Welcome to part 2 of my blog, written in response to the webinars recently presented by the FCA on two reviews they have conducted.
Their webinar on the Managing Money Laundering and Sanctions Risk in Smaller Banks review was covered in my blog last week. Their other webinar was on the Managing Bribery and Corruption Risk on Commercial Insurance Broking review, and is the subject of this blog.
Although both of these reviews were focused on the UK environment, some of the themes covered in this and in last week’s blog, could be considered by other jurisdictions in terms of best practice.
So, on with my synopsis, the purpose of the FCA’s most recent review was to follow up on their earlier one, which was carried out in 2009/2010, and which focused on how B&C risk was managed in relation to third parties.
The latest review assessed how commercial insurance broking firms had responded to the disappointing findings from 09/10. In addition, it also looked at how B&C risk was addressed across the wider business not just within third parties.
The current review was conducted with a sample of 10 intermediaries, primarily Lloyds firms involved in wholesale insurance business. Visits were conducted at all 10 intermediaries between October 2013 and June 2014. Five of the intermediaries were also included in the 09/10 review, which allowed the FCA to track any improvements in their progress from that time. All of the firms were small to medium in size (C3 and C4 FCA classification), and the assessment looked at how B&C risk was being controlled.
The latest review looked into areas like risk assessments, staff risk (including training and awareness), governance, due diligence, monitoring, payment controls and remuneration (including incentives). Staff members interviewed included those in the compliance department, in customer facing roles, those responsible for processing payments, as well as senior management. The following high level findings were noted;
- Half of firms had taken some steps to assess and manage B&C risk.
- Half had carried out a good business wide risk assessment.
- Good progress was made at the firms on B&C risk posed by staff, including remuneration, gifts policies and the quality of training given to staff on B&C risk.
- Most firms did not adequately manage all B&C risk.
Half of the firms carried out a good business wide risk assessment and had identified B&C risk within their organisation. However, some had not considered the risks associated with all parties involved in the insurance chain.
There were weaknesses found in the individual risk assessments, for example, firms would often fail to consider several risk factors such as the party’s role, where it is based, its remuneration, sector risk and relevant connections (e.g. political).
B&C risk posed by staff
All of the firms had addressed the risks posed by staff by implementing documented policies and procedures on gifts, entertainment and expenses. There was also evidence of a more balanced remuneration and bonus structure being in place and formal pre-employment checks, such as credit and criminal record checks, were also being carried out.
Anti bribery and corruption training was delivered to staff, although in some cases this was a one-off occurrence.
Governance and MI
Most firms had appointed a senior manager with responsibility for managing bribery and corruption risk, however, the appointed individual often had a limited understanding of the B&C risk faced by their firm. A lack of meaningful MI was sometimes a contributing factor.
A risk based approach was not followed when conducting due diligence on individual relationships. Half of the files reviewed found that the same level of due diligence was applied to every relationship, irrespective of their risk rating.
Fewer than half of the firms showed evidence of adequate ongoing monitoring or review. For example, one firm thought that copying senior managers in to emails relating to third party introducers and clients was adequate. There was a failure to maintain and refresh information about these relationships or to conduct regular reviews of this information in order to form an updated view.
Poor quality third party due diligence was found to undermine the effectiveness of the payment systems, even though the systems themselves were effective. Staff approving payments should be encouraged to consider whether the payment is in line with the information collected during the due diligence process.
There were better controls around gifts and hospitality since the 09/10 review, however, a wide range of approval thresholds was found among the firms, ranging from £100 to £750 before senior management sign off is sought. Although there are no specific requirements regarding an appropriate level, most firms were unable to explain why these levels were chosen, indicating that they had not given it much thought when setting the level.
The FCA concluded that most firms did not adequately manage B&C risk, however, clear progress has been made in some areas.
Individual feedback was given to all firms. Two firms who were not involved in the 09/10 review, voluntarily agreed to limit their business with certain third party introducers and clients until serious weaknesses in their controls had been corrected. Senior management at the two firms will attest to the FCA that these weaknesses have been addressed.
The FCA emphasised some key messages that have come out of this review;
- Senior management engagement on anti bribery and corruption is essential
- Manage B&C risk as you would manage other key risks, and to do more where the risk is greater
- Use FCA guidance and other publications to improve controls in these areas
If you would like to watch the webinar in full, please follow this link. Here you will also be able to listen to the Q&A session that followed the webinar, which provides additional context around some of the issues raised.
I hope you have found the above synopsis of interest.