What are the key features of the recent anti-bribery and corruption guidance documents produced by the British Bankers Association (BBA) and the Dutch Central Bank (De Nederlandsche Bank) (DNB)?
On 10 April 2014, the DNB published guidance (the DNB Guidance) to banks and insurance companies on how they should counter professional corruption through internal controls. The DNB Guidance is the outcome of a thematic review undertaken by the DNB throughout 2013.
On 6 May 2014, the BBA published its new updated Anti-Bribery and Corruption Guidance (the BBA Guidance) to assist those in the banking sector to comply with the UK Bribery Act 2010 (BA 2010) as well as the anti-corruption regulatory requirements of the Financial Conduct Authority (FCA). The original BBA Guidance, released in 2011, did not provide a detailed assessment of the regulatory requirements under the rules of the Financial Services Authority (as it then was), nor did it set out the obligations on banks in relation to anti-money laundering regulations.
The DNB Guidance is split composed of two parts. The first part sets out a 'risk control cycle' which DNB proposes as standard for all banks. The cycle consists of four steps.
Identify the risks
The first stage is for a bank to identify which corruption risks it might be exposed to. The DNB Guidance distinguishes between five different types of risks:
- third party, and
- risk associated with personal networks and interests.
Analyse the risks
At the second stage, the bank must establish, on the basis of the risks identified, what are the chances that it has been, or could have been involved in corruption. It will, further, have to establish what the impact could be on the bank if corruption actually occurred.
Take suitable control measures
The third stage requires that suitable measures be put in place to control the identified risks. The DNB Guidance sets out several examples of control measures, a number of which directly reflect the adequate procedures contained in the UK Ministry of Justice (MoJ) guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing (the MoJ Guidance).
Monitor the result of the measures taken
This final stage involves the institution assessing whether the control measures that have been imposed are effective and efficient. If they are not adequate the institution should remedy the shortcoming.
The BBA Guidance is intended to advise the banking sector about taking necessary actions that are relevant and proportionate to their individual circumstances and risk profile. The updated version of the BBA Guidance aims to provide a more detailed assessment of the principles under BA 2010, the FCA rules and procedures and money laundering obligations than was included in the 2011 guidance.
The BBA Guidance adopts a different format to the DNB Guidance in that it is broken down into ten chapters. These chapters include, among other details, an overview of the UKBA, the six principles from the MoJ Guidance and a comparison between the BA 2010 and the other regulatory obligations and anti-money laundering laws to which those in the financial sector may be subject.
How similar is the approach taken in these two jurisdictions?
The approach taken by the BBA and the DNB is largely the same. Both have published guidance that reflects international emerging norms and conventions. The second half of the DNB Guidance, for example, draws together a number of examples of good practice identified across jurisdictions as part of its thematic review. These good practice examples reflect the adequate procedure principles contained in the MoJ Guidance and FCA thematic review, and, on a broader level, reflect the international expectations of corporate best practice.
The BBA Guidance details the six principles making up adequate procedures contained in the MoJ Guidance, as well as discussing examples taken from the FCA's thematic reviews, and goes further to provide a number of practical examples of how to implement the six principles in practice by, for example, including a working example of an end-to-end process for conducting a corporate risk assessment.
The approach in both jurisdictions is therefore very similar. However, the guidance documents are differentiated by their scope. The UK is considered a mature market in terms of regulatory obligations and the updated BBA Guidance reflects the varied obligations to which institutions in the UK are subject. Banks and other financial institutions in the UK should be alert to the differences in obligations between the UKBA and the FCA's rules and principles. It is important to note, for example, that FCA-authorised firms are under a separate, regulatory obligation to identify and assess bribery and corruption risks.
To what extent are the guidance documents representative of emerging best practice?
Both guidance documents set out frameworks and tips for undertaking internal risk assessments and implementing proportionate and effective compliance and control mechanisms within corporates. The principles contained therein are a reflection of the international best practices that have been advocated by international organisations, such as the World Bank through its integrity guidelines, and are being implemented by compliance conscious companies across a range of sectors.
The BBA Guidance and DNB Guidance are primarily drafted with corporates in the financial sector in mind. However, the principles contained therein, save for a specific few, are of wider application to corporates across all sectors. The principles aim to give corporates direction when creating and implementing effective internal controls and procedures. The guidance documents are useful in that they provide additional practical examples taken from the results of thematic reviews of programmes currently used by a range of financial institutions conducted by both the DNB and the BBA. In the latter case, for example, the BBA reflected on the FCA's thematic review.
Through including different illustrations of how the principles in the guidance can be implemented, the guidance documents emphasise that compliance is not prescriptive. A corporate is organic, and its internal controls will need to adapt and evolve to meet its needs. The BBA Guidance, through its reference to FCA regulatory obligations, serves to illustrate that corporates must look beyond the black letter of the law if they are to implement truly adequate procedures. Only by striving to meet the higher bar of emerging international norms and best practice can corporates best position themselves to defend against the gaze of increasingly active prosecutors.
How do you see this area of the law developing over the coming months and years?
There has, in recent months, been increased focus and press coverage given to penalties imposed against financial institutions and against corporates more generally for failures in internal controls and procedures. Also, in the UK, David Green CB QC, director of the Serious Fraud Office, has recently announced proposals to extend the application of BA 2010, s 7 to all forms of financial crime. Similarly, there is currently a Bill pending in the House of Representatives of the Dutch Parliament (Tweede Kamer der Staten-Generaal) on financial economic crimes, which will broaden the scope of the bribery provisions under ss 177, 177a and 178 of the Dutch Criminal Code (Wetboek van Strafrecht).
The BBA Guidance and DNB Guidance are welcome restatements of the core principles to which corporates seeking to implement effective procedures and policies should emulate. Lawyers and their clients should carefully consider whether their internal controls adequately reflect the principles set out in the guidance documents. If they do not, corporates should take immediate steps to rectify any inadequacies promptly or risk potentially finding themselves the subject of regulatory action.
This article was first published by LexisPSL Corporate Crime on 30 June 2014.