RiskUKSeptember2017

More documents

Recommendations

Info

During the past few years, the UK has been enhancing its anti-money laundering and counter-terrorism and proliferation financing regimes. At the same time, casting the net beyond the financial community to encompass the entire private and public sectors, there have also been updates to the anti-corruption laws, with a new Bribery Act coming into force back in 2011. In the ongoing fight against financial crime, argues Tim Parkman, fostering a strong internal business culture is absolutely vital Fighting Financial Crime: Culture is Key in UK plc The nexus between corruption and money laundering is becoming ever-more important. Since the World Bank estimates that US$1 trillion is paid in bribes each year to corrupt officials around the world – the International Monetary Fund suggests that figure is nearer to the US$2 trillion mark – and most, if not all, of that needs to be laundered through the financial and commercial system, the confluence of the two events is a timely reminder of the growing need for vigilance against financial crime generally within the UK’s business community. The laws in place today carry severe criminal penalties for proven wrongdoing, including heavy fines and, potentially at least, terms of imprisonment for executives. That being so, organisations need to establish robust internal mechanisms designed to detect and deal with wrongdoing. They must readily identify the training of staff as a core requirement. A number of high-profile money laundering, corruption and fraud cases over the years indicate that, while good systems and controls can go so far in avoiding legal and reputational catastrophes, they don’t usually lead you all the way there. To really succeed in up-front prevention, something else is required. This could be management determination, corporate culture, staff buy-in: a certain something or a combination of things hardly ever written down or handed out, but which means that the rules are applied de facto, day in and day out, in the business operations of the company. Looking back into the mists of time, Enron had a Code of Conduct in place. So, too, did Siemens, but that didn’t prevent the bankruptcy of the former and the public despoilation of the latter. Deutsche Bank and HSBC – both more recently the subject of huge financial penalties for weaknesses in their Anti-Money Laundering (AML) control frameworks – had AML policies and procedures in place. Either something went missing on the way to the front line or otherwise it was never there in the first place. How, then, can this ‘missing link’ be created? Focus on awareness Focusing on awareness on a continual basis is a key first stage in building the right corporate atmosphere. Awareness isn’t the same as training, although the two are often mentioned in the same breath. Awareness exists when everyone’s mind turns intuitively to a particular issue without the necessity for prompting. It doesn’t come about through an annual training session. Rather, it needs constant reminders and repetition of the same point made in different ways, generating interest and engagement until people automatically think “This is important, I need to be careful here…” Videos, e-mails, posters, hand-outs, special instruction days – all can be used to good effect. Only with awareness can whistleblowing (more of which anon) be truly effective. It’s important not to reward rule-breaking behaviour. Any organisation that’s serious about observing the laws on financial crime should devote attention to stamping out practices which put people in doubt about what the company’s ‘real’ policy is on this matter. Organisations have various options open to them as to how they might handle different combinations of outcomes from an employee’s performance in which he or she either meets or exceeds their targets and either ignores or observes organisational values in the process. If employees miss targets and ignore company values then you fire them, right? The opposite is true for those who hit their targets and abide by the rules. You reward or promote them. Perhaps underperformers could be coached and encouraged, but then exited from the 24 www.risk-uk.com
Bribery, Fraud and Corruption: Risk Mitigation Procedures business if they still cannot improve? After all, you have to hit your targets, don’t you? The acid test really centres on how your company treats employees who meet or exceed their targets, but who ignore the company’s values and break its rules on a selective basis. If you reward them, everybody is aware of the message that the rules don’t really matter. Rule-breaking must be punished, not rewarded. Coded encouragement Aware that stiff business targets may be more easily met if a few corners are cut here and there, some managers have been known to use phrases and terminology as forms of coded encouragement to subordinates to ignore the rules, without actually stating that it’s permissible to do so. “Who here has what it takes to meet these targets?”… “Are you brave enough to go out and grab these figures?”… “How many people in this room will do whatever it takes to get us over the line?”… These are all real examples related to me by people who were there. I once knew a Board director of a large UK company whose favourite phrase was: “Don’t bring me problems... Bring me solutions!” Depending on the context, when you say something like that, you should know that it can mean different things to different people. It’s unrealistic – as well as being totalitarian and unproductive – to try to control how people speak day-to-day, but it’s sensible to continuously remind managers of the need to communicate the requirement for integrity clearly and unambiguously and to back that up with firm action. Always track decision-making. This refers to ensuring that day-to-day business decisions are made properly and that everyone who’s supposed to have expressed a view, or who might be expected to express one, has that view – or their unwillingness to express one – recorded in reliable ways. While working in compliance, I learned never to be surprised by the lengths to which a few individuals would go to avoid giving ‘sign-off’ on projects that were enticingly lucrative, but also worryingly risky. The implication was clear: by encouraging, but not formally endorsing them, they hoped to enjoy the benefits of success if things went well, but without any flecks of blood on their tunics if there were adverse legal or compliance issues at some point down the line. AML and anti-bribery rules and Best Practice require senior management to be involved in decisions about taking on and servicing high risk customers and markets. Companies need transparent, auditable decision-making procedures and protocols in place coupled with regular checks on the way in which they’re being operated to ensure that this happens. Encourage whistleblowers Encouragement for whistleblowers is absolutely vital. Whatever ‘it’ is, somebody in the organisation who’s not involved probably knows about it, or at least suspects something that could provide a crucial lead. How much money, time, pain, reputation and general good standing could have been saved in the world if all the people who knew about ‘it’ had come forward – and been dealt with appropriately - rather than keeping quiet, or being verbally abused and sacked as troublemakers? We’ll never know, but what we do know is that an effective whistleblowing hotline is three times better at exposing fraud and corruption inside an organisation than the next best form of ‘detective control’. Nobody wants to give priority to perpetual moaners about car parking spaces and alleged Human Resources shortcomings, but when it comes to the big stuff, this is something to which you must devote your attentions. The entire approach of senior management, and especially the Board, should be geared towards something which may seem counterintuitive at their stratospheric level: seeking out problems as much as they seek out opportunities. A common feature of corporate catastrophes is a failure to escalate in time. “Why weren’t we told about this sooner?” is a common enough refrain, but we already know the answer in lots of cases. Not enough senior individuals are uncomplicatedly accessible for the receipt of bad news and, because of that, not enough junior people are prepared to deliver it. The Board – and individual Board members in their specific areas – should actively look for the ‘red flags’ associated with corruption, fraud or money laundering with the same zeal as they would examine in fine detail a strategic acquisition or a major new market. Sharp increases in revenue, sudden changes of personnel or the swift – and profitable – removal of a Government ‘blockage’ in a key overseas market should be challenged and explained. Specialist training is merited here. Tim Parkman MA: Managing Director of Lessons Learned “Any organisation that’s serious about observing the laws on financial crime should devote attention to stamping out practices which put people in doubt about what the company’s ‘real’ policy is on this matter” 25 www.risk-uk.com
Page 1 and 2: September 2017 www.risk-uk.com Secu
Page 3 and 4: September 2017 Contents 42 Meet The
Page 5 and 6: Editorial Comment More zones, more
Page 7 and 8: News Update “Employees pose great
Page 9 and 10: News Analysis: British Standard 859
Page 11 and 12: They see a well secured airport. Yo
Page 13 and 14: News Special: Cortech Open Innovati
Page 15 and 16: Opinion: ISO 22316 Security and Org
Page 17 and 18: Opinion: Apprenticeships in the Sec
Page 19 and 20: BSIA Briefing With an estimated eig
Page 21 and 22: “ MY PASSION IS PERFECTION IN EVE
Page 23: Enterprise Security Risk Management
Page 27 and 28: Crisis Management: Leadership in Pr
Page 29 and 30: www.coie.uk.com Cortech Open Innova
Page 31 and 32: Lone Worker Security and Safety wor
Page 33 and 34: The Changing Face of Security Servi
Page 35 and 36: Multi award winning security servic
Page 41 and 42: Tel: 08707 508070 Fax: 08707 508066
Page 43 and 44: Meet The Security Company: Doyle Se
Page 45 and 46: Fire Safety Planning: Emergency Eva
Page 47 and 48: National Association for Healthcare
Page 49 and 50: The Security Institute’s View and
Page 51 and 52: In the Spotlight: ASIS Internationa
Page 53 and 54: FIA Technical Briefing: Gaseous Fix
Page 55 and 56: Security Services: Best Practice Ca
Page 57 and 58: Cyber Security: Risk Management in
Page 59 and 60: Training and Career Development ‘
Page 61 and 62: Risk in Action Cambridgeshire Fire
Page 63 and 64: Technology in Focus SPC Connect’s
Page 65 and 66: Appointments Magnus Ahlqvist The Bo
Page 67 and 68: thepaper Business News for Security
Page 69 and 70: CCTV CCTV Rapid Deployment Digital
Page 71 and 72: SECURITY ANTI-CLIMB SOLUTIONS & SEC

RiskUKSeptember2017

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?