What Insurance Brokers and Investment Banks Have in Common: Closer Scrutiny of Their Anti-Bribery Compliance Programs
By Valarie Hays, Schiff Hardin LLP
Insurance brokers and investment banks have at least one thing in common: they are both facing increasing scrutiny by regulators related to the sufficiency of their anti-bribery compliance programs and their compliance with anti-bribery laws, including the U.S. Foreign Corrupt Practices Act (“FCPA”). The FCPA prohibits giving anything of value to foreign government officials to influence their official acts.
Until recently, both insurance brokers and investment banks have avoided the anti-bribery spotlight. After all, it is not immediately obvious why either business would be implicated in bribing foreign government officials. They do not ship goods overseas. They do not typically enter into services agreements with foreign government agencies. They do not have overseas licensing, permit or inspection issues that require action by foreign officials. They are typically associated with private corporate clients and private individuals.
But lately, the spotlight appears to be shifting in their direction. This is due, in large part, to the fact that investment banks and insurance brokers commonly use third party agents to generate and facilitate business with clients overseas. Regulators are increasingly focusing their anti-corruption efforts on companies’ monitoring of third party agents. In fact, approximately 92 percent of the Department of Justice’s FCPA prosecutions of companies in 2011 involved alleged wrongdoing by one or more third party agents.1
Third party agents acting primarily as overseas marketing tools for banks and brokers may pose higher risks for being implicated in bribes of foreign officials than is apparent at first blush.
Regulators are interpreting the definition of “foreign government official” under the FCPA broadly to include employees who work at entities owned entirely or in part by foreign governments. In many countries, it is common for a company to be owned, at least in part, by the government, and third party agents typically interact with the employees at these companies.
Additionally, the United Kingdom’s Bribery Act of 2010 (“the Act”) went into effect in July 2011, and this Act has a broader reach. The Act criminalizes all commercial and private bribery as well as the failure of commercial organizations to prevent bribery. The Act applies to any company that conducts business in the U.K.
Risks Associated With Banks and Brokers Using Third Party Agents
With these facts in mind, one can imagine how insurance and reinsurance brokers and investment banks could be implicated in what regulators may later determine were bribes involving third party agents. Consider the following examples:
- A U.S. reinsurance broker hires a third party “introducer” to solicit the business of a state-owned insurance company in a developing country. The introducer will be paid a 35 percent premium commission if he is successful in obtaining the business. While soliciting the business, the introducer offers to fly 20 employees of the state-owned insurance company to the United States for a one-week, all-expense paid trip, during which the employees would spend one day at the headquarters of the reinsurance broker learning more about the reinsurer’s products. The employees would spend the rest of the trip sightseeing. Regulators conclude that the trip was not a reasonable business expenditure and constituted a bribe.
- An investment bank hires a third party “introducer” to solicit the business of a rapidly expanding corporation in China. The corporation is owned by the government. During the course of marketing the services of the investment bank, the introducer and an executive at the corporation agree that if the executive supported the hiring of the investment bank, the introducer would give him $50,000 cash. Regulators consider the executive to be a foreign government official since the corporation at which he works is owned by the government. The introducer does not tell the investment bank about his deal with the government official, but an employee in the accounting department at the investment bank notices that the introducer’s invoice was $50,000 higher than usual. The accountant fails to investigate the issue.
In both of these scenarios, the actions of third party agents could lead to liability on the part of the reinsurance brokerage firm and the investment bank. The growing awareness among regulators that third party activity is a prime area for anti-bribery enforcement has led to closer scrutiny of the insurance and investment bank industries in recent months. As a result of this scrutiny, regulators have found what they consider to be significant deficiencies in insurance brokers’ and investment banks’ anti-bribery compliance programs with respect to the hiring and monitoring of third party agents.
Challenges Banks and Brokers Face in Monitoring Third Party Agents
Insurance brokers and investment banks face challenges in monitoring the actions of their third party agents and ensuring that these agents do not offer or receive bribes while working on their behalf.
First, these agents oftentimes operate in foreign countries where the insurance brokers or investment banks who hired them have little or no presence, and therefore, monitoring of these agents is minimal, at best.
Second, these agents frequently conduct business in bribery-prone countries where competition for business is strong.
Third, providing benefits and things of value in return for business is still part of the culture of many locales, although the climate is slowly changing as more countries are implementing and enforcing local bribery laws.
Finally, the line between acceptable entertainment, travel or other marketing expenditures, on the one hand, and bribery, on the other hand, is not always clear, especially if the third party agents have not been provided with adequate anti-bribery training.
These facts mean that insurance brokers and investment banks cannot simply implement written anti-bribery policies and expect this level of effort to satisfy regulators. In today’s anti-bribery climate, regulators expect insurance brokers and investment banks to implement thorough and complete anti-bribery compliance programs that include not only written policies, but continuing efforts on the part of these entities to prevent and detect bribery, including third party due diligence, training and monitoring.
In recent months, regulators have clarified their expectations with respect to investment banks’ and insurance companies’ monitoring of third party agents.
In March 2012, the Financial Services Authority (“FSA”), the regulator of the financial services industry in the U.K., published a report titled “Anti-bribery and Corruption Systems and Controls in Investment Banks.” The report addressed the conclusions from the FSA’s audit of investment banks’ anti-bribery compliance programs, which was conducted between August 2011 and January 2012. The FSA focused on the anti-bribery compliance programs of 15 investment banks, including eight major, global investment banks and seven smaller investment banks with certain specialties.2 The FSA noted that most of these banks conducted business in countries that “exposed them to higher levels of bribery and corruption risks.”3 The FSA conducted a similar audit of 17 insurance brokerage firms a few years earlier and subsequently published a report of its findings in 2010 titled “Anti-bribery and Corruption in Commercial Insurance Broking.”4
In conducting the audits of the investment banks and insurance brokers, the FSA interviewed employees to learn how the banks and brokers identified and assessed bribery risks and reviewed their written anti-bribery policies and employee training materials. Regulators also reviewed board of director and committee minutes to fully understand management’s involvement in anti-corruption efforts. Additionally, regulators identified the countries in which the banks and brokers conducted business and obtained details on their relationships with third party agents in these countries, including their compensation arrangements. Finally, regulators reviewed the banks’ and brokers’ records of payments made to overseas third parties and gifts and hospitality registers.5
After conducting the audits, the FSA concluded that “although some investment banks had completed a great deal of work to implement effective anti-bribery and corruption…controls, most had more work to do.” The FSA noted that “formal governance controls” should be in place even at smaller investment banks.6 Similarly, the FSA concluded that many insurance brokers “are not currently in a position to demonstrate adequate procedures to prevent bribery…”7
The FSA’s audit reports set forth a number of directives aimed at improving the banks’ and brokers’ anti-bribery compliance programs. A primary focus in both reports was the banks’ and brokers’ practices for assessing and monitoring third party relationships.8 The FSA noted that 11 of the investment banks it evaluated used third parties to introduce business leads, but none of these firms were able to produce sufficient information on their third party relationships.9 In response to what the FSA concluded was inadequate third party controls, the FSA warned that, “[a] firm may be considered responsible for corrupt payments made to, or by, an associated person retained by that firm, whether or not it knew that the associated person intended to pay, offer or accept a bribe.”10
The FSA made similar deficiency findings after evaluating the insurance brokerage firms. The FSA reported that insurance brokers had “very weak due diligence on, and monitoring of, third party relationships and payments with a worrying lack of documentary evidence of due diligence taking place.”11
It is doubtful that the focus on investment banks and insurance brokers will be unique to U.K. regulators. Given the fact that U.S. regulators also are focusing heavily on acts of bribery by third party agents, investment banks and insurance brokers are prime targets for investigation in the U.S. In fact, U.K. and U.S. regulators worked together on the well-publicized enforcement actions against the insurance brokerage giant, Aon Corporation (“Aon”), and its British subsidiary, Aon Ltd. The DOJ alleged that Aon Ltd solicited business from Costa Rica’s state-owned insurance company by improperly using Aon’s education and training funds to pay for the insurance companies’ officials and their spouses to travel to popular tourist destinations, among other non-business expenditures.12 Although the trips commonly involved a small business education component, such as attending a conference, regulators concluded that the primary purpose of the trips was not business-related, especially when the topics of the conferences attended by the officials were not related to the insurance industry.13 The DOJ found that Aon failed to keep accurate books and records related to these expenditures and failed to maintain an adequate system of internal accounting controls.14 Additionally, the U.S. Securities and Exchange Commission alleged that Aon’s subsidiaries made more than $3.6 million in improper payments to obtain or retain business in a number of foreign countries.15 The FSA alleged that Aon Ltd failed to “take reasonable care to establish and maintain effective systems and controls to counter the risks of bribery and corruption associated with making payments to overseas firms and individuals.”16 Aon paid more than $16 million in fines to the DOJ and the SEC in December 2011 to settle these actions, and Aon Ltd paid more than £5 million to settle the FSA’s action.17
More recently, in 2011, the FSA fined Willis Ltd (“Willis”), one of the largest insurance and reinsurance brokerage and risk management firms in the U.K., in the amount of £6,895,000 for failing to “ensure that it established and recorded an adequate commercial rationale” to justify its payments to third parties overseas.18 The FSA pointed out that merely writing “introducer” or “producing broker” in the company’s books and records as the explanation for payment was insufficient.19 The FSA also criticized Willis for failing to conduct adequate due diligence on third party agents “to evaluate the risk involved in doing business with them.”20 Although Willis had written guidelines in place at the time of the investigation that set forth the information that should be obtained during third party due diligence, the FSA found that Willis failed to make these guidelines mandatory and did not consistently apply them.21 The FSA concluded that Willis’ compliance program failures “gave rise to an unacceptable risk” that payments made to third party agents could be used for “corrupt purposes, including paying bribes to persons connected with the insured, the insurer or public officials.”22 The FSA further concluded that Willis had made suspicious payments totaling $227,000 to third party agents conducting business in Russia and Egypt.23
Recommendations for Improving Banks’ and Brokers’ Monitoring of Third Party Agents
Both U.K. and U.S. regulators have been fairly consistent in their published guidance as to what they expect companies to do to prevent and detect bribery by third party agents.24
Investment banks and insurance brokerage firms would be well-served if members of their staff or outside counsel evaluated their anti-bribery programs in light of this guidance and conducted a gap analysis.
1. Recordkeeping and Due Diligence
Regulators recommend that banks and brokers maintain a current and centralized list of all third party agents utilized by the company and basic background information on these agents,25 such as their current business address, phone number, company registration and the identities of the individuals making up their senior management teams. Effective monitoring of these agents cannot be achieved without having this system in place as a basic starting point.
With the list in place, banks and brokers will be able to follow the best practice of conducting due diligence on all third party agents. The nature of the due diligence should be tailored to each third party agent and the extent of the due diligence should be based on the level of risk posed by the third party relationship. Under most circumstances, investment banks and brokers should obtain the following information about their overseas third party agents: (1) the Transparency International Corruption Perceptions Index for the countries in which the agents conduct business; (2) the types of services the agents provide; (3) the agents’ connections to government officials; (4) the agents’ methods of conducting business, including any third parties they employ; (5) the amount and manner in which the agents are compensated; (6) whether the agents have a criminal background or have ever been the subject of a government investigation; and (7) whether they have ever appeared on any banned party lists. To the extent this information is provided by the third parties, it should be reviewed and verified by the entity conducting the due diligence and preferably by employees that have no stake in the outcome of the third parties’ business development efforts. After obtaining and verifying this information, additional due diligence may be warranted, including, for example, interviews of the agents and review of their relevant business records.
Once the initial risk assessment and due diligence has been conducted, banks and brokers should not assume that their work is complete. Regulators expect these parties to monitor their third party agents throughout the course of the relationship to the extent warranted, which is based on the level of risk posed by the relationship. This risk level should be reassessed on a regular basis, and any changes in the way the third party conducts business should be evaluated.
The FSA pointed out that the commercial insurance broking sector has had a large number of mergers and acquisitions in recent years. The FSA, therefore, noted the importance of these brokerage firms having in place procedures for ensuring that the acquired company’s third party agents are subject to the same due diligence and monitoring procedures as the acquiring company’s third party agents.26 The acquired company and its third party agents also should be fully incorporated into the acquiring company’s compliance program as soon as possible after the merger.
3. Information Regarding Third Parties for Management
Another consistent theme among regulators is that boards of directors and senior management teams must be well-informed about their companies’ anti-bribery compliance efforts. The FSA noted that providing the board of directors with a monthly compliance report that does not specifically address bribery and corruption risk will likely be considered inadequate.27 Reports on the banks’ and brokers’ anti-corruption programs should be a routine part of board and senior management meeting agendas.
With respect to third party agents specifically, the FSA recommends that firms inform management when new third parties are retained and that the firms report these parties’ risk classifications to management. The FSA further recommended that firms routinely provide management with a record of payments to the higher risk third party agents and inform management before unusually high commission or fees are paid to these agents.28
4. Books and Records and Internal Controls
One of the most effective ways of preventing and detecting corrupt activities by third party agents is to closely monitor their payment records. Investment banks and insurance brokers should ensure that payments to these agents are consistent over time and reasonable in light of the services provided. They also should routinely check whether the payments are being sent to the approved third party agent rather than an unapproved party designated by the third party agent.29 The FSA criticized insurance brokerage firms for not taking “adequate steps to confirm approved parties’ bank details” and explained that this would increase the risk that insurance brokerage firms might “unwittingly make payments to somebody else.”30 Additionally, greater scrutiny should be given to third party payments when the recipient is an individual rather than a corporate entity31 or when the third party agents request advance commission payments.32 As the FSA stated, a “one-size fits all” approach to third party risk assessment is “frequently insufficient.”33
Another critical feature of an effective anti-bribery compliance program is controlling and monitoring the entertainment, travel and hospitality expenditures of third party agents. It is recommended that each corporation have written guidelines that set forth in detail the circumstances under which such expenditures are allowed and the restrictions on these expenditures. Prohibiting the advance of funds for travel expenses and requiring receipts prior to reimbursement are also recommended practices.
The FSA also offered a suggestion that employee bonuses be tied in part to corporate compliance and not simply to how much income or profit employees generate. As the FSA noted, tying bonuses solely to profit could encourage “risk-taking and negligence” and increase the risk of bribery when these employees use third parties to win business.34
5. Incorporation of Third Parties Into Compliance Program and Training
Regulators leave little doubt that they expect investment banks and insurance brokers to incorporate the third party agents that they utilize into their anti-bribery compliance programs. As an initial step, banks and brokers must provide the third party agents with their anti-bribery polices in the agents’ native languages and obtain written certifications that the agents agree to abide by the terms of the anti-bribery policies. Training is the next critical step in the incorporation process. Ideally, the frequency and extent of the training would be tailored for particular groups of agents based on the level of risk they pose. It is also recommended that banks and brokers train their own employees on proper third party due diligence procedures.35
Overall, investment banks and insurance brokers that update and improve their compliance programs will benefit from knowing that they will be well-equipped to defend their actions if regulators ever come knocking.
U.S. and U.K. regulators have freely publicized the fact that they place great weight on the quality of companies’ anti-bribery compliance programs when determining whether to prosecute companies and the amount of fines to impose.
The increased scrutiny of both of these industries serves as an effective motivator to take actions that ultimately provide the greatest protection against the unreasonable or criminal acts of foreign third party agents.
Valarie Hays is a partner in Schiff Hardin LLP’s White Collar Crime and Corporate Compliance group, resident in the Chicago office. Ms. Hays joined Schiff Hardin after serving approximately five years as an Assistant U.S. Attorney in the Northern District of Illinois. Ms. Hays’ practice includes assisting corporations in developing and improving their anti-corruption compliance programs, investigating potential FCPA violations, conducting FCPA due diligence, and training employees on anti-bribery compliance. Ms. Hays can be reached by phone at 312-258-5510 and by e-mail at email@example.com.
This document and any discussions set forth herein are for informational purposes only, and should not be construed as legal advice, which has to be addressed to particular facts and circumstances involved in any given situation. Review or use of the document and any discussions does not create an attorney-client relationship with the author or publisher. To the extent that this document may contain suggested provisions, they will require modification to suit a particular transaction, jurisdiction or situation. Please consult with an attorney with the appropriate level of experience if you have any questions. Any tax information contained in the document or discussions is not intended to be used, and cannot be used, for purposes of avoiding penalties imposed under the United States Internal Revenue Code. Any opinions expressed are those of the author. Bloomberg Finance L.P. and its affiliated entities do not take responsibility for the content in this document or discussions and do not make any representation or warranty as to their completeness or accuracy.
© 2012 Bloomberg Finance L.P. All rights reserved. Bloomberg Law Reports ® is a registered trademark and service mark of Bloomberg Finance L.P.