First published on Thomson Reuters Regulatory Intelligence on the 18th of October 2016
Fraud and money laundering pose a significant threat to the economy and are undeniably corrosive to society.
We’re seeing enhanced efforts to keep up with ever-evolving criminal methods that are by no means constrained by jurisdiction or industry. Examples include:
- The European Commission’s reaction to the Paris attacks and Panama Papers through proposed amendments to the 4th Anti-Money Laundering Directive (4AMLD) including calls to bring the implementation date forward by six months
- The UK Government’s Action Plan for anti-money laundering and counter-terrorist finance and the FCA stepping up their supervisory strategy with additional financial crime reporting obligations coming into effect at the end of the year
- Theresa May highlighting corporate irresponsibility as a key theme of her leadership. Corporations can already be held liable if they fail to prevent bribery in line with Section 7 of the Bribery Act 2010 (Section 7) and this is soon to be replicated for tax evasion following a consultation earlier in the year
- The consultation announced at the London Anti-Corruption Summit in May, which will discuss plans to extend the corporate ‘failure to prevent’ offence to economic crime – and is likely to encompass a range of offences, including fraud and money laundering
With the law set to change in this area, how should firms seek to assess the impact of the new requirements relating to economic crime – and, importantly, ensure they effectively incorporate these changes into their approach to managing financial crime risk?
SECTION 7 – A LIKELY MODEL FOR THE NEW OFFENCE
Section 7 is likely to be a model for the corporate failure to prevent economic crime, as it is for tax evasion. This is significant because the only defence is for firms to prove they had adequate procedures designed to prevent the conduct in question. Firms will need to consider what procedures they should have in place and how to evidence these.
The guidance produced for firms following the Bribery Act gave six principles for compliance. The draft guidance recently issued in relation to failing to prevent tax evasion is similarly based on these principles – we expect that this will be incorporated into final guidance for embedding the economic crime failure to prevent offence.
Taking The six principles forward
Firms looking to discern how they will be affected by the new offence should begin by reviewing the six principles and consider their organisation’s current capabilities against these requirements.
1. Proportionate procedures
Proportionality is the key to tackling many regulatory issues in financial services, not least in financial crime risk management. Appropriate prevention policies should be in place with clear procedures for implementation.
Policies should outline a firm’s commitment to preventing economic crime, and procedures should be robust and understood at all levels of the firm. Can you articulate your approach to specific risks you face and how you provision for them?
What is the process for raising Suspicious Activity Reports in your firm and is whistleblowing supported? Are these processes sufficiently streamlined or is investigating suspicious activity disproportionally cumbersome? Do staff work in a culture where they feel their concerns are taken seriously?
Good quality management information (MI) pertaining to the risks of economic crime should allow the Board a clear view of these risks, and facilitate the proportionate approach the regulator is looking for.
2. Top-level commitment
This principle is designed to encourage the involvement of top level management in the establishing of economic crime prevention procedures – this isn’t just a matter for CROs and MLROs; a tone-from-the-top that endorses the activity around preventing economic crime is a vital enabler of firms’ compliance.
The risk of economic crime is something that boards are increasingly keen to understand from both a consumer and firm protection standpoint – does the Board insist on actionable MI in this regard? Do they ensure the front line is aligned with their priorities here?
Additionally, part of the top-level commitment will be to ensure that there are no gaps or overlaps in the board’s understanding of the risks they face, and that robust controls are in place to identify, mitigate and manage risks.
This requires management information to be robust, timely and insightful. In an environment of increasing senior management accountability, the quality of management information provided to Boards is critical.
3. Risk assessment
Performing a risk assessment provides a baseline for a managing financial crime risk, and is now a requirement for firms.
In the case of the Bribery Act, the purpose of principle three is “to promote the adoption of risk assessment procedures that are proportionate to the organisation’s size and structure and to the nature, scale and location of its activities”.
Firms should seek to ensure a meaningful and tangible link between the assessment of inherent risk, internal controls and the overall residual risk rating. This subsequently allows resource to be directed to key areas of risk aligned to the firm’s overall risk appetite. An effective risk assessment will draw a line in the sand for the leaders of a firm that shows the current state and allows them to address any gaps. It should be dynamic and updated aligned to defined triggers.
Firms should note that section 7 makes them liable for the acts of their ‘associated persons’ – this is any legal person who performs services for or on behalf of the firm. This covers employees, third parties and subsidiaries, regardless of jurisdiction.
4. Due diligence
Being more ‘intrusive’ in your relationships with intermediaries and undertaking robust due diligence at the front end of a relationship (and then periodically, on an ongoing basis) can assist your insight into how commercial relationships are performing and what risks the activity of intermediaries might expose your firm to. Is your oversight of intermediaries sufficiently robust and does it include economic crime?
The Bribery Act guidance reads; “in lower risk situations, commercial organisations may decide that there is no need to conduct much in the way of due diligence. In higher risk situations, due diligence may include conducting direct interrogative enquiries, indirect investigations, or general research on proposed associated persons”. Applying and being able to evidence this type of proportional reaction is again vital.
5. Communication and training
Economic crime preventative procedures must be made clear and understood at every level of the business. There is a large reliance on firms’ culture here, and whether they incorporate both the letter and the spirit of changes into their operating model. From front line to boardroom, all staff must understand the priorities of the business in this area.
Susannah Hammond, Senior Regulatory Intelligence Expert at Thompson Reuters asserts that communication and training at the top of the organisation can be effective in helping boards stay ahead in these times of regulatory change:
“The very real likelihood of personal liability has to be the goad to really good training, and really good training is training that is absolutely fit for purpose and tailored to the business itself. Senior individuals need to understand exactly what their responsibilities are…and then make sure they have up-to-date skills to enable them to discharge those responsibilities. The critical thing with all of this is the ability to evidence the training.”
Going forward, therefore, board members will need to compile their own evidence and justifications of the measures they have taken to ensure their management of economic crime risk when seeking to discharge their obligations.
6. Monitoring and review
The nature of risk can change over time, and the evolving methods of criminals are the quintessential example of this. It’s therefore imperative that firms return regularly to their policies, procedures, systems, controls, MI and third party relationships to ensure they are still producing the desired results.
Changing legislation in other jurisdictions, industry insight, sharing of best practice amongst firms and domestic regulatory change are all factors which can implicate the effectiveness of your approach, and as such, firms must be aware of how they are currently performing while again retaining evidence of this activity.
How to prevent ‘failure to prevent’ becoming an issue for your firm
With financial crime in sharp focus globally, the volume of regulatory and legislative change is huge and firms may understandably feel inundated.
However, firms can break down some of these challenges by looking at the return of the ‘failure to prevent’ corporate offence model, examining it through the lens of the principles underpinning the Bribery Act.
By committing to this sort of thinking and acting proportionately to ensure an effective approach, firms will be able to direct their efforts and resources to the right areas, and prepare effectively for what is to come.