FSA Action Suggests Need for Financial Services Firms to Take Effective Anti-Corruption Compliance Measures
By: Robert V. Hadley, Matt T. Morley
On 5 January 2009 the FSA imposed a penalty of £5.25 million on the insurance brokerage firm Aon Limited because the firm lacked adequate systems and controls to address the risk that third parties would make corrupt payments to assist Aon in winning business in overseas jurisdictions. See http://www.fsa.gov.uk/pubs/final/aon.pdf. The FSA’s Final Notice alleged that due to these failures, the firm had made sixty-six "suspicious payments" totalling more than US$5 million. The Final Notice, which Aon consented to, states that the firm’s procedures failed to require adequate training of relevant personnel as to bribery and corruption risks, adequate due diligence prior to the retention of third party representatives, and appropriate monitoring of those relationships going forward. In addition, Aon’s supervisory committees were not provided with adequate information or otherwise did not assess whether the firm’s corruption risks were being effectively managed.
The FSA’s action is particularly notable for several reasons.
- While the FSA is not directly empowered with jurisdiction over domestic or foreign corruption offenses, which are ordinarily the responsibility of the police or the Serious Fraud Office ("SFO"), the FSA has a specific statutory objective to prevent financial crime. The Final Notice makes clear that Aon was fined for breaches of FSA Principle 3 ("A firm must take reasonable care to control its affairs responsibly, with adequate risk management systems"). Conceivably, the FSA could also act in such cases under Principle 1 ("a firm must conduct its business with integrity"). Of course, a firm is likely to more readily agree to a public statement of a systems and controls failure than to acting without integrity, but, for the FSA, the level of fine, the publicity, and the resulting deterrent value of the FSA action remains the same.
- Aon already had in place a policy that prohibited corrupt payments such as the ones that came to light. Yet, as US law enforcement authorities have so often emphasized with regard to the US Foreign Corrupt Practices Act, a “paper program” is not enough, and firms must also take additional steps, such as training, due diligence, monitoring and auditing, in a meaningful effort to assure compliance.
- Aon promptly self-reported to the Serious and Organised Crime Agency ("SOCA") and the FSA its discovery of the questionable payments. The firm went on to conduct its own internal review of its anti-bribery systems and controls, and all payments to third party representatives for the previous six years. Aon implemented all recommendations resulting from this review, and took disciplinary action against personnel found to have been involved. Aon co-operated fully with the FSA's investigation. While these steps, and the cost involved, were taken into account by the FSA when assessing/agreeing the financial penalty imposed, the firm did not avoid sanctions.
Margaret Cole, the FSA's Director of Enforcement, said that the fine "sends a clear message to the UK financial services industry that it is completely unacceptable for firms to conduct business overseas without having in place acceptable anti-bribery and corruption systems and controls". Ms. Cole added that the FSA "has an important role to play" in UK steps against overseas corruption.
There are at least two important messages being sent by the FSA by its action against Aon. First and most clearly, the case makes clear that the FSA expects regulated firms to have effective anti-corruption compliance measures in place – not simply a policy prohibiting corrupt payments, but coordinated efforts to require training of relevant personnel; due diligence on agents and other intermediaries acting on the firm’s behalf; monitoring and auditing compliance with the policy; and disciplinary action where violations of the policy occur. Firms that fail to take these steps face potential sanctions under Principle 3.
Beyond this, the Aon case sets the precedent that in the eyes of the FSA regulated firms are required to self-report potential overseas corruption violations to the FSA. FSA Principle 11 provides that "a firm must deal with its regulators in an open and cooperative way and must disclose to the FSA appropriately anything relating to the firm of which the FSA would expect notice." We know the FSA's position from the Aon case, notwithstanding the FSA’s lack of criminal jurisdiction over such conduct, and that such matters are discloseable under Principle 11 also follows from the fact that firms are authorised by the FSA and individuals are approved by the FSA on the basis of their being "fit and proper."
Disclosure of such matters may also be driven by the obligation of persons in the regulated sector (very broadly the financial services industry) to inform the SOCA where there is a suspicion of money laundering under the Proceeds of Crime Act 2002. UK prosecutors regard any revenue from a contract obtained through a corrupt payment or offer of payment as the proceeds of crime, so that possession or any dealing with such funds is potentially a money laundering offence. Accordingly, the risk of a failure to disclose an offence or the need to set up a defence of SOCA's consent by disclosure to SOCA arises in almost every case where there is a suspicion of corruption. Once the need or obligation to make a report to SOCA is triggered, a regulated firm would be taking a serious risk by not also disclosing to the FSA under Principle 11.
Overseas corruption is a hot topic in England and Wales, and the SFO has also taken recent steps to increase enforcement activity, increasing its manpower dedicated to looking at these matters by over 50% in 2008. Last year saw the first UK convictions for overseas corruption, with the conviction of the head of the British company CBRN in connection with security services contracts in Uganda (see: http://www.guardian.co.uk/uk/2008/sep/23/ukcrime.law). The SFO also reached a settlement with the construction company Balfour Beatty, in which that company admitted to historic accounting irregularities in some of its African operations. Balfour Beatty paid a civil fine of £2.5million and was not subjected to criminal prosecution. This case can be seen as a model for the SFO’s efforts to create a culture of self-reporting and to increase deterrence in the overseas corruption field. In this way, the SFO can be seen to be taking enforcement steps without running the risk of a failed prosecution.
Both the SFO’s settlement with Balfour Beatty and the FSA's approach to Aon bear a strong resemblance to efforts by the US Securities and Exchange Commission and the US Department of Justice to pursue violations of their anticorruption statute, the US Foreign Corrupt Practices Act. The great majority of such cases are resolved by violators consenting to the entry of court orders finding legal violations and imposing significant financial penalties as well as disgorgement of profits, as in the recent case involving Siemens AG and the imposition of more than $1 billion in fines. As in the Siemens case, a further condition of these kinds of settlements is the creation of remedial programmes and the installment of external monitors, at the company’s considerable expense, empowered to review the firm's anti-corruption programmes for several years and report back to law enforcement authorities. Self-reporting of potential violations is also encouraged by US authorities, who state that the consequences of violations will be less severe for those who come forward voluntarily.
It remains to be seen whether the SFO’s resolution of the Balfour Beatty case will provide a model for future cases, but in the financial services arena, the die seems to have been cast by the Aon case by the rather straightforward application of the FSA’s Principles to require regulated firms to implement anti-corruption compliance programs.
