Cases in point include the UK Serious Fraud Office's landmark case against Glencore Energy UK Ltd, in which the commodities giant was ordered to pay the record sum of £280 million for "highly corrosive and endemic corruption". The case acts as a reminder of the significant legal, regulatory, reputational and financial risks financial institutions face for acts of bribery and corruption. In Glencore, the record fine of £280 million also rings warning bells that financial institutions face a heightened risk of significant financial penalties particularly from global regulators who are sharpening their enforcement pencil.
Another case of particular interest is the 1MDB case in 2020 which resulted in co-ordinated enforcement actions involving multiple regulators, namely the US Department of Justice, both UK financial regulators, the Monetary Authority of Singapore and the Singaporean Enforcement Agencies, who found Goldman Sachs guilty of breaches of Anti-bribery and Corruption laws/regulations and systems and controls failures and imposed fines of $2.9 billion with certain executives facing possible jail sentences.
In July 2022, the FCA also imposed a financial penalty of £7.8 million on the insurance broker JLT Speciality Limited for bribery and corruption failings. In particular, the broker was penalised for its failings to control its affairs responsibly and effectively, and with adequate risk management systems to counter corruption, bribery and other financial crime risks.
ABC Guidance 2023
The Wolfsberg Group makes a number of recommendations in the updated Anti-Bribery and Corruption (ABC) Compliance Programme Guidance, with the overriding objective of how to develop, implement, and maintain an effective Anti-Bribery & Corruption (ABC) Compliance Programme in response to the inherent industry wide risk of bribery and corruption impacting the business and business models of financial institutions.
This article summarises the main points arising from the updated guidance and sets out best practices to adopt in order to protect financial institutions and their stakeholders from the reputational, legal, regulatory consequences and financial penalties associated with breaches of anti-bribery and corruption laws and regulations.
The Wolfsberg definition of Corruption and Bribery
Drawing upon the UK Finance ABC Panel, the Basel Institute on Governance, the World Economic Forum Partnership Against Corruption Initiative and other international organisations, the Wolfsberg Group adopts the following definitions for bribery and corruption:
- Corruption is defined as "the abuse of entrusted power for improper personal advantage"; and
- Bribery is defined as a form of corruption "involving the offer, promise, giving, request, receipt, acceptance, or transfer of anything of value, either directly or indirectly, to or by an individual, to induce, influence, or reward the performance of a function or an activity with improper intent, in a commercial or public office setting. "
An important consideration when formulating an ABC Compliance Programme is the reconciliation of global standards and approaches to what exactly constitutes "corruption". It is worth noting that the Wolfsberg Group adopted a definition of corruption which follows the United Kingdom's Bribery Act 2010 (BA) compared with the definition adopted in USA's Foreign Corrupt Practices Act 1977 (FCPA). The BA definition is wider than the definition of corruption contained in the FCPA in that the BA prohibits bribery of Public Officials (see below) as well as non-Public Officials whereas the FCPA only prohibits the bribery of Public Officials.
Interestingly, the Wolfsberg Group's guidance uses the wider definition of corruption signalling a shift to the standard financial institutions should adopt when reconciling global standards with their systems and controls to tackle corrupt practices.
The Wolfsberg definition of Public Officials
In its updated guidance, the Wolfsberg Group places emphasis on the heightened risk of financial institutions dealings with Public Officials and State-Owned Entities (SOEs).
Financial institutions are advised to implement policies which clearly and unequivocally define what a "Public Official" and "SOE" mean and to train their employees to identify red flags and risks associated with bribery and corruption of Public Officials.
The Wolfsberg Group adopts a broad definition of "Public Officials", which includes individuals at any rank or level within:
- supranational, national, regional, local or municipal institutions/governmental bodies;
- state-owned or state-controlled companies (defined within the guidance);
- central banks;
- sovereign wealth funds;
- international organisations, development banks, and public health agencies;
- royal families; and
- political parties (including party officials and candidates for any level of political office).
Best practices recommended from the Wolfsberg Group's new ABC guidance.
Adopting a Risk-Based approach
Central to the guidance is the need for financial institutions to adopt a pragmatic and practical Risk-Based Approach to prevent, detect and report acts of bribery and corruption from the outset. Such an approach includes regular assessments of a financial institution's business, business model, customer base, products and services, and use of intermediaries.
There is also a recognition of the heightened risk of bribery and corruption when pursuing business opportunities with governments or SOEs as opposed to private commercial enterprises or individuals.
Implementing an effective Anti-Bribery and Corruption policy
Having a clear, comprehensive and firm-wide ABC policy is central to ensuring a firm understands its legal and regulatory obligations and safeguards against the financial and non-financial penalties/sanctions and reputational consequences associated with bribery and corruption practices.
Financial institutions must communicate their expectations to employees and third parties representing the firm and stress the need for personal accountability and consequences of non-compliance in an open and transparent manner.
The guidance recommends that an ABC policy include a "no tolerance appetite for Bribery and Corruption". The policy should also be easily accessible to all employees and special attention should be paid to customer-facing staff, whose roles expose them to increased bribery and corruption risks. Such roles typically include, Corporate Affairs, Marketing, Sponsorships, Facilities, Business Development, Corporate Real Estate, Human Resources and Procurement.
As indicated, ABC policies should specifically target the inherent risks associated with interaction with Public Officials and SOEs and provide clear definitions of these terms to assist employees in understanding the associated risk. Such definitions may be broad and include the degree of state ownership, control and even the influence of an entity such that employees from that entity are to be construed as Public Officials.
Governance, Roles, and Responsibilities
The guidance advocates adopting a clear three lines of defence model with a delineation of roles and responsibilities supported by a governance framework with a transparent reporting and oversight structure up to the board and senior management.
The success of any anti-financial crime typology programme, is to create a robust governance framework which when communicated and operationalised will be a key driver to creating a culture of compliance.
Risk Assessment: Critically and regularly assessing Risks
An effective risk assessment should identify and assess enterprise-wide inherent risks of ABC across the financial institution mitigated by an effective inventory of controls to a risk accepted residual risk level.
The guidance outlines some of the risk factors that when accompanied by an appropriate weighting methodology, should be considered when undertaking the core assessment including, dealings with third party intermediaries, countries and industries that the firm does business in, the firm's business model and operating structuring, transactions involving state owned/controlled enterprises/public officials, employee practices and changes in the firm's business activities.
Risk assessments should be carried be out periodically, and at least annually as a minimum or upon the occurrence of a trigger event. An effective risk assessment should evaluate both existing and emerging risks/risk factors and financial institutions should tailor their control framework accordingly to reflect those risks as they crystallise.
Financial institutions should be mindful that they are not used as a conduit by customers to process financial transactions involving improper payments. This risk can be mitigated by using the same real-time control measures used to mitigate money laundering.
Implementing effective reporting systems and investigation and remediation of misconduct
In its ABC guidance, the Wolfsberg Group stresses the importance of consistently collecting data to inform senior management on the effectiveness of a financial institution's systems and controls. This includes (but is not limited to) the provision of regular status updates, KPI data and other metrics, any deviation from internal policies and engagements of third parties. It is also critical that financial institutions keep abreast of legal and regulatory developments as well as their regulatory reporting and filing obligations.
There is now a regulatory expectation (as opposed to a simple recommendation) that financial institutions implement effective whistleblowing systems and policies to encourage whistleblowers to come forward and report criminal activity. Financial Institutions are also encouraged to establish "hotlines" to allow prompt and effective reporting that is available to both employees and external parties. The Wolfsberg Group recommends that the system is anonymous, accessible and accommodates all relevant languages.
An investigations process and policy should be established and well understood which must be underlined by a 'need to know' basis of confidentiality. Investigations into alleged bribery and corruption should include timely root cause analysis to remediate any control weaknesses and ensure continuous improvement in an ABC Compliance Programme. The guidance acknowledges that in certain circumstances outside counsel or forensic accounting services may be required to assist in conducting an investigation.
Where required, breaches of ABC policies may require appropriate disciplinary measures being imposed against employees and/or third parties representing the financial institution.
Treading carefully with Gifts and Hospitality
Bribery and corruption risks do not necessarily involve cash payments. Financial institutions are reminded that anything of value might amount to corruption. This includes gifts and hospitality such as meals, entertainment, transportation, invitations to events, etc.
The Wolfsberg Group recommends that business hospitality be construed broadly and that a financial institution's Gifts and Hospitality Policy emphasise that such gifts are generally acceptable when they are incidental and not to be used to influence recipients in an improper manner or even give the impression that such gift entails an exchange of favours. It is expected that the second line of defence functions will undertake frequent compliance monitoring of activities of the client facing teams to ensure policy requirements are complied with.
In addition, financial institutions are warned that the offer of employment or work experience as an inducement to improperly obtain or retain business may violate applicable ABC laws. As such, financial institutions must ensure they have clear recruitment policies and procedures which deal with the offer of employment opportunities to persons connected to existing customers or potential customers. Moreover, Human Resources departments must be mandated to undertake appropriate monitoring of candidates referred to the financial institution particularly by a Public Official or an employee of a customer or potential customer.
Similarly the guidance outlines that donations, charitable contributions, corporate sponsorships and political contributions may conceal acts of bribery and corruption particularly in dealings with Public Officials, and therefore should be addressed in internal policies and procedures and adequately monitored by second line of defence functions.
Monitoring Intermediaries and Third Party providers
It is paramount that financial institutions identify the ABC risks arising from working with or through intermediaries and third-party providers as these may result in significant legal liability and associated reputational and financial risks when used as conduits to facilitate bribery and corruption. The Wolfsberg Group recommends that financial institutions take a broad and expansive view of what constitutes an "Intermediary" and ensure risks are continuously assessed to determine the levels of monitoring and enhanced due diligence to be put in place. For example, this may include an assessment of an intermediary's qualifications, proximity to Public Officials, industry or country corruption risk, fee structures/payment terms, use of subcontractors, etc.
As outlined in this article, investigations and enforcement actions involving intermediaries are on the rise and third party providers represent a major risk to financial institutions, which have less control and oversight over the third party's actions. It is therefore essential that financial institutions tackle this issue and put in place robust compliance systems to minimise and manage ABC risk.
Customer related transaction risk
Another potential liability financial institutions must not overlook is being used by a customer for money laundering purposes (by taking deposits or transferring funds that are the proceeds of bribery and corruption for example). Financial institutions must also ensure that their customer due diligence procedures are current and adapted to the specific risks faced by different types of financial institutions.
Financial institutions should further ensure they have appropriate guidance in place for persons investigating alleged misconduct to ensure such persons are aware of their confidentiality obligations throughout the process and that applicable laws and regulations are complied with.
Facilitation and/or reputational risk
The guidance recommends that financial institutions should have an awareness of certain types or customers, transaction activity as well as business activity which may present heightened bribery and corruption risks. It is suggested that financial institutions should consider a risk-based due diligence of any known intermediaries engaged by a customer or other third party in the transaction or related business activities.
Mergers, Acquisitions and Joint-Ventures
A financial institution is also at risk of becoming liable for bribery and corruption after it has merged with, partnered with or acquired a stake in another company. Financial institutions should always conduct risk-based ABC due diligence and seek the necessary contractual protections in relation to bribery and corruption. It is therefore crucial that financial institutions get to grasp with identifying bribery and corruption red flags when considering the adequacy of the target company's compliance programmes.
The Wolfsberg Group have compiled a useful list of red flags in Appendix A to their updated ABC guidance.
Training and Awareness
The guidance reiterates the importance of periodic ABC training at all levels of a financial institution. Tailored training should cover as a minimum, definitions related to bribery and corruption, detailing of ABC policies and procedures implemented by the financial institution, providing case studies, lessons learned from risk incidents and importantly, who to contact when there are suspicions of bribery and corruption.
Post-training assessments or attestations of understanding should be maintained by the Compliance department with retention of such records maintained to facilitate tracking and reporting to board and executive committees.
Lessons learned and continuous development / Monitoring and Testing for Compliance with Controls
As you might expect, a monitoring programme that feeds into the overall ABC compliance programme is an integral and component part; importantly the guidance expects financial institutions to maintain a timely identification, analysis, reporting, tracking, and sharing of lessons learned from qualifying material adverse events (as defined in the guidance) which results in policy and procedure changes and feeds into systems and controls enhancements driven by a risk mitigation plan.
The other aspect of the monitoring programme that the guidance references is the risk based on-going monitoring, testing and control effectiveness assessment of the ABC control framework which would be undertaken by the second and third lines of defence.
Conclusion
There is evidently no "one size fits all" ABC Compliance Programme that can mitigate the risks of bribery and corruption.
There are, however, a myriad ways of ensuring that bribery and corruption risks are mitigated through risk based effective regulatory compliance programmes, policies and procedures, periodic training and other suitable ABC prevention tools.
A well thought out governance structure where all stakeholders understand how the financial institution intends to operationalise the ABC Compliance Programme will be essential in establishing a culture of compliance reinforced by an appropriate 'tone from the top".
Financial institutions need strong engagement from their board and executive management to foster a clear and unequivocal culture of zero tolerance towards bribery and corruption. In addition, it is critical that financial institutions keep abreast of legal and regulatory developments as well as their regulatory reporting and filings obligations.
Overall, the key to a successful ABC Compliance Programme in any financial institution is creating and maintaining a culture of ethical business compliance.
