Ideas & Debate

CEOs in tight spot on corporate breaches


The global financial crisis of 2007-2008 will long be remembered for the turmoil it caused to the banking industry. Some well-established banks previously thought to be too big to fail came crumbling down overnight.

As the effects of the crisis raged, the infamous Dodd–Frank Wall Street Reform and Consumer Protection Act in the US was enacted to promote financial stability, improve accountability and transparency in the financial system, and protect consumers from abusive financial services practices.

Financial regulations were revamped and, with time, the situation appeared to normalise. Since then there has been a significant increase in enforcements actions, notably in form of fines levied against banks for violating consumer protection and data privacy safeguards and breaching financial crime regulations, more so on money laundering and economic sanctions.

In developed economies, breaches in money laundering laws have led to increased deferred prosecution agreements between justice departments and global banks, their executives, and independent board of directors.

In addition to corporations being held responsible for non-compliance related issues, their senior management are increasingly coming under scrutiny. As corporate stewards, they are now being held personally liable for corporate wrongdoing. Early last year Wells-Fargo, one of the largest banks in the US, was fined $ 3 billion for falsifying bank records of its customers and misuse of customer information. The bank also wrongfully collected millions of dollars in fees and interest from the customers and misled investors on the business practices and value of investment. In November 2020, a former Wells Fargo Chairman and CEO was charged by the SEC for his role in allegedly misleading investors about the bank’s performance.

In the US, and increasingly in other developed markets, there is a growing emphasis on individual accountability for corporate wrongdoing. Sally Yates, a former US Deputy Attorney General, issued a memo in which she stated that, “One of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing”.

The Yates memo may have caught up with Facebook and its CEO Mark Zuckerberg in July 2019 during an enforcement action that came with record-breaking $5 billion fine for privacy lapses at the Company, owing to the Cambridge Analytica scandal. Zuckerberg was ordered to personally ensure compliance with privacy programs, and both he and his compliance officers are required to certify annually that the company is complying with the overall order. In case of any lapses, they will be held personally liable and face the potential for civil and criminal sanctions.

Could the financial services sector in Kenya be experiencing a Dodd-Frank’s reforms moment?

Over the past couple of years in Kenya, we have seen increased regulatory reforms championed by local regulators, notably the Central Bank of Kenya (CBK), the Capital Market Authority (CMA), the Financial Reporting Centre (FRC) and the Insurance Regulatory Authority (IRA).

Some of the corporate conduct breaches that management and directors may be held personally liable for include violations related to customer data privacy and financial crimes relating to money laundering and terrorism financing.

Banking Sector Charter, Cybersecurity, Data Protection, Code of Corporate Governance Practices for Issuers of Securities to the Public and Anti-Money Laundering laws are among the remedies that have been prescribed for financial conduct regulatory reform that banks in Kenya are besieged with.

Going by the current developments, it is indicative that Kenyan regulators and law enforcements agents are reading from the same script with leading international regulators, and hence corporate officers and directors will likely be held personally liable for corporate misdeeds in the coming years. Instructively, in 2019, some Kenyan banks entered into deferred prosecution settlement agreements with the Director of Public Prosecution to avoid prosecutorial action against them and their officers for anti-money laundering breaches that resulted from failure to report suspicious transactions relating to the National Youth Service corruption scandal.

Late last month, Kenya’s regulator Capital Market Authority was given a go ahead by the Supreme Court to pursue directors of the now defunct Imperial Bank due to the corporate bond that the bank had allegedly fraudulently issued before it collapsed. This should send a chill down the spines of corporate executives and board directors.

It is worth noting that Kenyan law gives the Financial Reporting Centre the power to hold any institution’s officers, employees, or partners personally liable for anti-money laundering violations. The personal fines and reputation risks that come with such breaches are weighty, and it is no wonder that corporate executives and board directors are now keen in ensuring their Directors and Officers (D&O) liability insurance covers are tight enough to protect them from some of these risks.

Another new regulation that was introduced in 2020 which holds corporate officers personally liable for violations is the Companies (Beneficial Ownership Information) Regulations, 2020. The regulation provides that companies incorporated or registered in Kenya should keep a register of beneficial owners with the relevant information relating to such owners.

Failure to comply with the disclosure requirements is an offence that will see each corporate officer pay a fine of Sh500,000. In addition for each day the company remains in default, the officers will pay an additional fine of Sh 50,000 daily.

Extra-territorial law breaches also threaten the security of corporate executives. One of the most significant ones is the United States anti-tax evasion legislation; Foreign Account Tax Compliance Act (FATCA).