I mentioned in my previous post (here) about the contrast between the inability to learn music from the noise that a grand piano would make if dropped down a staircase and the ability to learn lessons about risk management from FCA enforcement actions. On this occasion, I am reviewing the FCA enforcement notice against ‘JLT Speciality Limited’ (JTLSL) from December 2013 (here – all references are to this document).
JTLSL provides insurance broking, risk management and claims management. The enforcement case concerns failures of its anti-bribery and corruption arrangements. This is a specialised area of the FCA Handbook. However, the lessons are quite wide and applicable to other areas of financial regulation.
The ‘relevant period’ of the breach appears relatively long: from Feb 2009 to May 2012. The resulting fine was £1.9m.
Interestingly, while the FCA has been emphasis outcomes as a driver of regulatory intervention (‘The FCA approach to advancing its objectives’, July 2013), in this case the FCA seems less keen on it. The FCA acknowledges that there is no evidence that the company had permitted any illicit payment or inducement to any overseas introducer.
As it is usually the case, there were policies and other high-level statements setting out the company’s expectations in terms of how the risk of bribery and corruption should be managed. At different times, it appears that the shortcomings were related to the:
(a) lack of practical requirements to enable the appropriate activities to take place; this includes the lack of requirement on employees to take steps to establish whether the introducer was connected to the client (para 4.22); and the lack of ‘any’ guidance to enable employees to operate the high-level anti-bribery and corruption procedures in place (paras 4.11 and 4.12);
(b) failure to follow the company policy requirements; the FCA refers to the failure to gather the required information to assess the risk (para 4.36) and to follow up the actions required in the policy, typically, an enhanced sign-off if certain conditions were evidenced (paras 4.37 and 4.38).
These are important lessons to anyone working in the implementation of regulatory requirements.
A slightly different, and equally interesting, remark in the enforcement notice is about the challenges of gap analyses, in particular where FCA rules and legislation (Bribery Act, 2010) cover the same area. Typically, financial services regulators impose more onerous and comprehensive requirements than general legislation so the choice of benchmark is vital. This means that the extent to which gaps may be identified and the reassurance provided by a gap analysis would depend heavily on the benchmark selected.
I mentioned earlier that this enforcement case relates to a period of over 36 months. During this time supervisors visited the company three times to assess systems and controls in relation to bribery and corruption. JTLSL also accepted a voluntary variation of permission such that it ‘was unable to enter into a new relationship with third parties without prior approval from an independent skilled person’.
Not surprisingly, the FCA recognises the costs incurred by JTLSL, in terms of financial costs, opportunity costs and management time.
I am therefore left with a simple question: why wasn’t this fixed in a timely manner to avoid enforcement action? I don’t really know. I have read and discussed the importance of the ‘tone from the top’ on regulatory issues which sets out priorities for employees. I wonder if this could have been a factor.