Global Investigations Review - The law and practice of international investigations

The European, Middle Eastern and African Investigations Review 2017

Securities Regulation and Investigations across EMEA

Kobre & Kim

The start of 2017 saw furious activity in securities markets worldwide. But tracking the Dow Jones Industrial Average and FTSE 100 peaks tells half the story. As markets hit new highs, the securities enforcement agencies tasked with regulating them also pushed through frontiers, breaking new ground in their quest to aggressively detect and stop violations around the globe, including throughout Europe, the Middle East and Africa (EMEA).

Led by US regulators using extraterritorial legislation to assert jurisdiction, regulators across EMEA deployed increasingly aggressive and sophisticated techniques to combat financial misconduct. From the US Commodity Futures Trading Commission (CFTC) fighting manipulative high-frequency trading through risk-based market analysis, to the US Securities and Exchange Commission (SEC) cultivating overseas whistleblowers through large-dollar pay outs, to Britain’s Serious Fraud Office (SFO) securing strong cooperation from UK corporates, to regulators from France to the UAE enacting new laws to combat financial crime, authorities are stopping at nothing – particularly international borders – in their attempt to root out securities-related misconduct.

This chapter first surveys the key securities-related regulatory developments across EMEA, and the continued growth of cross-border investigations spawned in their wake. We then turn to the treatment of whistleblowers, the continuing emergence of the CFTC as an overseas force, and emerging concerns about the fast-growing and – to date – under-regulated financial technology (Fintech) sector. Finally, we address the continued spread of the US regulatory approach and the impact of US extraterritorial reach on investigations across EMEA. 

Introduction to securities investigations and regulation

Securities and market regulation is a broad topic, covering everything from insider trading and cutting-edge market manipulation, to false or misleading prospectuses and Ponzi schemes. The International Organisation of Securities Commissions (IOSCO) – an organisation that includes a number of EMEA regulators as members – defines the three primary objectives of securities regulation:1

  • protecting investors;
  • ensuring that markets are fair, efficient and transparent; and
  • reducing systemic risk.

Pursuing these objectives frequently falls to several authorities within a country or region, often with overlapping subject matter jurisdiction. Cross-border investigations compound the overlap, bringing together enforcement agencies from different countries with different legal systems to address the same conduct. Successfully defending clients subject to such investigations requires knowing the terrain.

Regional approaches of securities regulators


In addition to imposing severe penalties on corporations, European authorities are increasingly targeting and prosecuting individuals, with examples stretching across Western Europe. In the United Kingdom, the SFO is prosecuting six former Deutsche Bank SA and Barclays traders accused of rigging the Euribor benchmark, after Deutsche Bank paid €466 million to settle with the European Commission.2 French prosecutors recently fined five executives of the video game company Ubisoft Entertainment SA for insider trading.3 And German criminal prosecutors announced an investigation of the former CEO of Volkswagen for fraud and market manipulation regarding auto emissions.4 As each of these investigations has a cross-border element, the impact of these ‘local’ prosecutions reverberates across jurisdictions.

Previously, US authorities might have muscled their way in to lead many these investigations. Indeed, the US Department of Justice (DOJ) moved quickly the Volkswagen investigation, indicting six executives (five German residents) for fraud and environmental crimes. But as other countries’ securities enforcement agencies become more aggressive and capable, their US counterparts are increasingly collaborative. In the words of the Acting Chairman of the CFTC:

As our regulatory counterparts continue to implement swaps reforms in their markets, it is critical that we make sure our rules do not conflict and fragment the global marketplace. That is why the CFTC should operate on the basis of comity, not uniformity, with overseas regulators. The CFTC should move to a flexible, outcomes-based approach for cross-border equivalence and substituted compliance.

      In all of its international engagements with fellow financial regulators and related regulatory bodies, the CFTC should act in a forthright and candid manner, displaying leadership when appropriate and respect and due consideration at all times. The CFTC aims to be considered a trusted and worthy counterparty by its overseas regulatory associates.5

But as Western Europe begins to catch up to the US, many countries in Central and eastern Europe have yet to join the race, launching few investigations and focusing their limited efforts in areas other than securities regulation, such as money laundering. As a result, many expect US regulators to shift greater resources toward these regions.

Middle East

With numerous weak central governments and limited securities trading, Middle Eastern countries have not prioritised securities regulation and enforcement. The more stable financial centers in the region have, however, begun to lay the groundwork. In the United Arab Emirates, for example, Law No. 4 of 20166 created a new regulator – the Dubai Center for Economic Security (DCES). Responsible for combating financial crimes, the DCES supervises securities trading and monitors market abuse and financial irregularities.

Regulators of several other Middle Eastern countries have also recently investigated securities violations. In Saudi Arabia, for example, the Capital Markets Authority has launched enforcement actions against individuals, recently announcing the successful prosecution for market manipulation.7 And authorities in Iraq and Oman moved against companies for abusive marketing practices violating local securities regulations.8

These nascent Middle Eastern securities enforcement efforts, however, have been localised and non-collaborative. Time will tell if cross-border effects will follow.


African regulators’ efforts have also not yielded much cross-border activity or, generally, much activity at all. In South Africa, for example, nearly all of the 88 securities cases brought by the Directorate of Market Abuse (DMA) since 1999 involved domestic activity.9 Further, despite the DMA’s status as the most active African-based regulator, as the numbers above underline, its efforts pale in comparison to the work carried out by its peers around the world.

Fears of inadequate African enforcement have contributed to the continent’s failure to encourage a sustained flow of foreign investment despite Africa accounting for more than 30 per cent of the business and regulatory reforms globally in 2015.10 Indeed, 2016 saw the fewest IPOs (20) in African markets since 2013.11 Weak markets have further detracted from enforcement efforts as regulators devote limited resources to market and investor stimulation. Without the funds or staffing to tackle both, it appears unlikely African regulators will engage in the sorts of robust enforcement efforts carried out by their US and western European counterparts anytime soon.

Recent developments


A motivated whistleblower is a potent tool in the securities enforcement arsenal. The US mints them at an astounding rate, including vast numbers from beyond US borders. Two elements drive this phenomenon: (1) the potential for enormous cash rewards for whistleblowers; and (2) vigorous whistleblower protection.12 To cite the two recent examples of the latter:

  • In January 2017, HomeStreet – a financial services firm based in Seattle – was ordered to pay a penalty of US$500,000 for seeking to uncover the identity of a presumed whistleblower;13
  • Also in January 2017, the SEC levied a US$340,000 fine against BlackRock for attempting to compel departing employees to ‘waive any right to recovery of incentives for reporting misconduct’.14 

And the SEC’s Office of the Whistleblower is not the only game in town for those looking to alert US authorities to significant securities enforcement opportunities and possibly cash in by doing so. The CFTC’s lesser-known programme offers similar benefits and protections, as can be attested by a recent whistleblower awarded in excess of US$10 million.15

As a result of this robust system of protection and reward, the SEC and CFTC continue to identify and develop cases that other regulators miss. And while other countries have started protecting whistleblowers, most are reluctant to pay them, or to protect them with the same ferocity. In France, for example, the recent Sapin II Law offers protection, but it is limited. To reap the safety it provides, French whistleblowers must first exhaust all internal whistleblowing channels before approaching a regulator. Further, their actions must be taken ‘selflessly’ and ‘in good faith.’ The former requirement strips out most incentives to come forward; the latter disqualifies those with the most useful information – participants in the improper conduct.

The United Arab Emirates also recently enacted whistleblowing protection for the first time. The new law represented a stark turn: Before its enactment, potential UAE whistleblowers were advised to act with extreme caution, keeping a sharp eye on strict penalties for disclosing secret information obtained from their employers.

Despite these and other gains for would-be EMEA whistleblowers, without the US-style combination of incentives and protections, the programmes are unlikely to become a meaningful driver of enforcement activity, or compete with their US rivals. Indeed, in 2016 alone, the SEC received whistleblower tips exported from 67 countries, including more than 60 from the UK alone.16 Absent change, this advantage will continue to entrench the US’s robust enforcement presence in the region.


The CFTC has emerged as a powerful force in cross-border securities enforcement. In 2016, it filed 68 enforcement cases and collected US$1.3 billion in restitution, disgorgement and penalties. Dedicated to ‘continu[ing] its robust cooperation with foreign regulators and law enforcement officials in combating the international roots of many of its investigations’ the CFTC’s effectiveness overseas should build on past success.17 Notable among its cross-border actions are the first-of-its kind cases against Deutsche Bank for swaps reporting violations, a Russian bank for executing fictitious block trades in Russian rouble/US dollar future contracts, and a UK-based trader for highly technical spoofing activity (allegedly first reported by a whistleblower).

Pairing its whistleblower programme with ‘new enforcement tools and vastly expanded jurisdiction and data,’18 it appears clear the CFTC’s role as a player within the EMEA securities enforcement landscape will only continue to grow.


In February 2017, IOSCO published a report on trends in the regulation of Fintech.19 Assessing the regulatory challenges associated with the rapid developments of key technologies, including alternative financing platforms, retail trading and investment platforms, institutional trading platforms and distributed ledger technologies, the report highlighted a number of areas likely to be a key focus for EMEA regulators throughout 2017 and beyond:

  • cross-border challenges, including regulatory inconsistencies, cross-border supervision and enforcement issues, and regulatory arbitrage;
  • increasing the sophistication of financial services regulation;
  • internet and mobile-based interfaces reducing the need for face-to-face customer interaction;
  • increasing cybersecurity risks;
  • increasing investor literacy and investor education; and
  • cultivating regulatory flexibility, in particular establishing sandboxes to allow fintech developers to demonstrate uses of emerging technology.

To address these challenges, IOSCO recommended increased cooperation between regulators to proactively identify and prevent regulatory breaches impacted by rapidly involving technology. In response, several IOSCO members agreed to collaborate by sharing information about the innovations their regulators are seeing in their own markets.20 This more cohesive, cross-border approach will allow regulators to increase their knowledge, experience and expertise in Fintech, and thus accelerate the shift to a proactive enforcement posture.

The spread of US-style DPAs

The well-established US system encouraging corporate cooperation through deferred prosecution agreements (DPAs) continues to gain traction around EMEA.

In England, several recent investigations have resulted in high-profile DPAs, including a £129 million settlement between the SFO and Tesco.21 (Simultaneously, Tesco agreed with the UK’s Financial Conduct Authority (FCA) to a civil investor redress plan, thereby reaching resolution with both regulators. Although the DPA is not formally part of the FCA’s regulatory toolkit, the FCA announced that it would not impose its own penalty on Tesco due to its DPA with the SFO.22)

DPAs are spreading to other parts of EMEA. In France, for example, Sapin II introduced the use of DPAs in bribery cases, although DPAS are not currently available for French securities offences. The current French and English investigation of Airbus could result in the first instance of a cross-border DPA involving France and England.23 There are also rumours of DPAs being negotiated in France with HSBC and UBS.

Even though there will be more DPAs in the region, there may not be uniformity among them. In the US, the courts have no involvement in the DPA process. By contrast, almost all EMEA DPA systems require judicial approval. In France, DPA evaluation hearings will take place in public, putting a company’s most sensitive information on display without any guaranty that the DPA will be accepted. To the extent these systems do not mimic the US incentive structure – providing speed, assurance and finality in addressing potential criminal liability – it remains to be seen if the new models will take root as they have in the US.

In this regard, the British have been the most proactive. Most recently, the FCA has broadened settlement discounts, permitting targets to challenge sanction amounts without losing their 30 per cent penalty reduction for cooperation – further incentive for corporations to come forward in hopes of a DPA with the SFO.


Led by the US example, regulators around the world are more deftly negotiating the challenges of cross-border enforcement. In EMEA, this is evident in the Fintech space, as well as the region’s increased focus on individual accountability and whistleblower protections. And while there is a far from uniform standard across the region, the trend lines are clear: securities enforcement in EMEA is on the rise and will continue to strengthen.


  2. The Telegraph, ‘Six Traders Plead Not Guilty to Euribor Rigging’, 7 February 2016 (
  3. Marketwatch, ‘Ubisoft Execs Fined in France for Insider Trading’, 12 December 2016 (
  4. Reuters, ‘German Prosecutors Open Fraud Inquiry into Former Volkswagen CEO’, 27 January 2017 (
  5. Remarks of Acting Chairman J Christopher Giancarlo before the 42nd Annual International Futures Industry Conference, ‘CFTC: A New Direction Forward’, 15 March 2017, available at:
  6. Also known as the ‘Dubai Economic Security Center Law’.
  7. Capital Markets Authority, ‘An Announcement from the Capital Market Authority Regarding the Decision Issued by The Appeal Committee for the Resolution of Securities Disputes Convicting a Violator of the Capital Markets Law and its Implementing Regulations’, 26 March 2017 (
  8. See the Union of Arab Securities Authorities Annual Report for 2016, available at: pages 32-33.
  9. FSB bulletin, ‘Integrating Consumer Protection, Financial Inclusion and Financial Education’, November 2016 (
  10. Speech of Dr Akinwumi A Adenisa, President of the Africa Development Bank, delivered by Vice-President Pierre Guislain at the Africa CEO Forum in Geneva, Switzerland, 20 March 2017, available at:
  11. PWC Report, ‘2016 Africa Capital Markets Watch’, February 2017 (
  12. Section 922 of the Dodd-Frank Act.
  13. SEC Press Release, ‘Financial Company Charged with Improper Accounting and Impeding Whistleblowers’, 19 January 2017 (
  14. SEC Press Release, ‘BlackRock Charged with Removing Whistleblower Incentives in Separation Agreements’, 17 January 2017 (
  15. CFTC Press Release, ‘CFTC Announces Whistleblower Award of More Than $10 Million’, 4 April 2016 (
  16. SEC, ‘2016 Annual Report to Congress on the Dodd-Frank Whistleblower Program’, November 2016 (
  17. CFTC, ‘CFTC Releases Annual Enforcement Results for Fiscal Year 2016’, 21 November 2016 (
  18. Reuters, ‘Misconduct Rife in Derivatives – ex-CFTC Enforcement Chief’, 24 March 2017 (
  19. IOSCO, ‘Research Report on Financial Technologies (Fintech)’, February 2017, available at:
  20. IOSCO Report, fn. 22, page 70.
  21. SFO Press Release, ‘SFO confirms DPA in Principle with Tesco’, 28 March 2017 ( This DPA is currently awaiting Court sanctioning.
  22. FCA Press Release, ‘Tesco to Pay Redress for Market Abuse’, 28 March 2017 (
  23. GIR, ‘Airbus Reveals UK and France Cross-Border Cooperation’, 20 March 2017 (
  24. GIR, ‘Magic Circle firm Representing Two Banks Vying for France’s First DPA’, 9 March 2017 ( 

Previous Chapter:Sanctions Enforcement

Next Chapter:The Geopolitics of Data Transfer: What Do Companies Need to Consider in a Post-Trump, Brexit and GDPR World?