The Bribery Act 2010 (UK) (the "Bribery Act") came into force on 01 July 2011. The Financial Services Authority (the "FSA") has shown an intention to ensure that the firms which it regulates and, in particular, investment banks, adequately address the risk that they, or anyone acting on their behalf, might act corruptly. The FSA highlights the following of its Principles for Businesses ("PRIN") rules as being relevant in the context of bribery and corruption risks:
- Principle 1: "A firm must conduct its business with integrity;"1
- Principle 2: "A Firm must conduct its business with due skill, care and diligence;"2 and
- Principle 3: "A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems."3
In addition to the above, the FSA also highlights that the following Senior Management Arrangements, Systems and Controls ("SYSC") rules are relevant to bribery and corruption risks:4
- SYSC 3.2.6R: "A firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime.;" and5
- SYSC 6.1.1R: "A firm must establish, implement and maintain adequate policies and procedures sufficient to ensure compliance of the firm including its managers, employees and appointed representatives (or where applicable, tied agents) with its obligations under the regulatory system and for countering the risk that the firm might be used to further financial crime."6
Based on the above, the FSA considers that firms "should be able to demonstrate that they can identify and assess bribery and corruption risk, and take reasonable steps to prevent bribery and corruption taking place."7 The FSA has demonstrated its intention to take action against firms who do no comply with this standard: in January 2009, the FSA took action against Aon Limited, imposing a fine of £5.25m; and, in July 2011, the FSA took action against Willis Limited, imposing a fine of £6.895m.8 These actions both concerned a breach of Principle 3 and related specifically to bribery and corruption. In the Final Notices issued to both Aon Limited and Willis Limited, the FSA stated that the fines were imposed as a result of those firms not establishing and maintaining appropriate systems and controls to assess and counter "the risks of bribery and corruption associated with making payments to non FSA-authorised overseas third parties… who assisted… in winning business from overseas clients, particularly in high risk jurisdictions."9
- FSA's Review of Firms’ Policies and Procedures
Following the implementation of the Bribery Act and the action taken against Aon Limited and Willis Limited, the FSA conducted a review of 15 firms, including eight major, global investment banks, and a number of smaller operations which carry on niche investment banking or similar activities (the "Review"). The Review took place between August 2011 and January 2012.
The review found that the majority of the participating firms did not have robust anti-bribery systems and controls in place and that some firms fell short of the FSA's regulatory requirements. In particular, the review found that:
- most firms had not properly taken account of the FSA's rules covering bribery and corruption, either before the commencement of the Bribery Act or after;
- nearly half the firms reviewed did not have an adequate Anti-Bribery and Corruption ("ABC") risk assessment in place;
- the management information on ABC provided to senior management was poor;
- the majority of firms had not considered how to monitor the effectiveness of their ABC controls;10
- firms' understanding of bribery and corruption was often limited; there were significant weaknesses in firms' dealings with third parties used to win or retain business;
- few firms had processes to produce adequate management information in relation to gifts, hospitality and expenses policies;
- firms had well-established vetting processes in place when staff were recruited, but high risk roles were often not subject to ongoing evaluation for bribery and corruption; and
- since the implementation of the Bribery Act, firms had provided adequate basic training to staff, but most: (i) were still developing training for staff in higher risk roles; and, (ii) had no processes in place to assess the effectiveness of existing training.
Commenting on the above findings, Tracey McDermott, the FSA's acting director of enforcement and financial crime, said: "[i]t is imperative that firms have adequate arrangements to control the risks of financial crime. We have seen examples of good practice and some examples of poor practice. Overall, despite the high profile of the issue, the investment banking sector has been too slow and too reactive in managing bribery and corruption risks." Ms. Dermott warned that "[t]he FSA and, from next year, the Financial Conduct Authority will continue to focus on financial crime risks in this sector and beyond to ensure firms are meeting their legal and regulatory obligations."
As a result of the Review, the FSA has recommended that its ABC system and controls guidance be consolidated, amended, and included as a new Chapter 13 in its existing Financial crime: a guide for firms (the "Guide").11 While the majority of the proposed new Chapter 13 consists of existing guidance, which has been consolidated from other parts of the Guide, there are a number of important additions to what constitutes examples of "good" and "poor" practice. The areas dealt with below are those that contain new examples of "good practice." Although it is not dealt with here, the FSA has also consolidated its guidance on management information and payment controls.
Assessing Bribery and Corruption Risk
The FSA has proposed new guidance that deals with the practices and procedures adopted by firms to assess the risk of bribery and corruption. As noted above, the FSA has proposed additional examples of what it considers to be "good practice." As a result of these proposed amendments, firms will be required to ensure that they:
- take adequate steps to identify the risk of bribery and corruption. (The example which the FSA provides is that firms should obtain not only internal advice, but also independent advice from outside the business.);
- consider potential conflicts of interest which might lead business units to downplay the level of bribery and corruption risk to which they are exposed; and
- ensure that ABC risk assessments: (i) demonstrate awareness and understanding of the firm's legal and regulatory obligations; and, (ii) inform the development of monitoring programmes, policies and procedures, and training and operational processes.
Policies and Procedures
The FSA has also proposed new guidance which deals with the policies and procedures adopted by firms in relation to ABC systems and controls. In particular firms will need to ensure that:
- they have conducted a gap analysis of existing ABC procedures against applicable legislation, regulations and guidance, and made necessary enhancements;
- they have a defined process in place for dealing with breaches of policy;
- the financial crime/compliance team engages with the business units about the development and implementation of ABC systems and controls;
- in most cases, a firm's policy and procedures cover expected standards of behavior; escalation processes; conflicts of interest; expenses; gifts and hospitality; the use of third parties to win business; whistleblowing; monitoring and review mechanisms; and, disciplinary sanctions for breaches; and
- there is an effective mechanism for reporting issues to the ABC committee or compliance.
Third Party Relationships and Due Diligence
The key issue in both the Aon Limited and Willis Limited investigations was the relationships that those firms had with third parties. It is, therefore, unsurprising that the FSA has provided additional guidance on the way that firms should engage with third parties. The proposed new guidance recommends that, when dealing with third parties, firms:
- consider, where appropriate, the involvement of the compliance department in interviewing consultants, and the provision of anti-corruption training to those consultants; and
- include ABC-specific clauses and appropriate protections in contracts with third parties.
Gifts and Hospitality
One key area that is dealt with by the Bribery Act is the issue of providing and receiving Gifts and Hospitality ("G&H"). Currently, the FSA does not provide any guidance on how firms should manage this area. However, as a result of the Review, the FSA has proposed that investment banking firms should ensure that:
- their policies and procedures clearly define the approval process and the limits applicable to G&H;
- they have processes for filtering, for analysis, G&H by employee, client and type of hospitality;
- they have process to identify unusual or unauthorised G&H and deviations from approval limits for G&H;
- their staff are trained on G&H policies to an extent appropriate for their role;
- staff are prohibited from providing (or receiving) cash or cash-equivalent gifts; and
- any political and charitable donations are approved at an appropriate level, with compliance input, and subject to due diligence.
Staff Recruitment, Vetting, Training, Remuneration and Whistleblowing
Finally, the FSA has made a number of proposals to ensure that staff: are appropriately vetted during the recruitment phase; receive appropriate ongoing training; who work in high risk roles have remuneration packages which are appropriately structured; and, who provide whistleblowing information are appropriately protected; and encouraged, and their allegations investigated. Specifically, the FSA has proposed the following additional guidance in these areas:
- there should be enhanced vetting for staff in roles with higher bribery and corruption risk (including checks of credit records; criminal records; financial sanctions lists; and, commercially available intelligence databases);
- in addition to value training, awareness raising initiatives, such as special campaigns and events to support routine training, should be organised;
- Remuneration structures should be reviewed for those in higher risk functions (from a bribery and corruption perspective) to ensure they do not encourage risk taking;
- details about whistleblowing hotlines should be visible and accessible to all staff;
- where whistleblowing hotlines are not provided, firms should consider measures to allow staff to raise concerns anonymously, with adequate levels of protection, and communicate this clearly to staff; and
- firms should use information gathered from whistleblowing and internal complaints to assess the effectiveness of their ABC policies and procedures.
The FSA has commenced a round of consultation on these changes. Responses are required to be submitted to the FSA by 29 April 2012.12