Easy targets!

Easy targets!

Article Type: Editorial From: Journal of Financial Crime, Volume 22, Issue 3

The saga of avoidable and inexcusable failures in compliance and worse in the HKSB has been well-publicised and will not be rehearsed in the pages of this journal. The reality is that to some extent at least some of the problems that have arisen for HSBC are a result rather more of its success as an international bank which has grown perhaps too quickly, in all respects, for its management structures. Over the past decade, many established and hitherto well-respected banks and financial institutions have found themselves in trouble with the regulators and, perhaps in too few instances, prosecutors. Obviously, mistakes have been made, and in some cases, these have not been well-handled by managements that have appeared greedy, arrogant and incompetent – at least in terms of governance. However, in indicting – at least in the court of public opinion – these institutions, it may be worth taking a few moments to put some of these issues a little more in context. Let’s consider one or two examples.

Firstly, there are real limits to the efficacy of any compliance system. The emphasis that is now placed on compliance procedures is relatively new. Of course, banks and other institutions did have procedures and even codes of conduct in the past. In a survey that the author conducted in 1974, it was surprising how sophisticated the codes that many companies actually had in place, addressing conflicts of interest, insider dealing and corruption. In the UK, however, these were not policed by individuals who perceived themselves part of a compliance culture. The creation of a compliance profession or – perhaps better described – “industry” developed only in the past 25 years in Britain, at least two decades after the USA. One of the first courses on compliance at a British university was held by the Centre for Police and Criminal Justice Studies, of the University of Exeter in the late 1970s. Even today you can count such courses on the fingers’ of one hand.

Relatively little thought has gone into the strategic development of compliance, and consequently, there remain many aspects that have not been properly thought through. Development has been pragmatic and usually in response to external pressures. There are issues of real concern such as the inter-relationship of compliance to the law, both criminal and particularly civil, which have not been adequately addressed. Even if a system has been properly and adequately devised and resourced, which are very significant givens, it has to be remembered that as with all normative structures, violations are inevitable and situations will arise that have not been predicted and catered for. Compliance is not a full-proof system; as Lord Templeman in one leading case remarked, compliance, even if according to best practice, can at most be an issue in mitigation for an institution, as by definition it has failed if a breach occurs.

Secondly, rather as in the debate on the efficacy of governance, such relatively weak systems of control are likely to be ineffective when faced with criminal designs or for that matter an assessment that the consequences of non-observance – particularly from the perspective of an individual – are minor when compared with the rewards that can be reaped as a result of ignoring or avoiding them. What we are increasingly realising is that within such structures, there must be ethical purchase – those to whom the rules apply must see real value – in all respects, in compliance. As we develop systems which are ever more complex, de-personalised and intrusive, the subjective commitment is likely to weaken. Of course, we can call in aid, the ultimate objective of such rules and procedures, namely, the inhibition of organised crime and terror, or the political objectives of embargoes (such as they may be), but these are remote and, when examined, less convincing. For example, when we consider the very small amounts of tainted assets that are legally interdicted, then the costs, aggravation and, indeed, risks become wholly disproportionate. Indeed, the more we adopt strategies – as we must – based on disruption rather than conventional prosecution, the benefits achieved by certain compliance systems become even more obscure. In fact, the recruitment of those who advocate the intelligence culture in compliance, as has been done – not least – by the HSBC, itself may well compound the problem.

Thirdly and this relates to what we have just discussed, there has been a failure of the traditional criminal justice system to stigmatise those who act wrongly and thereby reinforce compliance. This is not primarily a failure of law, but its administration and application. Having said this, there is a debate to be had as to whether our adherence to higher standards of culpability, at least in certain functions, is practical and acceptable. There have always been difficulties in proving beyond a reasonable doubt – often after several years in a very complex environment – that someone has acted with the requisite state of mind, to justify a conviction, for instance, of fraud. We are understandably reluctant to reduce culpability beyond recklessness. However, there is a case to be made for imposing public responsibility for negligence, as we do in many other activities, particularly where the negligence is self-serving. There is also merit in reinforcing compliance, as we have done in Section 7 of the Bribery Act, with institutional liability where it cannot be shown that adequate steps have been taken to avoid the commission of a fraud or other relevant crime.

Fourthly, perhaps we need to consider the competence and experience of those who are involved in compliance particularly at the more senior levels of management. Having been a prosecutor or a senior intelligence official does not automatically “qualify” an individual for a senior compliance position in a bank. Having said this, it is perhaps a criticism of the “industry” that it has not produced in sufficient numbers, persons of the independence of mind and professional calibre that those who make such appointments feel confident in trusting. The emphasis that has been placed on personal liability and responsibility in control and senior positions, primarily by boards who are concerned about creating distance and regulators who seek easier targets, has not helped. The more so, because in reality, this threat in terms of legal and regulatory responsibility has proved remote. Of far greater concern has been the anguish and isolation that has conveniently been placed on the shoulders of compliance officers once something has come to light. All rather like the way the Chinese are conducting their anti-corruption purge, mainly through Party discipline, rather than under the ordinary criminal law, which might be more in keeping with the rule of law.

While the institutions – and again not least HSBC – are prepared to throw a great deal of money at improving their systems, until we are willing and able to take a rather more analytical and perhaps dispassionate approach, it is not unlikely that we will continue to strangle the golden gooses of our economy and to focus blame on those who because they are simply there, politicians and the media, have been cast in the role of surrogate criminals.

Barry Rider