FSA thematic review into anti-bribery and corruption systems and controls
16 May 2012
It published its findings on 29 March 2012. The FSA found that, despite a long-standing regulatory requirement to mitigate financial crime risk, the majority of firms in its sample had, in its view, more work to do to implement effective ABC systems and controls.
The thematic review helpfully illustrates the FSA's perspective. If resources permitted, then comprehensively following each of the FSA's recommendations would be recommended.
However, even with continuing investment in compliance, resources have to be allocated where they will be most effective. The objective is, of course, to substantively reduce the risk of bribery in the most efficient way. When assessing a firm's regulatory obligations in this context the FSA Principle likely to be most relevant is Principle 3 which states: "A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems." (Emphasis added).
The FSA Rule most likely to be relevant is SYSC 6.1.1R which states: "A firm must establish, implement and maintain adequate policies and procedures sufficient to ensure compliance of the firm including its managers, employees and appointed representatives (or where applicable, tied agents) with its obligations under the regulatory system and for countering the risk that the firm might be used to further financial crime." (Emphasis added)
Firms will also, of course, have regard to the need to have adequate procedures under the Bribery Act, the requirements of which are in substance likely to be the same or very similar to those arising from the regulatory obligations above.
For most firms we would anticipate that following all of the recommendations implicit in the FSA's thematic review is not necessary to meet its regulatory objectives. In our view, an adequate anti-bribery risk management system should focus on the well established key risk areas. Having done that, a firm in organising its affairs responsibly and effectively would need to be satisfied that further resources targeted at anti-corruption compliance have a sufficiently important incremental benefit and would not be better deployed elsewhere. All firms will likely have the essential architecture in place already (eg policies). Beyond that, in our view, resources should then be directed to:
- close scrutiny of third parties used to obtain introductions and new business in high-risk jurisdictions;
- tight control on gifts and hospitality and any other forms of employee expenses; and
- targeted internal audit review of business won in high-risk jurisdictions
Bribery cannot usually be committed without a source of funding. Tight control over how funds leave the firm, particularly in the context of business generation, is likely to be the central and substantial part of systems to adequately control bribery risk.
Resulting amendments to the FSA Financial Crime Guide
The review has also resulted in proposed amendments to the FSA Financial Crime Guide (the Guide), currently subject to consultation (responses to this consultation were requested by 29 April 2012). Some new examples of good practice have been included in the Guide and, while the status of the Guide is not binding, the FSA expects firms to be aware of what the Guide says.
Following the review, the FSA proposes to update chapter 2 (Financial Crime Systems and Controls) and chapter 6 (Bribery and Corruption) of Part 1 of the Guide, with new guidance and examples of good and poor practice drawn from the findings. A new Chapter 13 will also be included in Part 2 of the Guide, which will consolidate all examples of good and poor practice highlighted in the thematic review.
Proposed changes to Part 1 of the Financial Crime Guide
The amendments proposed in chapter 2 (Financial Crime Systems and Controls) of Part 1 relate to staff recruitment, vetting, training and awareness, and remuneration. The relevant section will now include statements that where employment agencies are used, a firm should periodically satisfy itself that the agency is adhering to the agreed vetting standard and that temporary staff in higher risk roles are subject to the same level of vetting as permanent members of staff in similar roles. Also included is a new statement that a firm should assess and manage the risk of remuneration structures rewarding staff for taking unacceptable financial crime risks to generate business.
Many more amendments are proposed to chapter 6 (Bribery and Corruption). These are also of general application to all firms. A few examples include:
A firm's senior management should be kept up-to-date with, and stay fully abreast of, bribery and corruption issues.
An amendment is proposed to make clear that responsibility for ABC systems and controls can be given to a committee with appropriate terms of reference and senior management membership as well as to a single senior manager. The FSA suggests that regular MI still needs to be provided to the board and other senior management forums.
The firm considers factors that might lead business units to downplay the level of bribery and corruption risk to which they are exposed, such as lack of expertise or awareness, or potential conflicts of interest.
In this section, the Guide now asks: "Is the frequency and depth of the monitoring and review commensurate to the risk associated with the relationship?"; "Is the risk assessment and due diligence information kept up-to-date? How?". The FSA suggests good practice that an example of is that the firm provides anti-corruption training to third parties.
Proposed changes to Part 2 of the Financial Crime Guide
Part 2 of the Guide will also be amended with the addition of a new chapter 13 which sets out examples of good and bad practice arising from the thematic review. Many of them repeat what is said in Part 1. There are a few examples of good practice which will only appear in Part 2. These include six new examples of good practice in relation to gifts and hospitality policy's and the suggestion in relation to ABC training more generally that it would be good practice to hold awareness-raising initiatives, such as special campaigns and events to support routine training.
British Bankers' Association's (BBA) response
In a response to the FSA, the BBA points out that on the whole its members feel that the majority of themes identified within the proposed guidance are areas where they have been actively implementing systems and controls.
The response also identifies a number of priority issues which the BBA would like to bring to the FSA's attention as needing further deliberation:
Implementation of a risk-based approach – the BBA says that the language appears fairly stark and may drive some firms to pursue good practice as defined by the FSA and not by the appropriate level of controls for the particular risks they face.
Staff recruitment, vetting and training of staff – the BBA suggests that a sensible approach is that firms should look to appropriately risk-classify categories or classes of staff, rather than every individual staff member. It also asks for further clarity on the specific criteria that the FSA envisages firms using to risk-assess staff for ABC risks. The BBA is also interested in further understanding which remuneration structures (beyond commission-type arrangements) that the FSA deem to be specifically vulnerable to bribery and corruption versus wider considerations such as risk incentive remuneration.
Dealings with, and training of, third parties – given the sheer volume of third-party relationships and payment flows, the BBA thinks it is vital that a well founded risk-based approach is adopted as the overall level of due diligence applied will necessarily vary according to certain risk factors.
Risk Assessment – the BBA reports that there is significant uncertainty across the BBA membership as to the FSA's expectations in the area of risk assessment and the BBA finds the guidance in this area surprisingly light in detail.
Gifts and Hospitality – the experience of the BBA membership in implementing a group-wide G&H policy is that further thought is needed on preventing possible ‘unintended consequences’ arising from the proposed changes to the Financial Crime Guide. For instance, the draft recommendation of a cumulative basis for recording all G&H has in some cases led to concerns over the provision of insider information, ie, in instances whereby all meetings are recorded in an open G&H register.
As to be expected, the FSA sets its expectations at the highest level. Bribery usually cannot be committed in the absence of funds leaving the firm. Therefore, in practice, firms should focus resources on routes by which funds can leave the firm in connection with business generation and ensure they are tightly controlled.