Bribery Enforcement Action in the Insurance Business……Again

December 22, 2011

 

The insurance industry looks to be a target. This would not be a surprise if you read my recent blog, Bribery and the Board in the Insurance Broker Business, here. With only days left in 2011, I won’t go so far as to use the (2011 word of the year, at least as per my list) contagion, but I have a feeling I will be using the term “systemic” industry risk a lot in 2012.

This time it is Costa Rica. The funds were intended as education and training for INS officials (see how difficult it is to avoid doing business with public officials in the international space),  but some of it went to travel to “tourist destinations” or other purposes not provided within the brokers “books and records.” In this case, and unlike the previous Willis UK Bribery Act case, the NPA (non-prosecution agreement) made note of invoice and other records that made it obvious “that the expenses were clearly not related to a legitimate business purpose.”

The NPA included “failure to devise and maintain an adequate system of internal accounting controls with respect to foreign sales activities sufficient to ensure compliance with the FCPA.”

The price tag you ask?………….$25 million ($1.76 million penalty, with was a substantial reduction thanks to “extraordinary cooperation”, “timely and complete disclosure of improper payments”, and the 5.25 million pound payment to the UK’s FSA (Financial Services Authority); plus $14.5 million in disgorgement and prejudgment interest in a related SEC settlement) not to mention their legal, investigation and communication cost.

The ultimate cost will be difficult to determine, but is potentially much greater than the above, due to potential reputational damage, the new costs to “adhere to rigorous compliance”, and the costs of possible follow-on civil liability claims.

Who you ask…………….? Sorry,………………………………………………….. AON. Here, here, here.

The bigger question……….did they buy investigation coverage under the Marsh exclusive program, or negotiate it themselves with Chartis (to save the commission)? And, will they jump on the band wagon to market this case as the perfect “loss example” to their clients?

At the risk of defending a competitor, it is very likely that the SFO, SEC, DOJ, etc, have a great scapegoat in the insurance brokerage industry: 1) we are the best direct link to business of every size and in every sector, 2) going after international accounting/auditing/consulting firms is difficult because they have a longer history of successfully defending themselves from liability; 3) many of the clients of audit/consulting firms don’t retain them for risk management advice, 4) “do as I say, not as I do” doesn’t just apply to child raising.

The loss control opportunity (the investment in time and resources should reflect the risk, which means the risk needs to be identified to determine the applicability of the following):

  1. Get the “rigorous compliance, bookkeeping and internal controls standards” in place now, not after the enforcement action,
  2. Follow the DOJ “minimum best practices compliance program” as per their common Deferred Prosecution Agreement (the research is a good start, but here is a hint) aka Plea Agreement,
  3. Establish Legal and Compliance Committee of the Board (3 members, no execs),
  4. Appoint one or more senior executives to implement of oversee anti-corruption policies, procedures and standards, and provide adequate resources and an adequate level of autonomy from management, (note that US Sentencing Guidelines suggest that this compliance officer reporting to the General Counsel who reports to the board may not qualify, see here for NY Times article, “MF Global’s Risk Officer Said to Lack Authority”),
  5. Appoint a Compliance Consultant to aid in those activities and the reporting obligations,

The insurance spin – There are two insurance vehicles that come to mind for the transfer of direct “bribery enforcement” based loss:

  1. Standalone Investigation Costs Coverage – this is a new product, rarely purchased and largely unknown product, but no matter what the purchase decision, the due diligence alone is worth your (and your broker’s) effort,
  2. Investigation Costs Coverage as built into a D&O or D&O/Professional Liability policy – there is no rhyme or reason to the contract language so tread carefully. Make sure your broker identifies “Entity” coverage vs “Personal” coverage, and if this analysis covers less than a dozen areas of the policy, ask them  to try again,
  3. Request details on “formal” vs “informal” investigations, but recognize that the “broader” the policy the more onerous there “reporting” obligations, and the greater the risk of erosion or exhaustion of limits.

For indirect loss you might only be able to look to your D&O or D&O/Professional Liability policy. The key for D&O coverage is:

  1. Don’t assume it is a D&O policy as almost every policy provide coverage to the corporate Entity,
  2. Know how your policy or program (layers of policies) is exposed to erosion or exhaustion,
  3. Follow-on or Downstream loss can come from many directions, so request information on how your policy responds to “derivative” demands, “securities claims”, and regulatory enforcement not included in the initial bribery/corruption enforcement,
  4. Since some “bribery enforcement” loss does not name individuals, then you may have skipped the “direct loss” comments above, and therefore I will repeat – the “broader” the policy the more onerous there “reporting” obligations, and the greater the risk of erosion or exhaustion of limits.

D&O, Professional Liability and Crime insurance underwriters are tightening their underwriting standards. They are raising the RED FLAG on the departure of Chief Risk Officer, Chief Compliance Officer, or General Counsel, and may no longer settle for “resigned to pursue other opportunities”.

Greg Shields is a D&O, Professional Liability and Crime insurance specialist and a Partner at the University and Dundas (Toronto) branch of Mitchell Sandham Insurance Services. He can be reached at gshields@mitchellsandham.com,  416 862-5626, or Skype at risk.first. And more details of risk and loss control can be found on the Mitchell Sandham blog at http://mitchellsandham.wordpress.com/

CAUTION: This article does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult a registered and truly independent insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making any insurance or legal decisions. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this document from any external website must receive the consent of Mitchell Sandham Inc. by sending an e-mail to gshields@mitchellsandham.com.


Bribery and Anti-Corruption Enforcement Insurance in Canada

December 15, 2011

 

I speculate that the Governance, Compliance and Risk Management issue of Bribery and Anti-Corruption will go from a dusty item entered in to board minutes, to a material agenda item. This is not necessarily a good thing because none of the other agenda items can be easily de-weighted.

As mentioned in previous blogs, CFPOA, Corruption of Foreign Public Officials Act, only recently started receiving press based on the enforcement action against Niko Resources, here, here, here and here.

A March 2011 OECD, report, here, suggested the RCMP was had 20 active CFPOA enforcement investigations. Based on the CFPOA being sleepy legislation for most of its 13 year history, and considering that only two cases, Hydro Kleen and Niko, have seen the light of day, it can be extrapolated that there have been any new investigations launched in the last ten months.

With the inconsistent Canadian legal precedent on disclosure obligations for public issuers, and with few to no announcements by such public issuers disclosing any RCMP investigations, it can also be assumed that many of the 20+ companies have no idea they are being investigated.

With there being such little press and such small financial consequences (until Niko), it would also be a fair statement to suggest that Anti-Bribery, Anti-Corruption compliance programs within individual Canadian companies might not be receiving substantial resources or significant board/executive attention.

My strong recommendation is that this needs to change and change quickly. The best defence (to an investigation or enforcement action) is a good offence. This offence needs to be well worded, aggressively communicated, strongly enforced and meticulously documented.

The FCPA, the use counterpart, has seen very active enforcement. This enforcement has resulted in many follow-on claims including class action securities claims. Since we only have one enforcement action in Canada, that has been brought after the inception of Bill 198 (secondary market liability legislation), and it is too early to determine the risk of follow-on litigation, the only thing Canadian directors and executives can do is assume the financial, market and reputational risk of an CFPOA Enforcement Action will be material to the organization.

There is no doubt that more enforcement actions will soon become public. This means there will be a lot of Directors, Creditors and Shareholders receiving an unpleasant surprise in the new year. When the issue becomes public every company decision, announcement, prospectus and even individual discussions and emails will become the subject of scrutiny and conjecture.

It is usually at this point of crisis that risk management and insurance are raised. Insurance coverage will become a critical question. Directors and officers will want to know if their D&O insurance policy will respond. But they may not recognize that there is no such thing as a “standard” D&O insurance policy. They also might not realize that early response of the D&O policy to a CFPOA enforcement action or investigation may put these directors at a considerable personal risk.

The issues of policy limit adequacy, limit erosion or exhaustion, “notice” obligations, exclusions and continuity are too detailed for this blog post. These issues are also too specific to the specific to the actual insurance program in place and the unique investigative order and potential litigation.

There are dedicated Investigation Costs insurance products available and in the works. These policies are designed specifically for investigation costs, and in most cases they provided limits of liability that will not erode the limits available under the D&O program.

The only way to extract value from the risk management activity of “risk transfer to insurance” is to identify risk, develop loss control tools, determine coverage priorities and negotiate and buy insurance prior to “smelling smoke.”

Greg Shields is a D&O, Professional Liability and Crime insurance specialist and a Partner at the University and Dundas (Toronto) branch of Mitchell Sandham Insurance Services. He can be reached at gshields@mitchellsandham.com,  416 862-5626, or Skype at risk.first. And more details of risk and loss control can be found on the Mitchell Sandham blog at http://mitchellsandham.wordpress.com/

CAUTION: This article does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult a registered and truly independent insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making any insurance or legal decisions. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this document from any external website must receive the consent of Mitchell Sandham Inc. by sending an e-mail to gshields@mitchellsandham.com.

 


Bribery and the Board in the Insurance Broker Business

August 1, 2011

 

Between the FCPA, UK Bribery Act and the CFPOA there are many new cases in the bribery landscape. However, there is a very recent case involving a multinational insurance brokerage. This case is not categorized as a direct bribery issue, but rather a failure to prevent bribery. The Financial Services Authority (FSA) announced last week, here, that it fined Willis Limited 6.9 million pounds for “failings in its anti-bribery and corruption systems and controls” which “created an unacceptable risk that payments by Willis Limited to overseas third parties could be used for corrupt purposes.”

This case changes the game before most people have even started to learn the rules. It is still very common for corporate leaders to respond to news of bribery enforcement by saying “everyone is doing it” and “that is just how we do business in (insert industry)(insert city).” Most internal and third party professionals will be quick to point out that such realities are not an acceptable defence to regulatory enforcement. However, those defences are still being attempted, and the result is industry based systemic risk as regulators then say “ok, where else and who else” and start flipping over rocks in other regions or at industry competitors. Therefore, don’t be surprised to see similar settlements in insurance brokerage industry.

The rules of the game are that directors and senior management need to turn their minds to controls and procedures to prevent this (recently) unacceptable behaviour. In the Willis case, it seems that the organization, unlike many other organizations, did in fact create and implement “appropriate anti-bribery and corruption systems and controls”, but the FSA has suggested with this fine that the existence of controls is not enough and they are required to “ensure that those systems and controls are adequately implemented and monitored”, at the grassroots level.

The time period of the payments in question was January 2005 to December 2009, which means that there is a long tail of liability involved with FSA bribery enforcement actions and therefore organizations and their governing minds had better respond quickly to create and/or increase their controls and control enforcement and monitoring.

The Willis case, and the recent Canadian CFPOA case against Niko Resources, here, might suggest that international bribery enforcement is not a game, because the value of the fines are many multiples of the alleged inappropriate payments in question (at least those values that were disclosed.) In the Niko case the payments in question were less than C$200,000, but the fine was C$9.6 million (the actual value of Niko’s business dealings in “high risk jurisdictions” were not disclosed.) In the Willis case, the total value of transactions over the five year period was 27 million pounds, with the suspicions payments totalling $227,000, and the fine being 6.895 million pounds (after a 30% discount for cooperation and early settlement.)

Here is the loss control opportunity presented by this case to directors, officers, management and employees of corporations doing business overseas (I know this is easier said than done, this is a just a blog):

  • Identify all payments to foreign third parties (especially in “high risk jurisdictions” – if it helps to narrow things down (kidding) the Niko case involved Bangladesh, the Willis case involved Egypt and Russia),
  • Establish and record the commercial rationale for all payments to foreign third parties – this needs to be done to the minute degree of demonstrating “in each case why it was necessary… to use an Overseas Third Party (OTP) to win business and what services (the company) would receive from that OTP in return for a share of its commission”
  • Understand that foreign official is a much broader group than you might think (other bribery cases have set the precedent that doctors and other medical staff in most countries are considered foreign officials, World Bank and IMF staff are foreign officials), 
  • Realize other enforcement examples are not just a learning opportunity but an obligation; the acting director of enforcement and financial crime in the Willis case specifically said this case was “particularly disappointing as we have repeatedly communicated with the industry on this issue”, 
  • Provide formal training to staff to recognize an affected payment and to record in detail (more than a brief description) the reasons and resulting services surrounding the payment. This is the only way to demonstrate adequate monitoring and effectiveness of anti-bribery systems and controls, 
  • Ensure adequate due diligence on OTP to assess how the OTP is connected to the organization’s client, the foreign official and any other involved third party, 
  • Recognize that you are responsible for indirect bribery or alleged bribery of a foreign official, not just for direct bribery. This means you are responsible for the actions of any Third Party that could be in a position of making improper payments to help your organization win or retain business from overseas clients or prospective clients, 
  • Ensure that this due diligence is applied to each and every time a payment is made to a Third Party, not just the inception of business with that Third Party.

There is a very strong argument that the Willis case is not a bribery case, it is a books and records case, but FSA does not seem to care about the distinction. The case has been lumped in with the recent UK Bribery Act / FCPA / CFPOA bribery enforcement actions, so it is getting media attention that it may or may not deserve.

Is this a good example of directors’ and officers’ liability? No, not directly. There was no mention of negligence by an individually named director or officer. But many bribery enforcement actions have spawned downstream criminal, civil and securities liability lawsuits, so if directors and officers do not learn and react to the public pain suffered by other entities, they have a good chance of facing personal liability.

My advice, be careful about extending your D&O insurance policy to FCPA / UK Bribery / CFPOA enforcement action if you don’t fully understand how your policy is exposed to Entity Coverage or other risk of erosion or exhaustion of its limits of liability. There is no regulation or oversight of D&O policy wordings or pricing in Canada, so your assumption of the level of “personal loss” coverage in your D&O policy might be incorrect. Without early investigation you might not find that out until it is too late.

Greg Shields is a D&O, Professional Liability and Crime insurance specialist and a Partner at the University and Dundas (Toronto) branch of Mitchell Sandham Insurance Services. He can be reached at gshields@mitchellsandham.com, 416 862-5626, or Skype at risk.first. And more details of risk and loss control can be found on the Mitchell Sandham blog at http://mitchellsandham.wordpress.com/

CAUTION: This article does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult a registered and truly independent insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making any insurance or legal decisions. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this document from any external website must receive the consent of Mitchell Sandham Inc. by sending an e-mail to gshields@mitchellsandham.com.


Follow

Get every new post delivered to your Inbox.