Why the tone from the top matters with financial crime risks

Financial institutions operate in a complex and fast changing global environment. There can be pressure to deliver higher profits by venturing into unknown and higher risk markets, with increased financial crime risks. Some believe Brexit will only exacerbate this.

We haven’t seen recent enforcement cases focusing on bribery and corruption in financial services firms in the United Kingdom. But the risk remains a focus for law enforcement, and it’s mentioned in the Financial Conduct Authority (FCA) Business Plan 2019/20.

Hand in hand with the focus on managing financial crime risk is the focus on senior management responsibility and accountability. The FCA’s Financial Crime Guide: A firm’s guide to countering financial crime risks expects senior managers to take clear responsibility for managing financial crime risks; these include bribery and corruption risks. It says both should be treated the same as other risks faced by the business. The guide indicates the FCA will look for evidence that senior management is actively engaged in the firm’s approach to these risks. This means all senior managers need to set the right tone and show leadership on financial crime issues.

Senior managers must understand the firm’s business

Firms need to make sure they have comprehensive financial crime risk assessments. Again, these should include bribery and corruption, and they need to be regularly reviewed to reflect new services. Resources should be concentrated in areas of highest risk. Senior managers need to make sure they understand the financial crime risks their firm is exposed to, and they should engage constructively with processes of oversight and challenge.

It’s important to consider both domestic and foreign corruption risk. The Fraud Advisory Panel, in its report Hidden in plain sight: domestic corruption, fraud and the integrity deficit, argues that “the heavy emphasis placed on overseas corruption in recent years has taken our eye off the ball at home.”

The senior manager responsible for financial crime should have a documented view of how the front-to-back systems and controls are designed to mitigate financial crime. They should get management information that provides assurance that the controls operate effectively. In the FCA’s Code of Conduct, COCON 4.2.23(1) requires senior managers to maintain an appropriate level of understanding about delegated areas of the firm’s business. They should retain an interest in delegated matters, insist on adequate reporting, and test the accuracy of unsatisfactory explanations from those with delegated responsibility.

The FCA suggests an internal audit to monitor how effective a firm’s financial crime systems and controls are is good practice. However, senior management must make sure recommendations are considered and acted on. COCON 4.2.15 says reasonable recommendations from independent reviews of systems and procedures should be implemented in a timely manner. Failure to do so is likely to amount to a breach of Senior Manager Conduct Rule 2.

Ownership, accountability, and culture

Firms should join the dots and consider where bribery and corruption and other risk areas are interrelated. Examples include money laundering, sanctions, fraud, and tax evasion. The aim is to see where existing controls can be used to address bribery and corruption risk. People and controls need to work in tandem, and a siloed approach should be avoided. People throughout the organization need to feel ownership as well as accountability. A framework of employee engagement, feedback, and review is important and should inform changes to the compliance framework.

Firms with healthy compliance cultures tend to encourage a broad mix of different perspectives and diversity of thought in decision-making. Following instances of unethical behavior, there should be demonstrable and meaningful sanctions, while positive compliance behaviors should be recognized and rewarded. Culture should be the creation of a common purpose, with core values that permeate throughout the business reinforced from the top. This way, a compliant culture may start to become one of a firm’s most valuable assets.

Senior managers should make sure they:

• Understand their firm’s financial crime risk assessment and risk appetite statement.
• Take ownership by providing effective oversight and challenge.
• Understand what anti-financial crime systems and controls are in place and seek sufficient information about whether they are working.
• Foster a culture of compliance by ensuring staff understand why they need to do something as well as what they need to do.
• Delegate effectively.
• Allocate sufficient resources to financial crime compliance, and establish appropriate governance structures.

U.S. authorities look to enforce the FCPA more aggressively

Unlike in the United Kingdom, there has been a fair amount of enforcement activity related to financial institutions in recent years. This includes investigations for violations of the U.S. Foreign Corrupt Practices Act (FCPA) related to job offerings to individuals who have a personal relationship with government officials. In its investigation into Credit Suisse in 2018 for “relationship hires,” the U.S. Securities and Exchange Commission’s Chief of Enforcement noted that “bribery can take many forms including granting employment to friends and relatives of government officials.” This statement highlights the U.S. authorities’ view that not only does the FCPA extend beyond simple money-for-favor transactions but also these agencies are looking to enforce the statute more aggressively.

Most recently, the SEC announced a US$6.3 million settlement with Barclays for hiring the friends and relatives of foreign government officials. As one example of many, the SEC’s order noted that “In April 2009, a senior executive in APAC [Asia-Pacific] approved an ‘unofficial intern’ program for Barclays Korea that was separate from Barclays’ formal internship program.” As part of the “unofficial intern” program, roughly half the candidates hired had some connection to a Barclays’ client. A senior banker responsible for the program explained that, in his view, “the key factor behind relationship hiring decisions was what business the client could deliver to the bank.” The SEC’s order noted that overall, Barclays hired roughly 117 people who were either referred by, or connected to, foreign government officials or non-government clients.

The Barclays’ settlement was not the only one announced this year related to FCPA violations for hiring practices. A month earlier on 22 August 2019, the SEC announced that Deutsche Bank AG will pay more than US$16 million to settle charges that it violated the FCPA. The bank had hired relatives of foreign government officials to improperly influence them about investment banking business. The SEC noted Deutsche Bank had a written policy in APAC to prevent employees from offering temporary employment to people referred by current or potential clients. This was to detect and prevent corrupt hiring practices. But the policy didn’t apply to all categories of hires and was not effectively enforced. Specifically, some senior employees in APAC ignored the policy by directing Deutsche Bank’s China-based joint venture to hire a banned candidate to get business. For example, the regional head of compliance in APAC rejected a candidate under the policy because it was a “higher FCPA” risk. Yet senior level bank employees then asked the joint venture to hire the candidate. His father was “in charge of evaluation of all overseas investments for [state-owned enterprises].”

A common thread in enforcement

These recent cases are part of a broader enforcement trend, as revealed by earlier cases involving Credit Suisse, BNY Mellon, Qualcomm, and JPMorgan. In 2018, an investigation revealed that Credit Suisse (Hong Kong) Limited, a subsidiary of Credit Suisse Group AG, hired referrals from government agencies in exchange for investment banking business. The referrals had few qualifications and lacked certain technical skills required for the jobs. Yet they were hired in lieu of other qualified candidates as a result of their governmental and business connections.

In August 2015, BNY Mellon settled with the SEC for providing valuable internships to family members of two government officials. The family members who received internships failed to meet the “rigorous criteria” for BNY Mellon’s postgraduate internship program. In 2016, both Qualcomm and JPMorgan settled for violations of the FCPA related to hiring family members of Chinese government officials.

As this enforcement trend shows, companies should take aggressive steps to establish objectivity in hiring practices. These need to show and document that people having a personal relationship with a government official were not hired to get government business or government favors.