Our monthly round up of news items relevant to AML regulated businesses.
Cyber Security

Data Breach
Around 90 organisations have reported breaches of personal information held by Capita after the outsourcing group suffered a cyber-attack. The company runs critical services for local councils, the military and the NHS and suffered the hack in March.
Capita’s systems are used to administer pension funds for several large firms, including the Royal Mail and Axa, which has huge coverage with millions of policyholders.
The Pensions Regulator (TPR) is reported to have written to over 300 pension funds to ask them to check whether data had been stolen by hackers.
NHS in breach of Data Protection
An investigation by The Observer has revealed that up to 20 NHS trusts have shared patients’ private medical information with Facebook through the Meta Pixel tracking tool on their websites.
Data was collected from individuals who accessed NHS webpages related to various topics such as HIV, gender identity services, self-harm, sexual health, children’s treatment, cancer and more.
20 NHS trusts were found to be utilising the Meta Pixel tracking tool on their websites, which gather browsing information and shared it with Facebook/Meta.
The trusts had previously promised that they do not collect the information, and thus breaches proper consent under Data Protection legislation.
Facebook uses the tool to tell them which pages people had visited, the buttons they clicked and the keywords they searched for. The data has the potential to be matched to the user’s IP address and in turn to their Facebook account details.
Due Diligence

Qatar criticised by FATF
The Financial Action Task Force has criticised Qatar for its inadequate response to crypto money laundering and terrorist financing. The subsequent report states that the country’s Financial Intelligence Unit (FIU) has a sophisticated analytical capability which is not being used to best effect.
It appears that Qatar has only secured a small number of terrorist financing convictions and prosecutions. This appears to be in direct conflict with their risk profile and overall capabilities.
Regulatory

Casino giant under scrutiny
Casino giant Crown is set to pay a $450 million penalty in Australia after it failed to comply with Anti-Money Laundering and Counter-Terrorism Financing laws. The company has acknowledged that it did not have an appropriate transaction monitoring program and higher risk customers were not subjected to enhanced due diligence.
The regulatory body AUSTRAC (Australian Transaction Reports and Analysis Centre) was keen to point out that the casino sector was at risk of exploitation by organised criminals seeking to clean their dirty money.