and States in conducting assessments of sanctions. foreign direct investments and provide [email protected] for the Commission to issue a non- binding opinion if another Member State’s or ‘Union interests’ (i.e.,

Above board

Successfully mastering the regulatory and ethical challenges of DOINGBUSINESSINTERNATIONALLYREQUIRESASPECIALISTLAWlRMWITH multi-jurisdictional expertise and global reach.

Our combination of deep legal and practical government and REGULATOREXPERIENCE WITHOFlCESACROSSTHE5NITED3TATES  Europe, Asia and the Middle East, enables us to provide tailored, commercially focused legal, strategic and public affairs advice on the full range of international trade-related compliance and regulatory issues you might face. dechert.com D

33 Trade Security Journal Issue 8 AML

Civil forfeiture orders in Jersey

New legislation in Jersey, the Draft Forfeiture of Assets (Civil Proceedings) Jersey Law 201, is a ‘paradigm shift’ in the regulatory approach to tackling anti-money laundering, write Nicola Roberts and Leon Hurd.

ONEYVAL’s1 inspection of Jersey’s AML regime in 2015 and M its subsequent report, issued in May 2016, has focused the minds of Jersey legislators and regulators to actively prosecute more financial crime and in particular to introduce a non- conviction-based confiscation regime to apply in parallel with the conviction- based system. The Draft Forfeiture of Assets (Civil Proceedings) Jersey Law 201 (‘the Draft Law’) is a paradigm shift in regulatory approach to achieve the objectives set by MONEYVAL. The Draft Law replaces and extends the current Proceeds of Crime (Cash Seizure) (Jersey) Law 2008 (the Cash Seizure Law) and applies to both cash and property held in bank accounts. overview of the draft Law The Draft Law broadly provides for three investigative powers to the Attorney 3. the extent or whereabouts of such procedural tracks by which civil General or an authorised officer acting property. forfeiture might be sought by: with the Attorney General’s consent, for use in respect of such investigations. The investigative powers that may be 1. preserving the existing procedure for A civil forfeiture investigation sought in connection with a civil tainted cash under the Cash Seizure extends to both proceedings under the forfeiture investigation are wide and Law; Draft Law and also non-conviction-based include production orders and disclosure 2. creating a procedure for the forfeiture orders. of property in bank accounts which have been subject to a ‘No Consent’ by The investigative powers that of particular note for banks... the relevant police authority for 12 may be sought in connection months. with a civil forfeiture Forfeiture 3. creating a procedure for the forfeiture Banks should be alive to the newly of property in bank accounts which is investigation are wide and introduced forfeiture of tainted property suspected to be proceeds of unlawful include production orders and regime which provides the Attorney conduct or intended to be used for General with the ability to issue a notice such conduct. disclosure orders. upon the holder of an account held at a bank in Jersey. The procedure for the Running in parallel to the three proceedings being brought (i) under forfeiture of tainted property differs procedural tracks is the introduction of legislation in force in any country or depending upon whether a consent the concept of a ‘civil forfeiture territory other than Jersey, (ii) relating to request has been made in relation to the investigation’ and the grant of the forfeiture of property in Jersey, (iii) account in question and may give rise to by a court of that country or territory. orders either under (i) the summary The investigation must be in relation to forfeiture procedure; or (ii) a property Links and notes one or all of the following matters: restraint order: 1 The Committee of Experts on the Evaluation of Anti- Money Laundering Measures and the Financing of 1. the question of whether any property l Summary forfeiture procedure: If a Terrorism – MONEYVAL is a permanent monitoring is tainted property; consent request has been filed, then body of the Council of Europe entrusted with the task of assessing compliance with the principal 2. the identity, or suspected unlawful notice shall be served by the Attorney international standards to counter money laundering and the financing of terrorism and the effectiveness conduct, of any person who holds General and on the holder of the bank of their implementation, as well as with the task of property which is suspected of being account in Jersey. If the account making recommendations to national authorities in respect of necessary improvements to their systems. tainted property, or to whom such holder fails to attend the court hearing property belongs; and required by the notice, their property

34 Trade Security Journal Issue 8 AML

may be forfeited without the monitoring order shall be guilty of an required to provide the customer individual receiving any further offence and liable to imprisonment for information: notice. a term of 6 months and to a fine, but it shall be a defence for a person charged (a) in such manner and within such l Property restraint orders: If a consent with an offence under this Article to time as the order may specify; and request has not been filed but where prove that (b) notwithstanding any obligation as to the Attorney General has reasonable secrecy or other restriction upon the ground to believe that property held (a) the information sought was not in disclosure of information imposed by in any bank account is tainted the person’s possession; or any enactment or contract or property, the Attorney General may (b) it was not reasonably practicable for otherwise. apply for a restraint order which the person to comply with the order. prohibits the withdrawal, transfer or In a similar vein to account payment out of the bank account of monitoring orders, banks and their the property or part of the property The Draft Law provides a employees must be vigilant of the specified in the application. consequences of failing to comply with a broad and powerful tool to customer information order, Article 23(6) Property which is specified property financial crime investigators of the Draft Law states: in a restraint order is to be vested in the Viscount from the date specified in the and prosecutors in Jersey. A person failing to comply with a order and from then on the Viscount shall requirement imposed by a customer take possession of and, in accordance It is also likely that banks will be information order shall be guilty of an with directions from the court, manage or impacted by the introduction of customer offence and liable to imprisonment for deal with, that property. If it can be information orders under the Draft Law. a term of 6 months and to a fine, but it proven that any action taken by the ‘Customer information’ is broadly shall be a defence for a person charged Viscount or the Attorney General in defined and includes: with an offence under this Article to respect of property, the subject of a prove that property restraint order, was taken in bad l information as to whether a business faith, the person to which the property relationship exists or has existed (a) the customer information was not belongs to may make an application to between a bank and a particular in the person’s possession; or the Court for compensation. person; (b) it was not reasonably practicable for l a customer’s the person to comply with the order. Investigation (i) account number, The Draft Law introduces the ability for (ii) full name, Conclusion the Attorney General or an authorised (iii) date of birth, The Draft Law provides a broad and officer acting with the Attorney General’s (iv) address or former address; powerful tool to financial crime consent to obtain orders to require banks l the date on which a business investigators and prosecutors in Jersey. to undertake account monitoring and relationship between a bank and a Given the breadth of the investigatory provide customer information in the customer begins or ends; tools and, of course, the scope for a course of a civil forfeiture investigation. l any evidence of a customer’s identity summary forfeiture procedure, it is very The account monitoring orders that obtained by a bank in pursuance of or likely that upon its coming into force the can be applied for under the Draft Law for the purposes of any legislation Draft Law will be a regularly utilised are broad in scope, with Article 23(6) of relating to money laundering; piece of legislation. Banks should the Draft Law setting out that the l any evidence otherwise within the certainly take note of the direct impact specified bank must knowledge of a bank as to the source that the Draft Law may have on their of any of a customer’s funds held by businesses and will need to start thinking (a) for the period specified in the order; that bank; about the introduction of relevant (b) in the manner so specified; and l the identity of any person sharing an systems, policies and procedures in order (c) at or by a time so specified and at a account with a customer. to ensure that they can readily comply place so specified, with any of the civil forfeiture Pursuant to a successfully obtained investigation orders that may be made provide information of the specified customer information order, the bank is against them. n description to a police officer named in the order. Nicola Roberts is counsel in Ogier’s Jersey Banks and their employees will also Dispute Resolution team where Leon Hurd is a need to be vigilant of the consequences of senior associate. failing to comply with an account [email protected] monitoring order, Article 23(7) of the Draft Law clarifies that [email protected]

A person failing to comply with a requirement imposed by an account

35 Trade Security Journal Issue 8 ANTI CORRUPTION

Italy’s new Anti-Mafia Code

New legislation in Italy seeks to put Mafia-related crime on the same footing as corruption, writes Francesco Clementucci.

ast year, the Italian Parliament to that corporation are now liable to be businesses may also apply to the passed a new Anti-Mafia Code – seized. Responsibility for undertaking activities of persons L Law No. 161 of 2017 (‘the Code’), the seizure has been transferred from the effective from 19 November – which sets ranks of the judicial officers (magistrati), (a) affected by a measure limiting the use out to put corruption and Mafia-related to the judicial police (Polizia Giudiziaria). of assets (short of seizure) or crime on the same footing. It does this by If the subject of the seizure is real (b)who are still subject to criminal providing for: estate which has no deed of title (but is proceedings for specific mafia occupied), a judge can order its offences or for serious crimes against l More effective seizure procedures; evacuation. Seized real estate may, the public administration. l Greater transparency in enforcement among other things, be leased to police actions against nepotism; and forces or armed forces and firefighters. The law doubles the duration for l Creating more opportunities to which judicial administration of mafia- intervene in the activities of Seizure strengthened infiltrated companies can be imposed companies infiltrated by organised The new Code states that if goods have and includes the possibility of extension crime. been bought legitimately, but the funds for a period of up to two years. Upon used to buy them resulted from tax expiration, it can be revoked and The Code also increases the number evasion, they can be seized. converted into judicial control. The of targets who may be subject to personal The court may also order judicial curator (administrator) exercises and asset-prevention measures. From administrative and judicial control as an all the powers that belong to the now on, these will include those who are alternative to seizure. The scope of owners/holders. suspected of terrorism or of assisting the seizure and alternative measures has perpetrators of a criminal offence, as well been extended, and seizure is now Transparency in assignment of as those who are suspected of having compulsory where a person launders the court-appointed directors committed serious crimes such as proceeds of a crime they themselves have Administrators of confiscated companies embezzlement, corruption, corruption of committed. must be selected from among the judicial acts, bribery and undue members of a roster of business inducement to give or promise benefits Where a corporate entity management experts. If the management against the public administration. commits a crime covered by of a seized asset is particularly complex, The Code also includes measures the court may appoint more judicial intended to prevent those suspected of the Code, assets related to directors. Where the seizure involves a harassment (e.g., witness intimidation) that corporation are now company of particular socio-economic from continuing with such actions. significance (for example, a utility), the The measures are further enhanced by liable to be seized. minister may appoint experts from the creation of specialised, local within the ministry, or from the inward prosecution authorities, focusing solely It also applies in the case of amnesty, investment agency, Invitalia SpA. In on anti-mafia and anti-terrorism matters. statutory limitation, or death of the neither case will the appointment be In addition, coordination between victim(s). If the seized property has been remunerated. different agencies is better defined, and devoted to use in the public interest such agencies will also have access to the when the seizure is revoked, the Prohibition of nepotistic appointments ‘SID’, the Data Streaming Interchange1 restitution of the property can be made Co-adjudicators, direct co-workers, system of the Italian revenue agency effective through the payment of a sum spouses, parents, relatives, or those (Agenzia delle Entrata). equivalent in value to the asset. living in the same household or regular More precisely, the new features associates of magistrates cannot be introduced by the Code include: Infiltrated business control appointed by them to be administrators A new set of rules for corporate law of seized companies. More effective seizure enforcement has been created to address Where a corporate entity commits a situations where there is a real risk of Certainty of duration for seized crime covered by the Code, assets related mafia infiltration impacting a company’s companies to recover legality activity. Within three months of his or her Companies which have challenged appointment, the court administrator Links and notes the imposition of anti-mafia measures must present a report outlining the

1 The SID (Data Stream Interchange System) is may seek judicial review, which, if concrete chances of the company’s dedicated to the automated exchange of data granted, suspends the measures that continued survival, attaching a plan and between administrations, companies, entities and individual companies, in compliance with a specific have been taken for between one and listing creditors and employees. If the set of rules. three years. administrator fails to provide such a Judicial administration of goods and report, the enterprise will be

36 Trade Security Journal Issue 8 ANTI CORRUPTION

liquidated/cease trading with immediate effect. The national agency for the administration of seized and Confiscated assets (‘anbsC’) Financial support for qualifying confiscated companies The ANBSC was first established by Decree No. 4 of 4 February 2010, then passed Seized companies have recourse to the into law, with amendments, by Law No. 50 of 31 March 2010, and implemented by Guarantee Fund (up to three million Legislative Decree No. 159 of 6 September 2011. As a legal body, it is placed under euros per year) and the Sustainable the supervision of the Minister of the Interior but granted organisational and Growth Fund (up to seven million euros accounting autonomy. per year) established by the 2016 Stability Its mission is to provide for the administration of assets seized and confiscated from the mafia. In close cooperation with judicial authorities, the ANBSC also Law to promote continued trading. supports the restitution of confiscated assets to the community and promotes their The government must also identify reuse for social purposes. other measures in support of To date, the ANBSC has confiscated some 15,764 real estate assets. The employment; for example, establishing province with the highest number of confiscations (5,138) is Sicily, while Trentino- permanent provincial associations within Alto Adige, (Sudtirol) comes in lowest, with just two registered confiscations. the local administrative district to include In 2017, 2,411 properties and seven companies were seized and placed under representatives of the authorities, the management of the ANBSC. employers and workers’ associations. An interactive visualisation of the seized assets by region, province and In addition, the government is municipality is available at: obligated to provide free technical https://openregio.it/statistiche/visualizza/beni_destinati/immobili support to businesses operating within ANBSC is headquartered in Rome, and has secondary offices in Reggio Calabria, the relevant sector, who, having Palermo, Milan and Naples. Its current Director is Ennio Mario Sodano. The Director completed one year’s collaboration with is assisted by an office which provides operational support to the agency’s activities. the confiscated business, acquire pre- emptive rights in the event of the Contact:+39 06-68410001 company’s sale or lease. [email protected] [email protected] Third parties acting in good faith enjoy better protection Any information useful for the identification of illegal conduct must be sent using The new Code guarantees the rights of a form provided on the ANBSC website to [email protected] Any queries concerning the ANBSC’s commitment to transparency must be sent third parties resulting from acts in good to [email protected] faith prior to the seizure. The court administrator is authorised to make immediate payment to ‘strategic creditors’ in the interests of business Restyling and strengthening the and make proposals. The Agency has continuity. National Agency for the jurisdiction over both preventive and The protection of third-party creditors Administration of Seized and criminal prosecutions. Its newly- is further regulated – the Code includes Confiscated Assets (‘ANBSC’) redefined role now extends to stronger provisions pertaining to applications for The existing Agency for the evidence-collection and enhanced credit and audit hearings, as well as for Administration of Seized and confiscation powers, including the power the potential sale of confiscated assets to Confiscated Assets (‘ANBSC’, see box) to temporarily re-assign assets and satisfy eligible creditors. The list of has been subject to some reorganisation companies. creditors eligible to attend any audit and its tasks redefined, but it remains Also enhanced is its role in assisting hearing must include all those possessing under the umbrella of the Ministry of the the judicial authority in the management a right of enjoyment or special guarantee Interior. The new Code stipulates that the of the assets until their seizure, which (e.g., the tenants of confiscated property). director of the ANBSC is to chair a new extends to the allocation of properties Any party possessing an option on or Advisory Counseling Committee, a new and companies directly to local right to the confiscated property can internal body that will deliver opinions authorities and associations. n intervene in the asset safeguarding procedure. Francesco Clementucci, an Italian lawyer, is a consultant and Reporting collusive banks advisor to public and private organisations on anti-corruption The conditions under which mortgagees and governance matters. of confiscated goods are able to claim what they are owed have been tightened. http://anticorruptionexperts.com/francesco-clementucci/ If a bank with a credit claim is not recognised [as being] in good faith, the Italian Central Bank must be notified of any rejection of claim.

Trade security Journal welcomes your news. Contact [email protected]

37 Trade Security Journal Issue 8 NATIONAL SECURITY

Canada’s use of its national security power

Canadian government intervention in foreign investment transactions is rare and the recent decision by the government to block the acquisition of construction company Aecon by a Chinese investor should not be taken as any sign of change in policy, write Dr. A. Neil Campbell, Joshua Chad, Stephen Wortley and Richard Mahoney.

he government of Canada’s decision to reject the proposed T acquisition of Aecon, a major Canadian construction services firm, by China Communications Construction Company International Holding Limited. (‘CCCI’), while significant, does not reflect a broader protectionist orientation or a retreat from Canada’s general openness to foreign investment and trade. In our view, there are three main conclusions to be drawn from the government’s decisions in recent years under the Investment Canada Act (‘ICA’). First, intervention in foreign investment transactions is exceedingly rare – each case stands on its own with the government doing a careful case-by- case review of transactions which raise approval upon ‘mitigation measures’, Minister of Innovation, Science and national security issues. prohibit a proposed transaction or order Economic Development, Navdeep Bains, Second, there is no indication that the a divestiture in respect of a completed stated that: ‘As is always the case, we Canadian process is being applied in a transaction.2 listened to the advice of our national protectionist or political manner. security agencies throughout the multi- Finally, parties seeking to undertake The aecon decision step national security review process foreign investment transactions need to The Aecon transaction was announced in under the Investment Canada Act. Based develop comprehensive legal and October 2017 and was followed by on their findings, in order to protect government relations assessments and considerable media coverage regarding national security, we ordered CCCI not strategies to deal with the possibility of potential national security issues in to implement the proposed investment. reviews under the ICA, but there is no relation to Aecon’s work involving Our government is open to international reason to regard Canada as riskier than nuclear power facilities, hydroelectric investment that creates jobs and other jurisdictions which have the power facilities, oil and gas facilities and increases prosperity, but not at the to conduct national security reviews. pipelines, transportation projects, expense of national security.4 telecom infrastructure, military housing ‘I’m confident that we'll continue to The national security framework and training facilities, and mining work together. We want to pursue strong Canada was a relative latecomer to projects. In guidelines that were released economic ties with China and we’ll national security review of foreign in late 2016 (described in more detail investments; the government was not below), the impact of a foreign Canada was a relative given such powers until 2009. The ICA investment on ‘critical infrastructure’ is allows the government to initiate identified as a factor that the government latecomer to national national security reviews within 45 days may consider when analysing national security review of foreign of becoming aware of any type of full or security issues. Ten critical infrastructure partial acquisition of a Canadian segments have been identified, including investments; the government business or an investment in Canada by the energy and utilities, transportation, was not given such powers a foreign company, individual or and information and communication government.1 A multi-step process technology sectors in which Aecon is until 2009. allows information to be gathered from active.3 Canada’s security agencies and other As is usual in national security continue to engage them on a range of government departments, as well as reviews, detailed reasons for decisions files.... We’re also very clear that we're from the parties. At the conclusion of the are not published, primarily due to open for trade, we’re open for review, the federal cabinet may approve confidentiality restrictions and national investment, but not at the expense of a transaction unconditionally, condition security sensitivities. However, the national security.’5

38 Trade Security Journal Issue 8 NATIONAL SECURITY

The government’s track record Since taking office in the fall of 2015, the China hong Kong Total Trudeau government has continued to Net Benefit pursue bilateral and multilateral trade Review and Approval 45 9 and investment agreements to diversify Canada’s economic base. Most notably, Notification – Acquisition 31 16 47 the Comprehensive Economic and Trade Notification – New Business 12 14 26 Agreement with the European Union (‘CETA’) and the proposed Total 47 35 82 Comprehensive and Progressive Agreement for Trans-Pacific Partnership (‘CPTPP’), which has been tweaked after the United States’ decision not to Chinese acquisitions, including by review or notification under the ICA (see participate, contain extensive provisions SOEs.14 table above).16 which protect and promote foreign With respect to China, Canada has All the net benefit reviews received investment.6 Canada’s CETA concessions had a bilateral investment treaty in place approval. Notably, the Trudeau included a massive increase of the review since 2014.15 Canada and China have also government considered whether to thresholds under the ICA to an acquiree been exploring the possibility of entering conduct a formal national security review enterprise value of C$1.5 billion.7 The into free trade negotiations, although of the Hytera/Norsat transaction and Trudeau government also unilaterally both have obviously been focusing much determined that this was not warranted.17 accelerated the phase-in of a higher more extensively on the uncertainty in It also settled the judicial review C$1 billion review threshold for investors their trading relationships with the US proceeding that was initiated by O-Net from other WTO countries almost two Communications in respect of the Harper years ahead of schedule.8 These changes Canada has continued to be government’s order that it divest its have significantly reduced the number of acquisition of ITF Technologies and then transactions that are subject to ‘net very open to inbound conducted a fresh review and approved benefit’ reviews under the ICA. In the investment from China, the transaction.18 year ended March 2018, there were only nine net benefit reviews,9 compared with including in sensitive sectors The national security review an average of 16 per year in the prior five that potentially may raise process years.10 Canada was criticised, with some CCCI is a state-owned enterprise national security issues. justification, for lack of clarity regarding (‘SOE’) for purposes of the ICA. The national security reviews between 2009 Trudeau government, like the over the past year and a half. Canada has and 2015. However, in its 2016 fall predecessor Harper government, has not continued to be very open to inbound economic statement, the Trudeau raised SOE thresholds other than through investment from China, including in government committed to publishing an annual inflation-related adjustment. sensitive sectors that potentially may guidelines on the types of investments The current threshold for WTO SOE raise national security issues. that are examined under national investors is an acquiree book value of Since the Trudeau government came security reviews. The Guidelines on the assets in Canada of C$398 million. The to power in late 2015, until March 2018 National Security Review of Investments Trudeau government continues to follow (the most recent month with available (the ‘Guidelines’) were issued on 19 the guidelines for investments by SOEs statistics), there have been 82 investments December 2016.19 The accompanying that were released in 2012.11 Of note, one from China and Hong Kong subject to announcement emphasised that the of Minister Bains’ first decisions under the ICA was approving the acquisition of control of the former Canadian Wheat Board (now G3 Canada Limited) by a Saudi Arabian SOE (the Saudi Agricultural and Livestock Investment Company).12 Canada is not alone in considering the possible national security implications of investments by SOEs. In the US, new legislation is being considered that, among other amendments, proposes to require CFIUS notifications to be filed in respect of any transaction in which a foreign government has a 25% interest in the investor making the acquisition.13 Similarly, the European Parliament is close to finalising a proposal that would broaden the powers of the European Commission to scrutinise foreign investments amid concerns about

39 Trade Security Journal Issue 8 NATIONAL SECURITY

Guidelines are designed to help attract investment into Canada and to ensure Links and notes 20 greater transparency. 1 Technically, at the 45 day mark, the government may https://www.bloomberg.com/news/articles/2017-11- The Guidelines set out a list of factors choose to commence a national security review or to 08/foreign-dealmakers-face-tougher-security-reviews-un that the government considers when inform an investor that it is considering initiating a der-u-s-bill national security review, which provides the government 14 Noah Barkin and Philip Blenkinsop, ‘With eye on China, EU determining whether to conduct a with an additional 45 days to determine whether a Parliament pushes tougher line on investments” national security review. national security review is warranted. (23/05/2018), Reuters. 2 A more detailed commentary on the national security https://www.reuters.com/article/us-eu-investments- Those factors include defence, critical framework is at https://mcmillan.ca/The-Investment- china/with-eye-on-china-eu-parliament-pushes-tougher-l infrastructure, the impact on the supply Canada-Act-2016-17-Annual-Report-Whats-New. ine-on-investments-idUSKCN1IO1D0 3 Public Safety Canada, ‘National Strategy for Critical 15 See: https://mcmillan.ca/Canada-China-investment- of critical goods and services to Infrastructure’ (2009) treaty-enters-into-force-after-30-month-wait. Canadians and the government of https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/srtg- 16 These data exclude investments related to cultural 21 crtcl-nfrstrctr/index-en.aspx. businesses. Canada, and intelligence capabilities. 4 Innovation, Science and Economic Development Canada, 17 Joanna Smith, ‘“Some Baloney” in PM’s Claim Hytera The inclusion of ‘critical infrastructure’ is ‘Minister Bains Statement on CCCI’s Proposed Acquisition went through National Security Review” (15 June 2017), consistent with the approach taken by of Aecon’ (23/05/2018) https://www.newswire.ca/news- CTV News. releases/minister-bains-statement-on-cccis-proposed-ac 18 CFIUS, which also treats critical quisition-of-aecon-683523931.html Steven Chase, ‘Liberal green light for Chinese takeover deal a turning point for Canada: experts’ (28 March 5 infrastructure as a key factor in national CBC, ‘Canada Still Wants to Work with China Despite 2017), The Globe and Mail. Blocked Aecon Takeover: Bains’ (05/24/2018). 22 19 security reviews. The Guidelines also https://www.cbc.ca/news/politics/bains-trade-china- Innovation, Science and Economic Development Canada, aecon-1.4676139 ‘Guidelines on the National Security Review of reflect the change in practice of Canada’s Investments’, guidelines document (19 December 2016). 6 For an in-depth discussion of these trade agreements, Investment Review Division to permit 20 see: https://mcmillan.ca/The-Comprehensive-and- Innovation, Science and Economic Development Canada, early consultations with the government Progressive-TPP-Countering-The-Pressures-for-Protection ‘Attracting global investments to develop world-class ism; https://mcmillan.ca/the-deal-is-done-Canada-EU- companies’, news release (19 December 2016). to discuss proposed transactions. The trade-deal-signed; 21 See: https://mcmillan.ca/Government-of-Canada- Guidelines indicate that the government https://mcmillan.ca/CETA-Carves-Out-More-than-just- Provides-Valuable-Guidance-on-National-Security-Review is receptive to, and in fact encourages, European-Cheese-and-Canadian-Beef -of-Foreign-Investment-in-Canada%23_ftn3 7 This threshold also became applicable to several other 22 US Department of the Treasury, ‘Guidance Concerning investors that are considering countries including the US pursuant to ‘most-favoured- the National Security Review Conducted by CFIUS’ (8 implementing proposed investments nation’ provisions in various trade agreements including December 2008), 73 Fed. Reg. 74567. NAFTA. 23 See paragraphs 8 and 10 of the Guidelines. with potential national security concerns 8 See: https://mcmillan.ca/2017-Canadian-Merger- 24 See Innovation, Science and Economic Development at to reach out to the Investment Review Notification-Threshold-Increases. 10 above. 9 Division at an early stage to allow for As calculated based on the Government of Canada’s 25 See: https://mcmillan.ca/The-Investment-Canada-Act- ‘Listing of Completed Applications for Review and 2016-17-Annual-Report-Whats-New constructive engagement with the Notifications’. https://www.ic.gc.ca/eic/site/ica- 26 From April 2012-March 2017 (5 fiscal years), 3 23 lic.nsf/eng/lk-30000.html government on any such concerns. transactions were blocked, 5 required divestitures, 4 had 10 The Trudeau government has also Innovation, Science and Economic Development Canada, conditions imposed, and 1 was abandoned. Technically, ‘Annual Report; 2016-2017’, Report (31 August 2017). the O-Net transaction discussed above that was blocked begun reporting on the results of These data exclude reviews of cultural businesses, which and then subsequently approved is counted twice, once national security reviews. The 2016-2017 are subject to very low thresholds. as a blocked transaction and once as approved with https://www.ic.gc.ca/eic/site/ica- conditions. lic.nsf/eng/h_lk81126.html annual report on the administration of 27 By comparison, under the CFIUS national security review 11 the Investment Canada Act (the ‘2017 Government of Canada, ‘Statement Regarding process in the United States, over the most recent 5 year Investment by Foreign State-Owned Enterprises’ period available (2011-2015), an average of 12 Annual Report’) provided the first (12/07/2012). https://www.ic.gc.ca/eic/site/ica- transactions per year were subject to remedies or were meaningful reporting on the use of the lic.nsf/eng/lk81147.html abandoned. CFIUS notices were withdrawn during the 24 12 Government of Canada, ‘Decisions — January 2016’ CFIUS review phase in 12 cases, an additional 49 were national security provisions. The report (Modified 22/02/2016). https://www.ic.gc.ca/eic/site/ica- withdrawn during the CFIUS investigation phase, and 1 noted that the most common factors that lic.nsf/eng/lk-31601.html transaction was subject to a Presidential Determination. have given rise to national security issues 13 David McLaughlin and Saleha Mohsin, ‘Foreign The Committee on Foreign Investment in the United Dealmakers Would Face Tougher Security Reviews Under States, ‘Annual Report to Congress; Report Period: CY in Canada were the potential for transfer U.S. Bill’ (2017-11-08), Bloomberg. 2015’ (2017-09), US Department of Treasury. of sensitive dual-use technology or know-how outside of Canada, the potential to negatively impact the supply of 673 ICA notifications per year during political manner. While thorough legal of critical services to Canadians or the this time.27 and government relations assessments government, and the potential to enable will be important in order to develop foreign surveillance or espionage.25 An Concluding observations approaches for dealing with the average of about 2.5 transactions per Canadian government intervention in possibility of regulatory reviews under year have been subject to a remedial foreign investment transactions is rare. the ICA, we do not consider Canada to be order or abandoned as a result of There does not appear to be any riskier than other jurisdictions which national security reviews.26 This indication that the Canadian process is have the power to conduct national represents less than 0.5% of the average being applied in a protectionist or security reviews. n

Dr. A. Neil Campbell is co-chair of the Competition and International Trade Law Group at Canadian law firm McMillan, where Joshua Chad is an associate and Stephen Wortley is co- chair of the China Practice Group. Richard Mahoney is managing director and chair of McMillan Vantage Public Policy Group. [email protected] [email protected] [email protected] [email protected]

40 Trade Security Journal Issue 8 Trade security Journal

TsJ Editorial board TsJ Contact details Barbara Linney, Miller & Chevalier, Washington, DC General enquiries, advertising enquiries, press releases, [email protected] subscriptions: [email protected] Richard Tauwhare, Dechert, London Editor, Tom Blass: [email protected] [email protected] tel +44 (0)7930405003 Roger Matthews, Dechert, London Publisher, Mark Cusick: [email protected] tel: +44 (0)7702289830 [email protected] Contributing reporter: Katharine Freeland Glen Kelley, Jacobson Burton Kelley PLLC, New York [email protected] Contributing reporter: Polly Botsford

Correspondence address: D.C. Houghton Ltd, Suite 17271, 20-22 Wenlock Road, London N1 7GU, England

Trade Security Journal is published by D.C. Houghton Ltd. *Single or multi-site: Do you have the correct subscription? A single-site subscription provides Trade Security Journal to employees of the subscribing organisation within one geographic location or office. A multi- © D.C. Houghton Ltd 2018. All rights reserved. Reproduction in whole or in site subscription provides Trade Security Journal to employees of the part of any text, photograph, or illustration without express written subscribing organisation within more than one geographic location or permission of the publisher is strictly prohibited. office. Please note: both subscription options provide multiple copies of ISSN 2514-2453. Refer to this issue as: Trade Security Journal [008] Trade Security Journal for employees of the subscriber organisation (in one or more office as appropriate) but do not permit copying or distribution of D.C. Houghton Ltd is registered in England and Wales (registered number the publication to non-employees of the subscribing organisation without 7490482) with its registered office at 20-22 Wenlock Road, London, UK the permission of the publisher. For full subscription terms and conditions, visit http://www.tradesecurityjournal/terms-conditions

For further information or to change your subscription type, please contact Information in Trade Security Journal is not to be considered legal advice. Mark Cusick - [email protected] Opinions expressed within Trade Security Journal are not to be considered official expressions of the publisher. The publisher assumes no responsibility for errors and omissions appearing within. The publisher reserves the right to accept or reject all editorial and advertising matter. The publisher does not assume any liability for unsolicited manuscripts, photographs, or artwork.