Yesterday, 21st July, Willis Limited, the insurance brokers, were fined £6,895,000 for potentially corrupt practices by the UK Financial Services Authority (FSA), the regulatory body for the financial services industry. This was a penalty for breaches of the FSA’s Principles for Businesses and Rule SYSC 3.2.6 R of the FSA’s Senior Management Arrangements, Systems and Controls Handbook. The breaches occurred in the period 14 January 2005 and 31 December 2009. This report is important not least because Willis is one of the largest insurance and reinsurance brokers and risk management firms in the UK. The penalty levied on Willis is the highest such penalty so far by the FSA in relation to financial crimes systems and controls. There are lessons to be learned for all businesses in the FSA’s 24 page report.
Principle 3 of the FSA’s principles for Business states that:
“A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems”
Rule SYSC 3.2.6 R of the FSA’s Senior Management Arrangements, Systems and Controls Handbook states that:
“ A firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be sued to further financial crime”.
In the “Final Notice” on the investigation by the FSA, it reported that because the FSA had agreed to settle at an early stage in the investigation and had therefore earned a discount of 30% – the penalty would otherwise have been £9,850,000.
The complaint was that Willis did not take reasonable steps to establish and maintain effective systems and controls for countering the risks of bribery and corruption associated with making payments to overseas third parties who helped Willis win and retain business from overseas clients.
The FSA found that:-
- Willis failed to ensure that it had established a commercial rationale for using overseas agents;
- Willis’ policies did not provide any written guidance on the amount of detail required to justify using overseas agents;
- In the case of nearly half of the agents in high risk countries who introduced business to Willis in this period, the reasons for using them were inadequately recorded;
- Without adequate documentation, Willis could not adequately monitor the effectiveness of its procedures;
- Willis did not ensure that adequate due diligence was carried out on overseas third parties to evaluate the risk of doing business with them;
- In relation to the overseas agents on whom they had carried out due diligence, in nearly all cases it was insufficient to address the risk that the overseas third party may have been connected to the insured, the insurer or public officials;
- Willis did not adequately monitor its staff to ensure that an adequate commercial rationale for hiring overseas agents was recorded and that sufficient due diligence had been undertaken;
- These failures contributed to a weak control environment giving rise to an unacceptable risk that payments made by Willis to overseas agents could be used for corrupt purposes;
- In August 2008 Willis introduced improved policies and guidance aimed at mitigating its bribery and corruption risks – however, Willis failed to implement them adequately.
- The Board of Willis did not receive adequate management information which would have allowed them to assess whether bribery and corruption risks were being mitigated effectively;
After the FSA investigation into Willis began, Willis started its own internal investigation and identified a number of suspicious payments made to overseas third parties. It reported these matters to the Serious Organised Crime Agency (SOCA). Willis ended up making two suspicious activity reports to SOCA.
Even though the FSA had written to all CEOs of wholesale insurance broker firms in November 2007, including Willis, and even though the FSA had fined Aon, another large insurance broker firm, in January 2009, Willis’ steps, which they took in 2007 and 2008, to review the adequacy of their policies, were insufficient and their implementation continued to have substantial failings.
Enhancement of systems and controls
Willis has taken on board the criticisms of the FSA and has put in place:
- A committee for the approval of third party introducers;
- Enhanced monitoring, capable of ensuring Employees’ consistent adherence to Willis’ policy;
- Improvements in the practical application of Willis’ policy;
- Consistency in the business unit compliance officer’s understanding of Willis’ policy and how this translates into their work with account executives;
- Increased accountability for each of the account executive, business unit compliance officer and managing director responsible for the third party proposal before the committee;
- Enhanced production of specific relevant management information through the committee’s direct reporting to the board of directors;
- Better retention of documentation;
- The business unit compliance officer now reports to group compliance and his/her budget now falls under group compliance and not under its own business unit;
- Willis now prevents any entry being placed on its books until the third party approvals process has been completed;
- Willis has updated its systems so that it can identify and categorise payments made with greater specificity;
- Training has been enhanced so that annually employees have to confirm that they have read all of Willis’ policies including the Group Anti Bribery & Corruption Policies and Procedures. This includes completing an electronic questionnaire relating to those policies and procedures. Those in the bottom 10% in the training are recommended to receive enhanced training;
- Further workshops to help identify the different categories of third party relationships and extra training for divisions of the company operating in high risk industries;
- Training by an external law firm on the new Bribery Act 2010;
- A review of past payments to overseas third parties, to identify any inappropriate past payments;
- A commitment by top management (CEO) downwards to ensure that here is a culture of compliance.
So, another large insurance broker has been publicly criticised and fined. In this case there was no finding of actual corruption, although it is possible that further proceedings could take place involving one of the UK’s other prosecutorial bodies, but the fine related to Willis’ inadequate bribery and corruption prevention systems. According to the FSA, this was avoidable as Willis knew what they had to do in terms of compliance and they knew the risks to their business in relation to bribery and corruption, but it appears that their compliance was inadequate in several different respects. What is not very clear is whether this was the fault of the compliance units within Willis not doing their job properly or whether it was a lack of interest and investment in the compliance programme by the firm’s management, or a combination of the two. In any event, it has been an expensive lesson for Willis, but others in the insurance broking industry and indeed in other industries will learn from Willis’ experiences. This will all be to the good as it should lead to many more companies all over the UK ramping up their compliance programmes and ensuring that they are active, thoughtful and tailored compliance programmes and not just paper tigers.
As mentioned in a previous blog, the FSA is now working through its lengthy review of the banking industry. I predict further such reports and fines from the FSA as a consequence as it is clear that even very large and well organised companies like Willis are unable to get their compliance systems right first time. The banks would do well to read the Willis report very carefully.