The FCA recently published its final notice in relation to action it has taken against insurance broker Besso Limited for a failure to take reasonable care to establish and maintain effective systems and controls for countering the risks of bribery and corruption. The FCA fined Besso Limited £315,000, a discount of 30% of the amount that it would otherwise have been because Besso agreed to an early settlement. It seems that Besso did not take heed from the fines the FSA (as the FCA then was) levied on Aon and Willis in 2011. We blogged on the fine imposed on Willis here.
Summary of Reasons
- Besso failed to take reasonable care to establish and maintain effective systems and controls for countering the risks of bribery and corruption associated with making payments to parties who entered into commission sharing agreements with Besso or who assisted Besso in winning and retaining business.
- The involvement of UK financial institutions in corrupt or potentially corrupt practices undermines the integrity of the UK financial services sector it is the responsibility of UK financial institutions to ensure that they are not involved in, or associated with, financial crime. Unless firms have in place robust systems and controls which govern the circumstances in which payments made be made to third parties and then ensure those systems and controls are followed, they risk leaving themselves open to involvement in corrupt practices or actions contravening UK or overseas anti-bribery laws. This action supports the authorities operational objective of protecting and enhancing the integrity of the UK financial system.
- The failings at Besso continued throughout the relevant period (14 January 2005 to 31 August 2011) and contributed to a weak control environment surrounding the making of payments to third parties. This gave rise to an unacceptable risk that payments made by Besso to third parties could be used for corrupt purposes, including paying bribes to persons connected with the insured or public officials. In particular Besso:
- Had limited bribery and corruption policies and procedures in place between January 2005 and October 2009. It introduced written bribery and corruption policies and procedures in November 2009 but these were not adequate in their content or implementation.
- Failed to conduct an adequate risk assessment of third parties before entering into both business relationships.
- Did not carry out adequate due diligence on third parties to evaluate the risks involved in doing business with them.
- Failed to establish and record an adequate commercial rationale to support payments to third parties.
- Failed to review its relationships with third parties in sufficient detail and on a regular basis to confirm that it was still appropriate to continue with the business relationship.
- Did not adequately monitor its staff to ensure that each time it engaged a third party an adequate commercial rationale had been recorded and that sufficient due diligence had been carried out.
- Failed to maintain adequate records of the anti-bribery and corruption measures taken on its third party account files.
Justification for a significant penalty
The FCA considers that Besso’s failings merit the imposition of a significant financial penalty and consider these failings to be serious for these reasons:
- The failings continued throughout the relevant period and had they not been identified by the FCA, Besso may not have sufficiently identified the failings itself.
- Besso’s failure to implement effective systems and controls commensurate to the nature of its business resulted in payments being made to third parties without adequate challenge. Besso’s failure to do so meant that they did not adequately consider the risk of bribery and corruption prior to making payments to third parties.
- In the context of the size of Besso’s business the revenue it earned from business introduced by third parties is significant.
- During the relevant period the FCPA published a number of communications to the industry making clear the importance of firms countering the risks of bribery and corruption with effective controls, including publication of its interim findings from a thematic review of how commercial insurance broker firms in the UK were addressing the risks of becoming involved in corrupt practices such as bribery in September 2009 and its full report in May 2010. The FCA also published enforcement cases against two institutions for shortcomings in their bribery and corruption systems and controls. Notwithstanding these communications, there remains deficiencies in Besso’s policies and its implementation of its policies until August 2011. The FCA did not find evidence to suggest that Besso’s conduct was deliberate or reckless, and acknowledges the firm did increase its efforts to address bribery and corruption risks as time went on. Nevertheless it should have taken additional steps to implement appropriate procedures on a timely basis and to monitor the adequacy of its procedures once implemented.
Besso’s approach to dealing with bribery and corruption risks remained inadequate even after two visits by the FCA to inspect its relevant systems and controls. The FCA acknowledges that Besso carried out significant work to address the issues identified but considers that Besso had not taken sufficient steps to remedy its shortcomings, and the speed at which Besso made improvements to its systems and controls, once the failings were identified, was not satisfactory.
This is an example of a company which had made some limited efforts to implement anti-bribery and anti-corruption rules and procedures, but overall the efforts were considered to be inadequate. Whether this was because Besso had only adopted a halfhearted attitude to its compliance systems and controls, or whether it had misunderstood what its obligations were, is not clear from the report. Either way, it suggests that corporates are not engaging with their specialist advisers early enough. This may in turn suggest that some corporates are not committing sufficient time and financial resource to the task.
However, as we have said in previous blog posts, those companies which are regulated i.e. in the financial services sector, by the FCA are at risk of a “double whammy” because they are at risk of being inspected (as Besso was here) to find out whether the systems and controls match those required by the FCA, but the company can also be referred to the SFO or some other prosecuting body if an offence is discovered, which may lead to a prosecution and court-imposed fine on top of any administrative fine levied by the FCA.
The Besso case reflects our own experience that there are still many small and medium sized companies who have still not taken, four years after the Bribery Act was enacted, the far-reaching provisions of the Bribery Act sufficiently seriously. Some have made a halfhearted effort, like Besso, and will come unstuck if they are investigated at a later date. It is unarguably cheaper in terms of both money and management time to undertake a robust compliance program than to become involved in a protracted investigation and prosecution as well, which can last years and create reputational and financial damage.