Such is the seeming regularity with which insurance brokers face censure from the FCA for failings in their anti-bribery and corruption systems and controls that the £315,000 fine dished out to Besso Limited this week may not be considered by some as blog-worthy (particularly when that blog is introduced with such an awful pun). However, the Final Notice that accompanied the fine, whilst not containing anything ground-breaking, does highlight some important themes that ought to make those in the insurance sector take note.
The failings identified by the FCA with respect to Besso centred on the firm's inadequate systems and controls concerning payments made to various third parties. Typically these were parties who entered into commission sharing arrangements with Besso and/or assisted Besso in winning and retaining business.
The failings were systemic: the company had limited policies and procedures between January 2005 and October 2009; risk assessments and adequate customer due diligence were not performed; adequate records were not maintained; and arrangements were not subject to monitoring and review. To illustrate the effect of this, the FCA cited an example of a relationship that Besso had with a third party based in the US that had not been subject to review since the arrangements began in 2002 and was not subject to a written agreement between the parties documenting what arrangements were in place and why.
The breaches were compounded by the fact that the regulator had previously flagged ABC failures to the industry by way of "Dear CEO" letters, a 2009 thematic review and high-profile enforcement action against Aon Limited and Willis Limited. Besso was itself the subject of two visits by the regulator in 2009 and 2011 which brought to light deficiencies with relevant systems and controls.
Regulator continues to target systemic failings
The enforcement action is a reminder that the FCA has its sights firmly trained on eradicating the risks that control failings pose to the integrity of the UK financial system and that smaller brokers, despite the volume of business they process and compliance resource being lower, are held to the same standards as those posing a much larger risk overall. As with previous cases brought, the FCA identified no actual instances of bribery or corrupt payments. Besso's conduct was neither deliberate nor reckless and the majority of third parties to whom Besso made payments were not based in high-risk territories.
Nevertheless, the absence of systems and controls in line with FCA expectations presented an unacceptable risk that bribery and corrupt payments could have taken place.
Risk management tools alone are not enough
Despite the firm having made improvements with respect to its risk assessments, the FCA felt that these did not go far enough. As has been seen on a number occasions, the form itself was fit for purpose. The manner in which it was used was not. The FCA found that in the majority of third party files the risk assessment form was not completed either fully or accurately, that the employee had noted a number of high-risk indicators present but the overall risk rating remained low and there was no adequate justification for the assessment reached.
The expectation from the regulator is clear. ABC policies and procedures cannot simply be a one-size-fits-all set of documents or operating tools. Instead systems and controls must be detailed, tailored specifically to the firm's business operations, be effectively implemented and subject to meaningful review.
Remediation and openness continues to be valued
On a more positive note, the Final Decision is a reminder of how the FCA recognises and rewards openness, co-operation and a commitment amongst firms to remediate where breaches have been identified. Besso's conduct following the breach was explicitly commented upon by the regulator. It had been collaborative both with respect to its dealings with the regulator and its dealings with the Skilled Person that was appointed by the FCA to analyse its affairs. This constructive approach extended to commissioning a firm of solicitors in 2011 to review systems and controls and sharing the findings of that review with the FCA. As well as helping the firm to demonstrate good corporate citizenship such openness is, of course, reflected in the level of fine imposed.
This latest fine by the FCA will come as a shock to some smaller brokers who may have previously considered themselves to be below the radar of the regulator. It demonstrates the FCA's commitment to eradicating the risk of financial crime in the UK wholesale market, regardless of the size of the risk or the cost to the regulated entity.
With the FCA in the midst of its thematic review of smaller general insurance brokers' anti-bribery and corruption systems and controls only the foolhardy would ignore this Final Notice.