How to Conduct an Investigation SHCOG: 16 November 2012

Transcription

How to Conduct an Investigation SHCOG: 16 November 2012
How to Conduct an
Investigation
SHCOG: 16 November 2012
Mark Goulden, Managing Director, Head of EMEA Markets
Compliance, J. P. Morgan
James Wilson, Executive Director, Fixed Income Compliance,
J. P. Morgan
Elisabeth Bremner, Partner, DLA Piper
Overview
Case Study: Set the Scene
TURBO Bank
Artem Ivanov - Trader, Emerging Markets Desk*
Ben Davies - Controller in the Valuation Review Group (VRG), Eastern Europe
Colin Speed - Head of Compliance*
David Randwick - Compliance*
Francis Edwards - Chief Operating Officer*
Frederico Monetti - Trade Support
Jim Stewart - Trader, Emerging Markets Desk*
John Day - CEO*
Julie Daniels - General Counsel
Mark Williams - Chief Risk Officer*
Viktor Federov - Head of Eastern Europe Local Markets*
Janska Bank
Boris Titov - Trader*
INMA Bank
Igor Petrov - Trader, INMA Bank*
Demidov Financial Corporation
Ivan Tarasov - Trader, Demidov Financial Corporation*
FSA
Alex Walker - Wholesale Supervision
*Approved Persons
2
Part 1
OPEN ENVELOPE
3
Part 1A: Multiple Choice
Should Artem be suspended?
1) Yes
2) No
3) Maybe
Should you make a report to the FSA?
1) Yes
2) No
3) Maybe
4
Part 1A: Discussion Points
What issues will you need to consider if you do decide to
suspend Artem?
Are there any issues with Viktor's supervision of Artem?
Are there any systems and controls issues?
5
APER & Code of Practice for Approved
Persons (COP)
23 October 2012
6
Approved Persons
"An approved person must act with integrity in carrying out his controlled function"
Non-compliant behaviour includes:
Deliberately misleading (or attempting to mislead) by act or omission: client / firm /
FSA / auditors
Deliberately falsifying documents
Providing false or inaccurate documentation or information, including details of
training, qualifications, past employment record or experience
Firm must submit to FSA Form C, no later than 7 business days after an approved
person ceases to perform a controlled function (when a person has been dismissed or
suspended Form C is qualified)
FS Bill: proposal that expected conduct standards laid out in APER principles will apply
beyond the controlled function for which a particular person has been approved
FSA invited Parliamentary Commission on Banking Standards to consider providing
the ability to take disciplinary action against employees outside the scope of its
approved persons regime (22 September 2012)
7
Systems & Controls
Firm must take reasonable care to maintain a clear and appropriate apportionment
of significant responsibilities among its directors and senior managers in such a
way that:
1. it is clear who has which of those responsibilities; and
2. the business and affairs of the firm can be adequately monitored and controlled
by the directors, relevant senior managers and governing body of the firm.
Firm must establish, implement and maintain adequate policies and procedures
sufficient to ensure compliance of the firm including its managers, employees and
appointed reps with its regulatory obligations and for countering the risk that the
firm might be used to further financial crime
Firm must have effective processes to identify, manage, monitor and report risks
it is or might be exposed to
Firm must employ personnel with the skills, knowledge and expertise necessary
for the discharge of the responsibilities allocated to them
Firm's systems and controls should enable it to satisfy itself of the suitability of
anyone who acts for it - includes assessing an individual's honesty and
competence. (Assessment should normally be made at the point of recruitment - need
not normally be revisited unless something happens to make a fresh look appropriate)
8
Part 1B: Multiple Choice
John has asked Julie Daniels and Colin Speed if he has anything to worry about. What is your
response?
1) Yes
2) No
3) Maybe
John also asks if he needs separate legal representation. What do you say?
1) Yes
2) No
3) Maybe
Should anyone be suspended?
1) Mark Williams
2) Mark Williams and Francis Edwards
3) No
4) Unsure
5) Other
On Email 1: do you think Mark and Francis should have ensured the FSA was told of the
postponement in introducing the new system?
1) Yes - the FSA should have been told immediately
2) Yes - but on the next scheduled regular call in 2 weeks' time
3) No - as Mark indicates, there is no need at this point
4) Unsure
9
Part 1B: Discussion Points
What concerns will the FSA have?
Does this new information affect the decisions you made
earlier regarding:
Artem?
Viktor?
What do you think of John Day's reaction?
How will you approach the preparations for the FSA's visit on 9
October 2012?
10
Senior Management Responsibility
Senior Management ("SM") responsibility – cornerstone of regulatory regime
SM have ultimate responsibility for the business of the firm and its effective
internal organisation
FSA has emphasised will look directly at SM and hold them accountable for
risk management and compliance – difficult in practice
Fines where SM have relied too heavily on the compliance function to ensure
regulatory compliance
FCA will take more intrusive approach
FCA will move away from judgments based on facts to regulation based on
judgments about the future
"We are committed to pursuing more cases against individuals and holding
members of senior management accountable for their actions" (Journey to the
FCA)
23 October 2012
11
Misleading the FSA
Sanctions and risks of non disclosure to FSA, s398 FSMA - it is an offence to
knowingly or recklessly provide the FSA with information which is false or
misleading in a material particular in purported compliance with any requirement
imposed by or under the Act. An offence by a firm may be attributed to an officer or
certain other persons under s400 FSMA
SUP 15.6.4 - If a firm becomes aware, or has information that reasonably suggests
that it has or may have provided the FSA with information which was or may have
been false, misleading, incomplete or inaccurate, or has or may have changed in a
material particular, it must notify the FSA immediately. Subject to SUP 15.6.5 R,
the notification must include:
1) details of the information which is or may be false, misleading, incomplete
or inaccurate, or has or may have changed;
2) an explanation why such information was or may have been provided; and
3) the correct information
SUP 15.6.5 - If the information in SUP 15.6.4 R (3) cannot be submitted with the
notification (because it is not immediately available), it must instead be submitted
as soon as possible afterwards
12
Part 2
OPEN ENVELOPE
13
Part 2: Multiple Choice
Did Viktor do the right thing cancelling the trade?
1) Yes
2) No
3) Maybe
Will you contact senior management at Janska Bank to let
them know what has happened?
1) Yes
2) No
3) Maybe
What factors will affect your decision?
14
Part 2: Discussion Points
What immediate steps should you take?
What will you do if Artem continues to call in sick?
You decide to launch an internal investigation:
Who should run it?
Who will they report to?
What are your first considerations?
What will be the scope of the investigation?
What evidence will you gather?
Who will you want to speak to?
15
Initial Evaluation
Move quickly to ensure:
Decision makers not tainted by underlying issues (form independent
investigation committee)
Preservation of evidence (restrict access, retrieve and maintain chain of
custody)
Security of assets (remove authorisation permissions; injunction)
Internal notifications (internal escalation policies; MLRO; HR; Risk; PR
team; internal audit etc)
External notifications (remember firm AND individual obligations)
Ready to respond to media interest
Legal privilege parameters clear and protected
Staff potentially implicated are isolated
Interim remedial measures implemented
Whistleblower protections applied
16
External notifications
Regulatory authorities
FSA: Principle 11, APER 4, SUP 15 - immediate / without
delay notifications
Matters having serious regulatory impact
Rule / Principle breaches
Civil, criminal or disciplinary proceedings against a firm
Fraud, errors and other irregularities
Insolvency
Suspicious transactions (market abuse)
17
External notifications continued
Police / prosecuting authorities (no general rule but may wish to seek
leniency)
SOCA (s328 POCA 2002)
Auditors (s418 and s463 Companies Act 2006; s346 FSMA)
Insurers
Counterparties
Market (DTR 2.2; s397 FSMA)
Lenders
18
Where it goes wrong
Wrongdoers allowed to cover tracks
Opportunities to protect assets and evidence lost
Regulators aggravated by lack of communication / full & frank
disclosure
Loss of effective control
19
Avoiding regulator intervention
Be clear on objectives
Who; What; When; Where; How; Duration; Scale; Knowledge (who knew / who
ought to have known); Consequences
Ensure investigation is thorough, properly conducted and
demonstrably independent
Identify relevant issues and areas of possible weakness
Remedial action / redress
20
Cross-jurisdiction coordination
Cross jurisdictional considerations: jurisdiction of witnesses;
evidence; data storage facilities; victim; loss, affected markets;
conspirators; conduct; long-arm reach legislation
Coordination of communications - avoid inconsistencies in
timing and content (FSA > 50 MOUs) - seek local law advice
on: matters to be notified; time limits; form of notification;
protection which may be applied to disclosures (will it be
disclosable to another regulator / in satellite litigation); any
tipping off risk in continuing to investigate
Sanctions and risks of non disclosure to regulators /
prosecuting authorities (s398 and s400 FSMA)
21
FSA Enforcement Guide
FSA invites firms to consider discussing the commissioning and scope of
report with the FSA where:
firms have notified under SUP15; or
the FSA has indicated that an issue or concern has or may result in a
referral to Enforcement
FSA's approach in commenting on the proposed scope will vary - will not
want to be involved in every situation BUT if the firm anticipates it will
proactively disclose a report to the FSA in the context of possible
enforcement investigation, the benefit derived from the report will be
greater if the FSA has had chance to comment on the scope and
purpose and by whom the investigation is conducted
FSA may prefer the firm not to commission its own investigation
(whether internal or external) where action by the firm could itself be
damaging to an FSA investigation - most likely to arise in the context of
criminal investigations where there is a risk of tipping off - eg where a
suspect insider dealing ring is in operation
22
Preservation and retrieval of evidence
Circulate document retention notice and place a hold on routine
destruction:
include overwriting of backup tapes, auto spam filters etc
consider scope and recipients and whether anyone should be excluded from
the circulation list (eg suspected wrongdoers)
Retrieve any mobile devices and obtain passwords
Audit trail - criminal prosecutions / regulatory action may be difficult to
defend if cannot produce appropriate audit trail to demonstrate acted
appropriately - failure to preserve evidence may result in criminal
charges
Keep a record of who did what when and how and maintain chain of
custody
Always seek local law advice on retrieving and processing of personal
data even if within the EU - written employee consent may be required
Retrieval must be relevant and not excessive
23
Privilege
Waiver of privilege should be by informed election not default
Must assess on a jurisdictional basis - may be no in-house lawyer
privilege overseas / may require a particular type of external
counsel to be appointed
England: only legal advice privilege likely to apply at the internal
investigation stage so only "lawyer - client" communications
protected - important to identify the "internal client"
Circulate a document creation notice: Think Before You Write
FSA approach to privilege - see Enforcement Guide (FSA
Handbook)
Expect pressure to waive privilege and full & frank disclosure if
looking for a plea deal / civil settlement with prosecuting
authorities
24
Employee interviews / suspension
Always seek local law advice on restrictions / notifications to
works councils or unions / notifications to local regulators
Separate legal representation? (seek local advice - may slow
down process and restrict access but use of evidence later
may be limited)
Avoid joint privilege (firm will want to be free to waive
unilaterally)
Do not lose privilege (eg by providing access to investigation
report)
NB in some jurisdictions suspension triggers the
commencement of the disciplinary process with a very limited
window in which to deliver the final decision after which any
sanction unlawful
25
Part 3
OPEN ENVELOPE
26
Part 3: Multiple Choice
How will you approach the investigation?
1) (i) Review all documentary evidence; and then (ii) interview
2) (i) Interview everyone except Artem; (ii) review all documentary evidence; and then (iii) reinterview as necessary and interview Artem
3) (i) Interview everyone including Artem; (ii) review all documentary evidence; and then (iii) reinterview as necessary
4) No interviews - in the circumstances you cannot rely on the oral evidence so you decide to
base your enquiries on documentary evidence only
5) Other
Will you contact senior management at INMA Bank about Telephone call extract 1?
1) Yes
2) No
3) Maybe
Will you contact senior management at INMA Bank about Telephone call extract 2?
1) Yes
2) No
3) Maybe
What factors will you consider in reaching your decision?
27
Part 3: Discussion Points
What issues do you see in the various emails and call extracts?
How do these emails/calls/interviews impact your decision
regarding the scope of the investigation?
Do you think with hindsight more could have been done when
Artem was first put on his PIP?
What will you do with:
Artem?
Ben?
Frederico?
Viktor?
How will you approach the preparation of the report?
Internally?
To the FSA?
28
FSA Guidance on Mismarking (1)
Front office culture and governance
Right incentives to promote appropriate oversight and governance
Quality of MI and exception reports
Clear responsibilities and reporting lines
Routine reporting on high levels of cancelled and amended trades
Desk holidays - traders take a break from marking own books
SM commitment to on-going middle/back office resourcing and training
Trading mandates and limits
Proper investigation of breaches
Culture of challenge
Do all back/middle office functions have sufficient understanding, skill and authority
to challenge front office staff effectively?
Cash management
How does the firm make sure its margin processes are working properly and are any changes
properly recorded?
Can cash flows be understood in context of trader's mandate, positions and reported P&L?
29
FSA Guidance on Mismarking (2)
MI
Is MI sufficiently detailed and appropriate?
How does firm pull together information across different middle/back office teams to
make sure poor performance and suspicious activity is spotted?
Are indicators appropriately escalated and aggregated?
Would a number of yellow flags trigger a red flag?
Off-market rate controls
Are there agreed processes for valuation/IPV controls?
Are there agreed process for valuation adjustments?
P&L attribution
How does the firm ensure it understands where all the P&L is coming from?
Does the firm understand where large day-1 P&L movements are coming from and
whether they make sense?
Is there adequate critical analysis of P&L - where P&Ls produced separately where
trader positions divided between books - are these looked at individually as well as
in the aggregate?
30
FSA Guidance on Mismarking (3)
Reconciliations
Are positions consistent throughout the firm's systems (between front / middle /
back office) and externally (confirmations with counterparties)?
Is anyone reconciling trades against the blotters?
Confirmations
How are unconfirmed trades managed and escalated?
what MI is generated regarding the risk profile of outstanding confirmations?
Segregations of duties
Are access controls adequate and security measures adhered to / are they
regularly revisited afresh?
Is there scope to enhance segregation of duties to limit likelihood of unauthorised
actions by a single trader?
Are appropriate measures in place when people move from middle/back office to
working in front office?
31
Internal Investigations: Overview
Problem
International?
(Crossjurisdictional
issues: evidence;
regulators;
assets; loss;
markets;
legislation; LPP)
Domestic?
Escalation
Investigate?
Identify Client
(Impartial;
Accountable;
LPP
Notifications
(FSA; Other
Regulator;
Market; 3rd
parties)
Secure
evidence &
assets
Protect LPP
Interim
remedial
measures
(Employees;
Access
Rights; Four
Eyes;
customers)
Assemble
Team
Scope
Evidence
Findings /
Remedial
Action /
Redress
Reporting
(limited LPP
waiver /
confidentiality)
Audit Trail / FSA Updates / Senior Management Involvement / Media Interest
41486323
11 May 2012
32
Post Investigation
Maintain official investigation file with core evidence and audit logs
Internal reporting, consider:
Whether report is to be written or delivered orally
Risk of actions for defamation / employment claims
How widely report should be disseminated
Risk of loss of privilege (where applicable)
Disclosure of findings / report to the FSA:
Update any preliminary notifications / new notifications
Consider the form of disclosure – executive summary / oral presentation / full report
Consider how privilege can be maintained if report disclosed
Employee disciplinary action
Privilege unlikely to apply
May be issues as to whether investigation report can be relied upon
33
Any Questions?
34
Contacts
Mark Goulden, Managing Director, Head of EMEA
Markets Compliance, J. P. Morgan
James Wilson, Executive Director, Fixed Income
Compliance, J. P. Morgan
Elisabeth Bremner, Partner, DLA Piper
35