In June of this year, the Financial Conduct Authority (FCA) took enforcement action against JLT Specialty Limited (JLT) for the second time in the space of a decade. The fine of approximately £7.8 million is in response to JLT’s failure to comply with Principle 3 (Management and Control) of the FCA’s Principles for Business. These failings relate specifically to JLT’s risk management systems to counter the risk that it may be used to further financial crime.
The FCA’s action in this and other recent anti-money laundering (AML) cases has highlighted lessons that can be learned by all in the financial services industry regarding the FCA’s expectations for regulatory compliance.
FACTS
JLT is a UK-based provider of insurance broking, risk management, and insurance claims services and is part of the global JLT Group plc (the Group).
Between November 2013 and June 2017, JLT was involved in a commission payment arrangement with JLT Re Colombia (a part of the Group) and two other companies based in countries where there is perceived to be a high level of bribery and corruption. Under this arrangement, JLT paid US$12.3 million in commission to the parent of JLT Re Colombia, which in turn paid US$10.8 million to a third-party introducer, which paid US$3 million to government officials involved in a state-owned insurance company. All of these payments related to the engagement and retention of business for JLT in the United Kingdom.
On 16 June 2022, the FCA announced a financial penalty of £7,881,700 against insurance broker JLT pursuant to Section 206 of the Financial Services and Markets Act 2000. The final penalty sum was reached by a 30% reduction from £11,259,500, owing to (a) JLT’s early resolution to settle the matter, (b) JLT’s self-reporting, and (c) JLT’s willingness to cooperate with the investigation.
These payments were able to go undetected under the checks and controls in place at JLT, due to its lack of international Know Your Customer (KYC) oversight and its reliance on the assumption that proper KYC due diligence processes were being undertaken across the Group.
JLT’S TRACK RECORD
This financial penalty is JLT’s second of its kind within a decade, after it received a £1,876,000 fine in December 2013 for similar failings in its risk controls relating to overseas introducers. Following the original fine in December 2013, JLT engaged a skilled person to assist with the development of proper bribery and corruption controls. These risk measures were deemed sufficient by the skilled person, but in practice, they were not properly utilised by JLT in relation to work across the Group. The FCA concluded as part of its most recent findings that JLT did not ensure the proper supply of due diligence information to its KYC committee, and JLT did not take an active enough role in the reapproval of overseas introducers that predated its new risk control system.
The FCA highlighted in its final notice (available here) that the conduct for which this fine is imposed began just months after JLT’s first financial penalty was imposed in 2013.
WHAT DOES THIS TELL US?
-
The FCA continues its focus on financial crime systems and controls, particularly in relation to AML. We expect that the FCA will continue its work in this regard and utilise both its regulatory powers to impose penalties and its criminal prosecution powers under the Money Laundering Regulations 2007. We also expect that the FCA’s focus will continue to expand into sanctions compliance following recent events in Ukraine and the rapidly expanding UK sanctions regime.
-
Organisations that are part of international groups must not underestimate the importance of ensuring adequate systems and controls are adopted across their global platforms. In the case of JLT, the KYC processes established in the United Kingdom with the support of a skilled person were, in principle, fit for purpose. However, JLT’s processes failed to maintain proper oversight of business coming from overseas entities within the Group, which JLT was then introducing to the UK market.
-
The FCA will not hesitate to follow up on the efficacy of systems and controls implemented by an organisation in response to prior FCA intervention. In all cases where financial crime systems and controls are inadequate (in theory, practice, or both), the FCA can be expected to intervene. This is true even of controls introduced in response to FCA intervention, where the FCA can then be expected to reassert its regulatory expectations via further penalties or sanctions. Authorised entities should be aware this may include criminal prosecution as well as regulatory sanction when relating to AML.