The Financial Services Commission (Bailiwick of Guernsey) Law, 1987 (“the Financial Services Commission Law”);
The Regulation of Fiduciaries, Administration Businesses and Company Directors, etc (Bailiwick of Guernsey) Law, 2000 (“the Fiduciaries Law”);
The Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) Regulations, 2007 as amended (“the Regulations”);
The Handbook for Financial Services Businesses on Countering Financial Crime and Terrorist Financing (“the Handbook”);
Richmond Fiduciary Group Limited (“the Licensee”)
On 12 April 2018 the Guernsey Financial Services Commission (“the Commission”) decided:
• To impose a financial penalty of £45,500 under section 11D of the Financial Services Commission Law on the Licensee; and
• To make this public statement under section 11C of the Financial Services Commission Law.
The Commission considered it reasonable and necessary to make these decisions having concluded that the Licensee had failed to ensure compliance with the Regulations, the Handbook, the Code of Practice – Corporate Service Providers, the Code of Practice – Trust Service Providers, Instruction 6 of 2009 and the minimum criteria for licensing set out in Schedule 1 of the Fiduciaries Law.
The Commission notes that, as detailed below, both the level and scope of the sanctions against the Licensee were tempered by the historic nature of the identified failures, the remediation process that was promptly undertaken by the Licensee and the implementation of a new Compliance, Risk and Governance structure following the Commission’s initial visit and presentation of findings.
In 1999, the Licensee was established in Guernsey and licensed under the Fiduciaries Law on 1 April 2001.
The Commission conducted an on-site visit to the Licensee between 29 February 2016 and 4 March 2016 (“the 2016 visit”).
The purpose of the 2016 visit was to carry out a full risk assessment of the Firm. In doing so the Commission reviewed (among other things) the Firm’s business model, governance, policies and procedures, conduct of business, operational risk, financial crime risk, business risk assessments and a selection of customer files.
During the 2016 visit and the subsequent investigation, the Commission identified serious instances of governance and operational failings as well as failings in respect of the Licensee’s compliance with applicable Anti Money Laundering / Countering the Financing of Terrorism related regulations.
These concerns fell broadly into the following categories:
1. The Licensee did not always properly verify its underlying customers or identify the risks they posed, in particular regarding high-risk customers, operating high-risk businesses in high-risk countries;
2. The Licensee did not always properly verify the source of wealth and/or the source of funds of its high-risk customers;
3. The Licensee did not always adequately monitor customer relationships and, on occasion, failed to address in a timely manner serious issues that arose during periodic relationship risk reviews;
4. The Licensee failed to maintain adequate records of all its customers;
5. The Licensee failed to comply fully with Instruction 6 of 2009;
6. The Licensee had been warned about the above issues on a number of occasions prior to 2016. Many of the issues were repeat issues noted from an on-site visit carried out by the Commission in June 2013 onwards, but the Licensee had, in a number of instances, failed to effectively address these shortcomings until undertaking an extensive remediation programme in 2016; and
7. The Licensee failed to comply fully with the minimum criteria for licensing under the Fiduciaries Law.
The Commission’s investigation found:
The Licensee did not always properly verify its customers
The Licensee failed on a number of occasions to verify from the outset of a business relationship the identity of all parties involved; including relationships involving high-risk business, and politically exposed persons (PEPs). In the case of one high-risk relationship, both verification of identity and verification of address was outstanding for a period of nearly seven years.
The Licensee placed undue reliance upon formally documented site visits by its senior staff in order to verify high-risk customers’ addresses, without obtaining additional documentation in respect of the relevant addresses.
The Licensee did not always properly identify and verify the source of wealth and/or the source of funds of its high-risk customers
The Licensee was noted on a number of occasions to have entered into business relationships with customers operating high-risk businesses. In some cases the Licensee placed undue reliance on the assertions being made by customers regarding the source of their wealth or funds, without obtaining supplemental documentary information to support these claims.
The Licensee did not always adequately monitor customer relationships and failed to address in a timely manner all serious issues that arose during periodic relationship risk reviews
The Licensee had amongst its business relationships customers who operated companies whose business activities related to mining or were involved in property dealing. The Commission noted that in relation to these customers the Licensee:
• had not, in a timely manner, been made aware of a change in the shareholding of a foreign company which owned a company that was administered by the Licensee and which was involved in mining-related activities. The Licensee failed to adequately document its scrutiny of why the client had failed to notify it of this serious omission.
• had failed to complete financial statements for a company involved in property dealing in the Middle East for nearly ten years; which was exacerbated by the Licensee’s inability to properly identify whether any of these properties had been sold; and
• had failed to maintain contact with a high-risk customer, which resulted in the Licensee being unable to resolve outstanding regulatory issues.
Furthermore, the Licensee was noted in periodic risk reviews to have failed, in some cases, to resolve in a timely manner serious issues that arose during the life of a business relationship. In one instance involving a high-risk customer, action points regarding customer due diligence (“CDD”) were not resolved by the Licensee and were therefore carried forward to the next review, year after year, for a period of nearly seven years.
The Licensee failed to maintain adequate records of all its customers
The Licensee was noted to have kept inadequate records of many of the customers reviewed by the Commission and as such was unable to perform meaningful periodic risk assessments in respect of those customers.
The Licensee failed to comply fully with Instruction 6 of 2009
In 2009, the Commission issued Instruction Number 6 requiring licensees to review policies, procedures and controls in place in respect of existing customers to ensure that the requirements of regulations 4 and 8 of the Regulations and each of the rules in Chapter 8 of the Handbook were met. Licensees were required to complete this process by close of business on 31 March 2010 and satisfy themselves that CDD information appropriate to the assessed risk was held in respect of each business relationship. Where a licensee could not meet the regulations by the deadline they were required to terminate the business relationship.
The Commission noted during the investigation that the Licensee had three business relationships that had been established prior to 2009, but for whom CDD was still outstanding in 2017, and were in the process of being terminated.
The Licensee failed to effectively address previous regulatory breaches
The Licensee had been warned since 2013, by the Commission and independent compliance consultants, about shortcomings in its compliance with its regulatory requirements. The 2016 visit and subsequent investigation highlighted that the Licensee had not sufficiently resolved a number of the identified deficiencies.
As a result, the Commission concluded that prior to 2016 the Licensee had not established and maintained an effective policy for review of its compliance with the Regulations and Handbook, as required by regulation 15 of the Regulations, and rules 27 and 28 as set out in the Handbook.
The Licensee failed to comply fully with the Fiduciaries Law
The Commission concluded that prior to 2016 the Licensee had failed to comply fully with the Fiduciaries Law, specifically paragraphs 1(1)(c), 1(2)(b) and 5(2)(d)(i) of the minimum criteria for licensing set out in Schedule 1 to that Law:
• Business to be carried out in a manner which will not tend to bring the Bailiwick into disrepute as an international finance centre;
• A business shall at all times act in accordance with any rules, codes, guidance, principles and instructions issued by the Commission; and
• Business to be conducted in a prudent manner, with adequate accounting and other records of the business being maintained.
The Licensee’s historic compliance deficiencies, as identified by the Commission following the 2016 visit, whilst not systemic, were serious and involved high-risk customers, in high-risk businesses in high-risk countries.
The Licensee accepted that there had been historical deficiencies prior to 2016 in the processes, policies, procedures and governance structure that had been in place. The Commission acknowledges the efforts of the Licensee from January 2016 to implement an extensive remediation programme (which included a review of its client files), which by March 2018 had been substantially completed.
In particular, the Licensee has significantly strengthened its compliance function, and has expanded its compliance team by over a third in number.
The Licensee has also completed a restructure and remediation of its governance structure, its policies and procedures and its customer base.
In reaching its decision the Commission recognises that the Licensee engaged an independent consultant in 2016 to develop a comprehensive corporate risk mitigation programme to improve its corporate, operational and compliance functions. This programme further resulted in a number of changes, including the appointment of a Governance Director with overall responsibility for governance, compliance and risk.
At all times, the directors of the Licensee co-operated fully with the Commission.
The Licensee agreed to settle at an early stage of the process and this has been taken into account by applying a 30% discount in setting the financial penalty.