Final Notice
FINAL NOTICE
Address:
8-11 The Crescent
London
EC3N 2LY
1.
ACTION
1.1.
For the reasons given in this notice, the Authority hereby impose on Besso
Limited (“Besso”) a financial penalty of £315,000 for breaching Principle 3 of the
Authority’s Principles for Businesses and related rules. The breaches occurred
between 14 January 2005 and 31 August 2011 (“Relevant Period”).
1.2.
Besso agreed to settle at an early stage of the Authority’s investigation. Besso
therefore qualified for a 30% (Stage 1) discount under the Authority’s executive
settlement procedures. Were it not for this discount, the Authority would have
imposed a financial penalty of £450,000 on Besso.
2.
SUMMARY OF REASONS
2.1.
Besso failed to take reasonable care to establish and maintain effective systems
and controls for countering the risks of bribery and corruption associated with
making payments to parties who entered into commission sharing agreements
with Besso or assisted Besso in winning and retaining business (“Third Parties”).
2.2.
The involvement of UK financial institutions in corrupt or potentially corrupt
practices undermines the integrity of the UK financial services sector. It is the
responsibility of UK financial institutions to ensure that they are not involved in,
or associated with, financial crime. Unless firms have in place robust systems and
controls which govern the circumstances in which payments may be made to
Third Parties and then ensure those systems and controls are followed, they risk
leaving themselves open to involvement in corrupt practices or actions
contravening UK or overseas anti-bribery laws. This action supports the
Authority’s operational objective of protecting and enhancing the integrity of the
UK financial system.
2.3.
The failings at Besso continued throughout the Relevant Period and contributed to
a weak control environment surrounding the making of payments to Third Parties.
This gave rise to an unacceptable risk that payments made by Besso to Third
Parties could be used for corrupt purposes, including paying bribes to persons
connected with the insured or public officials. In particular Besso:
(1)
had limited bribery and corruption policies and procedures in place
between January 2005 and October 2009. It introduced written bribery
and corruption policies and procedures in November 2009, but these were
not adequate in their content or implementation;
(2)
failed to conduct an adequate risk assessment of Third Parties before
entering into business relationships;
(3)
did not carry out adequate due diligence on Third Parties to evaluate the
risks involved in doing business with them;
(4)
failed to establish and record an adequate commercial rationale to support
payments to Third Parties;
(5)
failed to review its relationships with Third Parties, in sufficient detail and
on a regular basis, to confirm that it was still appropriate to continue with
the business relationship;
(6)
did not adequately monitor its staff to ensure that each time it engaged a
Third Party an adequate commercial rationale had been recorded and that
sufficient due diligence had been carried out; and
(7)
failed to maintain adequate records of the anti-bribery and corruption
measures taken on its Third Party account files.
2.4.
Besso’s failings merit the imposition of a significant financial penalty. The
Authority considers these failings to be serious for the reasons below.
(1)
The failings continued throughout the Relevant Period and had they not
been identified by the Authority, Besso may not have sufficiently identified
the failings itself.
(2)
Besso’s failure to implement effective systems and controls commensurate
to the nature of its business resulted in payments being made to Third
Parties without adequate challenge. Besso’s failure to do so meant they did
not adequately consider the risk of bribery and corruption prior to making
payments to Third Parties.
(3)
In the context of the size of Besso’s business, the revenue it earned from
business introduced by Third Parties is significant.
(4)
During the Relevant Period the Authority published a number of
communications to the industry making clear the importance of firms
countering the risks of bribery and corruption with effective controls,
including publication of its interim findings from a thematic review of how
commercial insurance broker firms in the UK were addressing the risks of
becoming involved in corrupt practices such as bribery in September 2009
and its full report in May 2010. The Authority also published Enforcement
cases against two institutions for shortcomings in their bribery and
corruption systems and controls. Notwithstanding these communications,
there remained deficiencies in Besso’s policies, and its implementation of
its policies, until August 2011. The Authority did not find evidence to
suggest that Besso’s conduct was deliberate or reckless, and acknowledges
the firm did increase its efforts to address bribery and corruption risks as
time went on. Nevertheless, it should have taken additional steps to
implement appropriate procedures on a timely basis and to monitor the
adequacy of its procedures once implemented.
(5)
Besso’s approach to dealing with bribery and corruption risks remained
inadequate even after two visits by the Authority to inspect its relevant
systems and controls. The Authority acknowledges that Besso had carried
out significant work to address the issues identified, but considers that
Besso had not taken sufficient steps to remedy its shortcomings, and the
speed at which Besso made improvements to its systems and controls,
once the failings were identified, was not satisfactory.
2.5.
In deciding upon the appropriate disciplinary sanction, the Authority has taken
into account the following:
(1)
Besso made various efforts to counter the risks of bribery and corruption in
its business activities, albeit these efforts were not always fully effective.
These included purchasing an online risk screening tool in January 2009
and introducing a formal and enhanced set of policies and procedures in
November 2009.
(2)
Besso instructed a firm of solicitors in October 2011 to conduct a review of
its systems and controls in relation to anti-bribery and corruption. The
findings were made available to the Authority by way of a report dated
6 January 2012 and Besso took prompt steps to implement a number of
improvements recommended in the report.
(3)
Besso is a medium-sized broker in the wholesale insurance market, whose
business did not, overall, pose a high bribery and corruption risk. The
majority of Third Parties to whom Besso made payments were not based in
countries associated with a high bribery and corruption risk, and tended
not to have other perceived high risk characteristics. The anti-bribery and
corruption systems and controls that it had were expected to be
commensurate with that relatively low level of risk. However, Besso failed
to meet even that standard.
3.
DEFINITIONS
3.1.
The definitions below are used in this Final Notice.
“ABC” means Anti-Bribery and Corruption.
“ABC Thematic Review” means the thematic review carried in January 2009 by
the Authority of how commercial insurance broker firms in the UK were
addressing the risks of becoming involved in corrupt practices such as bribery.
“ABC Working Group” means Besso’s Anti-Bribery and Corruption Working Group.
“Act” means the Financial Services and Markets Act 2000.
“Authority” means the body corporate previously known as the Financial Services
Authority and renamed on 1 April 2013 as the Financial Conduct Authority.
“Authority’s Handbook” means the Authority’s handbook of rules and guidance.
“Besso” means Besso Limited.
“DEPP” means the Authority’s Decision Procedure and Penalties manual which
forms part of the Authority’s Handbook.
“FSMA” means the Financial Services and Markets Act 2000.
“Introducer” or “Introducers” means a third party that helps Besso win and retain
business from clients.
“PEP” means a politically exposed person. A PEP is defined in the Money
Laundering Regulations 2007 as “an individual who is or has, at any time in the
preceding year, been entrusted with a prominent public function” and an
immediate family member, or a known close associate, of such a person. The
definition only applies to those holding such a position in a state outside the UK,
or in a European Community institution or an international body.
“Principles” means the Authority’s Principles for Businesses which are part of the
Authority’s Handbook.
“Producing Broker” or “Producing Brokers” means a broker responsible for
introducing a proposal for insurance or reinsurance to Besso. The producing
broker typically deals directly with the client.
“Relevant Period” means the period from 14 January 2005 to 31 August 2011.
“Third Party” or “Third Parties” means parties who entered into commission
sharing agreements with Besso and/or assisted Besso in winning and retaining
business.
“Third Party Payment Report” means the report prepared in November 2009, at
the request of the Authority, by Besso’s Compliance function into transactions it
had entered into with overseas Third Parties between 2007 and 2009.
“Tribunal” means the Upper Tribunal (Tax and Chancery Chamber).
4.
FACTS AND MATTERS
4.1.
Besso is the broking subsidiary of Besso Insurance Group Limited. Besso is a
medium-sized Lloyd’s general insurance broker operating mainly in the
commercial sector, specialising in marine, aviation, transport, property, casualty,
international and liability insurance. Besso has been authorised by the Authority
to carry out a number of regulated activities since 14 January 2005. This includes
assisting in the administration and performance of contracts of insurance.
4.2.
Insurance and reinsurance brokers such as Besso make payments to, and share
commission with, Third Parties in a number of circumstances. For example, a
broker may pay a co-broker who assists in the placement of insurance or
reinsurance. In some cases, a broker may pay a broker who provides services
(e.g., administrative and policy insurance services) in relation to the placement of
insurance in countries where the principal broker does not have an office. In other
cases, a broker may pay individuals or companies who have limited or no
involvement in placement activities, but assist with client introductions and
providing relevant market and other information.
4.3.
Being a wholesale broker, Besso was heavily reliant upon Producing Brokers to
bring business to it. The Producing Brokers would have the relationship with the
insured and would handle all correspondence in relation to that insured. Besso
would normally agree a split of commission between the Producing Broker and
itself.
4.4.
During the Relevant Period, Besso offered (and continues to offer) broking
services for both insurance and reinsurance business across a wide range of
industries and countries, which will have had a varying degree of perceived risk of
bribery and corruption. In establishing and maintaining business relationships,
Besso made use of, and paid commissions to, Third Parties (both overseas and in
the UK). Accordingly, although it was not unusual or inappropriate for Besso to
make payments to Third Parties, there was a risk, which was increased for higher
risk industries and countries, that a proportion of the money paid to Third Parties
might have been used by the Third Parties for inappropriate purposes. This could
have included paying bribes to persons connected with the insured or public
officials.
4.5.
For these reasons, it was important for Besso (in common with any firm making
payments in this way) when dealing with Third Parties, to: (i) take adequate
steps in assessing (and then mitigating) the risk of bribery and corruption arising
out of the prospective arrangement or transaction; and (ii) understand who it was
dealing with, why it was necessary to use that Third Party to win business and
what services Besso would receive from that Third Party in return for a share of
the commission.
Authority’s anti-bribery and corruption thematic work
4.6.
In November 2007, the Authority sent a ‘Dear CEO’ letter to all wholesale
insurance broker firms, including Besso. This letter affirmed the Authority’s
expectations in relation to payments to Third Parties and stated it expected firms
to review their business practices to ensure they were not involved in, or
associated with, illicit payments. Despite this, Besso only started to make
significant changes to its policies and procedures in 2009, two years later.
4.7.
Further, the Authority fined Aon Limited in January 2009 and Willis Limited in
July 2011, for failing to take reasonable care to establish and maintain effective
systems and controls to counter the risks of bribery and corruption associated
with making payments to Third Parties.
4.8.
In January 2009, the Authority commenced an ABC Thematic Review of how
commercial insurance broker firms in the UK were addressing the risks of
becoming involved in corrupt practices such as bribery. The Authority published
its interim findings in September 2009 and its full report in May 2010. These set
out the Authority’s findings on firms’ standards in managing the risk of illicit
payments or inducements to, or on behalf of, Third Parties, in order to obtain or
retain business, and a number of examples of poor practice for firms to consider.
4.9.
Besso’s approach to dealing with bribery and corruption risks remained
inadequate even after two visits by the Authority to inspect its relevant systems
and controls. The first visit formed part of the Authority’s ABC thematic review in
December 2009, and Besso may not otherwise have sufficiently identified the
failings itself. Significant weaknesses were identified and feedback given to Besso
by the Authority. A follow up visit was made in March 2011 to assess the actions
taken by Besso to mitigate the deficiencies. The Authority acknowledges that
Besso had carried out significant work to address the issues identified, but
considers that Besso had not adequately remedied its shortcomings.
Authority’s Enforcement investigation
4.10. As part of its investigation, the Authority conducted a detailed review of Besso’s
anti-bribery and corruption (and other associated) policies and procedures. The
Authority also reviewed the records retained by Besso in respect of 74 Third
Parties. The records covered Besso’s transactions in respect of Third Parties and
clients based both in the UK and overseas, and related to a variety of industries,
including the aviation, marine, construction and art sectors. The 74 Third Party
account files covered business introduced to Besso in respect of over 10,000
insureds (approximately 9,000 of which were from one source).
Skilled person’s report
4.11. On 3 July 2013, the Authority required Besso to commission pursuant to
section 166 of FSMA, a skilled person to review into the adequacy of its ABC
system
and
controls.
The
skilled
person
produced
a
report,
dated
14 February 2014, which concluded that:
(1)
Prior to November 2009, Besso had inadequate systems and controls in
relation to Third Parties, because the information and approvals required
by Besso before it approved Third Party payments (including commission
sharing arrangements) did not adequately assess the ABC risks posed by
making such payments.
(2)
Prior to November 2009, Besso commenced business relationship with
Third Parties without the involvement of Compliance. For all Third Parties,
no consideration was given to the country they operated in, the business
case for using the Third Party or the corruption risks posed by using that
Third Party.
(3)
After November 2009, even though Besso improved its ABC systems and
controls, it failed to implement those revised systems and controls
consistently, and therefore at time still failed to consider adequately and
consistently the ABC risks of dealing with Third Parties.
Lack of anti-bribery and corruption policies and procedures
4.12. Between January 2005 and October 2009, Besso had limited bribery and
corruption policies and procedures in place. Although it had generic financial
crime policies and procedures, these focussed primarily on money laundering and
fraud and did not set out any guidance to staff about the use of Third Parties or
the risks of the firm, or anyone acting on its behalf, engaging in bribery and
corruption.
4.13. Apart from Third Parties who were classified as Introducers by Besso, Third
Parties were brought on board without the involvement of Compliance.
Throughout the Relevant Period, Besso did not recognise Producing Brokers as
Third parties for the purposes of ABC compliance. This meant that Besso may not
have properly considered an entire category of Third Parties for ABC risk and
compliance purposes.
4.14. Until November 2009, Besso failed to incorporate checks to establish whether a
Third Party was connected with the insured or any public officials. There was no
requirement of staff to assess whether the payments to be made to Third Parties
were commensurate with the services they provided or to establish or record the
commercial rationale for entering into the business relationship. Nor was there
any provision for a structured risk assessment to be conducted of the Third Party
relationship that would have prompted Besso staff to have considered the various
factors which could have affected the level of risk posed by a Third Party.
Furthermore, no formal training was provided to staff in relation to anti-bribery
and corruption risks that they should have considered when opening a Third Party
account.
4.15. Compliance also had little or no involvement at the account opening stage. The
account opening forms failed to capture all the relevant information, such as bank
details of the Third Parties. The account opening procedures also failed to record
the fee or commission split with Besso and the Third Party at the start of the
relationship. In some instances the set up process was initiated after work had
commenced and just before the placement of the insurance policy. As such, the
deficiencies in the account opening procedures prevented Besso from properly
assessing the anti-bribery risks in relation to Third Party transactions.
4.16. Besso began to introduce improved procedures during the course of 2009. These
included the purchase of an online risk screening tool in January 2009 to conduct
checks on Third Parties. Following the publication of the interim findings from the
Authority’s ABC thematic review in September 2009, Besso updated its policies
and procedures in November 2009. The firm introduced new Third Party account
opening forms, among other developments, enabled Besso’s staff to establish and
record details of the business case for using a Third Party. They also prompted
staff to establish the exact nature of the relationship between the Third Party and
the insured and/or any public officials. However, the account opening procedures
did not provide for any comprehensive assessment of the various risks associated
with a Third Party relationship. Nor was there any requirement to review a Third
Party relationship once it had been established.
4.17. Besso further updated its policies and procedures in 2011 to include reference to
the Bribery Act 2010. It also introduced new policies relating to its ABC Working
Group, which it set up in 2010 to oversee the interim management of Third Party
payments, whilst developing policies and procedures to comply with current
legislation and guidance. However, the updated policies and procedures were not
based on a risk assessment and did not contain ongoing review mechanisms.
4.18. Overall, Besso’s anti-bribery and corruption policies and procedures were either
largely absent or materially inadequate for the duration of the Relevant Period.
In addition, as set out further below, even when adequate procedures were
introduced, they were sometimes poorly implemented, for example, those in
relation to risk assessment and due diligence of Third Parties.
Risk assessment
4.19. Until the start of 2011, Besso failed to conduct an adequate risk assessment of its
Third Party relationships prior to entering into them. There was no evidence of a
transparent and methodical assessment of the risks attached to Third Parties with
which it proceeded to share commission.
4.20. In particular, there was no prescribed or clear methodology for weighing up the
risks of Third Party arrangements, including those potentially arising from the
country of both the Third Party and the insured, the industry in which the insured
party operated, the nature of the relationship between Besso and the Third Party
(for example, whether the Third Party was a placing broker, an individual, a
former member of staff or consultant of Besso, the nature of any other connection
and whether there was a formal agreement in place between the parties which
would help to mitigate the bribery and corruption risk), whether the Third Party
was approved by the insured party, and the level of commission to be paid to the
Third Party.
4.21. These are all factors that have been shown to be significant indicators or
mitigants of the overall level of bribery and corruption risk. If a Third Party
arrangement is proposed that features one or more higher risk factors, it may
well be necessary for a firm to conduct additional due diligence into the Third
Party and its relationship with the insured in order to satisfy itself that it is
appropriate to proceed with the arrangement, and otherwise to reject the
proposed arrangement. Instead, until 2011, Besso’s policies and procedures
showed no evidence of a proper risk based approach, and the due diligence
required was the same regardless of the actual risk identified.
4.22. At the start of 2011, Besso introduced a risk assessment form that required Besso
staff to identify various risk factors in relation to the Third Party relationship.
These included the Third Party’s country of residence, the risk rating for that
country, any adverse findings from the search by Besso’s online risk screening
tool, the nature of the relationship between Besso and the Third Party, the nature
of the industry in which the insured party operated, whether the Third Party was
approved by the insured or underwriter, the commission level (with over 30%
being considered a high risk factor by Besso) and a number of other relevant
factors, including whether the Third Party was authorised by their local regulator
and whether the Third Party’s bank account was located in a different country to
their country of residence.
4.23. Although this revised risk assessment form was in itself now adequate, the
Authority found that in a majority of Third Party files, this form was not
completed either fully or accurately, or the user had noted a number of high risk
factors present but the overall risk rating was still low, and there was no
adequate justification for the assessment reached. For example, Besso would
typically assess the risk attached to the country from which the Third Party
operated, but there was often no evidence it had considered the risks posed by
the country where the insured party was located.
4.24. Overall, the Authority found that on the majority of the files it reviewed, there
had, throughout the Relevant Period, been inadequate risk assessments of the
Third Party arrangements conducted by Besso. A proper risk assessment process
was necessary for Besso to determine in respect of which Third Parties and
payments it needed to carry out enhanced levels of due diligence.
Due diligence on Third Parties
4.25. The Authority found that Besso had failed to ensure that appropriate due diligence
was carried out over the Relevant Period to address the risk that doing business
with the Third Party might result in a corrupt payment. This was necessary to
verify and expand upon the information collected by any risk assessment
conducted, and should have included taking reasonable steps to assess whether
the Third Party was connected with the insured or a public official.
4.26. Between January 2005 and October 2009, Besso’s due diligence focused primarily
on attempts to verify the Third Party’s identity, for example, by obtaining financial
reports for corporate entities or copies of bank details on company letterhead.
However, there was no evidence that attempts had been made to investigate the
precise nature of the relationship between the Third Party and the insured. In
addition, until January 2009, when Besso started to conduct checks using its
online risk screening tool to assess whether the key individuals from a corporate
Third Party featured on any banned or sanctions lists or were known to be PEPs,
there was no evidence that Besso sought to check whether the Third Party or any
family members or close associates had ever held public office. These are all
factors that have been shown to indicate an increased risk of bribery and
corruption and should accordingly be checked. Even once the risk screening tool
was introduced, searches using the tool were all conducted against the exact
name of the relevant individual and “fuzzy matching” (i.e. searches against a
slight variation of the name) was not employed. This significantly reduced the
effectiveness of the searches.
4.27. Instead of conducting an appropriate level of due diligence, Besso often relied on
its existing knowledge of the Third Party, particularly where it had a longstanding
relationship with the relevant individual. However, this is not an adequate
substitute for making independent inquiries into Third Party arrangements and
does not adequately mitigate the risks of bribery and corruption. Moreover,
circumstances and information available relating to Third Parties may change over
time.
4.28. Further, before November 2009, Besso recorded customer bank account details at
the same time requests for payments were being processed (and not at opening).
The account opening forms after November 2009 were designed to capture bank
account details at opening and these details were intended to be provided on
company letterhead and signed by an authorised representative. However, Besso
failed to implement this revised procedure and therefore payment instructions
were not verified against pre-approved bank accounts.
4.29. From November 2009, the new Third Party account opening form introduced by
Besso expressly required the insertion of details of the precise relationships
between the Third Party and the insured. Accurate completion of this form in
reasonable detail would have helped to identify the risks of bribery and
corruption. In practice, however, Besso’s staff generally continued to complete
the form in a brief, relatively superficial manner. For example, they did not
adequately verify the responses they received from the Third Parties as to
whether they held a shareholding in the businesses they introduced or whether
the directors of the Third Party held or had previously held public office. Nor did
Besso seek to establish whether there was any other sort of connection between
the Third Party and the insured, such as a family relationship or whether an
individual from the Third Party had a separate business venture with an individual
from the insured.
4.30. This lack of adequate controls led to an unacceptable risk that payments made by
Besso to Third Parties may have been used to bribe individuals connected with
the clients in order to secure business.
Business case for sharing commission with Third Parties
4.31. Besso failed on the vast majority of the files reviewed to establish and record an
adequate commercial rationale to explain why it was necessary to use a Third
Party to win business and what services Besso would receive in return for sharing
commission with that Third Party.
4.32. In almost all cases between January 2005 and October 2009, the files only
recorded a very brief description or often no description of the reasons for the
commission payment and did not state in detail or at all what services Besso
would receive in return. There is no evidence that for this period Besso properly
considered at the time the reasons for sharing commission with the relevant Third
Parties or what value the Third Party added to the arrangement.
4.33. In November 2009, at the request of the Authority, Besso’s Compliance function
prepared a Third Party Payment Report into transactions it had entered into with
overseas Third Parties between 2007 and 2009. The Third Party Payment Report
contained an explanation of the commercial rationale for using many of the Third
Parties from the files the Authority reviewed, and the relevant extract of the
report was placed on each Third Party file.
4.34. In addition, in November 2009 Besso introduced its new Third Party account
opening policy and procedures, which required Besso’s staff to ensure a business
case was established and recorded at account opening. However, the Authority’s
investigation found that in practice the forms were not completed in detail. This
meant that on a regular basis staff continued to open accounts without
establishing and recording an adequate business case.
4.35. As a result, during the period November 2009 to December 2010, over half of the
74 files the Authority reviewed failed to contain an adequate explanation of the
business case for using the particular Third Party.
4.36. From the start of 2011, Besso began using a risk assessment form on its Third
Party files. This form tended to set out an explanation of the arrangements with
the Third Party which in the majority of cases included a sufficient business case
for retention of a Third Party. However, in some instances the introduction of the
risk assessment form highlighted that Besso did not have a clear commercial
rationale for using an existing Third Party.
4.37. Overall, the Authority found that on a number of files reviewed covering the
period from January 2011 to August 2011, Besso still made Third Party payments
without establishing and recording an adequate commercial rationale for use of
the Third Party.
Review of Third Party relationships
4.38. During the period January 2005 to March 2011, once a relationship with a Third
Party had been approved through completion and execution of the account
opening form, there was no requirement under Besso’s policies to ensure it was
reviewed on a regular basis to confirm it was still necessary and appropriate for
Besso to continue with the relationship. As a result, apart from limited reviews
conducted using Besso’s online risk screening tool in July 2009, September 2010
and March 2011, Besso failed to carry out adequate regular reviews of its
relationships with Third Parties, many of which continued over many years.
4.39. It was not until April 2011, when Besso brought in enhanced policies and
procedures for countering the risk of bribery and corruption, that it introduced a
regular, systematic process of review for Third Party relationships. This included
the establishment of Besso’s ABC Working Group, which was tasked with ensuring
the ongoing assessment of risk associated with anti-bribery and corruption and
Third Party payments. The ABC Working Group did not record minutes and the
Authority’s investigation has not therefore been able to confirm the extent to
which these responsibilities were fulfilled.
4.40. Besso’s ability to monitor its Third Party relationships was hampered by its failure
to ensure that it had a written agreement in place with each Third Party prior to
entering into a business relationship with them and making payments. The
Authority’s investigation found that a significant number of the files reviewed did
not have a written agreement in place at the outset and some files had no written
agreement at all. This meant that it was difficult for Besso staff to monitor the
conduct of the relationship against its original expectations of the arrangement.
It also increased the risk that changes to the arrangement, that may have
increased the risks involved in doing business with the Third Party (such as a
change to the way in which the Third Party was to be paid) would go unnoticed by
Besso staff. For example, in relation to one Third Party based in the United
States, there appears to have been no review of the arrangements between file
opening in 2002 and September 2010, and no written agreement between the
parties documenting the arrangements in place at any point.
4.41. Overall, out of all the files it reviewed, the Authority did not find any evidence
during the period from January 2005 to April 2011, in which Besso had regularly
reviewed and monitored its Third Party relationships to ensure that those
relationships remained necessary and appropriate to continue. This failed to
counter the risk of corrupt practices within these Third Party arrangements.
Monitoring of staff
4.42. Besso did not adequately monitor its staff to ensure that each time it engaged a
Third Party an adequate commercial rationale had been recorded and that an
adequate risk assessment and sufficient due diligence had been carried out.
4.43. At the time of the Authority’s visit in March 2011, there was still no Compliance
monitoring programme in place, despite this having been raised as an issue
during the Authority’s earlier visit in December 2009.
4.44. This lack of monitoring meant that even after adequate anti-bribery and
corruption policies and procedures were introduced in November 2009, Besso
failed to ensure that they were adequately implemented by staff.
Record keeping
4.45. Besso failed to keep adequate records on its Third Party files, including records
concerning the firm’s reasons for making payments arising from its relationships
with Third Parties. The lack of adequate documentation meant Besso could not
appropriately monitor the effectiveness of its procedures or satisfy itself that its
corruption risk assessment and mitigation was sufficient to address the risks of
bribery and corruption. It also meant it was unable to identify any potential
inconsistency, change or other information which might indicate potential
corruption and the need for further inquiries. The lack of adequate
documentation also made it very difficult for the Authority to monitor Besso’s
compliance with the relevant regulatory standards.
5.
FAILINGS
5.1.
The statutory and regulatory provisions relevant to this Final Notice are referred
to in Appendix A.
5.2.
On the basis of the facts and matters set out above, the Authority considers that
Besso’s policies and procedures for mitigating the risk of bribery and corruption
were inadequate and ineffective both in their scope and their practical operation.
In particular:
(1)
On the basis of the facts and matters set out in paragraphs 4.12-4.18
above, Besso had only limited bribery and corruption policies and
procedures in place between January 2005 and October 2009. It
introduced written bribery and corruption policies and procedures in
November 2009, but these were not adequate in their content or
implementation.
(2)
On the basis of the facts and matters set out in paragraphs 4.19-4.24
above, Besso failed to conduct an adequate risk assessment of Third
Parties before entering into business relationships.
(3)
On the basis of the facts and matters set out in paragraphs 4.25–4.30
above, Besso failed to carry out adequate due diligence on Third Parties to
evaluate the risks involved in doing business with them.
(4)
On the basis of the facts and matters set out in paragraphs 4.31-4.37
above, Besso failed to establish and record an adequate commercial
rationale to support payments to Third Parties.
(5)
On the basis of the facts and matters set out in paragraphs 4.38-4.41
above, Besso failed to review its relationships with Third Parties, in
sufficient detail and on a regular basis, to confirm that it was still
appropriate to continue with the business relationship.
(6)
On the basis of the facts and matters set out in paragraphs 4.42-4.44
above, Besso did not adequately monitor its staff to ensure that each time
it engaged a Third Party an adequate commercial rationale had been
recorded and that sufficient due diligence had been carried out.
(7)
On the basis of the facts and matters set out in paragraph 4.45 above,
Besso failed to maintain adequate records of the anti-bribery and
corruption measures taken on its Third Party account files.
5.3.
As a result of these failings, the Authority considers that Besso has failed to take
reasonable care to organise and control its affairs responsibly and effectively, with
adequate risk management systems, in breach of Principle 3. The Authority also
considers that Besso has failed to establish and maintain effective systems and
controls for compliance with applicable requirements and standards under the
regulatory system and for countering the risk that the firm might be used to
further financial crime, in breach of SYSC 3.2.6R.
5.4.
The failings in paragraph 4.45 above were also a breach of SYSC 3.2.20R,
because Besso did not take reasonable care to make and retain records of
matters and dealings that are the subject of requirements and standards under
the regulatory system.
6.
SANCTION
Relevant guidance on sanction
6.1.
The Authority has considered the disciplinary and other options available to it and
has concluded that a financial penalty is the appropriate sanction in the
circumstances of this particular case. The principal purpose of a financial penalty
is to promote high standards of regulatory conduct. It seeks to do this by
deterring firms who have breached regulatory requirements from committing
further contraventions and demonstrating generally to firms the benefit of
compliant behaviour.
6.2.
The Authority’s policy on the imposition of financial penalties and public censures
is set out in the Enforcement Guide (EG) and DEPP. The Authority introduced a
new policy for imposing a financial penalty in respect of conduct occurring on or
after 6 March 2010. In this case, the misconduct falls within the periods covered
by both the old and new Authority penalty regimes. However, as the majority of
the misconduct, including the most serious breaches when Besso had limited
written anti-bribery and corruption policies and procedures in place, occurred
before 6 March 2010, the Authority considers that the gravamen of Besso’s
misconduct falls within the period before 6 March 2010 and has therefore applied
the penalty regime that was in place before that date. As Besso’s misconduct
dates back to before August 2007, the Authority has had regard to provisions on
penalty policy in force at that time (ENF 13) as well as those in DEPP. All
references to DEPP below relate to the version in place prior to 6 March 2010.
6.3.
DEPP 6.5.2G sets out some of the factors that may be of particular relevance in
determining the appropriate level of financial penalty for a firm or approved
person. The criteria are not exhaustive and all relevant circumstances of the case
have been taken into consideration in determining whether a financial penalty is
appropriate and the amount.
Deterrence (DEPP 6.5.2(1))
6.4.
The Authority considers that the proposed financial penalty will promote high
standards of regulatory conduct within Besso and deter it from committing further
breaches. The Authority considers the proposed financial penalty will help deter
other firms from committing similar breaches as well as demonstrating generally
the benefits of a compliant business. It will strengthen the message to the
industry that it is vital for firms to take proper steps to ensure that their anti-
bribery and corruption systems and controls are adequate.
Seriousness of the breaches (DEPP 6.5.2(2))
6.5.
The Authority has had regard to the seriousness of the breaches, including the
nature of the requirements breached, the number and duration of the breaches
and whether the breaches revealed serious or systemic weakness of the
management systems or internal controls. For the reasons set out in paragraph
2.4 above, the Authority considers Besso’s breaches, which continued throughout
the Relevant Period, are of a serious nature. The weaknesses in its systems and
controls resulted in an unacceptable risk that payments made by Besso to Third
Parties could be used for corrupt purposes, including paying bribes to persons
connected with the insured or public officials. However, although this is an
unacceptable risk, the Authority has also taken into account that most of the
Third Party payments made had lower risk characteristics relative to those made
by firms in previous similar cases that have been subject to enforcement action.
The extent to which the breach was deliberate or reckless (DEPP
6.5.2(3))
6.6.
The Authority does not consider that Besso deliberately or recklessly contravened
regulatory requirements. Particularly during the latter part of the Relevant Period,
Besso was aware or should have been aware of the risks associated with making
payments to Third Parties to obtain or retain business including the risk of
contravening applicable anti-bribery laws or financial crime related regulatory
requirements and its practices and policies were aimed at mitigating such risks.
However, the Authority considers it serious that Besso dealt, albeit in a minority
of cases, with Third Parties and clients associated with industries, countries and in
circumstances with a higher perceived risk of bribery and corruption throughout
the Relevant Period yet failed to ensure its policies were adequate in content or
implementation.
The size, financial resources and other circumstances of the firm (DEPP
6.5.2 (5))
6.7.
The Authority has taken into account Besso’s size and financial resources. The
Authority has seen no evidence to suggest that Besso is unable to afford the
proposed financial penalty.
The amount of benefit gained or loss avoided (DEPP 6.5.2(6))
6.8.
The revenue earned by Besso and commission paid to Third Parties in relation to
these breaches is significant in the context of the size of Besso’s business.
Conduct following the breaches (DEPP 6.5.2(8))
6.9.
Since the commencement of the Authority’s investigation, Besso has worked in an
open and cooperative manner with the Authority. Besso has also engaged openly
and cooperatively with the section 166 skilled person appointed to look at certain
Third Party arrangements that the firm had. Besso also took prompt steps to
implement improvements recommended from a review Besso commissioned from
a firm of solicitors in October 2011 in respect of its systems and controls in
relation to anti-bribery and corruption. Besso will undergo further checks of its
anti-bribery and corruption systems and controls and carry out any further
remedial work that may be required.
Previous action taken by the Authority (DEPP 6.5.2(10))
6.10. In determining whether and what financial penalty to impose on Besso, the
Authority has taken into account action taken by the Authority in relation to other
authorised persons for comparable behaviour.
7.
PROCEDURAL MATTERS
Decision maker
7.1.
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
7.2.
This Final Notice is given under, and in accordance with, section 390 of the Act.
Manner of and time for Payment
7.3.
The financial penalty must be paid in full by Besso to the Authority by no later
than 14 April 2014, 28 days from the date of the Final Notice.
If the financial penalty is not paid
7.4.
If all or any of the financial penalty is outstanding on 15 April 2014, the Authority
may recover the outstanding amount as a debt owed by Besso and due to the
Authority.
7.5.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this notice relates. Under those
provisions, the Authority must publish such information about the matter to which
this notice relates as the Authority considers appropriate. The information may
be published in such manner as the Authority considers appropriate. However,
the Authority may not publish information if such publication would, in the opinion
of the Authority, be unfair to you or prejudicial to the interests of consumers or
detrimental to the stability of the UK financial system.
7.6.
The Authority intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
Authority contacts
7.7.
For more information concerning this matter generally, contact Harsh Trivedi
(direct line: 020 7066 4798) of the Enforcement and Financial Crime Division of
the Authority.
Financial Conduct Authority, Enforcement and Financial Crime Division
APPENDIX A
RELEVANT STATUTORY AND REGULATORY PROVISIONS
1.
RELEVANT STATUTORY PROVISIONS
1.1.
Under section 2(2) of the Act, protecting and enhancing the integrity of the UK
financial system is one the Authority’s statutory objective.
1.2.
Section 206(1) of the Act provides:
“If the Authority considers that an authorised person has contravened a
requirement imposed on him by or under this Act… it may impose on him a
penalty, in respect of the contravention, of such amount as it considers
appropriate."
2.
RELEVANT REGULATORY PROVISIONS
Principles for Businesses
2.1.
The Principles are a general statement of the fundamental obligations of firms
under the regulatory system and are set out in the Authority’s Handbook. They
derive their authority from the Authority’s rule-making powers set out in the Act.
The relevant Principles are as follows.
2.2.
Principle 3 provides:
“A firm must take reasonable care to organise and control its affairs responsibly
and effectively, with adequate risk management systems.”
3.
Relevant provisions from the Senior Management Arrangements, Systems
and Controls (SYSC)
3.1.
SYSC 3.2.6R states:
“A firm must take reasonable care to establish and maintain effective systems
and controls for compliance with applicable requirements and standards under the
regulatory system and for countering the risk that the firm might be used to
further financial crime.”
3.2.
SYSC 3.2.20R states:
“A firm must take reasonable care to make and retain adequate records of
matters and dealings (including accounting records) which are the subject of
requirements and standards under the regulatory system.”
4.
The Decision Procedure and Penalties Manual (DEPP)
4.1.
Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the
Authority’s statement of policy with respect to the imposition and amount of
financial penalties under the Act.
4.2.
The Enforcement Guide
4.3.
The Enforcement Guide sets out the Authority’s approach to exercising its main
enforcement powers under the Act.
4.4.
Chapter 7 of the Enforcement Guide sets out the Authority’s approach to
exercising its power to impose a financial penalty.
The Enforcement Manual
4.5.
The Enforcement Manual, which was in force until 28 August 2007, set out the
Authority’s approach to exercising its enforcement powers prior to that date.