The In-House Lawyer

You would be forgiven for thinking that banks and regulated financial institutions have enough to worry about at present. However, the Financial Services Authority (FSA) decision in January 2009 to fine insurance broking giant Aon Ltd (Aon) for failures in its systems and controls provides several warnings for all organisations in the financial sector.¹

The fine, at £5.25m, was the largest FSA fine to date for a financial crime offence and sends a stark warning to regulated businesses. Banks and financial institutions, operating in inherently international markets and having dealings with overseas third parties, agents and governments, should pay particularly close attention. The outcome provides a useful guide to possible action that should be taken to examine whether the systems and controls of institutions operating in overseas territories need to be reviewed.

Background

The FSA’s actions follow a spate of recent activity by UK prosecuting authorities aimed at tackling serious fraud and crime. Notable recent developments in the lead-up to this situation include:

• June 2008: Jessica de Grazia, former US prosecutor, writes a report criticising the Serious Fraud Office (SFO) for its failure to secure any convictions for overseas bribery and corruption.²
• June 2008: the Organisation for Economic Co-operation and Development (OECD) criticises the UK government for its failure to prosecute a single overseas bribery case and questions the UK’s commitment to fighting corporate foreign bribery.³
• September 2008: an employee of security consulting firm CBRN Team Ltd and a Ugandan public official plead guilty to charges related to a scheme in which CBRN had made payments to the Ugandan official to receive a contract to advise the Ugandan Presidential Guard. Following the prosecution, brought by the overseas anti-corruption unit of the City of London Police, the employee received a suspended sentence and the Ugandan official was sentenced to 12 months’ imprisonment.⁴
• October 2008: in the first civil settlement as part of a foreign bribery investigation, the SFO reaches a £2.25m settlement with major construction firm Balfour Beatty plc for alleged unlawful accounting in connection with certain ‘payment irregularities’ that the firm self-reported. While the SFO confirmed that there were insufficient grounds for a criminal prosecution, the settlement came only six months after the SFO was given the powers to make a civil recovery of the proceeds of crime.⁵
• November 2008: the Law Commission announces proposed reforms of the English law of bribery, including the introduction of a new criminal offence applicable to companies and limited liability partnerships of negligently failing to prevent bribery committed by a person performing services on behalf of the organisation in question.

Aon action

The FSA found that, between January 2005 and September 2007, Aon had failed to take reasonable care to establish and maintain effective systems and controls to counter the risk of (and prevent and detect) illicit payments to overseas third parties, some of whom were state-owned entities or had government connections.

The FSA held that this lack of action presented an unacceptable risk that Aon could become involved in corrupt payments to win or retain business, and that Aon had made ‘suspicious payments’ of around $7m to various overseas firms and individuals as a result of a ‘weak control environment’. While the FSA did not consider that Aon had been deliberate or reckless in relation to the failings in its systems, controls or the making of suspicious payments, it said that Aon ought to have been aware that there was a ‘significant risk’ that an overseas third party might bribe the insured, the insurer or a public official, or that payments might be made for no genuine commercial purpose. In those circumstances, the FSA decided that Aon was in breach of Principle 3 of its Principles for Business. This principle requires all regulated firms to take reasonable care to organise and control their affairs responsibly and effectively, with adequate risk management systems.

As mentioned, the £5.25m fine represents the largest financial crime-related fine imposed by the FSA to date. It is also the sixth-largest fine levied by the FSA for any breach of its rules and the largest for a breach of this kind.

Regulatory breaches highlighted by the FSA

FSA-regulated institutions should take note of the following agreed deficiencies in Aon’s systems and controls in relation to its dealings with overseas parties, as identified by the regulator:

• Failure to properly assess, review and change systems and controls relating to payments to overseas third parties. These failures were viewed as particularly serious in light of previous enforcement action taken by Lloyd’s Disciplinary Board against two of Aon’s predecessor firms for similar systems and controls breaches, and two internal investigations into suspicious payments that failed to translate into a comprehensive assessment of the firm’s systems and controls.
• Inadequate due diligence, authorisation and payment procedures.
• No ongoing monitoring of relationships with overseas third parties. In particular, there was no internal requirement to carry out ongoing checks or periodic reviews of overseas individuals, companies or payments, and limited monitoring by Aon’s compliance function or under their internal audit procedures.
• Inadequate training and guidance, particularly of lower-level staff.
• Lack of oversight by management. The FSA found that Aon’s board and risk management committees failed to exercise sufficient oversight in respect of the transacting of business with or through overseas third parties.

Mitigating factors

It is instructive to consider the steps taken by Aon to mitigate the seriousness of these failings. Certainly, the FSA appears to have set great store by the way that Aon addressed the issues at senior level and introduced remedial procedures. The FSA acknowledged that Aon had taken several mitigating steps at a significant cost, both financially and in terms of management time, and these were taken into account in setting the level of the fine imposed. These included:

• Prompt reporting of suspicious payments to the relevant authorities (in this case, the Serious Organised Crime Agency (SOCA) and the FSA).
• Full co-operation by Aon senior management with the FSA’s investigation and ‘a model of best practice for other firms’. Aon earned a 30% discount in the fine levied.
• A review of Aon’s systems and controls relating to overseas payments by forensic accountants. Aon implemented the majority of their suggestions and, in some cases, went further.
• An investigation by external lawyers into past payments between January 2002 and December 2007 and a report on the circumstances surrounding any suspicious payments.
• A global anti-corruption programme to limit the instruction of third parties and the circumstances in which payments can be made, particularly in high-risk jurisdictions. This includes senior-level working groups and regional working groups, to ensure that relationships with overseas third parties are subject to appropriate review.
• Comprehensive ‘risk-based’ training by external law firms on the risks of overseas payments – particularly for staff exposed to overseas third-party relationships – and customised online training for all staff, including case studies based on the issues arising out of Aon’s investigations.
• Engendering cultural change within the organisation, eg by making assessments of compliance with corporate anti-corruption policies part of staff evaluations and instigating disciplinary action where necessary.

Conclusion and lessons to be learnt

Banks and financial institutions that have dealings with overseas agents and government officials in the course of their businesses should consider carefully the following points that can be drawn from the FSA’s action against Aon.

FSA has the will and means to take action for bribery offences

Although the SFO has traditionally taken the lead in this area of enforcement, the FSA’s action against Aon clearly indicates that the regulator can now take tough enforcement action against regulated businesses to deter overseas bribery and corruption. Banks and financial institutions should remain on guard against any similar flexing of the FSA’s muscles.

Fines will be large

The fine handed down to Aon represents the FSA’s largest financial crime-related fine to date. The FSA acknowledges that it has sent out:

‘... a clear message to the UK financial services industry that it is completely unacceptable for firms to conduct business overseas without having in place appropriate anti-bribery and corruption systems and controls’.

The FSA is likely to follow this up with similarly large fines.

Market leaders, beware!

Here, the FSA considered that it was necessary for the fine to reflect Aon’s position as one of the largest insurance and reinsurance brokerage and risk management firms in the UK, whose practices would be followed by other participants and customers in the insurance market. Banks and financial institutions at the forefront of their respective markets should take note.

FSA will not await changes to the criminal law on bribery and corruption before taking regulatory action

The FSA has been able to levy a regulatory penalty against a financial services firm as a means of deterring potentially corrupt activities, indicating that it has the resources and appetite to bring enforcement action against regulated firms in respect of suspect activities without waiting for the Law Commission’s proposals for a change in the criminal law to come into effect.

Co-operation between international regulators is a reality

The FSA’s actions appear to have followed investigations by ‘overseas enforcement agencies’ into suspicious payments at Aon. Here, the US Securities and Exchange Commission (SEC) and the US Department of Justice (DoJ) appear to have deferred to the FSA in terms of taking enforcement action. Banks and financial institutions should pay close attention as enforcement agencies, whether domestic or overseas, may well be communicating and co-operating with each other. What may begin as an enquiry by one agency could well result in enforcement action being taken by another.

Take note of the mitigating factors

Banks and financial institutions will do well to note the failures of Aon’s systems and controls and the mitigating factors that the FSA took into account. These contain important lessons, both in terms of knowing what kinds of measures the FSA expects organisations to take proactively to prevent, detect and respond to bribery and corruption, and identifying ways in which firms may seek to mitigate the damage that can arise from a regulatory investigation.

Ultimately, Aon earned a 30% discount on the expected level of fine due to its efforts.

Final comment

Recent enforcement actions clearly indicate a multi-organisational approach in the UK to combating financial crime. The City of London police, the Crown Prosecution Service, the SFO and the FSA have each taken recent action. In light of expected further economic gloom, bringing with it an anticipated rise in the detection of financial crime, banks and financial institutions should be proactive in protecting their positions. A review of risk management and compliance processes against the background of the factors identified above seems an obvious first step. By Chris Warren-Smith, partner, Alex Rene, partner, and Jehan-Philippe Wood, senior associate, Fulbright & Jaworski International LLP. E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it ; This e-mail address is being protected from spambots. You need JavaScript enabled to view it ; This e-mail address is being protected from spambots. You need JavaScript enabled to view it .