GFSC FINE £210K a firm & director for being a front for Russian operations

Summary and Analysis of Guernsey Financial Services Commission Enforcement Action Against ITI Trade LTD. and Mr. Alex Phil

On July 18, 2025, the GFSC imposed:

• £175,000 fine on the firm;
• £35,000 fine on Mr. Phil;
• 2-year-10-month prohibition on Mr. Phil from supervised roles and disapplication of fiduciary exemptions; and
• Public statement.

The firm was essentially a front for Russian operations, lacking equivalent standards to those in Guernsey, resulting in widespread regulatory breaches.

Summary

1. ITI Trade LTD., a Guernsey-licensed investment firm incorporated in 2014, provided execution-only and prime brokerage services primarily to high-net-worth individuals and institutional investors from high-risk jurisdictions, outsourcing most operations—including customer onboarding, monitoring, and relationship management—to its Russian sister company.
2. The firm had minimal direct customer contact and relied heavily on external service providers for compliance and administration.
3. Mr. Alex Phil (formerly Alexei Filatov) served as a director from incorporation and intermittently as Money Laundering Reporting Officer (MLRO).
4. Following an investigation starting in September 2022—triggered by the firm's license suspension and appointment of administration managers in June/July 2022—the Guernsey Financial Services Commission (GFSC) found systemic failures in anti-money laundering/countering the financing of terrorism (AML/CFT), customer due diligence (CDD), enhanced CDD (ECDD), risk assessments, transaction monitoring, and corporate governance.
5. These breaches violated multiple laws and rules, including the Protection of Investors Law (POI Law), Schedule 3 to the Criminal Justice (Proceeds of Crime) Law, the Handbook on Countering Financial Crime, Conduct of Business (COB) Rules, and the Code of Corporate Governance.

Key findings included:

1. Inadequate relationship risk assessments, ignoring high-risk factors like customer jurisdictions and adverse media.
2. Failure to identify beneficial owners or verify identities, especially for clients of the Russian sister company (which represented over 75% of assets under management, involving 108 unknown individuals).
3. Non-compliance with CDD/ECDD requirements, leading to deficient customer files and unaddressed sources of funds/wealth.
4. Missed identification of politically exposed persons (PEPs) and lack of transaction monitoring.
5. Poor oversight of outsourced functions, allowing substandard Russian practices (e.g., inadequate sanctions screening) to persist.
6. Corporate governance lapses, such as ineffective board oversight, unremediated deficiencies despite multiple Risk Mitigation Programmes (RMPs), and misleading communications to the GFSC by Mr. Phil (who altered a compliance report).

Aggravating factors: High-risk customer base, repeated remediation failures, and a 440% surge in assets under management post-Russia's 2022 Ukraine invasion without scrutiny.

Mitigating factors: Voluntary license surrender and early settlement.

Analysis: Lessons Learned and How to Avoid Similar Mistakes

1. This case highlights the perils of over-reliance on outsourcing in high-risk financial services, particularly when involving jurisdictions with differing regulatory standards.
2. It underscores the importance of robust internal controls, genuine local oversight, and proactive compliance in licensed entities.

Below, I outline key lessons learned, followed by practical strategies to avoid these pitfalls, aimed at financial professionals, boards, and regulators.

Lessons Learned

1. Outsourcing Does Not Absolve Responsibility: The firm's heavy dependence on its Russian sister company for core functions like onboarding and monitoring created blind spots, allowing non-compliant practices to flourish. This led to unknown beneficial owners, unscreened clients, and unmitigated risks, emphasizing that licensees retain ultimate accountability for outsourced activities.
2. High-Risk Profiles Demand Heightened Vigilance: With a customer base dominated by high-risk jurisdictions and structures (e.g., Scottish Limited Partnerships prone to abuse), the firm ignored red flags like adverse media and PEP connections. The post-2022 asset surge amid geopolitical events (Russia-Ukraine conflict) went unscrutinised, illustrating how external events can amplify risks if not monitored.
3. Governance and Board Oversight Are Critical: The board's failure to define roles, monitor outsourcers, or remediate issues despite multiple RMPs showed a lack of collective accountability. Mr. Phil's misleading report to the GFSC further eroded trust, demonstrating that individual lapses can compound firm-wide failures.
4. Compliance Must Be Ongoing and Substantive: Initial and periodic risk assessments, CDD/ECDD, and transaction monitoring were absent or superficial. Remediation efforts were reported as complete but proved inadequate, leading to prolonged non-compliance and extended administration (over 18 months for file fixes).
5. Regulatory Communication Requires Integrity: Altering reports to downplay deficiencies misled regulators, aggravating penalties and highlighting the personal consequences (e.g., prohibitions) for directors who lack probity or competence.
6. Geopolitical and Jurisdictional Risks Evolve: Operating across borders exposed the firm to mismatched standards (e.g., Russian CDD not meeting Guernsey levels), worsened by events like sanctions post-Ukraine invasion, showing the need for adaptive risk management.

How to Avoid These Mistakes

To prevent similar issues, firms should adopt a proactive, layered approach to compliance and governance. Here's a structured guide:

1. Strengthen Outsourcing Oversight:
• Conduct thorough due diligence on service providers before outsourcing, including assessing their AML/CFT policies against local standards. Require contractual clauses for regular audits, reporting, and alignment with your jurisdiction's requirements.
• Implement independent monitoring: Appoint internal overseers or third-party auditors to review outsourced functions quarterly. Use service level agreements (SLAs) with key performance indicators (KPIs) for compliance metrics.
• Avoid over-reliance: Retain core in-house capabilities, like direct access to customer data and transaction systems, to ensure visibility.
2. Enhance Risk Assessment and Due Diligence Processes:
• Mandate comprehensive, documented risk assessments for every relationship, incorporating factors like jurisdiction, PEP status, adverse media, and complex structures (e.g., flag Scottish LPs for extra scrutiny). Review high-risk ones annually and others biennially.
• For CDD/ECDD: Use automated tools for identity verification and sanctions screening, but supplement with manual reviews for high-risk cases. Always verify sources of funds/wealth with independent evidence (e.g., bank statements, tax returns).
• For correspondent relationships: Apply ECDD rigorously, including evaluating the partner's controls, and never assume exemptions without verification.
3. Bolster Corporate Governance and Board Practices:
• Ensure boards have diverse expertise, including AML/CFT specialists. Conduct annual self-evaluations and training on regulatory obligations.
• Establish clear policies: Develop and annually review an AML/CFT manual, compliance monitoring program, and escalation protocols. Document all board discussions, especially on risk events like asset surges.
• Foster accountability: Define roles explicitly (e.g., MLRO responsibilities) and tie performance to compliance outcomes via incentives or penalties.
4. Improve Monitoring and Remediation:
• Deploy real-time transaction monitoring systems with alerts for anomalies (e.g., volume spikes). Integrate geopolitical risk tracking (e.g., via news feeds) into reviews.
• Treat remediation as ongoing: After RMPs or audits, verify fixes through independent testing before closing issues. Set internal deadlines stricter than regulatory ones (e.g., complete high-risk reviews by mid-year).
• Build a compliance culture: Train staff regularly and encourage whistleblowing without fear.
5. Maintain Transparent Regulatory Engagement:
• Submit accurate, complete reports—double-check for omissions. If issues arise, disclose them promptly with remediation plans.
• For directors: Pursue continuous professional development in ethics and regulations to build competence and judgment.
6. Adapt to External Risks:
• Conduct scenario planning for geopolitical events (e.g., sanctions simulations). Diversify customer bases to reduce high-risk concentration.
• Engage external experts: Periodically hire consultants for mock regulatory inspections to identify gaps early.

By embedding these practices, firms can mitigate risks, demonstrate genuine mind and management in their jurisdiction, and avoid the severe financial, reputational, and operational consequences seen here.

Regulators, in turn, should enforce stricter outsourcing guidelines and earlier interventions for high-risk models.

Source

https://www.gfsc.gg/news/iti-trade-ltd-administration-management-and-mr-alex-phil