I’m still ploughing my way through the backlog of ML and AML stories from the past two weeks – heavens, you’d think the FATF and others would have the courtesy to hang fire while I’m on holiday, but no, on they go. One story in particular has caught my eye, not least because it’s rather close to home. On 19 June, it was announced that Deloitte Financial Advisory Services LLP had been fined US$10 million by a New York regulator for its involvement in the Standard Chartered money laundering débâcle. (Yes, I went on holiday to a Franchone country – bien sûr!) As someone who occasionally gets involved in reviewing clients’ AML procedures, I thought I should read more.
The press release from the New York Department of Financial Services (the DFS – the ones who levied the fine on Standard Chartered in the first place) is here. In short, back in 2004 the DFS and Standard Chartered identified several AML deficiencies at the bank’s New York branch. They agreed that Standard Chartered would engage a “qualified independent consulting firm” to review the AML issues – and they appointed Deloitte. However, on reviewing Deloitte’s action, the DFS found that the company “did not demonstrate the necessary autonomy required of consultants performing regulatory work” and “violated NY banking law by disclosing confidential information of other Deloitte clients to Standard Chartered”. By way of settlement, Deloitte agreed to pay $10 million, abstain for one year from conducting consulting work at firms regulated by the DFS, and put in place safeguards to address conflicts of interest in the consulting industry.
Looking at those two problems – autonomy and disclosure of confidential information – the second is much simpler to solve. What were they thinking, blabbing about one client to another? But the first is arguably harder to maintain. It seems that Deloitte bowed to pressure from Standard Chartered to remove a potentially troublesome recommendation from their report to the DFS. And as I write this, I think I see the problem: just who is Deloitte’s client? Standard Chartered or the DFS? If a financial institution is ordered by their regulator to engage professional advisers, then all concerned – institution, regulator and adviser – must be able to rely on the total impartiality of the resulting advice. The DFS says that they plan to use the safeguards being developed by Deloitte as the basis for a new code of conduct for such situations, covering:
- Disclosure of past work that could represent potential conflicts of interest
- A declaration of independence by the adviser
- Anti-tampering provisions
- Records of recommendations that were not implemented
- Monitoring the monitor
- Protecting confidential information.
After all, quis custodiet ipsos custodes?
I hate money laundering 
Hi Susan
It’s nice to see you back, refreshed from your break and ready to train, inspire and motivate those in the AML world.
As an Internal Auditor myself, the need to provide an independent and objective assurance is fundamental and I was therefore particularly interested in the Deloitte story. I know from regular experience that it can be a long and tricky journey to navigate the stages between the initial presentation of provisional draft findings of work to management (for their review and comment) and the eventual publication of the final audit report. However, it is critical that an auditor can justify any changes that are made during these stages.
After all, another oft used variation on “quis custodiet ipsos custodes?” is “who audits the auditors?”
Anyway, welcome back, and best of luck with clearing the usual glut of post holiday emails and paperwork.
Best Wishes
Graham
Hi Graham
Lovely to hear from you – and with your perspective on the Deloitte story, as an experienced internal auditor. You’re right about the tricky journey from first draft to final report, and I found that particular part of the code of conduct very interesting – the “anti-tampering provisions”, and the recording of any recommendations not finally adopted. Pressure on such advisers must – at times – be enormous.
Best wishes from Susan