How to Manage Conflicts of Interest: a Question of Culture

Leading technology can monitor all user-generated content on chat rooms and in internal and external communications, picking up relevant word groupings.

The investment banking arm of UBS, the Swiss-based financial services firm, notified employees in 2013 that it was banning the use of multi-bank and social chat rooms4 because regulators around the world were probing rate rigging, fixing and manipulation in a foreign exchange market worth $5.3 trillion a day. Other banks were looking to follow suit.

Fast forward to the present day, and bilateral chat functionality is available, enabling users to create conversations that are systematically limited to a maximum of two simultaneous companies. With enhanced compliance controls, firms can be confident that all chats are secure and fully compliant.

These types of controls enable compliance managers to automate their compliance programs and drastically reduce the time required to track employee activities.

There are also compliance processes that help monitor trade surveillance, insider trading, fund mandates, market abuse, sales practices and the suitability of investments.

Benefits of automated compliance processes

Automated compliance solutions help firms save time and resources by enabling the digital capture of employee trades. These solutions expedite tasks such as the trade pre-clearance process, capturing employees' executed trades and holding data through multiple data capture methods and evaluating employee trading activity against a host of conditions. A compliance program that includes elements of automation can streamline the compliance process of dealing with regulatory requirements before regulators highlight any problems. It can also help encourage individual ownership, engender a sense of responsibility, generate a culture of compliance, and — most importantly — help to prevent misconduct.

Where does culture begin and end? Should it be driven by management, for example through schemes such as the forthcoming UK Senior Managers and Certification Regime, by compliance, or by other control or risk functions? The UK’s liability framework originally provided that senior managers should shoulder the responsibility for unlawful employee activity and would be required to prove they took every reasonable step to prevent regulatory breaches. In October 2015, the UK Prudential Regulation Authority (PRA) announced it would introduce a statutory duty of responsibility. This will be steadily applied to senior managers operating in the financial services sector, and supersedes the “reverse burden of proof” that banking firms would have been affected by in March 2016 once the Senior Managers and Certification Regime came into effect.

The same underlying responsibility will lie on the individual to make sure reasonable steps are being taken to prevent any regulatory breaches, and regulators will need to evidence how a senior manager has failed in that regard. In the United States, the burden of proof still remains with the prosecution to prove the senior manager acted out of willful intent. In either respect, consequences for breaking the rules are severe and could see the individual, not the company, liable for reputational damage and large fines, not to mention the loss of their license. Therefore, it is essential that staff understand an organization’s internal policies and ethical standards, and take greater accountability or risk being held liable for misconduct by regulators.

But what is the impact of regulators not implementing a reverse burden of proof? In a recent poll by Thomson Reuters, as part of its 2015 personal liability poll, only 53 percent of those surveyed said they thought new accountability-focused legislation would change behavior for the better. It may perhaps be difficult for genuine change to take place until there is a sense of accountability and responsibility on the part of individuals for their actions. In an effort to evidence a greater focus on personal accountability, Sally Quillian Yates of the Department of Justice, the primary federal criminal investigation and enforcement agency in the United States, issued a memorandum in September 2015 [9] announcing a policy that will increasingly target individuals involved in corporate crimes. The Yates memorandum provided guidance for attorneys when pursuing individuals for corporate wrongdoing.

What matters to the regulator is how well policies on conflicts of interest are embedded in a firm’s risk strategy, what steps have been taken to communicate this strategy, how effectively conflicts can be identified and managed, and whether the right controls are in place. A good corporate entertainment and gifts culture, for example, is clearly a concern for regulators. Everyone in an organization must know what is acceptable when it comes to gifts and hospitality. This can be ensured by having clear and evident written policies which outline the principles governing the giving and receiving of gifts and hospitality.

Organizations should also maintain adequate records, which may include introducing a gifts register, to record all necessary information such as: who gave or received what and when; its destination or origin; value; and purpose. In a high-pressure environment, traders and other staff may only notice the obvious cases of conflict and are not likely to spend time looking harder. Although employees may in some cases knowingly cross a line into the unethical, it is more common for a conflict to arise unintentionally.

Employee education is crucial – a training program can help employees recognize and avoid possible conflicts of interest, and demonstrate to regulators a commitment to mitigating risk.

In other cases, it can also be important to look at how much pressure performance and meeting targets might be causing problems regarding culture in firms. For example, in 2012 a former London-based junior trader at UBS was convicted of fraud for losing UBS $2.3 billion due to unauthorized trades, the biggest illicit trading loss to date in the UK. In the trader’s testimony it is explained how he and a colleague were in charge of a $50 billion portfolio and faced difficulty managing it, and was quoted as having said: “Our book was massive — a tiny mistake could lead to huge losses. We were two kids trying to figure how this could work. We were losing so much money it was mental.” This behavior went unnoticed for more than three years, until a confession to his activities in an email. Is this an instance of rogue behavior, or did the culture of a firm driven by revenue at any cost contribute to “bad” behavior? If he had not been on the rise as a “star” trader; if the culture had not supported this activity and had rather fostered a more transparent way of reporting losses; if there had been more training and support for junior traders, would he have continued to keep digging a deeper hole?

The different types of conflicts of interest that firms should be monitoring to avoid misconduct before it happens, include:

Employee activities

• Personal trading/personal account dealing
• Gifts - Entertainment
• Political contributions
• Outside business activities

Trade-related activities specific to the investment industry

• Market abuse/manipulation
• Best execution/order routing
• Commissions and fees
• Allocations to portfolios
• Soft dollars

Other activities

• Over the wall
• Anti-corruption (e.g. doing business with politically exposed persons, the use of intermediaries or introducers, lobbyists) [15]

Having to track instances of nepotism, bribery, self-dealing, unjust enrichment, insider trading and the monitoring of gift and entertainment activity, means that firms need tailored conflicts of interest policies that incorporate a broad view of their exposure to certain risks, outline potential conflicts of interest and detail how they should be managed. They must also implement clear lines of responsibility, with guidance on when to escalate issues to senior managers.

Concepts to consider

• Define the organization's culture, ensure it applies to everyone and outline what the regulator expects.
• Embed the culture through the various stages of an individual's employment: recruiting, onboarding, day-to-day activities and exiting.
• Establish governance structures and clear lines of responsibility to avoid misunderstanding on where accountability lies.
• Firms should always consider what type of organization they are and be prescient of incoming regulations, such as MiFID II in Europe, and any potential impact.
• The rationale for using agents to generate new business is documented and continually monitored through review and assessment.
• Adapt thresholds as necessary once the cultural change of reporting settles in.
• Reinforce accountability through performance reviews and compensation.
   

Remembering common pitfalls

• Culture must be consistently reinforced. Senior managers should be transparent leaders with their business practices.
• Senior managers should be cognizant of what is happening in their organization, ensuring the right talent is hired and adequately trained at all levels. A standard handover or exit process should also be in place.
• Employees need to have sufficient understanding of what their roles and responsibilities are. Lack of clarity on responsibility could create problems.
• Firms should not develop their code of conduct in a vacuum. Regulators expect a code of conduct to be demonstrable and appropriate for each business. Internal procedures, systems and controls, and conflicts of interest policies should be kept up-to-date.
• Firms using intermediaries must ensure that they ascertain that those businesses have adequate controls to detect and prevent bribery.
• Firms should avoid a situation where no regular revisions or updates are made to the thresholds or controls.
• Performance reviews must take into account the needs of the individual, set targeted and realistic goals, or recognize areas where the individual might require more support.
   

The desired result

• Employees have a strong level of understanding on what "best practice" means and what is expected by the firm and the regulator.
• There is a clear trail of employee activity, attestation to training and understanding of policies and procedures, and a standardized process is in place for employees when they leave for another firm.
• Employees are provided with training pertinent to their role, and have a clear understanding of their own and colleagues' responsibilities.
• Firms continually assess potential conflict landscapes. For any conflicts that cannot be avoided, they are able to explain clearly and evidence how they have tried to mitigate those conflicts.
• The firm keeps a comprehensive formal list of third-party relationships used to assess risk.
• Any change is clearly communicated to all levels of the business, where relevant, and is understood by each individual involved.
• Employees work toward clear, achievable incentives that are good for the business, which do not overwhelm the employee and are targeted at their level of responsibility.

In April 2015, the SEC fined BlackRock Advisors $12 million for failing to disclose conflicts of interest to clients and fund boards. Chief compliance officer Bartholomew Battista was personally fined $60,000 by the regulator for his involvement. Enforcement activity against the unjust business practices of fiduciary managers is becoming more prevalent.

• Conflicts may arise in situations where a manager or consultant:
• Offers incentives that favor certain clients over others
• Profits or avoids a loss at the expense of a client
• Favors a particular service provider when a better solution exists for the client
• Prefers an outcome that is not in the client's best interests
• Defers any external costs to clients
• Accepts or is offered gifts or entertainment that may compromise their impartiality

The automation of certain processes and procedures regarding conflicts of interest can also greatly help in this regard. For example, organizations may consider adopting a solution that automatically records all corporate gifts and hospitality and embeds an auditable process for monitoring employees' adherence to relevant internal policy.

With increased scrutiny, regulators are questioning the effectiveness of an organization’s training. There will always be a place for general compliance training, especially on certain matters such as a firm-wide code of conduct. But this can be supplemented with role-specific training that is bespoke and includes practical examples which are relevant to the firm's business activities and the employees’ everyday job responsibilities. It stands to reason that specialized activities require specialized training.

Organizations should monitor and regularly review policies and procedures to ensure they remain up-to-date and appropriate. Because organizations operate in a fluid regulatory environment, it can be a challenge to train employees and keep them up-to-date on changes that may impact their business activities. Creating timely communication pieces that address new policies and support previously learned concepts can help support an organization’s overall risk strategy.

In addition to an internal audit trail, senior individuals should maintain evidence of their continuing training and education activities, and take responsibility for challenging the scope of the learning to ensure that it covers all relevant areas.

In the UK and the United States, legislation such as the Bribery Act 2010 and the Foreign Corrupt Practices Act emphasize the importance of employee training on bribery prevention. In Australia, there is no direct equivalent to these acts. The Australian Criminal Code relating to the bribery of foreign officials leaves the Australian Federal Police and the Australian Securities and Investments Commission (ASIC) legally responsible for investigating corporate corrupt practices. To date, there have been few convictions under this legislation. Greg Medcraft, the chairman of ASIC, has said the commission plans to pay closer attention to culture and conduct in its role as a regulator, and this will have associated implications for personal liability. 

There is growing international intolerance when it comes to the ineffective management of conflicts of interest. In February 2015 the UK Financial Conduct Authority (FCA) fined Aviva Investors £17.6 million for systems and control failings that led to conflicts of interest not being fairly managed. In August 2014, PwC was banned from offering financial advice to firms operating in New York for two years and fined $25 million by the Department of Financial Services for concealing Bank of Tokyo-Mitsubishi’s money laundering activities with Iran and "doctoring" one of the documents sent to regulators in 2008. 

With instant messaging platforms increasingly used by financial professionals to collaborate with colleagues, both inside and outside their firms, compliance teams need to be constantly aware of the potential for abuse. A firm that uses messaging platforms responsibly will embody a strong, risk-aware culture.

The opposite — poor conduct in chat rooms and a lack of monitoring systems — can indicate a potentially flawed culture. The use of chat rooms enables information to circulate to a wide group quickly, with a verifiable written trail. Rigorous policies can help enforce acceptable behavior across all channels and types of communication, both internal and external, and prevent misconduct. In instances where policy is not adequately followed, and the organization is able to demonstrate that it implemented the proper compliance processes and provided training, individuals can be penalized.

For example, in Hong Kong, a trader was suspended over discretionary trades between 2011 and part of 2013 because he was conducting transactions on behalf of clients and reporting the orders to clients in person, by phone and instant messenger.

The company, DBS Vickers, had an internal policy that prohibited staff from conducting discretionary trading or from receiving cash deposits from clients directly. The trader's conduct was also in breach of the Hong Kong Securities and Futures Commission’s (SFC) Code of Conduct for Persons Licensed by or Registered with the SFC.

Effective recordkeeping of instant messaging conversations is also critical, since during an investigation regulators may request chat room conversations, which can often date back years. Failure to archive electronic chats, unrecorded conversations or software glitches can hamper an investigation and bring to light a firm's lack of adequate control.

Regulators are homing in on mis-selling, rogue and insider trading, and market abuse, hoping for more eye-catching prosecutions. Against this backdrop, senior managers must review the ways in which conflicts of interest are being managed in the day-to-day business activities of their employees and examine the efforts being made to nurture a culture of compliance in their corporate environments. From monitoring activities and educating employees on acceptable business behavior to engaging employees as active participants in compliance programs, organizations must remain vigilant to ensure good business conduct. The stakes are simply too high to get it wrong.