Managing agents have as much exposure to anti-bribery and corruption risk as any other entity dealing with third parties in high-risk jurisdictions.
Coverholders and other third parties to whom Lloyd’s syndicates’ underwriting pen is lent under binding authorities or other contracts are often based in jurisdictions where the perception of corruption is high. While this allows Lloyd’s syndicates to access business in those regions, it also calls for managing agents to ensure that robust anti-bribery and corruption risk management is in place.
This article focuses on anti-bribery and corruption compliance not only under the UK Bribery Act 2010 and the Lloyd’s Revised Code of Practice on Delegated Underwriting, but also under the FCA Handbook, especially in light of the FCA’s (and formerly FSA’s) enforcement action in recent years against a number of London-market brokers. Although these decisions concern the broker market, they address various aspects of third-party due diligence of equal relevance to managing agents vis-àvis their coverholders or other third parties. In light of the FCA’s publication in November 2014 of the findings of its thematic review into Managing bribery and corruption risk in commercial insurance broking, the time is therefore ripe to remind managing agents of their obligations.
UK Bribery Act 2010
Much has already been written about the UK Bribery Act, and the fact that, under section 7, a ‘relevant commercial organisation’ (C) will be guilty of an offence if an ‘associated person’ (A) bribes another whilst intending to obtain or retain business for C or to obtain or retain an advantage in the conduct of business for C, unless C has ‘adequate procedures’ in place designed to prevent A from undertaking such conduct1. As the Lloyd’s Revised Code of Practice on Delegated Underwriting explains, the nature of the coverholder relationship with managing agents means that coverholders can pose a potential financial crime risk as ‘associated persons’ under the UK Bribery Act. In the absence of adequate procedures to prevent coverholders from using improper methods to secure business, managing agents face potential liability under the UK regime.
Lloyd’s Revised Code of Practice on Delegated Underwriting
The Lloyd’s Revised Code of Practice on Delegated Underwriting provides an introduction to delegated underwriting in the Lloyd’s market and includes practical guidance as to Lloyd’s expectations of managing agents in assessing new coverholders, managing binding authority contracts and renewing such contracts. Appendix 3 to the Code focuses on financial crime, making clear that financial crime by connected third parties is a particular risk which managing agents need to manage appropriately. It also reminds Lloyd’s market participants that ‘regulatory expectations of the UK insurance industry to ensure appropriate anti-financial crime systems and controls are increasing, together with regulatory penalties for non-compliance, as seen in recent high profile actions by the FSA [now FCA]’.
The Code also sets out that the responsibility to check compliance by coverholders in respect of financial crime legislation and regulations lies with managing agents – albeit coverholders still need to comply with their own responsibilities to manage the risk of financial crime under relevant legislation. It emphasises, in particular, the importance of auditing coverholders in respect of recognising and reporting suspicious transactions and sanctions issues; staff training and awareness; and record keeping.
In terms of practical guidance, the Code provides that the binding authority should contain a clear clause setting out the coverholder’s obligations to avoid the risk of financial crime (referring to the model LMA binding authority financial crime clause and endorsement in this regard). Importantly, however, as Lloyd’s bulletin Y4510 dated 11 August 2011 emphasises, such a clause does not remove a managing agent’s obligations to execute and document risk-based due diligence on each coverholder to ensure that the clause’s requirements are proportionate to the risk posed, and to carry out robust compliance audits of coverholders to ensure monitoring on an ongoing basis, with recommendations implemented where appropriate. The insertion of a model clause in a binding authority agreement alone will not be enough.
The Code also highlights the importance of ensuring that coverholders’ key personnel complete online training modules developed by Lloyd’s. Lloyd’s offers three training courses to coverholders, including one on bribery. Again, the guidance in Lloyd’s bulletin Y4510 is key, emphasising that while the online training will assist in informing coverholders of their compliance obligations and the potential consequences on managing agents of any breach, it nevertheless remains the responsibility of managing agents to determine whether their coverholders require any additional training, given their particular risk profile. Managing agents should not, therefore, assume that they have adequately fulfilled their ABC compliance obligations simply by asking their coverholders to carry out online training.
The FCA (and its predecessor the FSA) has long been emphasising the importance of ABC compliance, particularly in relation to third parties. So far the focus has been on insurance brokers, starting with the FSA’s ‘Dear CEO’ letter sent to all wholesale insurance broker firms in November 2007 setting out the FSA’s expectations in relation to payments to third parties and prompting firms to review their business practices to ensure that they were not involved in, or associated with, illicit payments. The FSA subsequently carried out a ‘thematic review’ into the ABC practices of insurance brokers, identifying areas of good and poor practice in its ‘Antibribery and corruption in commercial insurance broking’ report of May 2010. The area in which the FSA was most critical, and sought to influence the most change, was risk assessment and due diligence on third parties.
In an effort to deter non-compliance, the FSA/FCA has imposed a number of fines between 2007 and 2014 predominantly for breach of Principle 3 of the FCA’s Principles for Businesses, which provides that ‘A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems’, but also for breach of certain provisions from the Senior Management Arrangements, System and Controls (SYSC) of the FCA Handbook, particularly SYSC 3.2.6R (obligation to take reasonable care to establish and maintain effective systems and controls to counter the risk of the firm being used to further financial crime) and SYSC 3.2.20R (obligation to take reasonable care to make and retain adequate records as required under the regulatory system).
It is important to remember that financial penalties can be imposed by the FCA even where there is no evidence of improper payments or inducements having been made or intended to be made, the conduct was not deliberate or reckless, and there was no loss or adverse effect caused to consumers, investors or other market users. It is enough that there is an ‘unacceptable risk’ that payments could be used for a corrupt purpose, including the payment of bribes to persons connected with insureds, insurers and/or public officials to gain a business advantage.
Given that Principle 3 applies equally to Lloyd’s managing agents, particularly in respect of their coverholders, Lloyd’s managing agents should be mindful of the following lessons learnt from the FSA/FCA’s enforcement action against the brokers. These lessons can also be applied more broadly to others who manage third parties, whether agents or distributors, and should be borne in mind when seeking rigorously to implement meaningful businessintegrated policies and procedures.
- It is important to carry out a transparent and methodical risk assessment at the outset in order to identify possible areas of ABC exposure and not to leave any categories of third parties unassessed.
- In the case of managing agents, although the most common method of delegating underwriting authority is to a coverholder under the terms of a binding authority agreement, other forms of delegation are also permitted, such as to a Lloyd’s broker acting as a coverholder or to another managing agent in accordance with the terms of a line slip or binding authority. Managing agents should be watchful of where their obligations and possible exposure under the UKBA, Lloyd’s regulations and FCA rules lie.
- In assessing exposure according to jurisdiction, remember to consider the jurisdiction of the insured as well as the coverholder.
Policies and procedures
- Once a risk assessment has been carried out, ensure that there are proportionate policies and procedures in place to mitigate each risk identified.
- Make policies practical and encourage managing agents to be proactive. As well as giving examples of red flags, provide guidance on how managing agents should seek to establish whether any red flags exist, such as a relationship between the coverholder and the insured or a government official.
- Ensure that policies are correctly implemented: leaving questions blank can distort the overall process. Where policies are amended, ensure that the amendments are actioned.
- Tailor due diligence according to risk: avoid a ‘one size fits all’ approach to third party due diligence and use enhanced due diligence where the circumstances require.
- Perform due diligence on coverholders before the business commences in order to ascertain, as far as possible, whether the coverholder has links with the insured or government officials.
- Ensure that there is adequate assessment of risk associated with each new piece of insurance business introduced and/or written by the coverholder.
- Check that the coverholder’s commission is commensurate to the services provided.
- Do not rely on an existing relationship to approve new coverholder business automatically, as circumstances and risk change over time, and higher-risk business must be assessed and mitigated accordingly. Equally, avoid reliance on informal market views of the third parties in question.
- Beware of the possible limitations of electronic screening software, which may not have the capacity to highlight connections with the insureds and/or public officials. In the case of a company, carry out equivalent electronic checks on its directors and beneficial owners. Also carry out searches against close family members or close associates of the coverholders to see whether they have links to the insured or government officials. Carry out ‘fuzzy matching’ searches, where appropriate, in case of any spelling errors in the search terms used.
- Be prepared to verify the coverholder’s responses – for example, whether they have any shareholding in the business they write; whether any directors of the coverholder previously held public office; and whether there is any other connection between the coverholder and the insured, such as a family relationship or whether an individual from the coverholder had a separate business venture with an individual from the insured.
- Be prepared to produce on demand a list of coverholders, associated due diligence and details of payments made to them.
- It is essential to establish and keep a record of the commercial rationale and business case to support payments to coverholders.
- Ensure that there are written agreements with coverholders, as this will allow managing agents to monitor the conduct of the coverholder against original expectations as well as any changes to the arrangements with the coverholders – for example, the way in which the coverholder is paid.
- Keep minutes of meetings of internal ABC working groups as evidence of compliance responsibilities being fulfilled.
- Operate a formal staff training program in relation to opening coverholder accounts, and monitor staff carrying out checks on coverholders to ensure adequate risk assessment, due diligence and record keeping.
- Where necessary, bolster in-house knowledge or resources in carrying out due diligence on coverholders with external expertise.
- Ensure that coverholders themselves receive ABC training and are prepared to exercise similar vigilance over any sub-coverholders.
- Coverholder due diligence should not be confined to initial checks – there should be ongoing monitoring of the relationship to check that the coverholders are necessary and that it is appropriate to continue the business relationship.
- Once any ABC issues are identified, work as quickly as possible to address the associated risks.
Compliance and senior management oversight
- Ensure that there is sufficient oversight and approval by both internal compliance functions and senior management to enable any shortcomings to be identified and addressed.
At a time when the Lloyd’s market is focusing on Lloyd’s minimum standards conduct risk rules, managing agents should not forget the need for robust anti-bribery and corruption compliance in relation to their coverholders and other third parties whom they engage. Without adequate procedures in place designed to prevent third parties from engaging in corrupt activity on their behalf, managing agents face potential exposure under the UK Bribery Act. The lessons arising out of the recent FSA/FCA enforcement action in respect of brokers also outline the importance of a top-down approach to antibribery and corruption compliance by managing agents, particularly with regard to due diligence on coverholders and other third parties in high-risk jurisdictions.