AML FAILS @ Standard Chartered Trust (Guernsey) Limited & FINED £140,000
On 4th June 2020, the Guernsey Financial Services Commission ("the Commission") decided:
- To impose a ﬁnancial penalty of £140,000 under section 11D of the Financial Services Commission Law on the Licensee; and
- To make this public statement under section 11C of the Financial Services Commission Law.
The Commission considered it reasonable, proportionate and necessary to make these decisions having concluded that the Licensee failed to fulﬁl the minimum criteria for licensing ("MCL"), under Schedule 1 of the Fiduciaries Law, which set out the minimum criteria under this Law.
- In 1991, the Licensee was established in Guernsey to undertake ﬁduciary activities under a full ﬁduciary licence.
- The Licensee's primary business was the establishment and full administration of trust and managed company structures.
- These services included the establishment and management of corporate structures, the provision of registered ofﬁce, directors, secretary, trustees and nominee shareholders and estate planning.
The majority of the Licensee's clients were high-risk.
- The Licensee is a subsidiary of Standard Chartered PLC, which is the principal holding company for the Standard Chartered group of companies ("Group").
- The other Group companies relevant to this public statement are Company A and Standard Chartered Trust (Singapore) Limited ("SCTS")'.
- Between September and December 2012, Group Internal Audit carried out an assessment of the Licensee and highlighted a number of serious issues, inter alia: the compliance function required strengthening and there were deﬁciencies in the periodic review process.
- The Commission undertook a full risk assessment ("FRA") of the Licensee between 13 and 16 May 2014.
- During this assessment, the Commission noted that the Licensee had already embarked on a risk mitigation plan, involving ten work-streams regarding areas of the business requiring remediation, one of which was to remediate a number of outstanding client risk assessments.
- The Commission followed up the May 2014 FRA with an engagement visit on 15th December 2015.
- The Commission noted at this time that whilst some progress had been made with the Licensee's ten-point remediation plan, the Commission still had concerns that the Licensee had an over-reliance on manual processes, and that there was an ongoing ﬁnancial crime risk associated with the ever increasing amount of action points arising from the ongoing client risk assessment project.
The Commission imposed two risk mitigation plans on the Licensee in an effort to address the aforementioned issues.
- In July 2016, the Licensee informed the Commission that it was intending to close down over the next twelve months and all clients would be transferred either to SCTS, or to another Guernsey service provider.
- The Commission considered it necessary to impose, and SCTG agreed to, a number of licence conditions with the Licensee, in order to, amongst other things, ensure that ﬁnancial crime risks would be appropriately managed during the wind down period.
- One of these licence conditions required the Licensee to appoint an external company to undertake an independent assessment of the Licensee's client ﬁles. This company (the "Compliance Company") was appointed in October 2016.
- The Commission undertook a further FRA between 12 and 20 December 2016, during which serious issues were identiﬁed with, inter alia, ﬁnancial crime control failings regarding client ﬁles. The Commission's Enforcement Division's investigation into the Licensee commenced in May 2017.
- On 19th May 2020, the Royal Court of Guernsey appointed joint Liquidators to the Licensee for the purpose of winding up the Firm.
- The block transfer of business to the Licensee from another jurisdiction without the appropriate skill or consideration
- In December 2012, a decision was made by Group to close Company A and transfer a proportion of Company A's clients to the Licensee.
- The Commission expects a licensee to act appropriately when taking on a block of business from another jurisdiction, ensuring as far as possible that this new business will adhere to the high standards expected with regards to ﬁnancial crime regulations. This guidance was detailed in the Handbook in force at the time, guidance note 150 refers.
- Whilst taking on new clients the Commission also expects that a licensee ensures:
- (i) it takes responsibility for the key policy of on-boarding clients;
- (ii) any group on-boarding policy is speciﬁc to the Firm's legal and regulatory requirements; and
- (iii) it can identify and manage any potential risks these new clients may pose to the Firm by having a sound system of internal controls, as required by Guidance 2.3, 4.2 and 4.4 of the Code of Corporate Governance.
Inadequate controls to manage risk
- The Licensee at the time of the transfer was under-resourced and had existing issues with its compliance function.
- The Licensee subsequently failed to act appropriately when taking on this block of business, most notably by:
- Bypassing its normal client take on procedure, and replacing it on the suggestion of Group with a new procedure, with the Licensee instructing employees to take on the business as quickly as possible, without the involvement of the ﬁrm's Compliance function and forgoing any review of these high-risk clients until 12 months after they had been on-boarded.
- The Commission found that
- The Licensee failed to take responsibility for its on-boarding policy, without adequate consideration as to whether Group policy was suitable for Guernsey regulatory environment,
- breaching Guidance 2.3 and 4.2 of the Code of Corporate Governance;
- Taking on the new clients without any adequate assessment that Company A's client due diligence policies, procedures and controls were appropriate for it to rely on the due diligence records held by Company A,
- contrary to guidance in paragraph 150 of the Handbook.
- Suspending for several months an internal compliance monitoring programme, which was a key control process that could have identiﬁed regulatory breaches as soon as the clients were on-boarded, thus
- breaching Guidance 4.4 of the Code of Corporate Governance.
- The Licensee failed to take responsibility for its on-boarding policy, without adequate consideration as to whether Group policy was suitable for Guernsey regulatory environment,
Regulatory breaches subsequently identiﬁed post transfer
- A licensee is expected, at all times, to comply with the requirements of the Regulations, including, ensuring it knows its customers and applies appropriate controls to monitor these relationships so any suspicious behaviour can be identiﬁed.
- Regulation 4 relates to Customer Due Diligence. This stipulates that a ﬁnancial services business shall identify and verify its customers using identiﬁcation data.
- Regulation 5 relates to Enhanced Due Diligence ("EDD"). This stipulates what EDD measures should be undertaken in respect of business relationships and occasional transactions, which are identiﬁed as high risk. These measures include carrying out more frequent and more extensive ongoing monitoring and taking steps to understand source of wealth and source of funds ("SOW/SOF").
- Regulation 11 relates to ongoing effective monitoring. This stipulates that a ﬁnancial service business shall perform ongoing effective monitoring of its business relationships; ensuring that the extent and frequency that it is carried out considers whether the relationship is high-risk.
- The licensee must also comply with Principle 5 of the Code of Corporate Governance that requires the Board of a licensee to provide suitable oversight of risk management.
- Between January and March 2014, the Licensee began to identify serious issues with the clients transferred from Company A and put in place a remediation plan, which although it was envisaged would take 6 months to complete, in reality took over 3 years to complete.
- During the course of this remediation, the Licensee discovered potential breaches of the Regulations with over 97% of the client ﬁles received from Company A.
THE FOLLOWING EXAMPLES ARE REPRESENTATIVE OF SOME OF THE SERIOUS ISSUES IDENTIFIED:
Client File Example 1 - Failure to identify and corroborate source of wealth for a high-risk client
- The Licensee was unable to corroborate earnings of USD400k per annum for a high-risk client, ("Client A"), allegedly obtained from employment with a company involved in diamond processing, a high-risk activity.
- Client A (who was the Settlor of the trust) was unwilling to disclose the ultimate source of assets within the structure, resulting in the Licensee's realisation in 2018 (some 5 years after on-boarding the client) that the assets may have been, derived from the proceeds of crime.
- The Licensee also concluded that Client A may have been acting as a nominee for another party and may not have been the true beneﬁcial owner of the assets held within the structure.
- The Commission found the Licensee to have breached Regulations 4, 5 and 11.
Client File Example 2 - Ineffective controls to manage Politically Exposed Person ("PEP") risks
- A high-risk client, ("Client B"), who was the brother of a high-risk country's current President and a son of its former President was identiﬁed to the Licensee as a PEP in August 2013, but failed to be included in the Licensee's PEP Register until August 2015, some 2 years after being notiﬁed.
- The failure to maintain the PEP Register, an internal control to manage risk and provide oversight of risk management of high-risk clients, whilst also ensuring that its PEP relationships were kept under continuous effective senior management review, was
- A breach of Guidance 4.4 and Principle 5 of the Code of Corporate Governance and Regulation 5.
- The transfer and/or termination of USD 1.4 billion in client assets - the risks this posed to the Licensee and the Bailiwick
- Between late October 2015 and early December 2015, the Licensee suddenly started to receive instructions from clients to transfer to SCTS or terminate a total of 53 client structures.
- These requests amounted to USD 1.4 billion of assets under the Licensee's management and predominantly originated from its clients resident in one country, Indonesia, and represented approximately 40% of the Firm's overall business from Indonesia at that time.
- The Commission notes that the Licensee would eventually raise concerns that every transfer/termination
- Represented the real risk of being linked to potential tax evasion and over USD 265 million of the USD 1.4 billion transferred/terminated, would subsequently be identiﬁed as participating in a tax amnesty in Indonesia.
- The Commission expects that a licensee should ensure that signiﬁcant events affecting a clients' whose assets it controls, such as a tax amnesty, are:
- (i) fully understood;
- (ii) managed with the utmost prudence and professional skill; and
- (iii) mitigated as far as possible and would not bring the Bailiwick into disrepute as an international ﬁnance centre.
- The Commission found that none of these expectations were met and the Licensee therefore failed to meet the requirements of the MCL.
FAILURE TO ADEQUATELY ADDRESS INITIAL RED FLAGS
- During late October 2015, prior to the transfers/terminations, the Licensee became aware of numerous red ﬂags being raised by its employees surrounding the rationale for the transfer/termination requests. These included:
- Employee suspicions that the requests were being driven by the impending introduction of an international tax reporting standard, designed to limit the opportunity for foreign clients to circumvent paying taxes in their home country.
- This standard was due to be introduced in the Bailiwick ahead of being introduced in SCTS's jurisdiction.
- In simple terms, employees feared that clients from Indonesia wishing to transfer to SCTS may have been attempting to avoid tax, or at least delay having to declare their assets; and
- Employee suspicions that due to the fact that some rationales for transfer/terminations were being given which were undoubtedly implausible, (in some cases there was no rationale whatsoever), coupled with the undue haste with which clients wanted to transfer, meant that the real reason for transfer/terminations was for some other reason which the client did not want to declare.
- Whilst these concerns were discussed and considered by the Licensee, this did not lead to identifying any underlying motive for the requests, the development of an effective plan to mitigate these potential serious risks, or any slowing in the Licensee's intention to transfer these clients as quickly as possible.
- The Commission
- Was extremely concerned that the Licensee failed to adequately consider whether its clients' had potentially evaded taxes in Indonesia and therefore the funds it controlled represented the proceeds of crime.
- The Commission
- Found that the Licensee did not meet the requirements of the MCL, by showing a serious lack of prudence and professional skill when considering the ﬁnancial crime concerns raised by its employees.
INADEQUATE CONTROLS TO MANAGE THE RISK OF TRANSFERRING CLIENTS WHOSE RATIONALE FOR TRANSFER WERE UNCLEAR
- The Commission expects that when problems arise with clients, in particular, where there is a suspicion of potential wrongdoing on the part of the client, a licensee will deal with the problem in an effective and expeditious manner, employing appropriate methods, including disclosing any suspicious activity, and not simply pass any problems on to another jurisdiction.
- Failing to deal with serious client issues, exposes the Bailiwick to the risk of reputational damage.
- However, despite the numerous red ﬂags already raised regarding the transfer of clients to SCTS, the Licensee then engaged in an unbalanced process to expedite the transfers to SCTS.
- The Commission found that
- This unbalanced process demonstrated that the Licensee failed to maintain effective internal control to manage the risk of transferring the clients to SCTS and therefore
- Breached Guidance 4.4 of the Code of Corporate Governance.
FAILURE TO CORROBORATE CLIENTS' SOW/SOF TO THE VALUE OF USD 1.1 BILLION
- Whilst the Commission's investigation into the Licensee regarding the transfer of business from Company A to the Licensee, and from the Licensee to SCTS, uncovered speciﬁc failings; the examination by the Licensee and the Compliance Company of the whole client base, identiﬁed further systemic failings.
- The Commission expects a licensee to establish and understand the SOW/SOF of its high risk clients to satisfy itself that the funds did not originate from criminal activity.
- As part of its remediation of its whole client base, the Licensee and the Compliance Company identiﬁed that the SOW/SOF for USD 1.1 billion of assets under the Licensee's management, was not corroborated to a satisfactory standard reﬂective of the risks within these relationships.
CLIENT EXAMPLE 1
- A high-risk client ("Client C") was a prominent business owner and Politically Exposed Person with an estimated wealth of over USD 270 million.
- Client C had been a client since 2006. However, despite having knowledge in 2014 identifying eleven links to adverse news on the client in relation to, amongst other things, fraud, money laundering and alleged corruption, the Licensee decided in 2015 to retain the business.
- Between February and May 2019 there were numerous emails concerning adverse media relating to a natural resources fraud involving the client.
- On 12th December 2019, the Firm concluded that the client may have beneﬁtted from criminal conduct and accepted it could not corroborate Client C's source of wealth.
CLIENT EXAMPLE 2
- A high-risk client, ("Client D") was involved in the merchandising of diamonds and jewellery, and had a reported wealth of over USD 230 million. The Licensee was unable to corroborate, amongst other things:
- Client D's claim that he drew a salary of USD 500k per annum; and
- Client D's reported wealth.
- In October 2018, the Firm concluded that all efforts to corroborate SOW had been exhausted due to a refusal by Client D to provide any further corroborating documentation.
CLIENT EXAMPLE 3
- A high-risk client ("Client E"), who had PEP connections, was a client of the Licensee since 2011 and had settled over USD 690 million into a trust established by the Licensee.
- In 2018, the Licensee concluded that commercial activities within the trust structure were inconsistent with the rationale provided at the time of its establishment; this included a payment of over USD 50 million made from the trust to a holding company based in a different jurisdiction, which was owned by Client E.
CLIENT EXAMPLE 4
- A high-risk client ("Client F") was a client of the Licensee since 2011, with an estimated wealth of over USD 16 million.
- Between 2012 and 2015, Client F settled over USD 4 million into a trust established by the Licensee.
- Between 2012 and 2017 over USD 2 million was distributed from this trust to its beneﬁciaries, which included Client F.
- In October 2018, the Licensee accepted that the ﬁnancial documentation received by the Licensee showed that Client F was never able to accumulate sufﬁcient income over the years to settle over USD 4 million into the trust and concluded Client F's source of wealth could not be corroborated.
- The Licensee was found to have breached Regulations 5 and 11 as it was unable to satisfactorily ensure it knew the origins of USD 1.1 billion of assets that it managed.
FAILURE TO KEEP ADEQUATE RECORDS
- Regulation 14 stipulates that a ﬁnancial service business must keep a transaction document and any due diligence information.
- Principles 2 and 9 of the Principles, stipulate that a licensee should act with skill and diligence towards its customers and should organise and control its internal affairs in a responsible manner, keeping proper records.
- The Licensee was found to have breached Regulation 14 and Principles 2 and 9 as it failed to:
- Implement in a timely manner a software solution to remedy the Licensee's inability to effectively maintain a complete contemporary record of millions of USD's worth of transactions;
- Automatically archive the emails of all employees prior to August 2016; and
- Have a procedure in place to archive messages sent through a real-time communications system.
FAILURE TO IDENTIFY SUSPICIOUS ACTIVITY
- A licensee must, as required by Regulation 12(f), ensure it establishes and maintains such other appropriate and effective procedures and controls as are necessary to ensure compliance with the requirements to make disclosures.
- Between 1st July 2016 and 30th June 2017, a very signiﬁcant increase in the number of disclosures were made compared to the period between 1st July 2015 to June 2016. As these disclosures involved predominantly clients who had been with the Licensee prior to 2015, the Commission concludes that the Licensee's policies and procedures before July 2016 for identifying suspicious activity were inadequate, thus breaching Regulation 12(f).
- Failure to ensure that appropriate and effective policies, procedures and controls were in place to mitigate ﬁnancial crime risks across the Licensee's client base
- Regulation 15 relates to ensuring compliance with the Regulations.
- This stipulates that a ﬁnancial services business must establish such other policies, procedures and controls as may be appropriate and effective for the purpose of forestalling, preventing and detecting money laundering and terrorist ﬁnancing.
- The Licensee was found to have breached Regulation 15 as it had ineffective procedures when it:
- (i) took on the clients from Company A;
- (ii) transferred the clients to SCTS;
- (iii) inadequately monitored its PEP clients;
- (iv) failed to promptly submit reports on suspicious activities; and
- (v) kept insufﬁcient business records.
- The contraventions and non-fulﬁlments of the Licensee in this case are serious in nature.
- In particular the Commission was extremely concerned to ﬁnd that the Licensee had:
- Managed USD 1.1 billion of client assets where the SOW/SOF was uncorroborated;
- Transferred USD 1.4 billion of assets to another jurisdiction when there was concern regarding potential tax evasion, with USD 265 million of these funds subsequently being declared in a tax amnesty;
- Given insufﬁcient regard to whether any of its clients' funds had evaded taxes and were the proceeds of crime; and
- Such were the magnitude of systemic and serious failings that it took over 3 years to remediate their client base.
- The contraventions exposed the Licensee and the Bailiwick to a signiﬁcant risk of ﬁnancial crime and reputational damage.
- The Licensee and Group embarked upon their own investigation when regulatory breaches were identiﬁed with the clients that had transferred to SCTS.
- The vast majority of failings originated prior to September 2016 and the Licensee has conducted a substantial remediation of its entire client base since this date.
- No evidence has been seen by the Commission to indicate that the Licensee's failings were purposeful or malicious.
- At all times the Licensee co-operated fully with the Commission.
- The Licensee agreed to settle at an early stage of the process and this has been taken into account by applying a discount in setting the ﬁnancial penalties and prohibitions.
- 'On 19th March 2018, The Monetary Authority of Singapore published a public statement in regards to SCTS's regulatory failings, in relation to clients it had received from the Licensee.
23rd April 2021
General Fiduciary Financial Crime Public Statements
The Financial Services Commission (Bailiwick of Guernsey) Law, 1987 ("the Financial Services Commission Law");
The Regulation of Fiduciaries, Administration Businesses and Company Directors, etc. (Bailiwick of Guernsey) Law, 2000 (the "Fiduciaries Law");
The Disclosure (Bailiwick of Guernsey) Law, 2007 (the "Disclosure Law").
The Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) Regulations, 2007 as amended ("the Regulations").
The Handbook for Financial Services Businesses on Countering Financial Crime and Terrorist Financing ("the Handbook").
The Principles of Conduct of Finance Business (the "Principles").
The Principles of the Code of Corporate Governance (the "Code of Corporate Governance").
Standard Chartered Trust (Guernsey) Limited (in liquidation), (the "Licensee" or the "Firm").