Crescendo Advisors International Limited, Mr Hamish Jebb Hamilton Few30th December 2022
The Financial Services Business (Enforcement Powers) (Bailiwick of Guernsey) Law, 2020 (“the Enforcement Powers Law”)
The Protection of Investors (Bailiwick of Guernsey) Law, 1987 and the Protection of Investors (Bailiwick of Guernsey) Law, 2020 (collectively “the POI Law”)[i]
Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) Regulations, 2007 (“the Regulations”)[ii]
The Handbook for Financial Services Businesses on Countering Financial Crime and Terrorist Financing (“the Handbook”)
The Licensees (Conduct of Business) Rules 2016 (the “COB Rules”)
The Finance Sector Code of Corporate Governance (“the Code of Corporate Governance”)
The Principles of Conduct of Finance Business
Crescendo Advisors International Limited (the “Licensee” or the “Firm”)
Mr Hamish Jebb Hamilton Few (“Mr Few”)
The Guernsey Financial Services Commission (“the Commission”) decided that from 30 December 2022 it would take the following actions:
- To impose a financial penalty of £203,000 under section 39 of the Enforcement Powers Law on the Licensee;
- To impose a financial penalty of £33,810 under section 39 of the Enforcement Powers Law on Mr Few;
- To make an order under section 33(1) of the Enforcement Powers Law prohibiting Mr Few from holding the position of Controller, Director, Money Laundering Reporting Officer and Money Laundering Compliance Officer for a period of 3 years and 4 months;
- Pursuant to section 32(3) of the Enforcement Powers Law, to disapply the exemption set out in section 3(1)(g) of the Regulation of Fiduciaries, Administration Business and Company Directors, etc (Bailiwick of Guernsey) Law, 2020 in respect of Mr Few for a period of 3 years and 4 months; and
- To make this public statement under section 38 of the Enforcement Powers Law.
The Commission considered it reasonable and necessary to make these decisions having concluded that the Licensee and Mr Few failed to ensure compliance with the regulatory requirements and failed to meet the minimum criteria for licensing set out in Schedule 4 of the POI Law.
The findings in this case were serious and spanned a significant period, including after 13 November 2017 when The Financial Services Commission (Bailiwick of Guernsey) (Amendment) Law, 2016 came into force, which increased the maximum level of financial penalties.
The Licensee was incorporated in Guernsey in December 2008 and is licensed under the POI Law 2020 to carry on the restricted activities of Promotion, Dealing, Advising and Management, for both Category 1 Collective Investment Schemes and Category 2 General Securities and Derivatives.
The Firm provides discretionary investment management services to private clients and a small number of non-Guernsey collective investment schemes. Its clients comprise high net worth individuals from, or linked to, jurisdictions which are regarded as posing a higher risk of money laundering, terrorist financing and/or bribery and corruption.
The Licensee is part of the Crescendo group of companies, established and majority owned by Mr Giacomo Jacques Diwan. Mr Diwan is not resident in Guernsey.
From its incorporation in Guernsey in 2008 until July 2017, the Licensee was administered at different times by three locally based service providers who each provided Compliance Officers and Money Laundering Reporting Officers (“MLROs”) to the Firm. Since then, it has operated as a standalone licensee with a physical presence in Guernsey and has outsourced its compliance function.
Mr Few was involved in the administration and latterly the oversight of the day-to-day business of the Licensee throughout his employment with each of the three different administrators from 2008 until August 2015 when he left the Firm’s then administrator. He joined the Firm’s final administrator in July 2016 and was then appointed Senior Manager of the Firm in December 2016 and has been Managing Director since January 2018. He has also acted as the Firm’s MLRO since March 2019.
The Commission’s investigation into the Licensee commenced at the end of 2019 following an on-site visit to the Firm in August 2019 as part of the Commission’s Thematic Review of Source of Funds/Source of Wealth in the Private Wealth Management sector. This was the Licensee’s first visit by the Commission however, a Risk Mitigation Programme was put in place at the end of 2016 following identification by the Firm’s then administrators, of anti- money laundering/countering of financing of terrorism (“AML/CFT”) deficiencies in 90% of its client files (90% of which were classified as high risk). A remediation project undertaken by the Firm was reported to have been completed by November 2017.
The Licensee had no direct contact with its clients. Its business model meant that it was reliant on information provided by relationship managers who were employed by another company in the group based in Switzerland. Service level agreements purportedly governed the relationship in terms of the services provided by the group office, however, despite being aware from the outset of becoming a standalone business in 2017, that the outsourcing agreement between the Licensee and its group counterparty was inadequate, the Board of the Licensee failed to ensure it was amended in a timely manner.
The Licensee failed to demonstrate that effective mind and management was in Guernsey - simply operating a rubber-stamping process for investment decisions, despite being a licensed investment manager.
The Licensee’s own business risk assessment recognised that as its clients were predominantly connected to jurisdictions known to have a higher risk of financial crime, the assets under management in terms of source of wealth/funds had a higher financial crime risk associated with them.
The Commission’s investigation found that the Licensee had failed to effectively identify, monitor and manage some of the financial crime risks associated with its clients as required by the Regulations and the rules within the Handbook (“the Rules”). These issues, which were found to be systemic in the operation of the Firm, were reflected in the Firm’s failure to comply with regulatory requirements that arise at all stages of the client relationship, from on-boarding to day-to-day management and monitoring. The failings are particularly concerning due to the large proportion of high-risk clients.
In particular, the Commission found:
The Licensee failed to properly conduct relationship risk assessments, taking into account relevant high-risk factors and to regularly review relationship risk assessments
The Regulations and the Rules require that in order for a financial services business to consider the extent of its potential exposure to the risk of money laundering and terrorist financing it must assess the risk of any proposed business relationship prior to the establishment of that relationship and regularly review such a risk assessment so as to keep it up to date.
There was no evidence of initial risk assessments on some of the files examined by the Commission. The files also evidence that the Licensee did not fully understand the nature of the business of its clients and was therefore unable to take into account all relevant information when conducting risk assessments and reviews.
The Licensee’s business relationship with Ms A, a private wealth client from Country X, a high-risk country, began in September 2014. However, the first risk assessment for Ms A in the file provided to the Commission was carried out in March 2017.
Open-source information obtained by the Licensee in 2020 revealed that Ms A’s father was an ex-government leader of Country Y – a country known for the prevalence of bribery and corruption, particularly amongst government officials. It also reported that he had previously been wanted by Interpol for alleged illegal financial operations abroad and tax evasion (albeit the arrest warrant was withdrawn following a decision that his prosecution had been politically motivated). Ms A’s relationship to him meant that she was a Politically Exposed Person (“PEP”) and the risk that her source of wealth may have come from him – and that these may have been the proceeds of crime – should have been carefully considered by the Firm prior to taking on the business, as well as in the enhanced monitoring and high frequency reviews that are required for a PEP client. Had the Licensee collected sufficient data on Ms A (including her maiden name) as required by the Handbook it would have been able to discover this open- source information prior to 2020.
In addition, the intended source of funds for Ms A’s account came from companies which had issued bearer shares which are known to be used to conceal beneficial ownership.
Company B, a private corporate client, was incorporated in 2012 in a high-risk country, Country Z; and it issued five bearer shares. The five recorded beneficial owners were individuals associated with the fishing industry. The first risk assessment on file was conducted in July 2015 and made no mention of the financial crime risk associated with bearer shares.
In 2020 the Licensee discovered adverse open-source information which potentially linked two of the original beneficial owners of Company B to the illegal fishing trade. This information had been available since 2011, prior to the take-on of Company B, however, these potential links to the laundering of the proceeds of crime had not been investigated by the Licensee, either at the outset of the relationship, during routine reviews, or when the ownership purportedly changed.
Company C, also a private corporate client incorporated in high-risk Country Z, issued two bearer shares. Company C became a client of the Licensee in March 2011, the first risk assessment on file was dated October 2012 and made no mention of the financial crime risk associated with the issue of bearer shares.
In addition, one of the recorded beneficial owners was involved in an industry known to be linked to the production and trafficking of drugs. This risk was not considered by the Licensee in either the initial, or subsequent routine risk assessments.
Company D is a private corporate client owned by Trust A set up for the benefit of the family of the settlor. Company D was taken on in January 2011, the first risk assessment on file was completed in October 2012 and did not acknowledge the risk of the settlor’s commercial interests in an industry frequently linked to financial crime.
In March 2015 the Licensee identified adverse information regarding fraud, trafficking and tax evasion linked to the settlor of Trust A and another of its private wealth clients. Following reassurance from a lawyer who provided the CDD documents of the settlor to the Licensee, the Firm made no further enquiries around the adverse media and it was not referred to in the subsequent risk assessment conducted in July 2015.
The Licensee failed to understand the ownership and control structure of a customer and identify PEPs
Regulation 4 of the Regulations and the related provisions of the Handbook relate to customer due diligence and require firms to identify the beneficial owner and underlying principal and take reasonable measures to verify such identity. In the case of a legal person or legal arrangement, firms must take measures to understand the ownership and control structure of the customer. Regulation 4 also requires a financial services business to determine whether the customer is a PEP.
The Licensee failed to identify Ms A as a PEP until six years after the start of the business relationship. The relationship manager in the group office was the ex-husband of Ms A, however, neither he, nor the group office shared this crucial information about the client with the Firm and the Firm’s lack of enhanced due diligence allowed it to go unnoticed until 2020.
In September 2017, the relationship manager from the group office informed the Firm that the beneficial ownership of Company B had changed and one of the original five owners now owned 100% of the company. No evidence was provided to the Licensee to verify this change of ownership of this high-risk client.
In September 2017, the Licensee received a share register for Company C which showed that the two bearer shares had been cancelled in December 2015 and shares issued to one of the original beneficial owners. The Firm had been unaware of the change in ownership of Company C for almost two years.
In 2015, the Licensee identified open-source material linking the settlor of Trust A to high- ranking officials in high-risk jurisdictions. However, the individual was not classified as a PEP until 2020, nine years after the business relationship with him was established.
Mr E was introduced to the Licensee in June 2015 and was a business associate of the settlor of Trust A. At the time of take-on, due to Mr E’s association with another of its clients, the Licensee was already aware of the adverse media surrounding Mr E, which identified him as a PEP due to his partial ownership of a company also owned by PEPs. The adverse media also linked Mr E to individuals known to be involved in bribery and corruption. Despite having this information, the Licensee failed to recognise Mr E as a PEP until 2020, five years after the client was taken on.
The Licensee failed to carry out Enhanced Due Diligence (“EDD”)
Regulation 5 and the relevant provisions of the Handbook detail the EDD requirements required for high-risk customers and, in particular, the requirement to take reasonable measures to establish the source of any funds and of the wealth of the customer, beneficial owner and underlying principal.
The Licensee relied on relationship managers in the group office to provide it with letters summarising their basic knowledge of the clients’ source of funds and source of wealth. The Commission found little evidence of any corroboration of the claims made by the group office on file, or of any independent EDD being carried out by the Licensee on high-risk clients.
Ms A’s ex-husband (who was a director of the Licensee at the time and a relationship manager of the group office) introduced her to the Firm and told them her source of wealth derived from the proceeds of their divorce. The Firm relied upon this basic information without obtaining any corroborating evidence.
In addition, her source of funds was anticipated to be two companies managed by the Firm of which she was the beneficial owner, however, when funds were received from third parties the Firm failed to investigate the rationale for the receipt of the funds and relied on the relationship manager’s uncorroborated explanation that the source of wealth was in fact the proceeds of a life insurance product that was originally taken out by her current husband for her benefit.
The Licensee relied entirely on a letter from the relationship manager informing it that the source of wealth for the five individual beneficial owners behind Company B came from their background in the fishing industry. No corroborating evidence was obtained and no EDD was conducted by the Licensee despite this being a high risk client.
The Licensee knew very little about the business of Company B which was purportedly a trading company and had no corroborating evidence relating to the source of funds into the company. Over $8.7 million was received into Company B between May 2012 and October 2013 from third parties, some of which had no identifiable links to the fishing industry which Company B was purportedly trading in.
Despite his interests in an industry linked to drug production and trafficking, no EDD was conducted by the Licensee on the beneficial owner of Company C and no attempts were made to corroborate the information provided by the relationship manger regarding his source of wealth.
Over $6 million was introduced into Company C from various accounts held by Company C in another jurisdiction which the Licensee had no oversight of. From information gathered in 2020, the Firm determined that funds had been received from another client of the group, as well as stock transferred from the personal asset holding vehicle of one of the group’s relationship managers.
Due to the lack of visibility of account names, the source of funds into Company D’s account could not be identified. Over $200 million was received into Company D’s account over the course of the relationship yet the Licensee did not seek to conduct any EDD or verify the source of wealth until some seven years after taking on the business.
The Licensee failed to monitor transactions and activity
Regulation 11 details the requirements to perform ongoing and effective monitoring of existing business relationships, including scrutiny of any transactions or other activity. Regulation 5 also details that for high-risk clients there must be more frequent and more extensive monitoring.
The Licensee’s monitoring was ineffective and failed to consider third party payments being made to the client account (for example as seen in the files for Ms A and Company D referred to above) including where its clients were classified as high-risk and had numerous high-risk indicators and therefore, should have been subject to more extensive scrutiny.
The failure of the Licensee to identify adverse media, for example in the case of Company B, also demonstrated to the Commission that the Firm did not undertake effective monitoring.
The Licensee failed to ensure appropriate and effective AML/CFT policies, procedures and controls
The Regulations require a financial services business to ensure that its policies, procedures and controls on forestalling, preventing and detecting money laundering and terrorist financing are appropriate and effective, having regard to the assessed risk.
Whilst the Licensee identified that its clients were predominantly high-risk due to the jurisdictions they resided and undertook business in, the Board failed to establish and implement effective policies, procedures and controls to mitigate the risks.
Corporate governance failings
The Commission noted the model employed by the Firm, whereby investment advisory services, together with all client matters, are outsourced to the group office. However, there is a requirement for adequate oversight of the outsourced function and a requirement to demonstrate the ability to make prudent investment management decisions. The Guernsey licensee is required to hold adequate information in order to be able to make investment decisions on behalf of clients. Further, mind, management and control within the Bailiwick must be demonstrated to satisfy the minimum criteria for licensing under the POI Law.
The Licensee recorded very little information about the model portfolios presented to clients by relationship managers in the group office and how these reflected the client’s investment objectives.
The Licensee did not record the rationale as to the suitability of the investment recommendation for its clients and was unable to evidence compliance with the COB Rules and the Principles of Conduct of Finance Business relating to suitability and information about customers.
The Board represented to the Commission that access to client information, such as due diligence documentation and investment objectives, was available via the database system and that adequate processes were in place to ensure the suitability of the trade prior to any transactions being executed on behalf of clients. However, in addition to the failure to comply with the standards of due diligence required by the Bailiwick AML/CFT regulatory framework, the Firm was unable to demonstrate that it performed sufficient analysis of the buy or sell advice provided to it to ensure that it is advising and managing the assets and investments in a prudent way. The Board was unable to evidence that it challenged investment advisory instructions being made on its clients’ behalf.
The Firm failed to demonstrate that there was sufficient constructive discussion, understanding or deliberation over the investment management and advisory decisions it makes on behalf of its clients. Such discussions would be expected, on an ongoing basis, to include consideration of portfolio constitution, prospectus remit, investment performance and future expectations.
The Licensee established an Investment Committee in 2016, however this committee only met six times in four years and was not effective. The Licensee did not maintain records of discussions about its consideration of investment strategies or model portfolios, failed to obtain adequate or ongoing information on clients’ investment objectives and failed to execute an effective agreement with the group office regarding the outsourcing of certain services.
These factors led the Commission to conclude that the Board of the Licensee could not demonstrate its effectiveness in governing the Firm, acting in its best interests or observing the Principles of Finance Business. The investment management function was carried out by the group office and the licensed Guernsey entity simply acted on instructions received from there.
The Licensee failed to avoid, manage or minimise conflicts of interest
As demonstrated in the case of Ms A, the Licensee failed to comply with the requirements of the COB Rules and the Code of Corporate Governance in relation to dealing with conflicts of interest.
Ms A’s ex-husband managed her investments and not only was he a relationship manager at the group office, but a director of the Licensee at the time the business relationship was established. This presented a clear conflict of interest to the Firm who relied on information provided by him without independently verifying what it was told. In addition, the Licensee continued to act on instructions from him regarding her account after he had resigned as director and it had been discovered that he had supplied inconsistent information over the period of the client relationship.
The Firm failed to recognise and address the conflict of interest which arose between the underlying client and a director of the Licensee (who was also a relationship manager in the group office). This conflict was not properly documented or managed and he was permitted to make decisions on the client account and was relied upon for information, both at take on of the client and during reviews.
The Commission’s investigation identified that Mr Few failed to act with competence, soundness of judgement, diligence; or with the knowledge and understanding of his legal and professional obligations.
Mr Few, who was appointed to the Board of the Licensee in January 2018, clearly identified and highlighted to an incoming director prior to the latter’s appointment in March 2018, that the Licensee had very little knowledge of its clients’ investment objectives and he was obviously aware that the policies and controls in place at the time were not sufficient to meet the requirements in Guernsey. An attempt to employ someone with appropriate investment experience in May 2018 still did not resolve this issue.
Mr Few had been involved with the administration of the Licensee until August 2015 and then from December 2016 he became a senior manager at the Firm and latterly, managing director. His knowledge of the business model of the Firm, coupled with his expected knowledge of the Guernsey legal and regulatory requirements ought to have placed him in a good position to bring the Firm into compliance when it became a standalone licensee. However, despite his acknowledgement of the deficiencies that existed, he failed to ensure the necessary improvements were implemented to ensure the Firm complied with its regulatory obligations. The absence of these necessary improvements contributed to the failure of the Firm to meet the MCL in Schedule 4 to the POI Law. In failing to implement these improvements Mr Few did not act in the best interests of the company and demonstrated his own lack of fitness and propriety to act as a director of a licensee.
The Licensee’s business was inherently high-risk with 90% of its clients rated high-risk. There was adverse media on a number of the Licensee’s clients, which signposted the significantly heightened risk of the Licensee handling the proceeds of crime.
The Licensee failed to ensure that it had adequate policies, procedures and controls in place, as required by regulation, resulting in the Licensee being vulnerable to being used to facilitate money laundering and terrorist financing and thereby jeopardizing the reputation of the Bailiwick as an international finance centre.
Failings were found to have occurred from the time of take-on of business relationships, including not completing risk assessments and failing to undertake sufficient EDD on high-risk business relationships and these were not remediated during periodic reviews.
The Commission relied on assurances from the Board of the Licensee, in relation to the completion of the remediation project in 2017, which were inaccurate.
The deficiencies in the Firm’s corporate governance strategy were brought to the attention of the Board by Mr Few in 2018 but these were not effectively addressed.
In 2017 the Firm appointed a local compliance consultant to undertake the remediation of all the identified deficiencies in its client files as required by the Commission’s Risk Mitigation Programme. Subsequently, the Licensee continued to outsource its compliance function to a local provider who at no time alerted the Board to any substantial deficiencies or potential regulatory breaches. The significant and continued failings identified in the Commission’s investigation were not brought to the attention of the Licensee by its outsourced compliance function. Notwithstanding, the Board of the Licensee acknowledges that it remains responsible, including for the review of its compliance as required by paragraph 15 of Schedule 3.
Following the on-site visit, the Licensee agreed to a second Risk Mitigation Programme, which has been completed.
At all times the Licensee and Mr Few co-operated fully with the Commission. The Licensee and Mr Few agreed to settle at an early stage of the process and this has been taken into account by applying a discount in setting the financial penalties and the duration of Mr Few’s prohibition.
[i] The POI Law was repealed by the Protection of Investors (Bailiwick of Guernsey) Law, 2020 (“the POI Law 2020”) on 1 November 2021.
[ii] The Regulations were repealed and replaced by Schedule 3 to the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 (“Schedule 3”) on 31 March 2019.