Global Corporate Crime and Investigations update – May 2025

The HSF Corporate Crime and Investigations team is pleased to present our latest global round-up. This six-monthly publication calls on lawyers from around the network to provide updates on significant new developments and enforcement trends in their jurisdictions. Where available, the updates link to underlying posts with more detail. As ever, please do not hesitate to contact the authors, or your local HSF contacts, if you wish to discuss any of the issues raised.

In this issue, we look at global efforts to strengthen enforcement mechanisms and promote cooperation in combatting financial crime. Topics include legislative developments (such as attempts to harmonise EU laws relating to the breach of sanctions and Australian AML/CTF reforms), as well as an examination of changing enforcement priorities (a focus on cross-border cooperation in the Middle East and the domestic and overseas impacts of the new US administration's enforcement approach). We also consider ways in which board members and senior executives may come under scrutiny when alleged corporate misconduct occurs, through the use of private prosecutions or an attempt to recoup corporate fines.

UK

The potential for stricter controls on private prosecutions

There are a number of recent developments that suggest an increasing judicial and political appetite to impose stricter controls on the ability of private individuals or companies to bring prosecutions in the UK. Whilst historically seen as an important part of the criminal justice system, these developments illustrate ongoing consideration of the potential risk of abuse.

• While acknowledging the role of private prosecutions as a safeguard in circumstances where public prosecutors fail to act, the Court in Whitehead v Westminster Magistrates' Court (2024) questioned the notion that private prosecutors are not subject to the same evidential and public interest requirements that apply to public prosecutors. This case also provides useful clarity on the test applicable to a private prosecutor seeking to issue a criminal summons in the UK.
• The judicial review case of R (Bates) v Highbury Corner Magistrates' Court (2025) successfully challenged the decision of the Magistrates' Court to issue a summons against the former Chief Financial Officer of Yell Group plc alleging a £1 billion fraud, and to transfer the case to the Crown Court. The High Court described the private prosecutor's application as “misconceived, vexatious and abusive” and said that "the summons should never have been issued". The Bates judgment highlights the risks posed by private prosecutions that are driven by such motives and emphasises the importance of the Magistrates' Court reviewing the summons to undertake a rigorous analysis of the legal and evidential basis for that application. For further information, please see our update on the Bates case (which the firm acted on).
• The Ministry of Justice launched a consultation in March 2025 proposing additional oversight and regulation of private prosecutors. The proposals include: a mandatory code of practice for private prosecutors, a system of accreditation of private prosecutors, and a requirement to consider whether a private prosecution is in the public interest. The scope of the consultation excludes individuals commencing private prosecutions on their own behalf. The Law Society's response of May 2025 is supportive of the proposals outlined in the consultation and the Government's aims to enhance safeguards in the private prosecutions sphere. A paper summarising the responses to the consultation is expected in Q3 2025.

EMEA

EU

Implementation of EU Directive criminalising breach of sanctions

Directive (EU) 2024/1226, of 24 April 2024 (the "Directive") aims to provide more effective, proportionate and dissuasive sanctions for violations of EU restrictive measures. Regardless of how the Directive is ultimately transposed in each Member State (the deadline for completion was 20 May 2025), at first glance it seems evident that it will foster the harmonisation of European criminal laws in relation to the reporting and addressing of activities which circumvent EU restrictive measures.

We have highlighted below the current approaches to implementation of the Directive across selected Member States.

• Spain. An existing bill (awaiting parliamentary approval) proposes amendments to the Criminal Code, including the following:
  • creation of a new offence covering activities such as breach and evasion of sanctions;
  • monetary sanctions for the above offence of up to 1% or 5% of entities' global turnover, as well as accessory penalties (such as the suspension or prohibition of its commercial activities, prohibition to receive public grants and, potentially, the dissolution of the company);
  • confiscation of funds or economic resources that have been frozen or should have been frozen in accordance with EU sanctions in cases where a crime has been committed to evade EU restrictive measures; and
  • the creation of a governing body for the enforcement of EU restrictive measures, which will also be responsible for cooperation and collaboration in the sanctions space.
• Italy. The Italian legal framework already includes provisions that establish criminal penalties for most relevant violations of EU restrictive measures. Specifically, Legislative Decree No. 221/2017 (the "Decree") provides for specific criminal penalties for a detailed list of violations set out in certain EU regulations. However, the Directive will require Italy to further adapt and harmonise its domestic legislation, in particular:
  • Parliament will probably extend criminal penalties to other sanctions violations not already covered by the Decree; and
  • extension of criminal liability to legal entities (i.e., corporations and other collective bodies); currently, under the Decree, only individuals can be held responsible for such violations.
• In Germany, recent legislative efforts under the former government to implement the Directive failed. On 7 May 2025, the new Federal Minister of Justice took office and will have to take up the issue again. Most of the offences laid down in the Directive are already penalised and classified as criminal offences. However, for the purposes of harmonisation across the EU, several additions and adjustments are still required. Based on the former government's draft law, these would include:
  • more comprehensive criminal penalties for sanctions infringements in the financial sector and for transaction bans;
  • upgrading of some administrative offences to criminal offences;
  • criminal liability for reckless violations of certain dual-use prohibitions; and
  • increased maximum fines for companies to up to 40 million euros.

Compensation from directors

In the event of violations of antitrust regulations or criminal laws, authorities regularly impose corporate fines in the hundreds of millions and above. However, even though in Germany – like in other countries – managing directors and board members are generally liable for damages incurred by the company in the event of breaches of duty, and although stock corporations are obliged to pursue promising recourse claims against board members, it remains unclear whether and to what extent companies can hold their managers liable for such corporate fines. To date, there have been opposing court rulings on this issue in Germany.

After the Higher Regional Court of Düsseldorf ruled in July 2023 that a managing director was not liable for a cartel fine imposed on a company, the appeal decision by the Federal Court of Justice (Bundesgerichtshof ("BGH")) is now eagerly awaited. However, in February 2025 the BGH initially referred the question to the ECJ for a preliminary ruling because the fine at issue was based on a price cartel prohibited by Article 101 TFEU. The BGH questions whether the purpose and effectiveness of an antitrust fine required under ECJ case law could be undermined if the company would be able to avoid the burden of the fine fully or partially by recourse to its manager.

In other jurisdictions, there is less doubt about individuals' liability for corporate fines:

• In Spain, directors are liable to the company and its shareholders for any harm caused to the company due to failure to fulfil the duties inherent in their position, including compliance with the law. On 11 November 2020, the Girona Provincial Court held the administrator of a company civilly liable for a fine in the amount of €800,000 imposed on the company by the Spanish independent competition regulator for breach of electrical sector regulations.
• In Italy, directors can be liable to the company for damages resulting from their wrongful acts or omissions, including compensation for fines imposed on the company for administrative or criminal offences resulting from a specific and personal breach of duty by the director, committed with intent or negligence. Articles 2392 (for joint-stock companies) and 2476 (for limited liability companies) of the Italian Civil Code require directors to perform their duties with appropriate diligence and hold them liable for breaches of statutory or bylaw-imposed duties that harm the company.

Companies may need to consider whether D&O insurance will cover these types of damages. Insurance policies typically exclude coverage for intentional misconduct, whereas reckless violations are usually covered.

Middle East

Developments across the Middle East relating to cross-border cooperation for combatting financial crimes.

In November 2024, during the Second Ministerial Meeting of Anti-Corruption Law Enforcement Agencies in the Organisation of Islamic Cooperation ("OIC") Member States, several states, including Qatar, Saudi Arabia and Iraq, signed the Makkah Al-Mukarramah Convention of the Member States of the OIC on Anti-Corruption Law Enforcement ("Makkah Convention"). The Makkah Convention promotes law enforcement cooperation, information sharing, technical assistance and training amongst member states.  It also includes a mechanism through which member states can make information and intelligence requests, which can only be refused under limited circumstances (e.g. national security concerns).

At a state level, Saudi Arabia's Oversight and Anti-Corruption Authority ("Nazaha") saw its powers expand through the passing of the Saudi Oversight and Anti-Corruption Authority (Nazaha) Law in August 2024, which aims to tackle financial crime within the Kingdom. Nazaha has entered into various memoranda of understanding ("MOUs") with its counterparts in other states, including Malaysia, South Korea, and Kazakhstan, in order to enhance cooperation and information exchange in combatting cross-border corruption.  As a result of the MOU between Nazaha and its Russian counterpart in 2023, Nazaha received a Saudi citizen from Russia who was internationally wanted for financial and administrative corruption.

The UAE has also sought to fortify bilateral cooperation with other states in combatting corruption. In 2025, the UAE Minister of State and the UAE Justice Minister met with their UK and French counterparts to reaffirm bilateral cooperation in law enforcement regarding cross-border financial crime, including corruption and money laundering. In March 2025, the UAE's Accountability Authority also signed an MOU with the Independent Commission Against Corruption of Hong Kong in order to exchange expertise and strengthen anti-corruption cooperation.

These measures demonstrate an attempt by Middle Eastern states to promote better cooperation between law enforcement agencies, with a view to strengthening their responses to financial crimes.

South Africa

No more Big Brother – the impact of the U.S. on corruption enforcement in Africa

For decades the spectre of the Foreign Corrupt Practices Act ("FCPA") has loomed large for multinational organisations doing business in Africa, with companies never knowing whether they or their counterparts may be exposed to the far-reaching jurisdiction of the Department of Justice ("DoJ") through the actions of their local operations or partners.

Very few African jurisdictions can claim to have a good track record of prosecuting foreign bribery; yet it is no secret that corruption (particularly of public officials) is endemic in Africa. Indeed, an analysis of the top ten FCPA enforcement actions will reveal that bribes paid in Africa feature prominently in those matters, and in most cases the guilty actors were not U.S.-headquartered companies. Multinational companies operating in Africa have historically been far more concerned about falling afoul of the FCPA and the DoJ than local African law enforcement agencies. 

On the rare occasions where there has been action by local African law enforcement agencies against a foreign multi-national, these instances oftentimes are as a result of collaborative investigations between the DoJ and local law enforcement. The DoJ's prosecution of the FCPA has unquestionably been the biggest deterrent against bribery in Africa and has had a positive impact in incentivising companies to be good corporate citizens.

With the current U.S. administration having taken the decision to pause and review the DoJ's enforcement of the FCPA, the implied message is that the U.S. no longer has the appetite to pursue corruption in places like Africa and to do the heavy lifting for law enforcement agencies in other jurisdictions. Given the historical trends and resource constraints of African law enforcement agencies, absent other countries like the UK, France or Germany stepping into the void in place of the U.S., corruption enforcement will undoubtedly decline. The impact of this will be significant for Africa as a continent and likely impact Africa's attractiveness as place to do business.

ASIA

China

Tightened Centralised Procurement Controls for Pharmaceuticals

In December 2024, China’s National Healthcare Security Administration ("NHSA") issued the Notice on Improving the Implementation Mechanism for Centralized Volume-based Pharmaceutical Procurement (关于完善医药集中带量采购和执行工作机制的通知) ("Notice").  The Notice established the first comprehensive implementation framework for China’s Centralized Drug Procurement program (集采) ("CDP"), a national bulk-purchasing model led by the NHSA that enables healthcare institutions across China to purchase pharmaceuticals at uniform prices negotiated through government-led tenders with manufacturers.

The Notice imposed enhanced controls on hospitals and disciplinary measures for healthcare professionals who prescribe non-procurement-listed drugs without valid justification. Following substantial public discussion of these measures, NHSA officials held a clarification press conference in January 2025, emphasising that the CDP aims to reduce corruption in the healthcare sector by eliminating "gray profits" in distribution channels and alleviating financial burdens on patients, without compromising pharmaceutical quality.

The NHSA established a Procurement Non-Compliance List (失信名单), implementing market access restrictions and credit rating downgrades on companies engaging in bid rigging, commercial bribery, quality violations, and other misconduct associated with the CDP. By the end of 2024, NHSA had listed 42 pharmaceutical companies, with over 50% of violations related to bribery. Bid rigging emerged as another major concern. In one notable case, six pharmaceutical companies that had colluded in the CDP process incurred government forfeitures totalling approximately RMB 266 million (~USD 37 million). Notably, the whistleblower in this case was the actual controller of one of the implicated companies.  In addition to fines against the companies, the government also launched criminal investigations against the individuals involved.

In January 2025, the Central Commission for Discipline Inspection (中纪委) designated combating healthcare sector corruption and medical insurance fraud as a key priority for the year, pledging to “punish corruption relentlessly.” Given this regulatory landscape, pharmaceutical companies operating in China should continue to maintain robust compliance programmes. While anti-bribery compliance remains crucial, companies should also enhance their procurement compliance controls, particularly as centralised procurement gains prominence in China's pharmaceutical market.

Japan

Enhanced transparency and accountability regarding political donations

Japan is implementing significant changes to its political donation regulations to enhance transparency and accountability. Corporations are already prohibited from donating to specific individuals or candidates, but donations to political parties are permitted. While foreign corporations are prohibited from donating to candidates and parties, subsidiaries incorporated in Japan function as domestic entities and can make political donations. 

Political parties typically raise funds by hosting dinner events.  From 1 January 2026, corporations must pay for fundraiser tickets via bank transfer, with all payment records retained. Cash payments will be largely prohibited. From 1 January 2027, the threshold for disclosing corporate donations or ticket purchases will be lowered from JPY 200,000 (approx. USD 1,386) to JPY 50,000 (approx. USD 347). Political parties must disclose donations above the threshold, and a publicly searchable online database of all donations will be created. A monitoring organisation will also be established, though its functions are still being defined.

Importantly, there are no restrictions on third-party entities/voluntary associations holding fundraisers and then donating the raised funds to political parties.  Although these donations will be publicly disclosed in the forthcoming database, the constituent, underlying donations will not (e.g., if five companies donate to such a group, the fact and amounts of those companies' donations will not be disclosed). 

On 31 March 2025, the House of Representatives Special Committee on Political Reform was unable to hold a scheduled vote on a proposed complete ban on corporate donations, as the parties could not agree upon a resolution. Since the Liberal Democratic Party (the dominant party in the ruling coalition) relies heavily on political donations, a total ban is unlikely.

Corporations should tighten their compliance frameworks due to the new disclosure requirements and consider what donation policies to adopt. Politicians might hold more fundraisers to avoid disclosure (by keeping donations below the disclosure threshold) and rely increasingly on third-party entities that bundle donations. 

US

Priorities of the new administration

With a new administration having taken office in the United States comes a shifting of priorities within the U.S. government’s regulatory and enforcement agencies to reflect the priorities of the new President.  A more pro-business stance has generally emerged from the Trump administration in its early stages.

Initial announcements by the President and the U.S. DoJ explained that the government would be: (i) pausing FCPA enforcement and commencing a reevaluation of FCPA enforcement priorities and guidelines; (ii) shifting FCPA and other enforcement units to focus on investigations involving cartels and transnational criminal organizations; (iii) deemphasizing criminal enforcement involving the Foreign Agents Registration Act in favor of civil enforcement; and (iv) disbanding various interagency task forces.  DoJ has taken concrete steps towards these goals including, for example, taking steps to end before their terms expired corporate monitors who were placed at various companies pursuant to deferred prosecution agreements. On May 12, 2025, DoJ issued a memo entitled “Focus, Fairness, and Efficiency in the Fight Against White-Collar Crime,” which laid out several additional areas of prioritization, including, inter alia:  (i) waste, fraud and abuse that harms the public fisc; (ii) trade and customs fraud; (iii) fraud that victimizes U.S. investors, individuals, and markets; (iv) complex money laundering and other bribery that impacts U.S. national interests; (v) material support of, and criminal conduct by, cartels and foreign terrorist organizations; and (vi) crimes involving digital assets. The memo announced the addition of related areas of focus to the list of subject areas covered by DoJ’s corporate whistleblower pilot program.  For corporate investigations broadly, the memo emphasized that the department:  (i) should consider all options for corporate criminal resolution on a case-by-case basis; (ii) would reexamine existing agreements with companies to determine if they should be terminated earlier than their planned expiration; and (iii) would tighten the criteria for imposition of a corporate compliance monitor and review existing monitorships.

The Securities and Exchange Commission (“SEC”) has similarly announced a number of shifts in priority emphasis compared to the prior administration, including:  (i) announcing a review of ESG and Climate Disclosure Rules; (ii) limiting “regulation by enforcement” in, inter alia, the crypto and digital assets space in favor of more traditional areas of enforcement such as insider trading and fraudulent securities offerings; (iii) creating a task force to clarify issues surrounding digital assets; (iv) coordinating with DoJ on a reevaluation of FCPA enforcement; and (v) establishing various initiatives to ease the process of raising capital for companies.  With new SEC Chair Paul Atkins having been sworn in at the end of April, we expect additional announcements in the near future as the SEC fleshes out its new priority enforcement areas.

AUSTRALIA

The first waves of long-awaited AML/CTF reform start hitting Australian shores – are you ready?

First foreshadowed almost ten years ago in the Attorney-General’s 2016 statutory review, the comprehensive overhaul of Australia’s Anti-Money Laundering and Counter-Terrorism Financing ("AML/CTF") regime finally arrived in December 2024 when the Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024 (Cth) received Royal Assent. We have published extensively about the proposed reforms on our website, and most recently here and here.

The expansion of AUSTRAC’s investigation and enforcement powers, and new information-gathering powers, came into effect at the beginning of this year, and the revised ‘tipping off’ offence commenced on 31 March 2025 (see our podcast here). However, some of the most significant changes, such as the extension of the AML/CTF regime to ‘Tranche 2’ entities (e.g. real estate agents, property developers, lawyers, accountants, trust and company service providers) and the remodelled approach to AML/CTF programmes and customer due diligence are yet to commence (those come into effect on 31 March 2026).

Despite the long lead-time and the fact that AUSTRAC is yet to finalise many of the details (which will take form once the AML/CTF Rules and accompanying guidance are drafted, consulted upon and implemented), the time for existing reporting entities and ‘Tranche 2’ entities to act is now. If they haven’t already, these entities should seek to urgently grapple with these reforms, undertake substantial internal process and control reviews, and meaningfully progress their implementation or uplift efforts.

Entities already covered by the AML/CTF umbrella should also pay careful attention to the civil penalty proceedings most recently commenced by AUSTRAC against Entain, taking heed that enforcement action against AML/CTF non-compliance remains high on AUSTRAC’s agenda.

Legislative changes to scope of Australian whistleblower protection laws, and clarification of the extent of existing protections.

Amendments to the Taxation Administration Act 1953 (Cth) broadened the range of entities and individuals to whom whistleblowers can make protected tax-related disclosures (read more here). Now, tax-related disclosures can be protected when made to medical practitioners, psychologists, certain professional entities, the Tax Practitioners Board, and the Inspector-General of Taxation.

Additionally, the Federal Court of Australia has handed down two decisions, which represent the first detailed judicial consideration of the whistleblower protection provisions introduced to the Corporations Act 2001 (Cth) in 2019, and provide important guidance on the parameters of protections: Mount v Dover Castle Metals Pty Ltd [2025] FCA 101 and Reiche v Neometals Ltd (No 2) [2025] FCA 125. Both cases are under appeal. Some key takeaways from the first instance decisions are set out below (read more here).

• Not all alleged disclosures will be protected. For example, a claim may fail where previous business interactions are later sought to be re-characterised as disclosures, and where concerns raised do not “readily and obviously” fall within the description of inappropriate conduct in a company’s whistleblower policy.
• Merely disclosing the existence of an alleged whistleblower report does not necessarily breach confidentiality protections.
• For a person to breach non-victimisation provisions, they must subjectively believe or suspect the discloser made, may have or proposes to make a protected disclosure, and that actually motivated their detrimental action. Whether the discloser has objectively made a protected disclosure may be relevant in assessing the person’s state of mind.
• Once an applicant shows a reasonable possibility of victimisation, a company will have a reverse onus of proof to show the alleged or potential disclosure was not a substantive or operative reason for alleged detrimental conduct. This will require positive evidence of the reasons for decisions, as well as evidence that the disclosure was not a substantive or operative reason.
• Only ASIC has standing to bring civil penalty proceedings for breaches of confidentiality and non-victimisation provisions. Individuals cannot seek pecuniary penalties or compensation orders under the same provisions, but may seek declarations of contraventions and compensation under separate no-detriment provisions. This may see a greater number of complaints to ASIC.

Further developments may also be on the horizon, with a statutory review of the whistleblower protection provisions under the Corporations Act currently overdue and ongoing calls to establish a Commonwealth Whistleblower Protection Authority.

 ‎ 

Click here to view the full list of contacts for this update