Risk CommitteeIntroductionThe risks posed by bribery and corruption to any firm in the regulated sector are severe and cannot be ignored. They can range from reputational damage to criminal charges.
It is vital that senior management and a firms risk committee understand the risks faced by their firm and show top level commitment for ensuring proportionate counter measures are in place. This is especially true as the Bribery Act 2010 created a “new strict liability offence for UK companies and partnerships of failing to prevent bribery” (8). It is essential then that financial resources are directed to developing and implementing systems and controls in order to avoid running foul of regulatory and criminal legislation.Within your firm’s policy you must document what is meant by the terms bribery and corruption as although both are interlinked, they are different terms with bribery a specific offence in UK law. Corruption can be defined as the “misuse of entrusted power for private gain” (9). Bribery specifically involves offering promising or giving an advantage (financial or other) to an individual in order to induce that individual to perform an improper action. Bribery can also involve the demanding of such inducementRisk AssessmentIn order to identify and develop adequate systems and controls it is imperative you first carry out a risk assessment specific to your firm.
This risk assessment must identify what exposure your firm has to bribery and corruption across the business both externally and internally. You must identify:1. What are the specific bribery and corruption risks in the financial sector of which your firm operates?2. What are the bribery and corruption risks specific to the products offered by your firm, including transaction risks, delivery channels and their inter relation to other offences?3. What are the bribery and corruption risks in relation to staff, clients, third party agents and the geographical jurisdictions your firm transacts with?4. What is the current status of your policies and controls in place within your firm?Understanding the risks posed is the foundation to which your firm can develop and implement effective bribery and corruption counter measures.
Systems and ControlsSenior management/ Risk Committee responsibility. Senior management must have documented responsibility for anti bribery and corruption policy, making sure it is proportionate to the risks faced by your firm. Crucially anti bribery and corruption policies like the commitment to carrying out all business openly and honestly or a zero tolerance approach to all staff must be clearly documented (internally and externally) and communicated to all employees encouraging a collaborative engagement across your firm. Staff must be aware of the standards expected of them across your business. Senior management must continually adapt policy to match any threats posed to your firm, making sure policies are up to date and comply with current regulations and criminal legislation. Senior management also have a vital day to day role within your firms governance controls.
They must be regularly involved in discussions and reviews in relation to approving the acceptance or continuation of business relationships that pose a bribery and corruption risk.KYC and CDD. These are vital weapons for your firm in combating bribery and corruption. They are commonly known as “know your customer “and “customer due diligence”. They are compulsory for any UK firm in the regulated sector.
Your staff must determine the true identity of the potential client, secondly establish what is the expected activity for that client going forward, then apply the correct level of on going monitoring during the relationship. These systems are vital to mitigating the risks from bribery and corruption as this is where your firm will identify if the client is on the sanctions list or if they are a PEP (politically exposed person).The Financial Action Task Force defines PEPS as “individuals who is or has been entrusted with a prominent public function” (10). It is vital that your firm implements risk based measures to prevent the misuse of the financial system by any clients identified as PEPs.
This is because PEPs can pose a higher risk of bribery and corruption due to their access to state funds and government policy. A PEP may abuse the financial system to launder illicit proceeds from bribery and corruption using a variety of methods including the use of corporate vehicles, trusts or taking advantage of jurisdictional regulatory variances. It is imperative your systems and controls identify if an individual is a domestic or foreign PEP or if an existing client becomes a PEP during the business relationship as not all PEP’s will present the same level of risk. This is because foreign PEP’s are considered higher risk and must be subjected to enhanced due diligence and ongoing monitoring by your firm. It can be difficult to assess the risk posed by a foreign PEP. Nonetheless it is vital that when taking on a PEP your firm must establish the source of their wealth and any source of funds to be handled, so that going forward any transactions are consistent with your firms assessment of that client. Vital to your firm’s ability to manage the risks associated with foreign PEP’s is the enhanced on going monitoring of the business relationship, specifically your firm must establish an effective transaction monitoring system.
This system whether automated or manual must identify and then scrutinise unusual transactions that fall outside the norm. This may involve interrogating automated exception reports or by conducting periodic reviews of the account activity every month depending on your firms specific policy in place for foreign PEP’s. Your transaction monitoring system should interrogate daily transactions depending on the risks associated, while also examine payments to third parties and what relation they have to the PEP. Your system must identify patterns of transactions that warrant additional scrutiny and contain levels of authority where payments over a certain threshold will require management approval. While deciding to take on a PEP as a client or while managing financial transactions on their behalf it is crucial that your firm engages senior management approval at all stages. This is because any failure to manage the risks associated with PEP’s carry severe penalties. An example of this was Coutts bank in 2012 which was fined GBP 8.75M for “serious, systemic” money laundering failures.
In particular, the bank didn’t properly manage accounts with so-called PEPS (11).Payment controls.It is critical that your firm has effective payment control systems for all clients where payments outside the norm of the customers profile especially in regards to PEP’s are assessed for any bribery and corruption risks. This policy may include threshold levels or contacting the client to establish reasons for the payments before authorising.Gifts, entertainment and hospitality. While the Bribery act 2010 offers no guidance on thresholds your firm should have a documented policy on gifts and hospitality. It must set out guidelines for staff which includes monetary thresholds and management pre approval requirements in relation to giving and receiving gifts and hospitality as part of business dealings. It is necessary for your firm to be open and transparent in their dealings to avoid any reputational damage.
An example of such failings was Rolls-Royce who “had to pay £671M in penalties after long running investigations into claims it paid bribes to land export contracts”. (12)Third party relationships. Your firm must have a documented policy regarding third parties that act on your firms behalf such as introducers, consultants or suppliers. Your firm must scrutinise the third party relationships where high risk is identified. Subsequently the rationale for choosing the third party or continuing a relationship must be documented and signed off by management. Controls may include creating a risk register or applying further layers of due diligence which are reviewed regularly with managerial oversight.
When dealing with third parties the FCA handbook gives an example of good practice as “specific anti bribery and corruption clauses in contracts with third parties” (13). Your firms senior management when dealing with a third party must decide when to terminate the relationship if the third party are not operating the required level of anti bribery and corruption measures. Failure to manage this risk was exemplified by Aon who was fined GBP 5.
25M by the FSA in 2009 for “failings in its anti bribery and corruption systems and controls, Specifically in its dealings with overseas firms and individuals who helped it win business” (14) RecruitmentYour firm must implement robust staff vetting systems including sufficient background checks ranging from previous employment to criminal record checks. These systems must take account of the role the staff member is fulfilling and any additional associated risks.RemunerationYour staff must be rewarded not only for their performance but their behaviour in relation to compliance.
A fair remuneration policy in conjunction with fair employment terms is crucial to your firm building a culture that discourages your staff from engaging in bribery and corruption.Training.The training of your staff is crucial to educating and creating awareness of bribery and corruption risks. Training should be comprehensive and tailored to the risks posed to your specific staff roles.
Training must be practical utilising real life examples in order to cement the staffs knowledge. Training needs to be up to date making sure it is refreshed over time as well as accurate records kept of what training has been completed. Your senior management must complete enhanced training as they are guiding your firm’s policy and making decisions in high risk areas like PEP’s.Monitoring, review and Breach/Escalation policies.Your firm must have clear policies for monitoring and reviewing the effectiveness of all controls then correctly escalating identified breaches. Your firm must utilise periodic reviews to encompass any changes in regulations or legislation, with reports produced for review by senior management. Systems must be in place to detect breaches, for example a whistleblowing system with a hotline for staff which is advertised and accessible.
Your firm must investigate breaches fully and subsequently use them to improve existing policies and controls. When breaches are identified your firm must act with transparency and take proportionate action including disciplinary sanctions against the offender. With consideration given if an offence has occurred under the Bribery act 2010 and if so reports submitted to the relevant authority. The risks associated with bribery and corruption while not fully eroded can be mitigated with the systems and controls identified above. It is therefore for the risk committee, to decide upon your firms risk appetite going forward.