LiabilityLiability of undertakings
What are the risk and compliance management obligations of members of governing bodies and senior management of undertakings?
As mentioned above, obligations vary from industry to industry. As the banking industry is the most developed this answer will focus on that. Obligations for the banking industry include:
- AML/CFT compliance is ultimately the responsibility of the board/senior management;
- an AML/CFT compliance manual must be formulated by the management and presented to the board for consideration and formal approval;
- senior management approval is required before establishing business relationships with politically-exposed persons;
- where a customer has been accepted or has an ongoing relationship with the financial institution, and the customer or beneficial owner is subsequently found to be, or becomes, a politically-exposed person, the financial institution is required to obtain senior management approval in order to continue the business relationship;
- in relation to cross-border and correspondent banking and other similar relationships, in addition to performing the normal customer due diligence measures, financial institutions must obtain approval from senior management;
- an employee training programme under the guidance of the compliance officer in collaboration with senior management is required;
- the board and senior management may be investigated for their roles in contravention of the provisions of the AML/CFT manual produced by the CBN; and
- on the second contravention of the CBN’s AML/CFT manual, responsible parties including but not limited to members of the board and senior management will be blacklisted from working in the financial services industry, and the officers penalised shall be reflected in the institution’s financial statements and published in the newspapers.
Do undertakings face civil liability for risk and compliance management deficiencies?
In circumstances where there are deficiencies in risk and compliance management, and such deficiencies occasion loss or injury to third parties, undertakings responsible for causing such loss or injury will have civil liability to the affected third parties.
Do undertakings face administrative or regulatory consequences for risk and compliance management deficiencies?
Failure to observe laws and regulations normally result in either administrative or penal consequences for deficient undertakings. The consequences are dependent upon the legislation and regulations involved. In some circumstances, the consequences are entirely administrative and in others, they are penal and require formal prosecution and conviction before they can be applied. Examples of administrative sanctions include the imposition of administrative fines where companies fail to file requisite returns with the CAC within stipulated time frames. The failure of financial institutions to maintain minimum capital ratios at all times carries administrative penalties including, but not limited to, the prohibition of the institution from advertising for, or accepting, new deposits, and the revocation of the institution’s operating licence. The SEC has the power to prohibit an organisation from trading in particular securities if it deems that action to be necessary for the protection of persons buying and selling the particular securities.
Do undertakings face criminal liability for risk and compliance management deficiencies?
Criminal liability is imposed by some statutory provisions for risk and compliance management deficiencies. Examples include criminal sanctions to risk and compliance regulators or other bodies indicated in the legislation under the Anti-Money Laundry Act for failure to provide information, or for the provision of inaccurate information. The Banks and Other Financial Institutions Act also provides criminal sanctions, fines, and terms of imprisonment for certain management.Liability of governing bodies and senior management
Do members of governing bodies and senior management face civil liability for breach of risk and compliance management obligations?
Civil liability for governing bodies in breach of compliance management obligations exists in relation to certain specific statutory offences. For example, section 85 of the Investment and Securities Act 2007 allows all persons who suffer damages as a result of subscribing for shares or debentures after relying on a prospectus that contains untrue misleading information, to seek damages from any director of the company at the time of the issue of the prospectus or any person who consented to be named and is named in the prospectus as a director. The act also extends this liability to employees of the company who participate in or facilitated the production of the prospectus.
Do members of governing bodies and senior management face administrative or regulatory consequences for breach of risk and compliance management obligations?
In certain circumstances, members of governing bodies and senior management may be sanctioned for regulatory deficiencies of their organisations. An example of this is section 16(4) of the Anti-Money Laundering Act that provides that if there is a serious oversight or flaw in its internal control procedures owing to a financial institution’s or the compliance officer at management level’s failure, the disciplinary authority responsible for the financial institution or the person’s professional body may take disciplinary action against the financial institution and the responsible individuals. Administrative consequences vary from dismissal to a complete ban from operating within that industry. Section 16(1)-(3) of the Anti-Money Laundering Act holds that a director or employee of a financial institution, who destroys or removes a register or record required to be kept, may be banned indefinitely, or for a period of five years, from practising the profession that provided the opportunity for the offence to be committed.
Do members of governing bodies and senior management face criminal liability for breach of risk and compliance management obligations?
Individuals may face criminal liability for the breach of risk and compliance management obligations. Examples of such liability can be found in the CAMA, the Banks and Other Financial Institutions Act, the Food and Drugs Act, and several other statutes.