Daily Briefing: EY in Danske audit hot seat, HSBC AML compliance upgrade snapshot, and more
Monday, April 15, 2019
Posted by: Brian Monroe
By Brian Monroe
April. 14, 2019
Quote of the Day: “Stay true to yourself, yet always be open to learn. Work hard, and never give up on your dreams, even when nobody else believes they can come true but you. These are not clichés, but real tools you need no matter what you do in life to stay focused on your path.” – Phillip Sweet
In today’s ACFCS Fincrime Daily Briefing, global audit firm Ernst & Young faces questions in Danske audit, Fresenius FCPA fine, snapshot of HSBC compliance changes, future goals, and more.
Please enjoy this unlocked story, part of the many benefits of being an ACFCS member.
Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content!
Danish fraud squad to investigate Danske Bank auditor EY over 2014 report containing information warranting deeper scrutiny, notification to authorities
Accountant EY’s audit of scandal-hit Danske Bank came under scrutiny on Friday as Danish authorities asked the state prosecutor for financial fraud to investigate the matter, stating the Big Four firm saw unspecified red flags that should have prodded more scrutiny and potentially even a referral to regulators or investigative bodies.
Danske Bank is under investigation in the United States, Denmark, Estonia, France and Britain over payments from Russia, ex-Soviet states and elsewhere. It has admitted that 200 billion euros ($226 billion) of suspicious transactions flowed through its Estonian branch between 2007 and 2015.
“In connection with the audit of Danske Bank’s financial statements for 2014, EY became aware of information that should have prompted it to carry out further investigations and notified the Money Laundering Secretariat,” the Danish Business Authority (DBA) said on Friday.
The DBA had in October launched an investigation into the external audit of Danske Bank’s financial statements for 2014, as well as the auditor’s duties in relation to suspected money laundering up until 2015.
The years named reflect the fact that 2014 is the furthest back money laundering can be punished under legislation that was in place until recent tightening by Danish lawmakers.
EY, which was the external auditor for Danske Bank until Deloitte took over the job in 2015, said it was cooperating with the authorities.
Danish and Estonian authorities have been heavily criticized for reacting too slowly and inadequately to the scandal that has also spread to other banks such as Deutsche Bank and Swedbank.
The head of the fraud squad, Morten Jacobsen, told Reuters the squad had received the report from the business authority and would look thoroughly into it before deciding whether there was a basis for raising a court case, (via Reuters).
The Danske Bank money laundering scandal has been dominating headlines in the financial crime and compliance space for months.
And, as in past high-profile cases where a bank was the alleged conduit for millions and even billions of dollars in money laundering, once the full magnitude of the failures come to light, comes the next inevitable question: what did the regulators see and do and, finally, what did the bank’s auditors see, do or, in this case, should have done.
This is a predictable series of events that have happened in the past and, in some cases, auditors have been rigorously reviewed, found warranting, and penalized for accounting failures and, in the case of AML audits, also called independent reviews, sanctioned for “watering down” reports.
In other cases, the auditor was even banned for doing audit work for banks in a certain region, seriously affecting the reputation and bottom line of typically stoic, staid and reliable audit firms with a long history of paying extreme attention to detail and uncovering irregularities indicative of fraud.
Look for audit firms to tighten up their AML reviews of banks in Estonia, Latvia, and all banks in the Nordic and Baltic regions because when one regulator in one jurisdiction decides to probe an audit firm, other regulators tend to get nervous as well and follow suit.
DOJ fines Fresenius Medical $231 million for bribing public health officials, docs in more than a dozen countries
Federal prosecutors have penalized a multi-billion dollar German medical devices firm $231 million in a non-prosecution agreement for bribing doctors and public health officials in more than dozen countries around the globe, including Europe, Africa and the Middle East, to illicitly gain some $140 million in new business.
The U.S. Department of Justice (DOJ) and the Securities Exchange Commission (SEC) late last month levied the fine against Fresenius Medical Care AG & Co. KGaA (Fresenius), a German-based provider of medical products and services, particularly in the area of dialysis and renal failure, for nearly a decade of violations related to the Foreign Corrupt Practices Act (FCPA).
Between 2007 and 2016, Fresenius paid bribes to publicly employed health and government officials to boost business in Angola and Saudi Arabia, Morocco, Spain, Turkey and countries in West Africa.
Fresenius paid these bribes through a combination of direct payments, payments through third parties and payments through a third-party distributorship, all to obtain and retain business in those countries, the company admitted as part of the settlement.
Moreover, the company engaged a creative array to hide the payments and shuttle funds to key medical professionals, such as military officers and other government health officials, including offering shares of local subsidiaries in Angola, a check-cashing scheme in Saudi Arabia, a sham commission structure in Morocco, and other fictitious contracts.
The company, formed in the mid-1990s and annual revenues surpassing $20 billion, “knowingly and willfully failed to implement reasonable internal accounting controls over financial transactions and failed to maintain books and records that accurately and fairly reflected the transactions,” according to penalty documents.
“Fresenius doled out millions of dollars in bribes across the globe to gain a competitive advantage in the medical services industry, profiting to the tune of over $140 million,” said Assistant Attorney General Benczkowski, adding that the company must also retain an independent compliance monitor for at least two years, (via DOJ).
With DOJ creating a new unit to look for, and crush, the world’s largest corruption, money laundering and fraud hubs, look for FCPA penalties to rise in the coming months and years.
The actions in recent years, against banks, and firms in the medical, energy and telecom sectors, also give a glimpse of the potential roadmap DOJ is taking in terms of what business areas they are focusing on first.
The message and takeaways are manifold: For banks, it means find and root out any pockets of non-compliance that could be engaging in corrupt practices, such as hiring the relatives of PEPs or bribing PEPs to gain access to larger accounts, to ensure your institution doesn’t get tripped up.
Similarly, banks should proactively review their exposure to these fields in terms of clients. If a bank misses what regulators or investigators feel is obvious signs of corruption, that could also mean a violation of the FCPA as a facilitator, or a deeper look at the AML compliance program due to the perception of weak controls.
‘Large number’ of AML investigations underway with potential civil, criminal enforcement on the table: UK FCA
The United Kingdom’s top financial crime watchdog has a “large number” of investigations going on for broad failures of anti-money laundering (AML) compliance requirements, with subject entities facing civil and even criminal proceedings that could result in penalties and even prison terms.
Those are some of the subjects tackled in early April by Mark Steward, the head of enforcement for the United Kingdom’s (UK) Financial Conduct Authority (FCA), when he warned those subject to AML regulations that “it is time that the FCA gave effect to the full intention of the Money-Laundering Regulations which provides for criminal prosecutions.”
“[The FCA is] now conducting ‘dual track’ AML investigations, i.e., investigations into suspected breaches of the Money-Laundering Regulations that might give rise to either criminal or civil proceedings,” he said at the Global Investigations Review Live event in London, with the sentiment that the regulator is strengthen the rigor of exams and being more willing to levy more and higher penalties.
The statement comes after stronger laws in the UK have come into force in June 2017 to ensure compliance with the European Union’s Fourth Money Laundering Directive, which captured new sectors, including gatekeepers, and increased sanctions for attempting to hide AML program faults or give misleading information, intentionally or not, (via the National Law Review). To read the FCA’s full statement, click here.
These statements mirror comments from 2018 and the UK is starting to turn these words into actions, particularly in large, complex international investigations for AML, sanctions and corruption failures.
The U.K. has been a part of several actions in recent years with U.S. federal regulators and investigators and handed down, for that country, record penalties soaring into the millions of dollars.
Much of this is spurred by a bevy of high-profile data breaches and money laundering investigations that resulted in the sense that criminals find London a welcome place to launder money, particularly in real estate.
These statements occur within a greater context of massive money laundering scandals in the hundreds of billions of dollars coming to light. Danske Bank, of course, springs to mind.
These scandals and data breaches have also put more pressure on the regulators and authorities in the European Union and Nordic and Baltic regions to crack down harder on banks with lax AML policies that have led to certain institutions becoming choice conduits for the mega launderers, an embarrassment to the whole country’s perception as a safe, clean banking center.
HSBC has ‘radically restructured’ AML program since 2012 DPA, upgrading talent, systems, oversight by spending more than $1 billion since 2015: ESG snapshot
Since a record $1.9 billion penalty for financial crime compliance and sanctions failures in 2012, global bank HSBC has implemented an overlapping series of changes, including upgrades in staffing, talent, systems, team structures and risk strategies and more, according to a just-released Environment, Social and Governance (ESG) update.
While HSBC has paid regulators and investigators billions of dollars to settle compliance, sanctions, tax and other risk and control failures, the bank has also, since 2015, spent an additional $1 billion specifically on bolstering anti-money laundering (AML) compliance through hiring big name government investigators, raising internal standards across all jurisdictions and more.
Over the past several years, the bank states that it has “radically restructured our global operations and significantly strengthened our ability to combat financial crime,” according to the missive.
Here are some of changes HSBC has made, according to the ESG snapshot, which also covers tactics the bank has undertaken to improve tax compliance, forex foibles and the like:
· Exit stage left: Exited customers, products and countries where we deemed the financial crime risk too high to manage. Also working with governments and other banks to advance our mutual interests in this area.
· Think globally, act locally: In 2012, the bank launched our Global Standards initiative, focused on putting in place the most effective standards to combat financial crime across our operations globally. As part of this effort, we designed and implemented new, globally consistent policies on AML and sanctions that often extend beyond the requirements of local laws and regulations.
· Committed committee: In 2013, established a Financial System Vulnerabilities Committee (FSVC) to oversee our financial crime risk management reforms. The FSVC reports to the Board on matters relating to financial crime and financial system abuse, and provides a forward-looking perspective on financial crime risk, anti-bribery and corruption.
· Capable leaders: Hired experienced senior personnel to lead the effort and significantly increased our financial crime compliance capabilities.
· Invested investigators: Put in place a robust investigations capability.
· Training train: Improved and expanded our financial crime compliance training initiatives
· The IT couple: Upgraded or replaced key compliance IT systems, with over $1 billion spent since 2015.
· Back to ABAC: Renewed bank focus on anti-bribery and corruption as part of a dedicated three-year program to advance the Group’s anti-bribery and corruption risk management capability.
Over the coming years, HSBC stated it plans to “evolve significantly the approach to financial crime risk management by building advanced analytical capabilities, including artificial intelligence, designed to help us target illicit conduct with greater sophistication and precision.”
This will “help us make a step change in our effectiveness at fighting financial crime and set a new standard that aims to lead the industry,” according to the ESG post.
“We expect to be faster and more accurate at detecting potential financial crime and ever more targeted in our risk assessments,” the bank stated. “We expect to generate actionable insight that we can use ourselves and provide to law enforcement to help keep criminals out of the financial system. This will benefit the Group, our customers and society at large,” (via HSBC).
HSBC has made a dramatic turnaround, going from fincrime compliance pariah, to law enforcement partner.
While no bank has the perfect program, and money laundering occurs at all large international banks, it’s incredible what can happen when an institution strengthens its commitment to fighting financial crime.
The challenge now is to keep the momentum and truly institute a global phalanx against financial crime in all regions without having a drop in focus, execution, effectiveness and results.