It is with some disquiet and unease that I have been reflecting on the finer points of the recent enforcement action that was published earlier this month by the FCA concerning the affairs of the Bank of Beirut and in particular the personal sanction announced of the Compliance Officer and Internal Auditor, and I felt compelled to put pen to paper.
As a former MLRO and Head of Compliance I am all too aware of the personal responsibility that falls upon the holders of these positions to act as the ‘last bastion on common sense’ and to defend your integrity, and that of the firm, with courageous integrity when dealing with sometimes difficult risk and regulatory compliance issues.
I have always understood that there were shades of grey when dealing with some matters, whilst in others matters the issues were simply too serious to be negotiated. I also understood that the role of the CF10 and CF11 is to support the business and to keep senior management informed of risk and compliance matters, whilst retaining a commercially sensitive perspective so as not to become the ‘business prevention unit’. And in this regard, the dialogue between senior managers and the compliance functions sometimes conflicted.
What I am struck by in the Bank of Beirut notices is that not only have the FCA seen fit to personally name, shame and sanction the compliance and audit professionals for their failure to deal with the authority with trust and transparency, but also that there is no mention of the ‘senior management’ who appear to have ‘influenced’ the findings that these individuals provided to the regulator.
Let me say at this point that I do not condone any misleading conduct provided by an approved person, and those who know me will be acutely aware that I never will do so. The role and responsibility of an approved risk and compliance professional is to defend and promote integrity in behaviour and fair dealings, and any transgression of this responsibility should justifiably be brought to task.
Rather my concern is that the regulator has repeatedly stated that the buck stops with senior management, and that culture and tone from the top are all important. Indeed in their report from November 2014 ‘How small banks manage money laundering and sanctions risk’, they again stated:
‘We expect senior management to take responsibility for money laundering and sanctions risk management. This includes being aware of the money laundering and sanctions risks to which the firm is exposed and ensuring that these are managed effectively….An effective AML and sanctions control framework depends on senior management setting a clear risk appetite and embedding a culture where financial crime – and a failure to control it - is not acceptable.’
In the report provided on the Bank of Beirut, the FCA has acknowledged that the persons did report the shortcomings internally, but that this report was then amended after it was discussed with ‘senior management’ and the final report provided to the FCA was not a statement of truth.
In the finer details of the report it states that the FCA ‘recognises that Mr Allin’s actions were influenced by senior management’ and furthermore, that ‘Mr Wills has suggested that he was not provided with sufficient resource to conduct his role as Compliance Officer at Bank of Beirut, that at times he felt under pressure from senior management to be “careful” in his communications with the Authority and that he was not given “licence” to explain issues fully to the Authority.’
This acknowledgement by the FCA is interesting and surely worthy of further development. They confirm in their report that the rationale for their initial concerns and therefore ongoing review of the affairs of the Bank was that they had considered that the ‘The Authority observed that the culture of Bank of Beirut was one of inadequate consideration of risk and regulatory requirements with insufficient focus on governance and controls.’ Furthermore, the issue of a lack of resources is not new and indeed the FCA noted in their report from earlier in November 2014 that 33% of small firms like the Bank of Beirut were under resourced in the risk departments.
So what we may infer from these statements is that the FCA was concerned about the culture of compliance in the firm, that two individuals who were subsequently approved by the FCA and appointed after this first visit to help to remedy the situation submitted draft reports confirming the non-performance of the remediation plan to ‘senior management’ but that these reports were subsequently amended and that the actual statements provided to the FCA were incorrect and misleading.
The outcome of this unfortunate series of events has been for the FCA to name and shame both newly appointed individuals, one of whom notably resigned his position and who sought an exit interview with the FCA during which he disclosed a fuller statement of affairs, on the basis that the Authority relied upon their evidence.
There appears to have been no further disclosure or sanction of who the ‘senior manager’ influencer was (or were) nor any rationale provided to explain why this senior person(s) influence was not included in the mitigation for these misdemeanours, much less any evidence that there has been any adverse impact upon their personal reputation, or even continued employment as a ‘senior manager’.
My real concern is that it now appears that until the FCA takes real exception with the key influencers and decision makers, then the only choice you may have when faced with this unfortunate series of events as an approved risk and compliance professional (in a firm that may have lower than expected standards of compliance) is to say no. And when pushed, to resign your position as a matter of principle, seek alternative work and to blow the whistle and hope that there are sufficient pennies in the bank to pay the bills whilst you seek new employment.
This is hardly a cause for comfort in an already beleaguered profession, nor what I personally envisaged was in store when I set my sights on a career in the risk profession.
But I am aware that this stance is one that is reluctantly being taken by some of my fellow professionals!