The Financial Services Commission (Bailiwick of Guernsey) Law, 1987 as amended ("the Financial Services Commission Law"); The Regulation of Fiduciaries, Administration Businesses and Company Directors, etc (Bailiwick of Guernsey) Law, 2000 (the “Fiduciaries Law”); The Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) Regulations, 2007 as amended ("the Regulations"); The Handbook for Financial Services Businesses on Countering Financial Crime and Terrorist Financing ("the Handbook"); The Registration of Non-Regulated Financial Services Businesses (Bailiwick of Guernsey) Law, 2008 (“the NRFSB Law”) Blenheim Fiduciary Group Limited, (the "Licensee")
On 25 August 2017 the Guernsey Financial Services Commission ("the Commission") decided:
• To impose a financial penalty of £70,000 under section 11D of the Financial Services Commission Law on the Licensee; and
• To make this public statement under section 11C of the Financial Services Commission Law.
The Commission considered it reasonable and necessary to make these decisions having concluded that the Licensee had failed to ensure compliance with the Regulations and the Handbook, and Schedule 1 of the Minimum Criteria for Licensing under the Fiduciaries Law.
In 1999, the Licensee was established in Guernsey and licensed under the Fiduciaries Law on 14 January 2003.
The Commission conducted an Anti-Money Laundering/Countering the Financing of Terrorism (“AML/CFT”) on-site visit to the Licensee between 21 and 25 September 2015 (“the 2015 visit”).
The purpose of the 2015 visit was to assess the Licensee’s financial crime risks against the Regulations and the Handbook.
The Commission reviewed the policies and procedures, business risk assessment and customer files of the Licensee during the visit.
The Commission identified serious and systemic AML/CFT failings during the 2015 visit.
These concerns fell broadly into the following categories:
1. The Licensee had been managing and administering three companies that should have been registered under section 2(1) of the NRFSB Law;
2. The Licensee did not properly identify either its underlying customers or identify the risk they pose;
3. The Licensee did not adequately monitor the business it runs on behalf of its customers, including a lack of regular periodic reviews;
4. The Licensee missed obvious “red flags” which should have raised the Licensee’s suspicions, particularly in relation to CDD/AML issues; and
5. Prior to 2015, the Licensee should have been aware of widespread failings in periodic reviews and general client due diligence deficiencies but failed to address these effectively.
On 16 August 2016, pursuant to section 24 of the Fiduciaries Law, the Commission appointed Carter Backer Winter as Inspectors to further investigate the Licensee’s compliance with the relevant laws.
The investigations by the Inspectors and the Enforcement Division identified the following issues:
Failure to Register as Non-Regulated Financial Services Businesses
The Licensee administered three loan companies that should have been registered under the NRFSB Law, but which were not. The Licensee failed to identify that these loan companies should have been registered until 2014, some six years after the coming into force of the NRFSB Law. Whilst the Licensee had prior to 2015 disclosed this to the Commission, the current Board accepted that the Licensee had been managing and administering three companies that should have been registered under section 2(1) of the NRFSB Law.
Nature of and monitoring of the business of the loan companies
The loan companies were typically used to make financing available from structures administered by the Licensee to individuals related to those structures. A number of the loans had defaulted and despite the majority of borrowers being pursued for an update in late 2014, early 2015, the loans remained outstanding. Prior to being pursued in late 2014, early 2015, the amount of loans in default and the lack of contact led to the Licensee’s own employees considering whether these loans could be considered shams.
The Licensee failed to effectively monitor the business of the loan companies, which was a breach of Regulation 11 of the Regulations.
The Licensee missed obvious “red flags”
A number of files reviewed by the Commission contained obvious money laundering red flags, which should have created suspicion in the mind of the Licensee or at the least been considered in the Licensee’s relationship risk assessment of those clients. These “red flags” included:
1. An individual who had changed name, nationality and appearance without a clear rationale being given;
2. Trusts with what could be seen as “dummy” settlors; and
3. The appointment of a third party director to a client company without verifying that the individual was suitably qualified for the role; and
4. A company which was treating employee bonuses as loans which the licensee failed to obtain appropriate professional advice upon.
The Licensee failed to establish or take into account the purpose and intended nature of the client’s business relationship when undertaking a risk assessment. This resulted in breaches of Rule 56 of the Handbook and Regulation 4(3)(e) of the Regulations.
The Licensee did not properly identify and verify its customers
The Licensee’s own remediation plan which sought to identify those verification subjects whose customer due diligence (“CDD”) was not up to current standards, showed that at the commencement of the remediation, of over 2,000 verification subjects, more than half required remedial work to bring them up to today’s standards.
The Licensee itself noted that it did not have CDD, or had incomplete CDD, on some borrowers within the loan companies. In addition, no or incomplete CDD was held on the “dummy” settlors, who prior to the introduction of the Regulations and Handbook had established trusts with a nominal settlement.
The majority of the Licensee’s clients were taken on prior to the coming into force of the Regulations and Handbook. However, in accordance with Regulation 4 of the Regulations, CDD for business relationships existing at the time of the coming into force of the Regulations, where it is not held already, must be obtained at appropriate times on a risk-sensitive basis.
In 2009, the Commission issued Instruction Number 6 requiring licensees to review policies, procedures and controls in place in respect of existing customers to ensure that the requirements of Regulations 4 and 8 of the Regulations and each of the Rules in Chapter 8 of the Handbook were met. In accordance with the Commission’s Instruction Number 6, licensees were required to complete this process by close of business on 31 March 2010 in order that licensees satisfy themselves that CDD information appropriate to the assessed risk is held in respect of each business relationship.
The Licensee should have been aware of widespread failings prior to 2015
Prior to 2015, the Licensee should have been aware of widespread failings in its CDD processes and in particular in its regular reviews of relationship risk assessments. The backlog of risk assessment reviews was noted by a compliance consultant engaged by the Licensee in 2012 and by the Commission following a visit in 2013. The remediation put in place by the Licensee following the 2013 visit did not resolve the issues and the review of risk assessments was still an issue in 2015.
Failure by the Licensee to regularly review relationship risk assessments was a breach of Regulation 3(2)(b). Failure by the Licensee to ensure effective action was taken, prior to 2015, to resolve the identified deficiencies was a breach of Rule 28 of the Handbook. As a result, the Commission concluded that the Licensee prior to 2015 had not established and maintained an effective policy for review of its compliance with the Regulations and Handbook, as required by Regulation 15 of the Regulations.
The Licensee’s historic compliance deficiencies, as identified by the Commission following the 2015 visit, were serious, systemic, and had an adverse effect on the Licensee’s business. The fact that remediation has taken more than 18 months and with the commitment of substantial resources by the Licensee is an indication of the scale of the issues and deficiencies that have had to be addressed, as a result of the previous failings.
The Licensee accepted that there had been historical deficiencies prior to 2015 in the processes, policies and procedures that had been in place. The Commission acknowledges the efforts of the Licensee from January 2015 to implement an extensive remediation programme, which by January 2017 had been substantially completed. In particular, the Licensee has gone through a substantial overhaul of its compliance policies and procedures to improve the deficiencies that were identified.
The Licensee has completed the restructure of the policies and procedures, and an extensive remediation exercise on case files. They have exited or are in the process of exiting approximately 60 percent of the client base either for commercial reasons or due to the adoption of a less aggressive/lower risk business profile.
At all times, the directors of the Licensee co-operated fully with the Commission and the Inspectors and in reaching its decision the Commission recognises that the Licensee has put in place a comprehensive AML/CFT Risk Mitigation Programme to address the risks identified by the Commission, as well as to review more broadly the Licensee's compliance arrangements.
The Licensee agreed to settle at an early stage of the process and this has been taken into account by applying a 30% discount in setting the financial penalty.