The British Bankers’ Association recently issued its 2014 Anti-Bribery and Corruption Guidance, emphasizing the regulatory context and in particular the Financial Conduct Authority’s policies, recent thematic reviews and enforcement action.
The added emphasis in the first update since 2011 is somewhat lost among the fairly well-trodden material on what might constitute adequate and reasonable precautions and effective compliance systems.
Chapter 3 provides a brief comparison between the FCA’s regulatory requirements for combating “financial crime” and that of the Bribery Act regime. As might be expected, the regulatory scheme is more proactive because of its wider scope and reporting obligations.
The Guidance notes that the FCA’s thematic reviews — a 2010 review of commercial insurance broking, a March 2012 review of 15 investment banks, and the October 2012 review of 22 asset management firms — revealed a number of control deficiencies.
These deficiencies related to inadequate risk assessment, insufficient management information, insufficient or absence of internal audit reviews, inadequate procedures for dealing with third parties used to win or retain business, and an absence of controls over cumulative gifts, hospitality and expenses.
The Guidance points out the interesting difference in emphasis between the Bribery Act’s requirements of setting “tone from the top” and that of the FCA seeking to establish “tone in the middle” to achieve effective action on the ground.
Chapter 6 gives guidance on carrying out due diligence on associated and authorized third parties. A number of the suggested red flags might even raise a jaundiced smile:
the associated person insists on operating in anonymity … there are persons involved in the transaction who have no substantive commercial role … the only qualification the associated person brings to the venture is influence over public officials. …
Guidance is given on various measures to establish that levels of corporate hospitality are reasonable and proportionate, and training and communication are covered.
A section on Management Information deals with the FCA’s “guarding the guards” requirements for establishing compliant compliance systems. The last chapter provides guidance on incident reporting and possibly, a further smile, thanks one of the tips given by a former U.S. prosecutor:
If outside counsel has been involved in advice relating to the subject of the investigation, consider a change.
The Guidance provides a useful checklist. But its essence is that the real anti-corruption threat to financial institutions comes not from reactive enforcement under the Bribery Act but from proactive and less evidentially based financial regulation.
Alistair Craig is a commercial barrister practicing in London.