Equity Trust (Jersey) Limited (Equity) fined £115,575.00
On 14 May 2020, the JFSC decided to impose a civil financial penalty of £115,575.00 on Equity under the Financial Services Commission (Financial Penalties) Order 2015.
Public Statement Equity Trust (Jersey) Limited (Equity) Issued: 1 June 2020
- On 14 May 2020, the JFSC decided to impose a civil financial penalty of £115,575.00 on Equity pursuant to the Financial Services Commission (Financial Penalties) Order 2015.
- Equity agreed to settle at an early stage of the process. Equity, therefore, qualified for a 50% (Stage One) discount under the JFSC’s Executive settlement procedures.
The JFSC considered it necessary and proportionate to impose a civil financial penalty, having concluded Equity negligently breached:
- Certain paragraphs of Principle 3 of the TCB Code: A registered person must organise and control its affairs effectively for the proper performance of its business activities and be able to demonstrate the existence of adequate risk management systems; and
- Paragraph 4.5 of the TCB Code: A registered person must supply a person to whom it provides a service with confirmation, in writing, of the services that it is providing as well as a contract, agreement or other written form setting out its general and specific terms associated with providing those services.
- In 2015 Equity commissioned a “regulatory health-check” in respect of its provision of trust company business services.
- As a result of its findings and those of a regulatory investigation also concluded in 2015 (the 2015 Investigation), Equity were required by the JFSC pursuant to a settlement agreement to undertake a comprehensive remediation exercise, covering 42 different areas (the 2015 Remediation).
- 2017 - In late 2017, an independent third party verified the 2015 Remediation.
- 2018 - Following a submission made by Equity in disclosing the report of the independent third party, the JFSC, in a letter to Equity dated 5 March 2018, confirmed the remediation required under the settlement agreement was materially complete.
- 2019 - Despite undergoing the 2015 Remediation and subsequent verification exercise, in February 2019 at the request of the board of directors of Equity (the Board), Equity undertook a review and informed the JFSC that it was making enhancements to its systems and controls.
- As a consequence, the current Board openly and candidly informed the JFSC that it had identified a number of issues relating to its compliance with the Regulatory and AML/CFT Regime.
- To assist in identifying the issues, the current Board had promptly secured the services of a regulatory consulting firm and instigated independent reviews.
- The findings of the reviews, which were voluntarily shared with the JFSC, confirmed serious instances of failings by Equity to comply with the Regulatory and AML/CFT Regime.
- Consequently, Equity commenced a further remediation exercise and retained the regulatory consulting firm to assist in addressing the issues identified and to further enhance Equity’s systems and controls.
- Although an internal remediation exercise had been initiated in July 2019, the JFSC required Equity to appoint an independent reporting professional (the Reporting Professional) to perform a review of a further sample of ten customer structures to assess Equity’s current compliance with the Regulatory and AML/CFT Regime and whether the issues identified were systemic.
SUMMARY OF FINDINGS
- In light of the findings of the Reporting Professional and the reviews instigated by Equity, the JFSC has concluded that following the completion of the 2015 Remediation, Equity failed to maintain adequate, risk-based systems and controls and corporate governance arrangements to mitigate the risk of money laundering and/or the financing of terrorism.
- In doing so, Equity breached certain paragraphs of Principle 3 of the TCB Code.
- Whilst the issues identified may be regarded as current, on occasion continuing to occur through to 2019 their origins are largely historic, and, in a number of instances can be traced back to books of business acquired by Equity over a period of years.
- Furthermore, the principal root cause of the issues identified is attributed to the 2015 Remediation being ineffective and lacking clarity, discipline and established governance principles.
- In consequence to these matters, deficiencies were identified with respect to, inter alia:
- Customer Profiles and Risk Assessments;
- Customer Due Diligence;
- Enhanced Customer Due Diligence;
- Politically Exposed Persons;
- On-Going Monitoring;
- Record-Keeping; and
- Equity’s Compliance Function
- The deficiencies are considered to be significant and material because they left the business open to the risk that it might be used to further financial crime which can undermine the integrity and stability of Jersey’s financial services industry.
USING THE JFSC NUMBERING FURTHER DETAILS CONCERNING THE IDENTIFIED DEFICIENCIES ARE DISCUSSED BELOW.
Customer Profiles and Risk Assessments
- 5 The AML/CFT Handbook states “A relevant person must prepare and record a customer business and risk profile”. Maintaining an up-to-date and accurate business risk profile is key to demonstrating effective on-going monitoring of a customer as required by the MLO.
- 6 The MLO requires that an assessment must be conducted of the risk that a business relationship or one-of transaction will involve money laundering, which must include obtaining appropriate information for assessing that risk. If a customer is not properly risk assessed, then the appropriate level of customer due diligence is unlikely to be conducted on that customer.
- Consequently, a registered person will be unaware of the risk that the customer presents to its business, and the risk of undetected financial crime is greater.
- 7 Prior to August 2017, Equity failed, on occasions, to maintain adequate customer profiles nor had it conducted satisfactory risk assessments in relation to certain of its customers.
- Equity sought to rectify this position by, as part of its wider remediation, creating a project team, who under the direction of the compliance team, generated retrospective customer profiles and risk assessments.
- It was identified, however, with respect to a number of customers reviewed, the customer profiles and risk assessments created were not sufficiently effective to satisfy the requirements of the Regulatory and AML/CFT Regime because:
- 7.1 Historic information had been used to compile the required customer profiles and risk assessments;
- 7.2 The information used was not sufficiently considered; and
- 7.3 There had been a lack of action taken where gaps in that information had been identified.
Customer Due Diligence
- 8 The AML/CFT Handbook states that customer due diligence (CDD) should be performed by way of a three-stage approach, namely
- obtain information;
- risk-assess; and
- obtain evidence according to its risk assessment of the customer.
- In addition, in order to understand the ownership and control structure (and determine the ultimate beneficial owners and/or controllers) and to make an informed risk assessment, information should be obtained in relation to all persons (natural and legal) in a customer structure.
- 9 In some cases it was found Equity had identified and obtained information and evidence on the entity directly above its customer for business and had then sought to obtain documentation on the ultimate beneficial owner, without obtaining sufficient information, on the entities between these ‘layers’ in the customer structure. For example,
- in an instance where a customer was a limited partnership, the information had not been sought on the limited partners on the basis of percentage holdings.
- It is clear, however, from the AML/CFT Handbook that irrespective of percentage holding, the information should be obtained on such parties in order to understand the ownership and control structure fully.
- 10 By failing to obtain sufficient information with respect to the legal or natural person in a business relationship,
- Equity would not have been able to sufficiently identify and assess any associated risks or accurately determine the true beneficial owners/controllers.
- This would have impeded Equity’s ability to manage its money laundering and terrorist financing risks effectively and establish a basis for monitoring customer activity and transactions.
- Since 2018, however, Equity has undertaken a ‘data validation’ project to identify all parties required for CDD measures.
Enhanced Customer Due Diligence
- 11 The MLO requires enhanced customer due diligence (EDD) to be carried out in any situation which presents a higher risk of money laundering. Equity’s policies and procedures additionally require it to carry out EDD in respect of all high risk customers.
- 12 It was identified in some instances Equity had not applied EDD in accordance with the requirements set out in the MLO.
- This included failing to obtain an independently corroborated source of funds and/or source of wealth information.
- In some respects, the same information was recorded for both source of funds and source of wealth without any documented rationale as to why they were considered the same.
- In addition, in one instance, it was also noted source of funds had not been established in relation to fees paid to Equity where another third party had paid Equity’s invoices.
- 13 In failing to conduct adequate EDD on its high risk customers there was an increased risk financial crime and money laundering might occur. It is noted, however, Equity have commenced a remediation exercise to address outstanding EDD.
3.14 The MLO requires on-going monitoring of a business relationship, to ensure transactions are consistent with the customer’s business and risk profile, and that documents, data or information is kept up-to-date and relevant. Periodic reviews assist a registered person in demonstrating compliance with this requirement.
- 15 The AML/CFT Handbook states enhanced on-going monitoring may be demonstrated with regard to a high risk customer when “it reviews the business relationship on an annual basis…”.
- In this regard, Equity’s policies and procedures require that its high risk customers be subject to an annual periodic review.
- 16 It was identified that due to the way Equity had risk-rated its customers, rating a significant number of its customers as high-risk, Equity was unable to operate an effective risk-based approach to undertaking its periodic reviews.
- This led to sporadic annual reviews taking place and not always on an annual basis.
- This increased the risk that Equity did not sufficiently understand the customer, its business or risk profile.
- 17 There was a noted absence of screening on the customer files reviewed by the Reporting Professional and in some cases it was identified that screening had been carried out solely on the customer for business, rather than the entire business relationship; to include underlying trading entities or ultimate beneficial owners and third parties.
- 18 Equity’s failure to reassess CDD and perform adequate on-going monitoring in a timely manner and in accordance with its own policies and procedures, left it under-informed of money laundering and/or terrorist financing risk.
Politically Exposed Persons
- 19 The risk of handling the proceeds of corruption, or becoming engaged in an arrangement that is designed to facilitate corruption, is greatly increased where the arrangement involves a politically exposed person (PEP).
- Where the PEP also has connections to countries or business sectors where corruption is widespread, the risk is further increased.
- 20 To this end, the MLO requires policies and procedures to be maintained in order to determine whether, inter alia, a beneficial owner of a customer is a PEP.
- Furthermore, where a PEP connection is present, EDD must be conducted.
- Equity’s policy and procedure relating to PEPs was clear with regards to the documentation required for EDD purposes to include the provision of external due diligence reports.
- 21 However, Equity did not consistently apply this policy leading to inadequate oversight of PEP relationships in terms of monitoring and screening. This led to instances whereby Equity failed to obtain the required EDD.
- Furthermore, a historic lack of oversight generally of its customers with regards to screening (as detailed above) resulted in instances whereby Equity failed, on a timely basis, to identify customers as PEPs.
- 22 The MLO requires that in relation to evidence of a customer’s identity copies, or references to the evidence of the customer’s identity obtained during the CDD process, must be kept. In addition, the AML/CFT Handbook states that record-keeping is “essential to facilitate effective supervision, allowing the Commission to supervise compliance by relevant persons with statutory requirements and AML/CFT Codes.”
- 23 Maintaining records is also a requirement of the TCB Code and requires adequate, orderly and up-to-date records. Effective record-keeping ensures that a true representation of the management and administration of customers can be demonstrated.
- 24 In this regard, it was found that Equity was unable to demonstrate adequate record-keeping due to, inter alia:
- 24.1 A failure in obtaining up-to-date and relevant documentation to evidence and verify the identity of its customers;
- 24.2 An absence of source of funds information;
- 24.3 An absence of customer financial statements;
- 24.4 An absence of key documentation with regards to customer structures to include, but not limited to, declarations of trust and property documents relating to the sale of a customer asset; and
- 24.5 An absence of minutes of customer entities principally because such meetings had not been held.
- 25 The failures and omissions identified above meant that Equity was unable to evidence its compliance with the requirement of the Regulatory and AML/CFT Regime with the result that it may have been exposed to an increased risk of being used to facilitate financial crime.
Equity’s Compliance Function
- 26 The TCB Code requires a business to operate a compliance function that, inter alia, has appropriate independence, is able to devote sufficient time and has sufficient resources to effectively discharge the responsibilities of the function, including the implementation of the compliance policy.
- 27 It was identified Equity’s former compliance officer also served as a director on the board of a number of Equity’s corporate director companies, which were, in turn, appointed as directors to a number of customer entities reviewed by the Reporting Professional.
- In this regard, it was noted this individual would represent the corporate director during board meetings of the customer entity and sign documentation on the customer’s behalf.
- 28 The customer-facing role adopted by the compliance function led to a lack of definition and discipline in respect of Equity’s ‘three lines of defence’ with the second line of defence being eroded to a significant effect.
- Equity, therefore, failed to operate an independent compliance function that had sufficient time and resources to sufficiently discharge its functions.
- 29 In addition to the above, in some instances Equity also failed to, inter alia:
- 29.1 Prepare customer financial statements on a timely basis and in accordance with its policies and procedures and Principle 3 of the TCB Code;
- 29.2 Maintain and test adherence to, policies and procedures covering the operation of the business as required by Principle 3 of the TCB Code;
- 29.3 Ensure that all transactions or decisions made with respect to its customers were appropriately authorised by persons with the requisite knowledge and experience to effect such transactions or make such decisions, in breach of Principle 3 of the TCB Code; and
- 29.4 Have in place, execute or put in place on a timely basis, service agreements with its customers, in breach of Principle 4 of the TCB Code.
4 Aggravating Factors
- Equity’s regulatory compliance record.
- The 2015 Investigation and “regulatory health-check” identified serious weaknesses in Equity’s systems and controls, to include those relating to AML/CFT. Such matters gave rise to Equity undertaking a significant remediation exercise. Equity was accordingly aware of the importance of implementing and maintaining robust AML/CFT systems and controls.
- Instances were identified whereby Equity failed to comply with its own policies and procedures aimed at reducing the risk of financial crime.
- The JFSC has published guidance on the steps registered persons can take to reduce their financial crime risk.
- This includes the AML/CFT Handbook which details written guidance on AML/CFT controls, compliance with the legal requirements of the POC(J)L and MLO and evolving practice within Jersey’s financial services industry.
- Despite having access to such published guidance, Equity failed, on several occasions, to comply with elements of the AML/CFT Handbook, therefore, increasing its financial crime risk.
- Equity’s lack of independence of its compliance function, allowing its compliance officer to hold customer-facing roles.