The Bribery Act and financial services firms: 10 years on
July 2021 marked the 10-year anniversary of the UK Bribery Act (the Act) coming into force. There has been no shortage of commentary on the number of enforcements in the last decade (99 if you are just interested in the stats). But what has actually happened in the financial services/regulated sector in that time?
Since 2010, most of the work done by firms involved taking steps to prevent breaches of Section 7 of the Act which contains the offence of ‘failure of commercial organisations to prevent bribery’.
The significant work done to prepare for this part of the UKBA by executive committees, compliance teams, consultants and lawyers, involved the creation and/or improvement of:
risk assessments
identifying and performing due diligence on associated persons
preventative controls across their business such as gifts and entertainment policies and procedures.
But given all of these efforts by firms in the financial sector, what have firms actually experienced and what is the actual risk of intervention by the SFO? Well, in short, very little. There has been one Deferred Prosecution Agreement against Standard Bank in 2015 and just two enforcements for section 7 offences. Neither of which were against financial services firms.
Outside of the risk of the SFO pursuing you for failing to prevent bribery, there is the potential for the FCA to ask to see your anti-bribery arrangements as part of their financial crime supervisory work. We have seen a recent Dear CEO letter sent to a wide range of retail firms, suggest the inclusion of bribery risks in customer risk assessments. Given the depth of guidance and examples of good practice issued on bribery by the FCA, this seems to be a rare and narrow observation from a significant amount of supervisory work that occurs every year.
From our experience helping firms through FCA visits and skilled person reviews over the last decade, we have seen limited focus on the operational effectiveness of ABC controls. Especially when compared to the amount of attention paid to anti-money laundering and sanctions programmes.
What actual effect has this had and what should firms focus on?
With limited focus on financial sector firms from the SFO and the FCA, we have seen firms’ ABC programmes staying relatively static from the work done in 2010/11 and in many cases not compliant with the legislation that has been around 10 years. But why?
Limited awareness. Bribery risks are often dispersed across an entire business. Money laundering risk is generally (or should) be owned by front office or relationship owners with oversight, advice and an escalation point provided by second line/compliance staff. Bribery risks can expose a much wider range of staff and functions. Further complicating this, the controls to prevent bribery are embedded across business in areas such as HR and finance that are not as familiar with executing financial crime controls or considering this type of risk.
Enhancements to consider:
Take the opportunity for the second line to engage with new stakeholders across the business
Seek the inputs of internal stakeholders, peers, industry bodies and trusted advisors. Bringing more ideas and perspectives can enrich the overall framework
Poor quality risk assessments. The purpose of an ABC risk assessment is to assess the nature and significance of the actual bribery and corruption risks faced by a firm. Far too often we see firms either not having or not revisiting ABC risk assessments. The risk assessment should identify and quantify risk with analysis of inherent risks, assessment of controls and the quantification of residual risk. The Wolfsberg Group, Transparency International and the Ministry of Justice provide useful examples of ABC risk typologies, which should then be combined with industry and business knowledge of specific risks known to the organisation.
Enhancements to consider:
Starting with a set of externally defined risks can open a firm’s thinking to the range of actual bribery risks which they could face
The aim of the risk assessment should not be to state that you are low risk, but to objectively analyse and articulate your risk profile
Describe inherent risks in terms of the actual / real risk, not in terms of the risk of a control failing
Inadequate risk-based controls. The output of the risk assessment should help develop, implement, and maintain risk-based ABC controls. Frequently firms confuse Gifts and Hospitality processes with a full suite of ABC controls. Firms should consider controls relating to a much wider selection of risks such as third parties, joint ventures, payments, hiring, sponsorships, donations and lobbying etc. The development and ownership of these controls require cross-firm collaboration with functions such as Procurement, HR and Finance who will also need to play a material role.
Enhancements to consider:
Map the controls you have against an enhanced inherent risk assessment and where required roll out new/improved controls
Consider tailored training for non-compliance functions responsible for executing ABC controls
Narrow Monitoring and MI. Again, a lot of the ABC monitoring and MI we see focusses solely on gifts and entertainment. Simply put, the purpose of monitoring is to ensure that the risk-based controls developed, are actually being exercised as per their design. In areas where bribery and corruption risks are higher, greater levels of monitoring are required. We also see instances where monitoring is effective, but the Management Information (MI) is not up to date, inconsistent or unclear. MI should focus on trends, highlighting emerging areas of risk and provide Senior Management with an articulate view of the areas that require attention.
Enhancements to consider:
Document ABC monitoring responsibilities between Compliance and internal/external audit
Update your ABC management information in line with your risk assessment
We would encourage firms to revisit the breadth of useful guidance that has been published by regulators and other bodies when assessing if the bribery programmes they have been running for the last decade have served the real purpose of the legislation and reduced bribery and corruption. If you would like an external view on this, we would love to help.
Oliver