Today’s post is from Robert Amaee (Covington & Burling), the United Kingdom Expert for FCPA Professor.
In the post, Amaee notes that while the U.K. Bribery Act does not have formal books and records and internal controls provisions like the FCPA, the U.K. Financial Conduct Authority (which regulates firms in the U.K. that provide financial products and services to U.K. and overseas customers and is the U.K. listing authority) has brought several recent enforcement actions against regulated entities on grounds similar to typical FCPA books and records and internal controls actions.
The recent enforcement action taken by the U.K. Financial Conduct Authority (“FCA”) against JLT Specialty Limited (“JLTSL”) is the latest example of the regulator’s drive to penalize companies in the financial sector for failures in their anti-corruption policies and procedures, even in the absence of any evidence of bribery. There is every indication that the FCA will continue to use its regulatory powers to bring enforcement actions against companies that it deems not to have adequate anti-corruption controls. In the words of Tracy McDermott, the FCA’s Director of enforcement and financial crime:
“[b]ribery and corruption from overseas payments is an issue we expect all firms to do everything they can to tackle. Firms cannot be complacent about their controls – when we take enforcement action we expect the industry to sit up and take notice.”
This article outlines the FCA’s role in combating financial crime and discusses some pertinent aspects of the JLTSL case as well as previous cases against Willis Limited (“Willis”), and Aon Limited (“Aon”).
The remit and track record of the Securities and Exchange Commission (“SEC”) in enforcing the internal control and accounting provisions of the Foreign Corrupt Practices Act 1977 is well known to readers of FCPA Professor. Companies that are US issuers have an obligation to keep accurate books, records and accounts, and to devise and maintain sufficient internal accounting controls to ensure such accuracy. In the UK, the Bribery Act 2010, does not contain equivalent internal control or accounting provisions.
In the case of a company that is suspected of failing to prevent bribery, the Serious Fraud Office (“SFO”) — the lead agency tasked with enforcing the Bribery Act — must assess the adequacy of the company’s procedures (i.e., whether the company has a defence) before deciding to bring Bribery Act charges (see Sec. 7 of the Bribery Act). In the absence of evidence of bribery, however, the SFO cannot simply take enforcement action under the Bribery Act against a company for failures in its anti-corruption procedures. In respect of a suspected failure to keep adequate accounting records, UK Prosecutors have in the past resorted to bringing action under the provisions of the Companies Acts of 1985 and 2006. In 2010, for example, the SFO relied on section 221 of the Companies Act 1985 (now replaced, in substantially the same form, by the sections 386 and 387 of the Companies Act 2006) to sanction BAE for a failure to keep adequate accounting records in relation to payments made to a third party intermediary.
The FCA, which took over the majority of the responsibilities of the Financial Services Authority (“FSA”) in April 2013, however, has a statutory objective under the Financial Services & Markets Act 2000 (as amended by the Financial Services Act 2012) to protect and enhance the integrity of the UK financial system. This market integrity objective includes tackling the risk that the financial sector companies that it regulates may be used for a purpose connected with financial crime, including fraud, money laundering, and bribery and corruption. In its July 2013 publication, The FCA’s Approach to Advancing its Objectives, the FCA states: “we will take action against firms found to be using corrupt practices, or failing to prevent bribes being paid to win business.”
To achieve this objective, the FCA has imposed, via the FCA Handbook, a number of financial crime requirements on the financial sector companies that it regulates. The key requirements are set out in Principles 1 (integrity), 2 (skill, care and diligence), 3 (management and control) and 11 (relations with regulators) of the FCA’s Principles for Businesses (“PRIN”); and Chapters 3 and 6 of the FCA’s Senior Management Arrangements, Systems and Controls sourcebook (“SYSC”).
In addition, the FCA’s recently published Thematic Review TR13/9 (October 2013) (here) on Anti-Money Laundering and Anti-Bribery and Corruption Systems and Controls, based on an assessment of 22 companies, sets out a case-based analysis of good and bad practice examples for businesses dealing with the risks of bribery and corruption. The October 2013 review followed previous thematic reviews of anti-corruption controls in commercial insurance broking (2010), in investment banking (2012), and AML and sanctions controls in trade finance (2013). The foregoing, together with the FCA’s Financial Crime: A Guide for Firms (here), provide companies with a clear indication of the FCA’s expectations in relation to the implementation and monitoring of anti-corruption systems and controls.
The recent JLTSL enforcement action followed the FCA findings of a breach of Principle 3 of PRIN. Principle 3 provides that “A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.” This includes implementing checks and controls designed to prevent bribery and corruption overseas. For a breach of Principle 3 to be established, there is no need for the FCA to show that suspicious payments were made or that an act of bribery has taken place. In both the Aon and Willis cases investigations did show that suspicious payments were in fact made, while in the JLTSL case there was no evidence of suspicious payments having been made.
JLT Speciality Limited
On December 19, 2013 JLTSL, a wholly owned subsidiary of JLT Group (the largest European broker quoted on the London Stock Exchange), was fined £1,876,000 in respect of breaches of Principle 3 of PRIN. The FCA found that JLTSL had failed to carry out effective due diligence before entering into relationships with, and making payments to overseas introducers. The FCA found that the overseas introducers had been paid in excess of £11.7 million, representing some 57% of the total amount received by JLTSL from the business that had been introduced by the overseas introducers. There was no evidence of bribery or any improper intent on the part of JLTSL, but the FCA concluded that the failings gave rise to an unacceptable risk that the payments made to the overseas introducers could have been used to pay bribes “to persons connected with the insured clients and/or public officials.”
It is worth noting that the FCA brought this action against JLTSL in spite of the fact that it found that JLTSL had (i) implemented policies and procedures aimed at countering the risk of bribery and corruption, including an Employee handbook and a Group Anti-Bribery and Corruption Policy which prohibited JLTSL employees from engaging in any form of bribery, an Operating Procedure Manual which contained more detailed procedures that employees had to follow in order to establish relationships with overseas introducers, and a 7 Alarm Bells policy to assess the bribery and corruption risk associated with entering into a relationship with an overseas introducer; and (ii) engaged an external adviser to review its systems and controls to assess compliance with the provisions of the Bribery Act 2010, concluding that the due diligence procedures in relation to introducer/facilitator relationships appeared comprehensive and broadly in line with the Act.
The FCA took the position that there was a failure to conduct adequate due diligence, and the external advisor had not conducted a “holistic” review of JLTSL’s systems and controls. JLTSL also was found to have failed to adequately assess bribery and corruption risks, only carrying out a risk assessment at the start of each relationship not every time that overseas introducer introduced a new piece of business. JLTSL also failed to adequately implement its own anti-bribery and corruption policies, which resulted in the risk of JLTSL entering into higher risk relationships with overseas introducers without senior management oversight and approval.
Specifically, JLTSL failed to assess whether or not there were any connections between the overseas introducers and the clients or any public officials. Although both the OPM and the Alarm Bells highlighted the importance of carrying out due diligence, there was a lack of practical guidance “to employees in order to establish whether the Overseas Introducer was connected to the client it was introducing.” On reviewing 17 of JLTSL’s relationships with overseas introducers, the FCA found that in the majority of cases in which the overseas introducer was a company, JLTSL had failed to screen one or more directors or beneficial owners. In one example, a major shareholder of the overseas introducer was known to JLTSL to be a Nigerian public official. The FCA concluded that as a Nigerian public official it was entirely possible even probable that the shareholder of the overseas introducer would have connections to West African public officials.
On July 21, 2011 the insurance broker Willis was fined £6,895,000 for failings in its anti-corruption systems and controls (breaches were for Principle 3 of PRIN and Rule 3.2.6 R of the SYSC) which “contributed to a weak control environment surrounding the making of payments to Overseas Third Parties.”
The FSA found that overseas third parties had received commissions of approximately £27 million, representing some 45% of the brokerage earned by Willis from the business that had been introduced by the overseas third parties. The FSA’s findings were supported by Willis’ own internal investigation which identified a number of suspicious payments made to overseas third parties, two of which formed the subject of suspicious activity reports that Willis submitted to the Serious Organised Crime Agency (“SOCA”) (now replaced by the National Crime Agency (“NCA”)).
The FSA did not find any evidence to suggest that Willis’s conduct was either deliberate or reckless. It acknowledged that Willis had introduced improved anti-corruption policies and guidance in 2008, reviewed how its new policies were operating in practice and further revised its guidance in 2009. The FSA, however, formed the view that Willis had failed to ensure its policies were adequately implemented, that failures by staff to adhere to the new policies were identified in a timely manner, or that the Board was provided with sufficient relevant management information regarding the performance of the new policies.
Specifically, the FSA concluded, inter alia, that Willis had (i) failed to ensure that it had established and recorded an adequate commercial rationale for using overseas third parties; (ii) failed to provide formal training or adequate guidance for staff who only recorded brief descriptions of the reason for making commission payments; and (iii) conducted inadequate due diligence on overseas third parties to establish, for example, any connections with the insured, insurer or public officials.
On January 6, 2009 Aon was fined £5,250,000 for failing to “take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems” (breach of Principle 3 of PRIN). In particular, the FSA highlighted Aon’s failure to establish and maintain effective systems and controls for countering the risks of bribery and corruption associated with its use of overseas Third parties in high risk jurisdictions.
As in the Willis case, the FSA found that the failings led to a weak control environment that gave rise to an unacceptable risk that Aon could become involved in potentially corrupt payments to win or retain business. The FSA highlighted 66 suspicious payments totalling in excess of US$7 million that were paid to nine overseas third parties. Aon’s own internal investigation identified a number of suspicious payments that it later reported to SOCA.
The FSA concluded, inter alia, that (i) procedures lacked adequate levels of due diligence either before commencing relationships with overseas third parties or before payments were made; (ii) Aon failed to monitor its relationships with overseas third parties in respect of specific bribery risks; (iii) Aon did not provide its staff with sufficient training and guidance on bribery and corruption matters; and (iv) Aon failed to ensure that the committees it appointed to oversee bribery and corruption risks received relevant management information or routinely assessed whether bribery and corruption risks were managed effectively. Aon also failed to implement effective internal systems and controls to mitigate those risks. Margaret Cole, FSA director of enforcement at the time, described the case as sending a clear message that it is “completely unacceptable for firms to conduct business overseas without having in place appropriate anti-bribery and corruption systems and controls”.
The FSA’s 2009 action against Aon marked the start of period of concerted effort by the regulator to take action against companies deemed to have inadequate policies and controls, in particular in respect of the risks associated with making payments to overseas third parties. The Aon action was followed in 2011 by the FSA’s action against Willis for failings in its anti- corruption policies and controls. In bringing its recent action against JLTSL, the FCA has clearly signalled its intention to continue the focus on companies’ internal anti-corruption control environment. In addition, a number of separate enforcement actions have confirmed that the FCA remains focused on ensuring companies also maintain adequate anti-money laundering policies and controls. See here, here, here and here.
It is clear, in particular from the JLTSL case, that the FCA will not be impressed by the volume of policies and controls that have been drafted or the fact that an external vendor has given the anti-corruption program the all clear. The FCA is focused on the effectiveness of the policies and controls and how they have been implemented, and how they are being monitored in practice. There is little doubt that when the SFO starts to bring enforcement actions against companies under the failure to prevent bribery offence contained in section 7 of the Bribery Act, its assessment of the adequacy of a company’s policies and controls will similarly focus on their real life implementation, and not on the elegance of the prose, or the sign off of external vendors.