Health and safety Regulatory Compliance Internally generated and sanctioned

Health and safety Regulatory Compliance • Internally generated and sanctioned Rules & Advice: • Corporate governance policy, • Corporate Ethics policy. • Corporate Risk policy • Risk Appetite Statement • Corporate Sales policy • All corporate policies, procedures and guidelines. • Environmental and sustainability reporting Non-regulatory Compliance

10 Financial costs of non-compliance are significant and increasing ▪ Reuters report major banks are spending around USD1.3b a year on financial crime compliance ▪ The estimated costs of non-compliance is USD850b for the top 50 global banks since the 2008 financial crisis in the form of write-downs, trading losses, fines and higher compliance costs.

11 Some examples of compliance breaches from recent history Company Description Equifax Credit rating firm Equifax makes its profits from selling personal, often sensitive information to financial institutions and lenders. In 2017, it revealed that it had been at the center of one of the worst cyberattacks and data breaches in history, with the information of some 145 million people, about half of the U.S. population, compromised. Equifax was aware of the system flaw before the hack. CEO and senior executives sacked. Justice department investigating insider trading. Yahoo In 2017, Yahoo admitted that 3 billion user accounts had been breached during 2013-2014. Stolen were: names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and passwords. The breach affected the sale price of Yahoo to Verizon by USD 350m. Under new GDPR European rules their late disclosure would have attracted a fine of up to USD160m

12 Compliances breach examples (cont.) Company Description Volkswage n In 2015, the US Environmental Protection Agency issued a notice of violation of the Clean Air Act. The agency had found that Volkswagen had intentionally programmed turbocharged direct injection (TDI) diesel engines to activate their emissions controls only during laboratory emissions testing. 11 million cars were affected manufactured from 2009 to 2015. Volkswagen pleaded guilty to criminal charges in 2017. Immediately lost $20b in market capitalisation (1/3 of market value). Audi CEO Rupert Stadler was arrested in 2018. Senior R&D staff suspended. Volkswagen CEO resigned and charged with fraud and conspiracy in 2018. $18b spent on rectification and $2.8b in criminal fines. Wells Fargo 2016 – admitted to staff creating 2.1 million false accounts in order to meet excessive sales targets through cross-selling in response to top- down pressure. 2017 – admitted to 570k consumers charged for unneeded auto insurance + found an extra 1.4 million false accounts. Forced to repay $2.6m fees and $186m in fines with loss of CEO. Sacked 5,300 staff.

13 Compliances breach examples (cont.) Compan y Description Danske Bank Potentially the World’s largest money laundering scandal. In 2018 the Estonian branch of Danske Bank admitted that between 2007 and 2015, 9.5m payments were made through the branch by 15,000 non-