The Context
On 8 January 2026, a Paris court approved a €267.5 million settlement with HSBC France. The bank paid to resolve a criminal and civil investigation into its alleged role in ‘CumCum’ dividend tax fraud schemes from 2014 to 2019. The settlement includes a €268 million fine and approximately €30 million in previously paid tax bills. Crucially, the bank admitted no guilt. This follows a €88 million settlement by Crédit Agricole’s Cacib unit in September. The underlying ‘Cum-ex’ fraud is estimated to have siphoned €140 billion from European treasuries over two decades.
The Risk
This is not a French problem. It is a governance failure. A director’s duty under the Companies Act 1993 is to act in good faith and in the best interests of the company. Permitting, or failing to prevent, a business model that systematically facilitates tax fraud may constitute a breach of that duty. The Health and Safety at Work Act 2015 extends a positive duty to ensure the psychological safety of staff from being directed into unlawful conduct. The French settlement, while containing no admission, creates a legal precedent. It demonstrates that regulators will pursue corporate entities for facilitating financial crime, irrespective of a ‘no guilt’ clause. Directors may be personally liable if they were wilfully blind to the compliance gaps that allowed such schemes to operate for years. The fine is merely the statutory cost; the reputational and regulatory capital erosion is the lasting penalty.
The Control
Directors must mandate a forensic review of all high-commission, intermediated transactions. The control is not a policy document. It is a verifiable audit trail that proves the board actively challenged the provenance of complex revenue streams. Scrutinise the ‘how’ behind profitable niche operations. Treat lucrative, legally ambiguous products as inherent risks, not opportunities. Insist that compliance sign-off is documented at the governance committee level, creating a defensible record of due diligence.
The Challenge
These are the critical questions you should be raising at the board table:
| Can our internal audit function definitively trace and justify the legal basis for every high-margin fee or commission earned by any intermediary subsidiary, and where is that assurance documented in our board minutes? | |
| What specific, tested controls do we have to prevent our New Zealand operations from being used to facilitate or execute a ‘CumCum’-style scheme, and when was the last time they were stress-tested against regulator scrutiny? | |
| If presented with a French-style investigation, what contemporaneous evidence do we possess to demonstrate that the board exercised its duty of care under the Companies Act to understand and mitigate the legal risks of our most complex transactional products? |