briefings |

Managing a Regulatory Crisis: All leave is cancelled

Imagine discovering as a newly appointed Non-Executive Director of a financial services business that a series of unfortunate events have snowballed and now alleged breaches of the Money Laundering Order have been reported to the Attorney General.

Welcome to your first regulatory crisis.

Barry Faudemer

Your first regulatory crisis

Imagine discovering as a newly appointed Non-Executive Director of a financial services business that the client reviews of high-risk clients have not been undertaken for two years, reporting of suspicious activity has lapsed over several months following the resignation of the MLRO, staff AML training is woefully out of date, the Board delegates all things compliance related to the MLCO with no board reporting. Added to that the regulator has undertaken an on-site examination and discovered all of the above but also concluded that the regulatory consultant used to draft your AML/CFT and PF procedures made fundamental errors leading to systemic weaknesses throughout the business resulting in breaches of the Money Laundering Order and the JFSC’s AML/CFT/PF handbook. If that wasn’t enough you discover your highest fee earning client has just been arrested for fraud.  Supervision refers the case to enforcement and alleged breaches of the Money Laundering Order to the Attorney General……. Welcome to your first regulatory crisis.

Sounds a bit farfetched? Simply read all the recent public statements and fines imposed by the JFSC and judgments issued in Jersey, Guernsey and the Isle of Man and you will quickly see that such nightmare situations continue to occur. So how should a business deal with such a crisis?

How to deal with a regulatory crisis?

Here are some key steps to consider:

  • Rapidly assess your risk exposure and react promptly and positively.
  • Demonstrate to the Board, the employees and to the regulator that you have control and are actively addressing the issues.
  • Focus on your highest risk areas first such as your SAR reporting.
  • Be candid and consider your wider reporting obligations, including your insurers.
  • Locate and secure key data and documents.
  • Ask yourself do you have the levels of expertise, resources, and time in house to manage the crisis alongside business as usual?
  • If support is needed does the consultant/advisor have previous experience of dealing with such matters in a crisis situation, and are they insured if they give incorrect advice?
  • Develop a documented and detailed strategy/remediation plan with clear responsibilities, accountabilities and timelines.
  • Openly engage with the regulator in relation to your strategy.
  • If referred to enforcement – think mitigation, appoint a legal advisor/team.
  • Demonstrate to the Board and all employees that you are in control of the situation – Don’t leave it in the hands of the people that created the problem.
  • Create a communications plan considering employees, shareholders, key clients, service providers and the media.

What is the regulator thinking? (insight from a former regulator)

It’s always worth considering what may be going through the minds of the regulator when a regulatory crisis occurs, below are just some of the thoughts that often flashed through my mind when confronted with such cases.

  • Is there a positive culture within the business and a willingness to change?
  • Is the problem systemic?
  • Are further breaches likely to arise as you drill in the initial issues?
  • Is the Senior team capable and willing to put things right?
  • What is their recruitment plan and will it lead to the timely resolution of the issues identified?
  • Could the problem occur again?
  • What is the reputational risk to the industry?
  • Should any restrictions be placed on the business and any senior employees whilst the issue is remediated?
  • Do they have a credible plan and is it detailed enough to give the level of confidence needed to the regulator?
  • Are they being open, transparent and giving me the full picture?
  • What is the reputational risk for the jurisdiction?
  • Does the regulatory track record of the institution give further cause for concern?

Identify the root cause of the problem

Before embarking on a strategy, analyse and understand the root cause of the problem. For example, was it a systemic issue with the collation of CDD or lack of staff training/ unclear procedure/a rogue member of staff/ failure in monitoring systems etc.

If necessary, launch your own investigation although the regulator may want to see the scope and time scales. Use experienced professionals capable of conducting effective and timely interviews, processing large volumes of data.

Creating your crisis management strategy

Here are some things to consider while creating your strategy to manage this regulatory crisis:

Set realistic time scales.  Allow sufficient time to review, digest and consider the accuracy of findings.

Try to be as open and transparent as possible, adopting a confrontational strategy with the regulator usually ends badly for the business.

Always avoid providing false or misleading information or misleading by omission to a regulator. Call out new issues are they arise.

Many financial penalties can be mitigated or even avoided by being candid and transparent with the regulator from the outset.

Ensure the strategy has the support of the Board. Regular reporting to the Board is a key factor.

Consider a review of the strategy within the first three/four weeks to assess if it is delivering.

Identify a person with previous experience of crisis management to lead the interaction with the regulator and delivery of the strategy.

Contact us

If you need help in putting together your strategy/ remediation plan or need advice on how you should respond to a crisis then contact Barry Faudemer  barryfaudemer@bakerregulatory.com or Zoe Dixon-Smith zoedixonsmith@bakerregulatory.com

Insights

View all insights

Services