On 29 March, the UK’s Financial Services Authority (“FSA”) published the findings of its recent thematic review into anti-bribery and corruption systems and controls in investment banks. The main purpose of the review was to assess how effectively a sample of 15 authorised firms are addressing the risk of becoming involved in bribery and corruption.
Although the FSA does not enforce the Bribery Act, addressing the risk of bribery and corruption in authorised firms is relevant to its statutory objectives under the Financial Services and Markets Act 2000 (“the Act”), in particular the maintaining of market confidence and the reduction of financial crime. The FSA therefore seeks to ensure that regulated firms adequately address this risk in accordance with the relevant FSA rules and principles.1 Whilst the FSA does not prescribe how firms should comply with those rules and principles, authorised firms will be expected to demonstrate that they can identify and assess the risk of bribery and corruption and take reasonable steps to prevent it. Such steps may of course also be relevant to the “adequate procedures” defence, in the event that a firm is facing allegations of failing to prevent bribery under section 7 of the Bribery Act.
The FSA’s thematic review focused on the following topics in relation to bribery and corruption: governance and management information; assessing bribery and corruption risk; policies and procedures; third-party relationships and due diligence; payment controls; gifts and hospitality; staff recruitment and vetting; training and awareness; remuneration structures; and incident reporting. It found that, although some banks had completed significant work to implement effective anti-bribery and corruption controls, most had more work to do. The report’s key findings are as follows:
- Most firms had not properly taken account of FSA rules covering bribery and corruption, either before the Bribery Act or after.
- Nearly half of the 15 firms visited did not have an adequate anti-bribery and corruption risk assessment, although progress had been made since the coming into force of the Bribery Act in July 2011.
- Management information on anti-bribery and corruption provided to senior management was poor.
- The majority of firms had not yet thought about how to monitor the effectiveness of their anti-bribery and corruption controls.
- Firms’ understanding of bribery and corruption was often very limited.
- There were significant weaknesses in firms’ dealings with third parties used to win or retain business, including in relation to compliance approval; due diligence; politically exposed persons screening; ensuring and documenting a clear business rationale; risk assessment; and regular review.
- Many firms had recently tightened up their gifts, hospitality and expenses policies by prohibiting facilitation payments, increasing senior management oversight of expenses and introducing or revising limits. However, few had processes to produce adequate management information; for example, to ensure that gifts and expenses in relation to particular clients or projects were reasonable on a cumulative basis.
- Firms had well-established vetting processes in place when staff were recruited, but bribery and corruption risk had not usually been a factor in identifying high-risk roles which should be subject to enhanced vetting.
- Since the implementation of the Bribery Act, firms had generally provided adequate basic training to staff. However, most were still developing training for staff in higher-risk roles and had no processes in place to assess the effectiveness of existing training.
In response to its findings, the FSA has launched a four-week consultation on proposed amendments to the FSA’s regulatory guidance: Financial Crime: A Guide for Firms.
FSA as the main anti-corruption enforcer?
Whilst the coming into force of the Bribery Act last year has focused attention on these issues, the FSA’s determination to address systems and controls failings in this area is nothing new. In January 2009, Aon Limited was fined £5.25m by the FSA for failing to take reasonable care to establish and maintain effective systems and controls to counter bribery and corruption risk, in breach of principle 3 of the Principles for Business (a firm’s duty to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems). The involvement of financial institutions in corrupt or potentially corrupt practices undermines the integrity of the financial services sector and will be high on the FSA’s agenda even where there is no clear evidence of criminal conduct. The impact of the Bribery Act in terms of prosecutorial activity remains to be seen. However, it may be that, for authorised firms at least, the risk of enforcement action for regulatory breaches is significantly greater than the risk of criminal sanctions for Bribery Act offences. Indeed, the FSA is apparently currently considering enforcement action in relation to certain of the firms involved in the thematic review.
The full report of the FSA’s thematic review can be accessed here, and contains some useful examples of good and poor practice in relation to each of the topics assessed. Further details of the consultation can be accessed here. The Final Notice in relation to Aon Limited can be accessed here.
1 In particular, principles 1, 2, 3 of the Principles for Business and SYSC 6.1.1R.