Buckley Sandler Webcast: The Role of Corruption Risk in a Financial Crimes Compliance Program - What Are Banking Doing to Detect Corruption in the Wake of the FIFA Scandal?
Buckley Sandler hosted a webcast, The Role of Corruption Risk in a Financial Crimes Compliance Program: What are Banks Doing to Detect Corruption in the Wake of the FIFA Scandal?, on September 24, 2015 as part of their ongoing FinCrimes Webcasat Series. Panelists included Thomas Coupe, EMEA Global Financial Crimes at Bank of America Merrill Lynch; and Compliance; Gaon Hart, Global Anti-Bribery & Corruption Policy and Education Lead at HSBC; and Denisse Rudich, Financial Crimes Compliance Specialist at Firedrake Consulting. The following is a summary of the guided conversation moderated by Jamie Parkinson, partner at Buckley Sandler, and key take-aways you can implement in your company.
Best Practice Tips and Take-Aways:
- Corruption risk for a financial services firm is presented both directly and indirectly. Corruption risk is presented directly when an employee or third parties acting on behalf of an institution act in a way that implicated anti-corruption laws, such as the Foreign Corrupt Practices Act, U.K. Bribery Act or another anti-corruption law. Corruption risk is presented indirectly when a customer seeks to use a financial institution for a corrupt deal or to hold or transmit funds associated with a corrupt scheme.
- It is important to have one person your organization can look to when an anti-corruption concern arises. This person should serve as the point of contact for your regulators and have the ability to quickly escalate concerns to senior management and the board of directors.
- New customers with past corruption issues present special challenges. Be sure that your onboarding and due diligence processes are able to identify and evaluate these concerns.
- Bear in mind that corruption risk management also requires looking at your organization internally. This means examining your own employees for conflicts issues, evaluating your organization’s sponsorships and donations, and performing due diligence on your third-party suppliers.
- Effective anti-corruption risk management requires cultivating a culture within your organization that supports your efforts. This is an area that regulators are increasingly interested in.
Structuring an Effective Corruption Risk Management Function
The panelists began the session by discussing where best to locate corruption risk management within a bank. The panelists observed that corruption risk management differs from other financial crimes areas, such as anti-money-laundering, because it is more inwardly focused. Panelists commented that, for some institutions, corruption risk management might be a better fit with areas that deal more with the culture of the organization, such as reputational risk and conduct risk. One panelist observed that the regulators have been increasing their focus on the culture of organizations, heightening the importance of this aspect of corruption risk management.
The panelists discussed the most efficient way to structure an organization’s anti-corruption standards. Generally, the panelists agreed that it makes the most sense to develop centralized standards based on the most stringent anti-corruption statutes, such as the FCPA and UK Bribery act. This approach will help account for the extraterritorial application of the FCPA and UK Bribery act. The panelists recommended developing add-on standards that apply in countries where there is a local statute with additional requirements. In particular, the panelists observed that local statutes may provide different rules for entertainment expenses and facilitating payments.
The panelists observed that corruption-risk screening should be integrated into the onboarding process for new customers. In this area, it is important to consider the differences between Public Officials (“PO’s”) and Politically-Exposed Persons (“PEP’s”). One key issue to be aware of is that screening tools and databases designed to identify PEP’s may miss lower-level PO’s. PEP screening tools may also miss State-Owned Enterprises; for example if the government owns only a small share of the company. Therefore, it is important to look closely at new customers and suppliers to identify if there are indirect links to government officials, or if the company has a history of working closely with the government, or if the company’s beneficial ownership raises any concerns.
One of the panelists observed that a new customer with past corruption issues presents special concerns in the due diligence process. Here, robust due diligence is needed to assess what changes the customer has implemented since the corruption issue came to light, and whether they have cooperated with the authorities and/or compliance monitors. Heightened monitoring should also be put in place for these customers.
Responding to a Corruption Concern
The panelists discussed how to respond when the bank receives news that a counterparty or a customer may pose a corruption risk. Here, the panelists agreed that it is important to have a well-thought out and comprehensive incident response plan in place. This plan should:
- Identify who in the organization is the designated point person for coordinating the response. This person should serve as the contact point for regulators, and be able to quickly escalate issues to senior management and board of directors. Along these lines,
- Specify who is to be notified of the issue and when. The panelists stressed the need for the incident plan to also address reputational risk to the bank.
- Lay out steps that allow the bank to determine if the corruption risk affects the bank, and if so, to what degree. This will involve using databases to search for names of both corporate and individual customers. This will also require setting up suspense accounts if needed and reporting these accounts as appropriate. After addressing the funds on hand within the bank, it will be necessary to perform a historical look-back for suspicious transactions.
The panelists also discussed how to respond to corruption concerns that arise from within the organization. The panelists observed that AML monitoring tools will often detect transactions that may present a corruption risk. Therefore, it makes sense to have close communication between the AML function and corruption risk management. The panelists concluded the discussion by observing that corruption risk should become as central to a bank’s business function as credit-risk has been traditionally.