ITI Trade LTD. (in Administration Management) and Mr Alex Phil

The Financial Services Business (Enforcement Powers) (Bailiwick of Guernsey) Law, 2020 (“the Enforcement Powers Law”)

The Protection of Investors (Bailiwick of Guernsey) Law, 2020 (“the POI Law”)^[i]

Schedule 3 to the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 (“Schedule 3”)[ii]

The Handbook on Countering Financial Crime (AML/CFT/CPF) (“the Handbook”)

The Licensees (Conduct of Business) Rules 2016 (the “COB Rules”)[iii]

The Finance Sector Code of Corporate Governance (“the Code of Corporate Governance”)

The Principles of Conduct of Finance Business

 

ITI Trade LTD. (in Administration Management) (the “Licensee” or the “Firm”)

Mr Alex Phil (formerly Mr Alexei Filatov) (“Mr Phil”)

On 18 July 2025 the Guernsey Financial Services Commission (“the Commission”) decided:

• To impose a financial penalty of £175,000 on the Licensee under section 39 of the Enforcement Powers Law;
• To impose a financial penalty of £35,000 on Mr Phil under section 39 of the Enforcement Powers Law;
• To make an order under section 33(1) of the Enforcement Powers Law prohibiting Mr Phil from holding a supervised role for a period of 2 years and 10 months;
• Pursuant to section 32(3) of the Enforcement Powers Law, to disapply the exemption set out in section 3(1)(g) of the Regulation of Fiduciaries, Administration Business and Company Directors, etc (Bailiwick of Guernsey) Law, 2020 in respect of Mr Phil for a period of 2 years and 10 months; and
• To make this public statement under section 38 of the Enforcement Powers Law.

The Commission considered it reasonable and necessary to make these decisions having concluded that the Licensee and Mr Phil failed to ensure compliance with the regulatory requirements and failed to meet the minimum criteria for licensing set out in Schedule 4 to the POI Law.

BACKGROUND

The Licensee was incorporated in Guernsey in October 2014 and was licensed under the POI Law to carry on the restricted activities of promotion and subscription for Category 1 investments and all activities, except for advising, for Category 2 investments.

The Firm provided execution only and prime brokerage services to a modest-sized customer base, which comprised high net worth individuals, professional and institutional investors, a high percentage of which resided in higher risk jurisdictions.

The Firm had no direct contact with its customers as it operated an outsourced model, outsourcing practically all of its functions to various service providers externally and within its group, in particular to its sister company in Russia which provided the Firm with infrastructure and operational support as well as functions including, but not limited to, initial customer onboarding, transactional monitoring, and relationship management.  In addition, the Russian sister company provided the Firm’s high volume algorithmic trading customers with direct market access to the Moscow Stock Exchange.

The Licensee was administered at different times by a number of locally based service providers who each provided Compliance Officers and/or Money Laundering Reporting Officers (“MLROs”) to the Firm.

Mr Phil was a Director of the Firm from incorporation and was involved in the day-to-day business of the Licensee throughout his employment. He also acted as the Firm’s MLRO for a short period in 2017-2018 and again for over a year in 2021–2022.

The Commission’s investigation into the Licensee commenced in September 2022 following the suspension of the Firm’s licence and the appointment by the Royal Court, of Administration Managers to the Firm in June and July that year respectively. 

Within the three-year period leading up to the suspension of the Firm’s licence several Risk Mitigation Programmes had been undertaken to address concerns the Commission had regarding the operation of the business, and a remediation project which the Firm outsourced to a third party compliance provider was reported to have been largely completed by January 2022.

FINDINGS

The Commission identified that the Licensee was used to appear to provide investment services from Guernsey, when in reality much of the business was conducted in Russia, where the standards for customer due diligence and sanctions screening were not equivalent to those in Guernsey.  The Firm had very little knowledge of its customers and failed to demonstrate that it had effective oversight of the outsourced service providers, to mitigate the risks present in its outsourced model. This led to wide-spread and systemic breaches of the regulatory requirements of the Bailiwick that arose at all stages of the customer relationship, from on-boarding to day-to-day management and monitoring. The failings are particularly concerning due to the large proportion of high-risk customers, the source of funds and wealth of which was unknown to the Licensee.

In particular, the Commission found:

The Licensee failed to properly conduct relationship risk assessments, taking into account relevant high-risk factors and to regularly review relationship risk assessments

Schedule 3 and the related rules in the Handbook require that in order for a financial services business to consider the extent of its potential exposure to the risk of money laundering and terrorist financing it must assess the risk of any proposed business relationship, taking into account the risk factors such as the type of customer, their jurisdiction and any adverse media around them, prior to the establishment of that relationship and, regularly review such a risk assessment so as to keep it up to date.

Schedule 3 also requires that licensees have appropriate and effective procedures in place to mitigate and manage the risks assessed (including additional measures where the risk is high) and to regularly review the implementation of those controls.

The Licensee failed to assess the money laundering / terrorist financing risk of its customer relationships, taking into account all of the relevant risk factors, both prior to the establishment of the relationship and periodically thereafter. Where customers were sourced by the Firm’s sister company in Russia, an initial assessment of the customer’s suitability was completed by the staff in Russia.  However, this was not sufficient to meet the Firm’s obligations to undertake an AML/CFT risk assessment, as it did not consider relevant high risk factors.

Due to a combination of lack of understanding of the requirements, a failure to specify roles and responsibilities and a failure to monitor and oversee the outsourced functions, the Board allowed this breach to occur across the entirety of its business, which included a customer that was linked to a $100 million insider trading scandal and that was eventually fined by the authorities in another jurisdiction for lax controls to combat financial crime.

The Firm also failed to take measures to understand the rationale and take into account the use of Scottish LPs in the beneficial ownership structure of one of its customers, despite this type of structure being known to be abused for money laundering.

In addition, the transitional provisions of the Handbook (chapter 17.6) required the Firm to review all of its business relationships by 31 December 2021 (recommending an earlier 30 June 2021 deadline for all high risk business).  The Firm failed to comply with this recommendation in the Handbook.

The Licensee failed to take reasonable measures to identify if a customer is acting on behalf of another person and identify and verify the identity of that person

Paragraph 4(3)(d) of Schedule 3 required the Firm to determine if a customer was acting on behalf of another person and if so, to identify and verify the identity of that person. 

In addition to providing outsourced services to the Licensee, the Firm’s sister company in Russia was also itself a customer of the Licensee.  However, despite knowing that the company was not only depositing its own funds into the Licensee’s accounts, but was acting on behalf of its respective clients (and that the source of funds for investments into its accounts came from those external sources) the Firm made no attempt to find out who the underlying clients were or ensure CDD carried out was adequate and that individuals had been subject to sanction screening.

As at July 2022, the Firm held assets for its Russian sister company that accounted for over 75% of the Licensee’s Assets Under Management, but the identities of the 108 individuals for whom the Russian entity was acting on behalf of were unknown to the Licensee.

A Firm may treat as its customer, a regulated entity who acts on behalf of their clients, if certain criteria are met to qualify for an exemption from identifying the underlying clients.  These types of arrangements are considered correspondent services.  In order to treat the Russian sister company as a correspondent, the Firm would be required to apply ECDD measures to that relationship as specified under paragraph 5(1)(b) of Schedule 3.  The Firm gave no consideration to this, if it had it would have been required, inter alia, to assess the sister company’s policies, procedures and controls to ensure they were adequate, appropriate and effective.   

During the investigation it was discovered that the procedures used by the Russian company to identify and verify its own customers, and to screen them for adverse media and sanctions were not produced until March 2022 and did not meet the standards required in the Bailiwick of Guernsey. 

Additionally, the underlying clients of another significant high-risk customer of the Firm were also unknown to the Firm, despite this customer having been implicated (but later cleared) of involvement in an insider trading scandal in the US.

The Licensee failed to carry out Customer Due Diligence (“CDD”) and Enhanced Customer Due Diligence (“ECDD”)

Paragraphs 4 and 5 of Schedule 3 and the related rules in the Handbook set out the requirements to conduct CDD and, for high risk customers ECDD, prior to establishing a business relationship.

As part of a remediation project carried out in the second half of 2021, the Firm’s outsourced compliance provider identified that a high proportion of the customer files were deficient in CDD. As a result, one third of the Firm’s customer accounts were blocked pending receipt of further documents. This demonstrates the level of non-compliance by the Licensee with the requirements to identify and verify the identity of the customer.

Despite the high risk factors which were present in a large proportion of its customer relationships, the Firm also failed to comply with the requirements to conduct ECDD on high-risk business in accordance with paragraph 5(1) of Schedule 3 and the associated rules in the Handbook, in particular the requirement to take reasonable measures to establish the source of any funds and of the wealth of the customer, and where relevant the beneficial owner. 

Despite the Firm reporting to the Commission that the remediation project had been successfully completed in early 2022, following their appointment in July 2022, the Administration Managers were advised to undertake a further remediation exercise in order to ensure the customer files were compliant with the requirements of Schedule 3 and the rules in the Handbook prior to being able to return funds to the Licensee’s customers.  This reportedly took over 18 months to complete to the appropriate standard.

The Licensee failed to identify PEPs

Paragraph 4 (3)(f) of Schedule 3 also requires a financial services business to determine whether the customer is a PEP.  In 2021, the Firm’s outsourced compliance provider identified two individuals who were PEPs (one had been identified but was not listed on the Firm’s PEP register, the other had not been identified as a PEP) and another one which potentially may have been a PEP but consideration had not been given to the available information. 

The Licensee failed to monitor transactions and activity

Paragraph 11 of Schedule 3 and the relevant rules in the Handbook detail the requirements to perform ongoing and effective monitoring of existing business relationships, including scrutiny of any transactions or other activity. The Licensee failed to adduce any evidence that customer transactions and activity were monitored in accordance with these requirements.

Mr Phil had no direct access to the systems of the Licensee’s Russian sister company but relied on trading reports he received by email, however no evidence has been seen by the Commission of any actual monitoring of trades, details of the process or output from any monitoring.

The Commission was informed at the end of June 2022 by the then MLRO of the Firm how monitoring of customer activity was carried out by the relationship managers in Russia. However, there was no evidence seen by the Commission that such monitoring was sufficient to meet the requirements set out in Guernsey Law. 

In the first half of 2022, following the invasion by Russia of Ukraine, there was a significant increase in the Firm’s trading levels and a sudden increase in the Licensee’s assets under management which increased by over 440% in the period. No record of any discussion at Board level was made regarding these events and no additional review of customers or consideration of the potentially increased risk to the business was undertaken.  When questioned by the Commission about this, the members of the Firm’s Board each had a different opinion as to why the increase had occurred, which demonstrated their lack of joint consideration and understanding of this issue.                       

The Licensee failed to ensure appropriate and effective AML/CFT policies, procedures and controls

The Board failed to adhere to the requirements of Schedule 3 and in particular breached paragraph 2 of that Schedule which requires firms to have in place effective policies, procedures and controls to identify, assess, mitigate, manage, and review and monitor, the risks.

No AML/CFT risk assessments of the Firm’s customers were carried out, no periodic reviews were conducted for at least 3 years prior to 2022, no compliance monitoring program was undertaken for more than a year, no AML/CFT Manual was reviewed or approved by the Board for a number of years and as such, the Board failed to ensure compliance with the requirements of the AML/CFT regime in the Bailiwick as set out in Schedule 3.

Corporate governance failings and failure to comply with the COB Rules, the Code of Corporate Governance and the Principles of Conduct of Finance Business

The Commission noted the model employed by the Firm, whereby it placed significant reliance on outsourcing arrangements for almost all its functions. However, the Guernsey licensee was required to ensure it had adequate oversight of its outsourced functions in accordance with the COB rules and the Code of Corporate Governance. Further, mind, management and control within the Bailiwick must be demonstrated to satisfy the minimum criteria for licensing.

In addition, the Board failed to comply with the Code of Corporate Governance and the COB Rules requirements regarding the directors’ duties, performance evaluation and management of risk.

The Board failed to ensure that it had effective and appropriate policies, procedures and controls in place to enable the Board to meet its obligations under the POI Law and the rules, codes and principles.  The Principles of Conduct of Finance Business require a financial institution to organise and control its internal affairs in a responsible manner, keeping proper records and where the financial institution employs staff or is responsible for the conduct of finance business by others, should have adequate arrangements to ensure they are suitable, adequately trained and properly supervised and that it has well-defined compliance procedures. The Licensee failed to comply with all aspects of this principle.

Mr Phil

The Commission’s investigation identified that Mr Phil failed to consistently act with probity, competence, experience, soundness of judgement and diligence; and with the knowledge and understanding of his legal and professional obligations.

In his correspondence with the Commission, in August 2021 Mr Phil submitted a letter to it which had been addressed to him by a third party compliance service provider which he had materially altered (which he submitted on the headed paper of the third-party compliance provider – making it appear that that was the provider’s complete report).  The letter purportedly listed what deficiencies had been found by the compliance provider from its review of the Licensee’s business and the plan to mitigate the deficiencies which, Mr Phil stated, had been approved by the Board.  The version of the letter Mr Phil sent to the Commission only listed four of the significant deficiencies identified rather than the nine which had actually been found.

Mr Phil was unable to provide a satisfactory explanation as to why the letter failed to provide all of the deficiencies which had been identified, which had the effect of misleading the Commission.

 In addition, Mr Phil demonstrated a lack of competence, sound judgement and diligence in his failure to address the deficiencies he was aware of.  Despite being aware of the legal and regulatory framework in the Bailiwick and the obligations of his role as director and MLRO (in which role he lacked experience and training), Mr Phil did not ensure the Firm complied with the requirements. 

Aggravating factors

A significant proportion of the Firm’s customers, due to their geographical location and that of their source of funds, posed a high-risk of money-laundering. With such a high level of risk it was imperative that the Firm had effective and appropriate policies, procedures and controls to manage and mitigate these risks; the Firm did not have such controls in place.

The seriousness of the findings was exacerbated by the fact that the Firm, on several occasions, had the opportunity to remediate deficiencies through completing successive Risk Mitigation Programme Actions (“RMPs”) which the Commission has imposed on it. The RMPs were put in place to address fundamental issues with corporate governance and subsequently compliance failings. Although these issues were reported to the Commission to have been remediated, it remains evident from the longstanding breaches that the Firm was not effective in remediating these issues. Failings were found to have occurred from the time of take-on of business relationships, including not completing risk assessments and failing to undertake sufficient ECDD on high-risk business relationships and these were not remediated during periodic reviews.

Mitigating factors

The Firm voluntarily surrendered its licence and did not object to the Commission’s application to the Royal Court for the appointment of Administration Managers in July 2022.

The Licensee and Mr Phil agreed to settle at an early stage of the process and this has been taken into account by applying a discount in setting the financial penalties and the duration of Mr Phil’s prohibition.

End