On January 8, 2009, the UK’s independent regulator of the financial services industry, the Financial Services Authority (“FSA”),12 fined Aon Ltd. (“Aon”), the principal UK subsidiary of Chicago-based Aon Corporation, the world’s largest insurance broker, £5.25 million for failing to establish and maintain systems and controls to prevent and detect bribery and corruption associated with payments to “overseas” third parties that assisted Aon in winning business. 13 The fine, which is the “largest financial crime related fine” in FSA history, was discounted from £7.5 million given Aon’s early settlement of, and cooperation with, the investigation.14 In its press release announcing the disposition, the FSA highlighted the remedial action taken by members of Aon’s senior management upon discovery of its failings, and noted that Aon’s “pro-active determination” to identify prior “suspicious” payments and improve the firm’s systems and controls should serve as a “model of best practice” to other entities regulated by the FSA.15 The FSA also made clear that it would be reviewing the adequacy of systems and controls in place at a number of commercial insurance intermediary firms for preventing illicit payments. The FSA’s increasing focus on combating transnational bribery is consistent with recent actions brought by other UK authorities,16 signaling more targeted efforts by that jurisdiction in the fight against corruption.

Facts

According to the Final Notice issued by the FSA (the “Notice”),17 Aon was one of the largest insurance and reinsurance brokers in the UK. As part of its operations, “in a number of circumstances” between in or about January 2005 and in or about September 2007, Aon made use of and paid non-FSA authorized overseas third parties (“Overseas Parties”), including in its aviation and energy divisions, in order to secure or retain business from “overseas” clients, such as state-owned entities or other entities with “government connections,” located in high-risk jurisdictions. Although the use of, and payment to, these parties was not unusual or necessarily inappropriate, according to the FSA, Aon failed to assess and address the associated risks that these Overseas Parties might pay bribes to government officials. The Notice stated that these failures were in violation of Principle Three of the FSA’s Principles for Business, which requires regulated companies to “take reasonable care to organise and control [their] affairs responsibly and effectively, with adequate risk management systems.”18 According to the FSA, as a result of Aon’s “weak control environment,” 66 “suspicious payments” totaling approximately $7 million were paid to nine Overseas Parties in Bahrain, Bangladesh, Bulgaria, Burma, Indonesia and Vietnam, resulting in potential profits to Aon of approximately $7.2 million and €1 million in commissions or brokerages.

The Notice added that Aon’s systems and controls with regard to Overseas Parties were deficient in a number of ways, including: (1) inadequate due diligence requirements and payment authorization procedures; (2) insufficient employee training and “testing” with regard to the corruption risks associated with doing business with Overseas Parties in highrisk countries; and (3) inadequate risk monitoring by the “compliance team,” internal audit and committees charged with overseeing the use of Overseas Parties. In addition, according to the FSA, on several occasions, when Aon learned that its controls were inadequate to detect potentially inappropriate payments, its remedial action was insufficient and “strengthen[ed]” controls were circumvented. Although the FSA did not consider Aon’s failure to establish and maintain effective systems and controls “either deliberate or reckless,” according to the Notice, Aon’s breach of Principle Three was nonetheless “serious” because it “was, or should have been aware of the risks associated with making payments to [Overseas Parties] to obtain or retain business.” Among other reasons cited as the basis for Aon’s alleged awareness were: (1) the high risk of corruption in the countries where Overseas Parties were used; (2) the 2000 censure and fine, by the Disciplinary Board of Lloyd’s of London, of two predecessor companies for payments to Overseas Parties in Ghana, Nigeria and the Philippines in “suspicious circumstances;” and (3) multiple notifications of suspect payments in Indonesia and Bahrain.

Aon’s Remedial Action

Despite the fact that, in the FSA’s view, Aon’s failings merited the imposition of a “significant financial penalty,” the Notice detailed various remedial measures taken by Aon which served to “mitigate the seriousness of the firm’s failings.” Such measures included: (1) retention of an accounting firm to review systems and controls and make recommendations, all of which Aon adopted and, in some cases, exceeded; (2) establishment of a global anti-corruption program which, among other things, prohibits the use of third parties in high-risk countries whose sole function is to assist Aon in obtaining or retaining business by client introductions; (3) creation of regional working groups to review all third party relationships, and riskbased payment procedures for all Overseas Parties; (4) implementation of a risk-basked training program for employees; (5) forensic analysis of past payments made to Overseas Parties to identify potentially suspicious payments; (6) an independent investigation of such payments by an outside law firm and notification to FSA and the UK’s Serious Organized Crime Agency; and (7) imposition of disciplinary action against employees who were alleged to be involved in making potentially inappropriate payments.

Conclusion

As noted by the FSA’s Director of Enforcement, Margaret Cole, the fine levied against Aon was intended to send “a clear message to the UK financial services industry that it is completely unacceptable for firms to conduct business overseas without having in place appropriate anti-bribery and corruption systems and controls.” 19 The Aon matter further highlights the increasing emphasis by authorities, worldwide, of having a risk-based approach to compliance in global commerce and business operations. Such approach should include not only procedures tailored to the risks presented by particular transactions, parties, and locales, but also regular assessments to identify areas that require enhanced anti-corruption controls, and prompt investigations of compliance issues that may arise.