How to Conduct an Investigation SHCOG: 16 November 2012
Transcription
How to Conduct an Investigation SHCOG: 16 November 2012
How to Conduct an Investigation SHCOG: 16 November 2012 Mark Goulden, Managing Director, Head of EMEA Markets Compliance, J. P. Morgan James Wilson, Executive Director, Fixed Income Compliance, J. P. Morgan Elisabeth Bremner, Partner, DLA Piper Overview Case Study: Set the Scene TURBO Bank Artem Ivanov - Trader, Emerging Markets Desk* Ben Davies - Controller in the Valuation Review Group (VRG), Eastern Europe Colin Speed - Head of Compliance* David Randwick - Compliance* Francis Edwards - Chief Operating Officer* Frederico Monetti - Trade Support Jim Stewart - Trader, Emerging Markets Desk* John Day - CEO* Julie Daniels - General Counsel Mark Williams - Chief Risk Officer* Viktor Federov - Head of Eastern Europe Local Markets* Janska Bank Boris Titov - Trader* INMA Bank Igor Petrov - Trader, INMA Bank* Demidov Financial Corporation Ivan Tarasov - Trader, Demidov Financial Corporation* FSA Alex Walker - Wholesale Supervision *Approved Persons 2 Part 1 OPEN ENVELOPE 3 Part 1A: Multiple Choice Should Artem be suspended? 1) Yes 2) No 3) Maybe Should you make a report to the FSA? 1) Yes 2) No 3) Maybe 4 Part 1A: Discussion Points What issues will you need to consider if you do decide to suspend Artem? Are there any issues with Viktor's supervision of Artem? Are there any systems and controls issues? 5 APER & Code of Practice for Approved Persons (COP) 23 October 2012 6 Approved Persons "An approved person must act with integrity in carrying out his controlled function" Non-compliant behaviour includes: Deliberately misleading (or attempting to mislead) by act or omission: client / firm / FSA / auditors Deliberately falsifying documents Providing false or inaccurate documentation or information, including details of training, qualifications, past employment record or experience Firm must submit to FSA Form C, no later than 7 business days after an approved person ceases to perform a controlled function (when a person has been dismissed or suspended Form C is qualified) FS Bill: proposal that expected conduct standards laid out in APER principles will apply beyond the controlled function for which a particular person has been approved FSA invited Parliamentary Commission on Banking Standards to consider providing the ability to take disciplinary action against employees outside the scope of its approved persons regime (22 September 2012) 7 Systems & Controls Firm must take reasonable care to maintain a clear and appropriate apportionment of significant responsibilities among its directors and senior managers in such a way that: 1. it is clear who has which of those responsibilities; and 2. the business and affairs of the firm can be adequately monitored and controlled by the directors, relevant senior managers and governing body of the firm. Firm must establish, implement and maintain adequate policies and procedures sufficient to ensure compliance of the firm including its managers, employees and appointed reps with its regulatory obligations and for countering the risk that the firm might be used to further financial crime Firm must have effective processes to identify, manage, monitor and report risks it is or might be exposed to Firm must employ personnel with the skills, knowledge and expertise necessary for the discharge of the responsibilities allocated to them Firm's systems and controls should enable it to satisfy itself of the suitability of anyone who acts for it - includes assessing an individual's honesty and competence. (Assessment should normally be made at the point of recruitment - need not normally be revisited unless something happens to make a fresh look appropriate) 8 Part 1B: Multiple Choice John has asked Julie Daniels and Colin Speed if he has anything to worry about. What is your response? 1) Yes 2) No 3) Maybe John also asks if he needs separate legal representation. What do you say? 1) Yes 2) No 3) Maybe Should anyone be suspended? 1) Mark Williams 2) Mark Williams and Francis Edwards 3) No 4) Unsure 5) Other On Email 1: do you think Mark and Francis should have ensured the FSA was told of the postponement in introducing the new system? 1) Yes - the FSA should have been told immediately 2) Yes - but on the next scheduled regular call in 2 weeks' time 3) No - as Mark indicates, there is no need at this point 4) Unsure 9 Part 1B: Discussion Points What concerns will the FSA have? Does this new information affect the decisions you made earlier regarding: Artem? Viktor? What do you think of John Day's reaction? How will you approach the preparations for the FSA's visit on 9 October 2012? 10 Senior Management Responsibility Senior Management ("SM") responsibility – cornerstone of regulatory regime SM have ultimate responsibility for the business of the firm and its effective internal organisation FSA has emphasised will look directly at SM and hold them accountable for risk management and compliance – difficult in practice Fines where SM have relied too heavily on the compliance function to ensure regulatory compliance FCA will take more intrusive approach FCA will move away from judgments based on facts to regulation based on judgments about the future "We are committed to pursuing more cases against individuals and holding members of senior management accountable for their actions" (Journey to the FCA) 23 October 2012 11 Misleading the FSA Sanctions and risks of non disclosure to FSA, s398 FSMA - it is an offence to knowingly or recklessly provide the FSA with information which is false or misleading in a material particular in purported compliance with any requirement imposed by or under the Act. An offence by a firm may be attributed to an officer or certain other persons under s400 FSMA SUP 15.6.4 - If a firm becomes aware, or has information that reasonably suggests that it has or may have provided the FSA with information which was or may have been false, misleading, incomplete or inaccurate, or has or may have changed in a material particular, it must notify the FSA immediately. Subject to SUP 15.6.5 R, the notification must include: 1) details of the information which is or may be false, misleading, incomplete or inaccurate, or has or may have changed; 2) an explanation why such information was or may have been provided; and 3) the correct information SUP 15.6.5 - If the information in SUP 15.6.4 R (3) cannot be submitted with the notification (because it is not immediately available), it must instead be submitted as soon as possible afterwards 12 Part 2 OPEN ENVELOPE 13 Part 2: Multiple Choice Did Viktor do the right thing cancelling the trade? 1) Yes 2) No 3) Maybe Will you contact senior management at Janska Bank to let them know what has happened? 1) Yes 2) No 3) Maybe What factors will affect your decision? 14 Part 2: Discussion Points What immediate steps should you take? What will you do if Artem continues to call in sick? You decide to launch an internal investigation: Who should run it? Who will they report to? What are your first considerations? What will be the scope of the investigation? What evidence will you gather? Who will you want to speak to? 15 Initial Evaluation Move quickly to ensure: Decision makers not tainted by underlying issues (form independent investigation committee) Preservation of evidence (restrict access, retrieve and maintain chain of custody) Security of assets (remove authorisation permissions; injunction) Internal notifications (internal escalation policies; MLRO; HR; Risk; PR team; internal audit etc) External notifications (remember firm AND individual obligations) Ready to respond to media interest Legal privilege parameters clear and protected Staff potentially implicated are isolated Interim remedial measures implemented Whistleblower protections applied 16 External notifications Regulatory authorities FSA: Principle 11, APER 4, SUP 15 - immediate / without delay notifications Matters having serious regulatory impact Rule / Principle breaches Civil, criminal or disciplinary proceedings against a firm Fraud, errors and other irregularities Insolvency Suspicious transactions (market abuse) 17 External notifications continued Police / prosecuting authorities (no general rule but may wish to seek leniency) SOCA (s328 POCA 2002) Auditors (s418 and s463 Companies Act 2006; s346 FSMA) Insurers Counterparties Market (DTR 2.2; s397 FSMA) Lenders 18 Where it goes wrong Wrongdoers allowed to cover tracks Opportunities to protect assets and evidence lost Regulators aggravated by lack of communication / full & frank disclosure Loss of effective control 19 Avoiding regulator intervention Be clear on objectives Who; What; When; Where; How; Duration; Scale; Knowledge (who knew / who ought to have known); Consequences Ensure investigation is thorough, properly conducted and demonstrably independent Identify relevant issues and areas of possible weakness Remedial action / redress 20 Cross-jurisdiction coordination Cross jurisdictional considerations: jurisdiction of witnesses; evidence; data storage facilities; victim; loss, affected markets; conspirators; conduct; long-arm reach legislation Coordination of communications - avoid inconsistencies in timing and content (FSA > 50 MOUs) - seek local law advice on: matters to be notified; time limits; form of notification; protection which may be applied to disclosures (will it be disclosable to another regulator / in satellite litigation); any tipping off risk in continuing to investigate Sanctions and risks of non disclosure to regulators / prosecuting authorities (s398 and s400 FSMA) 21 FSA Enforcement Guide FSA invites firms to consider discussing the commissioning and scope of report with the FSA where: firms have notified under SUP15; or the FSA has indicated that an issue or concern has or may result in a referral to Enforcement FSA's approach in commenting on the proposed scope will vary - will not want to be involved in every situation BUT if the firm anticipates it will proactively disclose a report to the FSA in the context of possible enforcement investigation, the benefit derived from the report will be greater if the FSA has had chance to comment on the scope and purpose and by whom the investigation is conducted FSA may prefer the firm not to commission its own investigation (whether internal or external) where action by the firm could itself be damaging to an FSA investigation - most likely to arise in the context of criminal investigations where there is a risk of tipping off - eg where a suspect insider dealing ring is in operation 22 Preservation and retrieval of evidence Circulate document retention notice and place a hold on routine destruction: include overwriting of backup tapes, auto spam filters etc consider scope and recipients and whether anyone should be excluded from the circulation list (eg suspected wrongdoers) Retrieve any mobile devices and obtain passwords Audit trail - criminal prosecutions / regulatory action may be difficult to defend if cannot produce appropriate audit trail to demonstrate acted appropriately - failure to preserve evidence may result in criminal charges Keep a record of who did what when and how and maintain chain of custody Always seek local law advice on retrieving and processing of personal data even if within the EU - written employee consent may be required Retrieval must be relevant and not excessive 23 Privilege Waiver of privilege should be by informed election not default Must assess on a jurisdictional basis - may be no in-house lawyer privilege overseas / may require a particular type of external counsel to be appointed England: only legal advice privilege likely to apply at the internal investigation stage so only "lawyer - client" communications protected - important to identify the "internal client" Circulate a document creation notice: Think Before You Write FSA approach to privilege - see Enforcement Guide (FSA Handbook) Expect pressure to waive privilege and full & frank disclosure if looking for a plea deal / civil settlement with prosecuting authorities 24 Employee interviews / suspension Always seek local law advice on restrictions / notifications to works councils or unions / notifications to local regulators Separate legal representation? (seek local advice - may slow down process and restrict access but use of evidence later may be limited) Avoid joint privilege (firm will want to be free to waive unilaterally) Do not lose privilege (eg by providing access to investigation report) NB in some jurisdictions suspension triggers the commencement of the disciplinary process with a very limited window in which to deliver the final decision after which any sanction unlawful 25 Part 3 OPEN ENVELOPE 26 Part 3: Multiple Choice How will you approach the investigation? 1) (i) Review all documentary evidence; and then (ii) interview 2) (i) Interview everyone except Artem; (ii) review all documentary evidence; and then (iii) reinterview as necessary and interview Artem 3) (i) Interview everyone including Artem; (ii) review all documentary evidence; and then (iii) reinterview as necessary 4) No interviews - in the circumstances you cannot rely on the oral evidence so you decide to base your enquiries on documentary evidence only 5) Other Will you contact senior management at INMA Bank about Telephone call extract 1? 1) Yes 2) No 3) Maybe Will you contact senior management at INMA Bank about Telephone call extract 2? 1) Yes 2) No 3) Maybe What factors will you consider in reaching your decision? 27 Part 3: Discussion Points What issues do you see in the various emails and call extracts? How do these emails/calls/interviews impact your decision regarding the scope of the investigation? Do you think with hindsight more could have been done when Artem was first put on his PIP? What will you do with: Artem? Ben? Frederico? Viktor? How will you approach the preparation of the report? Internally? To the FSA? 28 FSA Guidance on Mismarking (1) Front office culture and governance Right incentives to promote appropriate oversight and governance Quality of MI and exception reports Clear responsibilities and reporting lines Routine reporting on high levels of cancelled and amended trades Desk holidays - traders take a break from marking own books SM commitment to on-going middle/back office resourcing and training Trading mandates and limits Proper investigation of breaches Culture of challenge Do all back/middle office functions have sufficient understanding, skill and authority to challenge front office staff effectively? Cash management How does the firm make sure its margin processes are working properly and are any changes properly recorded? Can cash flows be understood in context of trader's mandate, positions and reported P&L? 29 FSA Guidance on Mismarking (2) MI Is MI sufficiently detailed and appropriate? How does firm pull together information across different middle/back office teams to make sure poor performance and suspicious activity is spotted? Are indicators appropriately escalated and aggregated? Would a number of yellow flags trigger a red flag? Off-market rate controls Are there agreed processes for valuation/IPV controls? Are there agreed process for valuation adjustments? P&L attribution How does the firm ensure it understands where all the P&L is coming from? Does the firm understand where large day-1 P&L movements are coming from and whether they make sense? Is there adequate critical analysis of P&L - where P&Ls produced separately where trader positions divided between books - are these looked at individually as well as in the aggregate? 30 FSA Guidance on Mismarking (3) Reconciliations Are positions consistent throughout the firm's systems (between front / middle / back office) and externally (confirmations with counterparties)? Is anyone reconciling trades against the blotters? Confirmations How are unconfirmed trades managed and escalated? what MI is generated regarding the risk profile of outstanding confirmations? Segregations of duties Are access controls adequate and security measures adhered to / are they regularly revisited afresh? Is there scope to enhance segregation of duties to limit likelihood of unauthorised actions by a single trader? Are appropriate measures in place when people move from middle/back office to working in front office? 31 Internal Investigations: Overview Problem International? (Crossjurisdictional issues: evidence; regulators; assets; loss; markets; legislation; LPP) Domestic? Escalation Investigate? Identify Client (Impartial; Accountable; LPP Notifications (FSA; Other Regulator; Market; 3rd parties) Secure evidence & assets Protect LPP Interim remedial measures (Employees; Access Rights; Four Eyes; customers) Assemble Team Scope Evidence Findings / Remedial Action / Redress Reporting (limited LPP waiver / confidentiality) Audit Trail / FSA Updates / Senior Management Involvement / Media Interest 41486323 11 May 2012 32 Post Investigation Maintain official investigation file with core evidence and audit logs Internal reporting, consider: Whether report is to be written or delivered orally Risk of actions for defamation / employment claims How widely report should be disseminated Risk of loss of privilege (where applicable) Disclosure of findings / report to the FSA: Update any preliminary notifications / new notifications Consider the form of disclosure – executive summary / oral presentation / full report Consider how privilege can be maintained if report disclosed Employee disciplinary action Privilege unlikely to apply May be issues as to whether investigation report can be relied upon 33 Any Questions? 34 Contacts Mark Goulden, Managing Director, Head of EMEA Markets Compliance, J. P. Morgan James Wilson, Executive Director, Fixed Income Compliance, J. P. Morgan Elisabeth Bremner, Partner, DLA Piper 35