Written by Richard Wegrzyn on Tuesday May 9, 2017
Historically, there hasn’t been a large number of high profile enforcement actions in relation to bribery. The low numbers could be taken as a sign that regulators are not focusing on this risk or conversely that firms have improved systems and controls so much that bribery is a thing of the past.
In reality, bribery and corruption incidents can be difficult to identify and extremely complicated to investigate and so there’s a high chance that a number of significant investigations are underway. As to whether firms’ systems and controls have improved to the extent that no breaches are occurring – ongoing scandals suggest this is unlikely to be the case.
The enforcement actions we do see highlight a number of themes, including the:
We will use a case study to illustrate these three points in more detail.
In late 2016, JP Morgan reached a settlement with the US Securities and Exchange Commission (SEC) and other regulators to settle charges of violating the Foreign Corrupt Practices Act (FCPA). The bank paid $264 million after facing charges of corruptly influencing government officials in the Asia Pacific region, by giving jobs and internships to their relatives and friends.
The firm’s subsidiary in Asia was found to have engaged in a ‘systematic bribery scheme’ by hiring the children of government officials and other clients (who were typically unqualified for the positions on their own merit), in exchange for lucrative business rewards and new deals. JP Morgan’s internal controls were found to be so weak that not one Referral Hire request was denied.
1. How bribery manifests itself:
The view of bribery being about the passing of envelopes of cash is clearly old fashioned. The case study shows how a client Referral Hire programme for the ‘sons and daughters’ of actual or potential clients was used to influence decisions, ultimately securing lucrative financial returns for the firm. The programme was deliberately designed to operate outside of the usual graduate/intern recruitment programmes and the enforcement noted that ‘the primary goal of client referral hiring was to generate revenue for JPMorgan APAC by extending personal favors to client executives and government officials through hiring their relatives and friends’.
The case study reinforces the need for firms to think broadly and creatively about the risks that they face. Risk assessments need to consider all areas where someone may be induced, or induce another, to act improperly. This might cover the giving/receiving of gifts and hospitality, but also extends into the use of third parties, procurement processes and, as highlighted, recruitment.
2. The challenges of developing effective systems and controls
It was well documented within the bank that recruitment programmes could lead to bribery risks. The group’s Anti-Corruption Policy stated ‘it is improper for a person to offer or give anything to a public official, either directly or through an intermediary, in an effort to secure an advantage that would not have been granted if the offer or gift had not been made,’ noting that ‘”value” can include such things as the offer of internships or training for relatives of a public official.’
These policy requirements were reinforced through training which was rolled out to all staff across the region. This means all employees were aware of the risks associated with recruiting children of clients.
In recognition of the risk, legal and compliance developed a process for screening prospective Referral Hires. Under the process as it was intended to work, each requesting banker was required to fill out the questionnaire for each specific hire, and then submit that questionnaire to the bank’s regional legal and compliance staff for review and approval.
Additionally, the bank imposed restrictions on what confidential information Referral Hires were able to access. This was designed to prevent conflicts of interest and the sharing of sensitive, confidential information regarding JP Morgan’s clients, or the competitors of those clients, with the relatives and friends of senior officials with those same clients. In cases in which the referring person was employed by a government ministry, Referral Hires were supposed to be walled off from transactions involving that ministry.
On the face of things, it may appear that the control design put in place was adequate. They covered a range of governance, people and process approaches to mitigate an identified risk. And yet in spite of the controls in place, there was continued misconduct of both investment banking and legal and compliance staff regarding the Referral Hire programme.
Of particular note:
3. The impact a firms’ culture has on staff acting dishonestly
Fundamentally the failings in this case, as in so many others, appear to come down to cultural issues. Despite the presence of numerous directive controls a sufficient number of staff felt that their own agenda was more important than the firms’ stated position.
This is exemplified through:
Firms need to ensure that staff are actively encouraged to do the right thing, in line with policy requirements. They need to feel supported when they take actions to prevent risks even when this is to the detriment of influential colleagues. Whilst culture must be driven from the very top of the firm through the way they incentivise, target and challenge senior management, it can be driven from the middle or locally too.
As the case study highlights, the Referral Hire process was effectively ended when:
a compliance officer in a newly-created position was tasked with reviewing and approving client Referral Hire questionnaires. In denying a request to hire a Referral Hire, he stated that hiring Referral Hires at the request of clients and outside of the normal hiring system was impermissible under JPMorgan’s compliance and anti-corruption policies.
This demonstrates how an individual with the courage and conviction to do the right thing, or for that matter the wrong thing, can have far reaching effects across even the largest organisations.
The case study focuses very much on a formal arrangement for improper use of recruitment activity. This formal nature makes it very easy to see where improper behaviour was occurring. However, everyday individuals within firms are making decisions which could well involve actual impropriety (or could well be perceived to be improper by an ordinary person).
By working through the case study it was clear that despite awareness of the risk, a range of controls failures were still able to occur. So what can firms do to protect themselves?
All of the ‘typical’ controls need to be in place, as they were in the case study – risk assessment, policies, procedures, training and reporting are all critical parts of the control framework. Firms need to independently critically assess the effectiveness of these controls to try and understand if the controls are functioning as intended through their design.
Additionally, firms should also consider the following.
Richard Wegrzyn is a Managing Consultant in the Financial Crime Advisory team at Bovill Limited. All views expressed are those of the author and should not be considered as advice. To discuss the content of this article further or if you have any questions, please contact Richard directly.
Find out more about the ICA Certificate in Anti-Corruption today.
Thank you. Your comment is awaiting moderation and should appear on the site shortly.
Required fields are not completed, please ensure all required fields (*) have been filled in properly.
You can leave the name empty should you wish to remain Anonymous.