Financial Services, Sectors - Written by Barry & Richard on Wednesday, April 22, 2015 22:12 - 0 Comments
Sins of the fathers: Compliance officers held personally liable for corporate ABC compliance failings
March 2015 saw the FCA impose significant fines on the Bank of Beirut, as well as its Compliance Officer and Internal Auditor for misleading the regulator in relation to the implementation of Remediation Plan action points following an inspection where the FCA concluded that the Bank’s anti-bribery and anti-money laundering systems and controls were lacking. Whilst recently the regulator’s focus has been on senior management, this case reminds us that nobody is safe. Compliance officers and Senior Managers alike will be held to account.
Bank of Beirut
Bank of Beirut is a UK subsidiary of Bank of Beirut S.A.L., which is incorporated in Lebanon. In short, the regulator conducted a risk assessment in 2010 which raised various concerns in relation to internal audit and compliance monitoring. The Regulator formulated a Remediation Plan to address these concerns however the Bank repeatedly provided inaccurate and misleading information to the Regulator about its compliance.
The Bank was fined £2,100,000 (with 30% reduction for early settlement); a hefty fine to pay for a lack of transparency but perhaps not all that hair-raising compared to how the Regulator approached the involvement of less senior members of staff.
Anthony Wills- the Compliance Officer and Michael Allin – Internal Audit
Mr Wills was the Compliance officer tasked with addressing a number of the action points and was largely the main communicator with the Regulator.
Mr Allin was the Internal Auditor. Whilst he began work after the Regulator’s initial visits to the Bank, he was required to review and assure the Regulator on the implementation of the action points.
The Regulator found that both Mr Wills and Mr Allin had repeatedly and knowingly provided incorrect and misleading information about the Bank’s progress and compliance.
The Regulator found these Principle 4 breaches extremely serious; it ‘expects to have an open and cooperative relationship with Compliance Officers [who] have a significant influence on the conduct of a firm’s affairs, and the Authority must be able to rely upon any confirmations received from a Compliance Officer’.
Their defence will not come as any surprise. Mr Wills stated he was not provided with sufficient resource to conduct his role and that he felt under pressure from senior management to be ‘careful’ in his communications with the Regulator and that he was not given ‘licence’ to explain issues fully to the Authority.
However, whilst the Regulator recognised that both Mr Wills’ and Mr Allin’s actions were influenced by Senior Management, this did ‘not excuse [the] misconduct’ given their duties as approved persons, their unique positions to understand the true nature of the Bank’s compliance and the need to remain independent. They were fined £19,600 and £9,900 respectively (both with a 30% discount).
The Compliance Conundrum
This strict approach when dealing with the employees should come as a strong message that whilst the Regulator will acknowledge the difficult position a Compliance Officer faces, there is an overriding duty to the Regulator to be candid and to cooperate with their enquiries. The Final Notice indicated that if faced with such a predicament, the Compliance Officer ‘should have resisted any senior management influence…. as an approved person, he remained personally bound by his own regulatory responsibilities’. Similarly, the FCA later stated that they should have shown ‘backbone even when challenged by their colleagues’.
In theory, perhaps. However in practice, the stark reality is that Compliance Officers will find themselves in near impossible positions where their obligations to Senior Management on the one hand and their ‘personal regulatory requirements’ on the other, contradict.
If the Compliance Officer has escalated his concerns to senior management who choose, inadvertently or otherwise, to ignore these concerns or to direct that false or misleading information is conveyed to the Regulator, what is s/he to do? Is the Compliance Officer forced essentially to whistleblow on senior management, in order to fulfil their personal regulatory duty? What support or protection then is afforded to them? Or will they be pushed to consider another way out -resignation perhaps – to avoid the potential repercussions of whistleblowing on Senior Management?
This case shows that this predicament is far from hypothetical. Compliance officers working in a subsidiary where senior management is based abroad at a parent bank where respective regulatory obligations do not match those of the UK regulators may also face similar difficulties.
This case addresses several important learning points for Compliance Officers:
- Attestations; It is important that authorised firms ensure that any assurances or moving forward, ‘attestations’ made by an individual acting on behalf of the company are accurate and recorded so that responsibilities can be allocated accordingly.
- Approved Persons’ obligations: Approved Persons have independent regulatory obligations and as such, should make compliance with their regulatory obligations a priority, even if this means resisting senior management.
- Senior Management: Despite the FCA not announcing any action against senior management, there is no indication that senior management will be immune from sanction in the future, particularly in light of the new SMR.
- AML Procedures: This case supports the importance of having appropriate systems and controls to protect against financial crime, which was highlighted as a priority in the FCA 2015/16 Business plan.