I’m still ploughing my way through the backlog of ML and AML stories from the past two weeks – heavens, you’d think the FATF and others would have the courtesy to hang fire while I’m on holiday, but no, on they go. One story in particular has caught my eye, not least because it’s rather close to home. On 19 June, it was announced that Deloitte Financial Advisory Services LLP had been fined US$10 million by a New York regulator for its involvement in the Standard Chartered money laundering débâcle. (Yes, I went on holiday to a Franchone country – bien sûr!) As someone who occasionally gets involved in reviewing clients’ AML procedures, I thought I should read more.
The press release from the New York Department of Financial Services (the DFS – the ones who levied the fine on Standard Chartered in the first place) is here. In short, back in 2004 the DFS and Standard Chartered identified several AML deficiencies at the bank’s New York branch. They agreed that Standard Chartered would engage a “qualified independent consulting firm” to review the AML issues – and they appointed Deloitte. However, on reviewing Deloitte’s action, the DFS found that the company “did not demonstrate the necessary autonomy required of consultants performing regulatory work” and “violated NY banking law by disclosing confidential information of other Deloitte clients to Standard Chartered”. By way of settlement, Deloitte agreed to pay $10 million, abstain for one year from conducting consulting work at firms regulated by the DFS, and put in place safeguards to address conflicts of interest in the consulting industry.
Looking at those two problems – autonomy and disclosure of confidential information – the second is much simpler to solve. What were they thinking, blabbing about one client to another? But the first is arguably harder to maintain. It seems that Deloitte bowed to pressure from Standard Chartered to remove a potentially troublesome recommendation from their report to the DFS. And as I write this, I think I see the problem: just who is Deloitte’s client? Standard Chartered or the DFS? If a financial institution is ordered by their regulator to engage professional advisers, then all concerned – institution, regulator and adviser – must be able to rely on the total impartiality of the resulting advice. The DFS says that they plan to use the safeguards being developed by Deloitte as the basis for a new code of conduct for such situations, covering:
- Disclosure of past work that could represent potential conflicts of interest
- A declaration of independence by the adviser
- Anti-tampering provisions
- Records of recommendations that were not implemented
- Monitoring the monitor
- Protecting confidential information.
After all, quis custodiet ipsos custodes?