On 29 December 2021, Hong Kong’s Independent Commission Against Corruption (ICAC) issued a reminder to the insurance sector to remain vigilant in upholding a high integrity standard and to take a proactive stance against corruption. The ICAC has become increasingly active in the insurance sector, underlining the importance of the message to insurance companies to manage their risk by implementing appropriate compliance safeguards and internal controls.
The ICAC – Hong Kong’s anti-bribery and anti-corruption body – has been increasingly active in the insurance sector. In 2021 alone, at least 16 individuals were charged by the ICAC for bribery and/or related offences like money laundering in at least six separate cases involving the insurance sector. According to the ICAC’s 2020 Annual Report, released in July 2021, the insurance subsector remains one of the areas that attracted the most private sector bribery complaints in the previous year.
On 29 December 2021, the ICAC uploaded three case studies concerning contraventions of the private sector bribery offences in the Prevention of Bribery Ordinance (Cap. 201) (POBO) by insurance agents to its Corruption Prevention Advisory Services (CPAS) portal. The CPAS is a specialized unit within the ICAC dedicated to providing professional corruption prevention advice. The case studies – typically based on past investigations and enforcement actions – first featured in the ICAC’s 2020 Corruption Prevention Guide for Insurance Companies (“Guide“).
In its covering message, the CPAS emphasized that “it is imperative for insurance companies to be vigilant in upholding a high integrity standard and to take a proactive stance against corruption in order to secure customers’ confidence, and sustain the stable and healthy development of the industry”.
In view of the above, it is important for all insurance companies to (a) take note of the common bribery and corruption risks and red flags set out in the Guide – such as unusual and inexplicable sales increases or suspicious claim applications – and (b) implement the recommended safeguards and internal controls. This includes:
- A comprehensive Code of Conduct that clearly sets out the company’s commitment to clean business practices, prohibits all forms of bribery and corruption, and provides practical guidance on the acceptance and offer of gifts/entertainment, conflicts of interest, and other key topics. This is set out in further detail in Chapter 2 of the Guide.
- A strong corporate governance framework that sets out defined anti-bribery/corruption responsibilities within senior management and control functions. This is set out in further detail in Chapter 3 of the Guide.
- A robust set of anti-bribery/corruption internal controls, featuring, amongst other things, clear policies and procedures, checks and balances, monitoring and accountability, and training and communication. Where necessary, targeted controls should be included to address key risk areas, including insurance intermediaries, the sale of insurance policies, and underwriting and claims verification. This is set out in further detail in Chapters 3 – 6 of the Guide.
The recommendations by the CPAS are consistent with the global push by regulators in the financial services and insurance sectors to ensure companies implement robust compliance programs. These companies need to take steps now to ensure they have an effective compliance program in place which will hold up against the scrutiny of the regulators and authorities.
Such steps should include:
- Reviewing the existing set of policies and procedures, particularly in relation to corporate governance, anti-corruption and money laundering. The program should adequately cover the risks to the business, which should include a procedure (e.g., whistleblowing program and internal reporting mechanism) for escalating issues to top or senior level management.
- Addressing any gaps in the program. The current environment may give rise to additional anti-corruption or money laundering risks that need to be addressed. For example, are the organisation’s due diligence/background check procedures effective to deal with risks associated with engaging new or unfamiliar third parties (e.g., KYC procedures, managing interactions between agents and third parties)?
- Reviewing high-risk transactions and irregularities. There are certain areas which carry a higher degree of risk in the financial services industry. Insurance companies need to be alive to these areas and take steps to actively monitor them. Companies should make sure their compliance program includes a process and delegates responsible personnel for reviewing transactions and records in a manner that is commensurate to the risk.
- Ensuring top-level management is actively involved in the program. Top-level management should be heavily involved in the construction and management of the compliance program. Management should take responsibility for ensuring the program is appropriate for the company and should be proactively involved in its implementation.
If you would like clear, practical guidance on designing, establishing and maintaining a robust compliance program, please refer to Baker McKenzie’s 5 Essential Elements Of Corporate Compliance.