briefings |

Firms still not assessing their AML culture risk sitting on a ticking time bomb.

Barry Faudemer

The excellent ITV series of Bates V The Post Office supported by reading the Court Judgement relating to the case highlights the largest and most shocking miscarriage of justice in British history and screams of the most appalling leadership and culture failings within the Post Office. The public is understandably enraged by what occurred compounded by cover up and obfuscation, not to mention the slight problem of the CBE awarded to its CEO for services to the Post Office. Regrettably we have seen significant leadership and culture failings lurking unrecognised in pockets  of many of our institutions, the Metropolitan Police, some NHS trusts, Units of the Armed Services including it is alleged our much-loved Red Arrows. Such undetected failings are not just confined to the public sector of course  with many companies encountering the same catastrophic issues as our public sector. Prior to the issues bubbling to the surface most if not all these institutions robustly argued that their culture was sound and no cause for concern. Whilst everyone seems to accept that a good culture is key and attracts talent, many Boards remain unable to spot when things are going off the rails until the issue reaches a flash point often plunging the business/institution into a crisis.

In Jersey, and based on bitter experience, the regulator, realising the importance of culture now require regulated businesses to assess their AML culture but sadly very few actually chose to do so in a meaningful way. In response,  the regulator is starting to sanction firms for not checking on their culture. For evidence of this hardening of approach, look no further than the latest public statement issued by the Jersey Regulator against Lutea Holdings Limited and Lutea Trustees Limited that highlighted that the culture of the business was a root cause of many of the failing identified on the on-site visit conducted by the regulator. The public statement issued by the Jersey Financial Services Commission and set out in part below, highlights in rather stark terms the lack of assessment of Lutea’s culture.

“The Lutea Board lacked diversity of skillset in its composition and, in particular, had insufficient understanding of requirements and best practice in governance, risk and compliance matters.

The Lutea Board failed to adequately consider any potential conflicts, independence issues or cultural barriers at Lutea Board level.

New appointments to the Lutea Board were typically internal appointments and/or were accepting their first board position and had little impact in improving diversity of skillset.

New Lutea Board members received no formal induction on appointment, lacked personal development plans and were not provided with training to meet their development needs.

Lutea Board members had significant customer facing responsibilities and worked in silos within the business.

Lutea’s culture was customer led. Risk and compliance matters were not prioritised by the Lutea Board and there was a lack of cohesive and collective responsibility from the Lutea Board in this regard. The Lutea Board considered compliance matters to ultimately be the responsibility of its compliance function.

The Lutea Board failed to recognise compliance reporting as being inadequate to enable it to exercise appropriate oversight of compliance matters”.

It’s easy of course to be critical after the event, but the simple fact is that such root causes were capable of being identified and  rectified through a culture assessment but sadly the board was not sufficiently astute to reach out and undertake such an assessment leading to disastrous consequences for the business and two of the directors now banned from employment in the finance industry. Lutea is not an isolated case of course. Peruse any regulators website and review public statements and common AML cultural themes begin to emerge that all point to one thing – a poor AML culture particularly in relation to anti money laundering matters.

Staff are usually aware if the ship is being steered by the Board towards the rocks and if the culture is one of blaming others and wilful blindness particularly in relation to AML then they simply move on to avoid the risk of being associated with a Lutea type scenario.  Compliance failures are rarely, if ever, unknown within a company, people know and either choose to keep quiet or are told to keep quite (Danske Bank being probably the most significant example). Regulators have been quick to appreciate staff turnover can be a red flag and now conduct what they term as exit interviews with senior compliance staff to sharpen their assessment of the AML culture within the business. The risks associated with failing to assess your AML culture has never been greater.

The forward thinking and successful firms are not afraid to seek independent assistance to boldly critique their own performance and actually promote constructive feedback from their work force.  Such an approach sends a powerful message to both the workforce and the Regulator and suggests a proactive approach message in managing risk.  So, if a positive AML culture equals success, why are  firms so reluctance to assess the strength of their culture and seek ways to improve it even further? Surely not doing so is a red flag in itself?

Perhaps if the Board of Lutea had taken heed of the famous quote from Peter Drucker, “Culture eats strategy for breakfast” they could have avoided the catastrophic intervention of their regulator. The Post Office debacle fuelled no doubt by the next few months of ongoing public Inquiry revelations arising from former staff members of both the Post Office and Fujitsu will only prompt a renewed push to focus on how firms can harvest information from their workforce more effectively to prevent  them blindly slipping into either regulatory or criminal Armageddon.  Be in no doubt at some stage a regulator is going to ask the question, “when was the last time you assessed your AML culture?

If you would like to learn more about unique and comprehensive ways of measuring and assessing  your AML culture via your workforce and benchmarking your firm against the industry average in applying the AML requirements please contact Barry Faudemer.