Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
AML & ABC – the 2014 requirements
Simon Morris & Lindsay Connal
October 2014
Looking at …
1. The FCA policy
2. When the FCA takes action
3. What good can look like
4. Some immediate actions
5. The SFO and COPFS
6. The SFO/COPFS and ABC controls
2
1. The FCA policy
We will continue to assess anti-money laundering (AML) processes and controls in major banks and those staff responsible for them. We will extend this during 2014/15 to some smaller firms that might present high levels of money laundering risk, as well as carrying out focused thematic work …
We will have the following priorities … effectiveness of systems and controls within the regulated community …
FCA Business Plan 2014/15
3
Looking broadly
Our top financial crime concerns at the moment
• Money laundering risk
• Corruption risk
• Investment fraud against consumers
• Insider dealing
Our focus is on
• Firms’ systems and controls
• Firms’ operating culture
• Behaviour of people whose job is business acquisition
• Those who run the business
Bob Ferguson FSA speech 13 September 2012
4
What’s the requirement?
PRIN 3 Management and control
A firm must take reasonable care to organise and control its affairs responsibly
and effectively, with adequate risk management systems
SYSC 6.3.1 [CMS version]
A firm must ensure its compliance policies and procedures include systems
and controls that:
(1) enable it to identify, assess, monitor and manage financial crime risk; and
(2) are comprehensive and proportionate to the nature, scale and complexity of its
activities.
5
The breadth of the regulatory concern
1. Focus – we focus our resources on firms that are particularly exposed to financial crime risk.
2. Priority – we prioritise protecting consumers rather than regulated firms.
3. Target – we seek out firms that are being used for financial crime, particularly money laundering and bribery/corruption.
4. Alert – for current and emerging financial crime risks, and ensuring firms are aware of the implications and how to mitigate.
5. Approach – intensive and intrusive, emphasising early intervention and credible deterrence where serious risks are identified ...
FCA: Anti-money laundering annual report 2012/13 (July 2013)
6
The FCA’s supervisory approach
1. Specialist financial crime supervision team supports supervisors
2. Receives intelligence from a range of sources
3. Deals with c100 cases of money laundering risk annually
4. Conducts Systematic Anti-Money Laundering Programme assessments of 14 major banks
5. Carries out thematic reviews on high risk issues, assessing around 20 firms each time
6. The specialist team’s work assesses financial crime systems and controls in around 150 firms a year
7
With more to come …
... we are exploring the extent to which our approach, including our SAMLP reviews, can be refined to allow us to use our existing resources to examine a larger sample of firms and/or review firms more frequently, particularly smaller firms that might present high levels of money laundering risk ... We will also continue our thematic work, with reviews of e-money/new payment methods planned, along with some follow up work on anti-money laundering controls over high risk/ PEP customers in smaller banks.
FCA: Anti-money laundering annual report 2012/13 (July 2013)
8
2. When does the FCA take action?
Willis Habib Turkish EFG Guaranty JLT Standard
7.2011 5.2012 7.2012 3.2013 8.2013 12.2013 1.2014
ABC AML AML AML AML ABC AML
No
rationale
Poor
Procedure
Poor
procedure
Poor
procedure
Poor
procedure
Not assess
risk
Poor DD Poor EDD Poor CDD Poor EDD Poor CDD Poor EDD
Not review Not review
S&C
Not get
approval
Poor DD
No training No training
Not
monitor
Poor
records
Poor
monitoring
Not follow
policies
Poor
monitoring
9
Or in words …
Coutts failed to ...
1. assess the risks
2. gather sufficient information about its prospective customers to establish their sources of wealth and income;
3. establish the source of the funds;
4. constantly apply monitoring;
5. keep the information up-to-date; and
6. scrutinise transactions appropriately.
Coutts (Final Notice March 2012)
10
And liability for the MLRO?
He ... breached APER 7 by failing to take reasonable steps to ensure that firm had adequate processes and procedures for:
1. assessing the money laundering and financial crime risks;
2. ensuring his function was adequately resourced;
3. carrying out checks to screen customers;
4. carrying out customer due diligence procedures;
5. adequately carrying out on-going monitoring; and
6. adequately training.
Sudipto Chattopadhyay (Final Notice May 2010)
11
And again ...
Mr Finger failed to:
1. identify the potentially suspicious nature of multiple payments effected by a client despite being presented with clear indicators;
2. undertake adequate assessment as to whether the activities could constitute any sort of suspicious activity; and
3. properly consider his responsibilities in relation to this activity and report it to the necessary authorities on a timely basis.
Laurence Finger (Final Notice December 2010)
12
3. So what are the elements of good
practice?
A wide range of sources
1. JMLSG
2. Small Firm Financial Crime Review FSA May 2010
3. ABC in commercial insurance broking FSA May 2010
4. Good practice in banks’ defences against investment fraud FSA June 2012
5. AML & ABC for Asset Managers FCA October 2013
6. FCA’s Financial Crime: a guide for firms April 2014
7. BBA Anti-Bribery and Corruption Guidance May 2014
13
What can good look like?
1. Senior management leads
a. Oversees
b. Understands
c. Ensures quick response
d. Up to date
e. Defines responsibilities
f. Gets internal & external MI
g. Sets the tone
I. Remuneration
II. Incentives
III. Approves relationships
14
2. AML/ABC properly resourced
a. Financial crime risks coordinated
b. Information is shared
c. Properly resourced
d. Responsibility apportioned
e. Issues escalated
f. Business engaged with
3. Gap analysis performed
a. Regular & informed
b. Challenged & benchmarked
c. Implemented & reviewed
15
4. Compliance & GIA
a. Trained & effective
5. Policies & procedures
a. Comprehensive
b. Up to date
c. Adequate
d. Reviewed
e. Accessible
f. Monitored against
6. Training
a. Tailored & tested against
16
7. Staff
a. Vetted, repeatedly
b. Agencies checked
c. Changes noted
8. AML/ABC
a. MLRO & resources adequate
b. Clear risk-attuned procedures
c. Trained & monitored
d. Clear reasoned records of take on & thereafter
9. ABC
(a) risk based procedures; (b) train; (c) DD; (d) monitor; (e) records
17
So five steps to take …
1. Gap analysis
a) a deep dive review of the business
b) a risk assessment to identify high-risk areas
i. Country
ii. Business
iii. Partnership
iv. Government
c) a gap analysis of the current standard of procedures & controls
d) a root cause analysis of past incidents and near misses
e) an enhancement of existing controls to meet requisite standards
18
2. Your new systems & controls
a) active sponsorship by senior managers
b) adequate resourcing
c) standardisation and consistency of procedures
d) a new business approvals process
e) a clear gifts and corporate hospitality controls system
f) due diligence on associated persons and procurement/tendering
enforcement and incident management policies and procedures
g) staff code of conduct
h) staff training
i) recruitment processes that screen staff based on a risk assessment
19
3. An engaged senior management
a) business line champions
b) online statements of ABC/AML principles
c) documented roles and responsibilities of senior management
d) senior management face-to-face training
e) board members and senior staff leading inductions & forums
20
4. Your staff trained
a) providing good quality, standard training for all staff
b) additional training for staff in higher-risk positions
c) trainers have adequate training
d) training is practical
e) testing staff understanding
f) keeping records
g) refresher training
21
5. With assurance through MI
a) volumes of monitoring & investigations & outcomes
b) hiring practices
c) update of recommendations from monitoring visits
d) training
e) gift & hospitality value & volume
f) charitable donations & corporate sponsorship
g) public official engagement
h) reported breaches
i) whistle-blowing trend analysis
j) internal audit findings.
22
The SFO and COPFS focus and approach to anti-bribery controls
Lindsay Connal
T: +44 (0) 131 200 7436
23
5. The SFO and COPFS: Which jurisdiction?
− Scotland: COPFS (Serious and Organised Crime Division, Crown Office
and Procurator Fiscal Service)
− England: The SFO
− Cross-border issues – agreed liaison
− Each case will be considered individually, but factors which suggest that a
business should report to COPFS in the 1st instance include that:
• The business has its headquarters or registered office in Scotland;
• The business is predominantly carried on in Scotland; or (most
importantly)
• The wrongdoing took place in (or mostly in) Scotland
24
England: The SFO
− The SFO’s role:
“The SFO is an independent government department responsible for
investigating and, where appropriate, prosecuting cases of serious or
complex fraud, bribery and corruption.”
(SFO Annual Report and Accounts 2013-14)
− Acceptance criteria
− Significant restructuring in 2012/2013
− Dedicated intelligence unit
“We are greatly enhancing our intelligence capacity. If corporations do not
self-report when they have discovered past misconduct, we may well find out
anyway and call them in.” (David Green, Director, SFO – 26 March 2013)
− Gathers information from numerous sources
− Interacts with numerous bodies
25
The SFO - recent developments
− New director, David Green QC, appointed in April 2012
− Recalibration of acceptance criteria
− Enhanced intelligence capability
− Removal of old guidance on self-reporting and facilitation payments
− “Blockbuster” funding
− Introduction of deferred prosecution agreements (DPAs)
− BUT: no corporate prosecutions yet
− Note: proposals to extend s7 Bribery Act 2010
26
The SFO – recent trends
− In the reporting year 2013-14:
• 8 prosecutions of 18 defendants either concluded or in progress
• The conviction rate by defendant was 85%
− As at 2 September 2014 the SFO had 12 cases involving 37 defendants charged and awaiting trial
− By comparison, for 2012-2013 period:
• 12 trials for 20 defendants
• 14 convictions (70% success rate)
• Average length of sentence – 71.3 months
• 2 CROs
• Total recoveries = £11.4m
27
The SFO – recent/ongoing prosecutions
Recent/ongoing prosecutions include:
− Alstrom Network UK (corruption and conspiracy to corrupt) (September 2014)
− Individuals at Innospec (conspiracy to corrupt) (August 2014)
− Former CEO of Bahraini company, Aluminium Bahrain B.S.C. (Alba) (Bruce Hall)
(conspiracy to corrupt) (July 2014)
− Numerous individuals in connection with LIBOR (conspiracy to defraud) (June 2013 –
February 2014)
− Kathryn Clark and Richard Clay, former partners of Arck LLP (fraud by
misrepresentation and forgery) (November 2013)
− Four individuals (three officers of Sustainable AgroEnergy plc and an IFA)
(conspiracy to commit fraud by false representation/to furnish false information and
ss. 1(1) and 2(1) of the Bribery Act) (August 2013)
28
The SFO – DPAs
− Available only for corporate economic crime offences
− Discretionary tool, only available if:
• Prosecutor is satisfied that there is:
1. sufficient evidence to establish a realistic prospect of conviction; or
2. reasonable suspicion of offence based on admissible evidence and reasonable grounds to believe further evidence would be found in time to meet the test in (1); and
3. it is in the public interest to enter a DPA. (If not, then continue investigating or consider a CRO.)
• Full extent of offending has been identified
− DPA must be in the interests of justice, with the terms of the DPA being fair, reasonable and proportionate
− Financial penalties to be “broadly comparable to a fine that the court would have imposed on conviction for the alleged offence … following a guilty plea.”
29
The SFO – DPAs
Is it in the public interest?
− The more serious the offence, the more likely prosecution required
− Normally prosecute unless public interest factors against prosecution
clearly outweigh those in favour of prosecution
− Prosecutor must consider all relevant Codes/Guidance including:
• The DPA Code of Practice/ Code for Crown Prosecutors
• Joint Prosecution Guidance on: (1) Corporate Prosecutions (2) Bribery Act 2010
− SFO expects early and full disclosure of information in order to receive
credit for self-reporting:
“self-report means telling us something we do not already know…a company
which only provides information to us after we have raised concerns with it
cannot derive the same level of credit - if any - as a company which, of its own
volition, notified us of something which we did not already know about.”
(Alun Milford, GC, SFO – 26 March 2014)
30
The SFO - DPAs
If looking for a DPA:
− Early reporting is key – even pre-investigation:
“The bottom line is that in the context of the investigation of possible crime,
it is the SFO that is charged with conducting that investigation, not you and
not lawyers, and anything that a company or its lawyers do that interferes
with that or compromises it will be something we consider to be unhelpful,
and not the mark of a co-operating company.”
− Importance of genuine co-operation, not just “giving the impression” of co-
operating:
“And while I can't speak for the judiciary, I would be stunned if anything
other than genuine, unreserved co-operation from a corporate would be
enough to satisfy a judge that it is in the interests of justice to dispose of
criminal conduct through a DPA rather than a prosecution.”
(Ben Morgan, Joint Head of Bribery and Corruption, 1 July 2014)
31
The SFO – DPAs
32
Scotland: COPFS - self-report initiative
− DPAs not available
− But - self-report initiative in place since coming into force of Bribery Act 2010 on 2 July 2011
− Allows businesses to “self-report” bribery offences with aim of obtaining a referral to the Civil Recovery Unit for civil settlement
− Initially in place for 12mths, then extended to 30 June 2014. Now?
− Not a “soft option”. Minimum requirements must be met before a self-report is accepted.
33
COPFS: self-report initiative
− Main benefits include:
• Opportunity – though not guarantee – to reach civil settlement and avoid
criminal prosecution
• May be able to retain an element of control over the investigation
• Avoid consequences of not reporting and problem being discovered
− But:
• Investigation must be thorough – can be costly, time-consuming and can
expand beyond original ambit
• Publicity will still follow civil settlement unless a compelling reason for
confidentiality exists
• Criminal prosecutions may still be raised against the individuals involved
34
COPFS – recent trends
− No corporate prosecutions to date
− By February 2014:
• Only 2 companies had self-reported
• 1 company had enquired but not proceeded to self-report
− Abbot Group – civil settlement reached
35
6. The SFO/COPFS and ABC controls
− Neither the SFO nor COPFS supervise, advise or monitor controls
− No requirement under the Bribery Act to have systems and controls in place to prevent bribery BUT can be:
• a defence to the corporate offence (s. 7 Bribery Act); and/or
• a mitigating factor against prosecution (all economic crimes); and/or
• a factor in deciding whether to invite the offender to negotiate a DPA (all
economic crimes); and/or
• a mitigating factor for sentencing purposes (all economic crimes)
− Re proposal of expansion of s7 - expectation of a similar “adequate procedures” defence
36
“Adequate procedures” defence
− Ministry of Justice Guidance about procedures which relevant commercial
organisations can put into place to prevent persons associated with them
from bribing (the MoJ Guidance – March 2011)
• Broadly adopts similar approach to FCA
• Notes that regulators and relevant trade bodies might highlight examples
of good or bad practice in their publications
• Six principles:
− Proportionate procedures
− Top-level commitment
− Risk assessment
− Due diligence
− Communication (including training)
− Monitoring and review
37
“Adequate procedures” defence
− However:
• No judicial consideration/ determination to date of what constitutes “adequate
procedures”
• Comments made by some members of the judiciary cast doubt on how much
weight will be attributed to the MoJ Guidance:
− “a company could be convicted under the [Bribery] Act even if it acts in
accordance with the [MoJ Guidance]”
− The MoJ Guidance was issued by Parliament and was of comparable authority
to an academic text
(OECD Working Group: “Phase 3 Report on implementing the OECD’s Anti-
Bribery Convention in the United Kingdom” – March 2012)
• There have been very few pre-Bribery Act corporate prosecutions – all pleaded
guilty and no significant judicial consideration of internal controls as mitigating
factor
• The courts also appeared unconvinced of the efficacy of monitors (Innospec)
38
Conclusions
The SFO/COPFS
• No requirement to have controls in
place under the Bribery Act but no
defence without
• Implementing some level of
controls may be a mitigating
factor, even if they are not as
comprehensive as may be
expected
• Disparities between corporates’,
SFO/COPFS’ and FCA’s
expectations about what may be
required
• Guidance from the court is needed
to clarify the position
The FCA
• You are expected to do your
homework
• And a gap analysis
• And act, especially on
• Management
• Resource
• Procedures
• Training
• Monitoring
39
Any Questions?
Simon Morris
T: +44 (0) 207 367 2702
Lindsay Connal
T: +44 (0) 131 200 7436
40