Societe Generale Jersey - JFSC public statement and fine £510,599.67 + £155,476.54 + £53,375.00

JFSC Hambros public statement and fine https://www.jerseyfsc.org/news-and-events/sgkh-entities/ - also shown below

Action

1.1 The Jersey Financial Services Commission (JFSC) issues this public statement pursuant to Article 25(ba) of the FS(J)L and Article 48(2)(b) of the BB(J)L.

1.2 On 12 February 2021 the JFSC decided to impose the civil financial penalties identified below, pursuant to the Financial Services Commission (Financial Penalties) Order 2015:

• 2.1 £510,599.67 to SGKH Bank;

• 2.2 £155,476.54 to SGKH Trust; and

• 2.3 £53,375.00 to SGKH Corporate.

1.3 The JFSC considered it necessary and proportionate to impose the civil financial penalties, having concluded the SGKH Entities negligently breached:

• Certain paragraphs of Principle 3 of the Codes: A Registered Person must organise and control its affairs effectively for the proper performance of its business activities and be able to demonstrate the existence of adequate risk management systems; and

• Certain paragraphs of Principle 6 of the Codes: A Registered Person must deal with the JFSC in an open and co-operative manner.

1.4 The SGKH Entities agreed to settle at an early stage of the process. The SGKH Entities therefore qualified for a 50% (Stage One) under the JFSC’s settlement procedure. Were it not for this discount, the SGKH Entities may have been liable to civil financial penalties of approximately £1,021,199.33, £310,953.08 and £106,750.00, respectively.

1.5 The JFSC’s actions are in line with its guiding principle to protect and enhance the reputation and integrity of Jersey in financial and commercial matters.

Background

2.1 The SGKH Entities form part of the Societe Generale Group (SG Group), a French regulated banking group and are part of a smaller sub-group, headed by SG Kleinwort Hambros Bank Limited (KH UK), a UK regulated bank. The SGKH Entities are between them registered with the JFSC in the conduct of regulated business to include, inter alia, deposit-taking business, fund services business, trust company business and investment business.

2.2 The SGKH Entities are served by one compliance function (the Compliance Function) based in the Channel Islands operating under the same compliance arrangements and which is supported by other parts of the KH UK and SG Group compliance functions.

2.3 From October 2017, the JFSC was engaged with the SGKH Entities over concerns as to the adequacy of resourcing within the Compliance Function and the impact of such on compliance arrangements, including Compliance Monitoring. Consequently, an on-site examination of the SGKH Entities was undertaken in May 2019 (the On-Site Examination) to assess the Compliance Function and associated compliance arrangements from 1 January 2018 to the date of the On-Site Examination (the Relevant Period).

Summary of Findings

3.1 From the findings of the On-Site Examination, the JFSC has concluded the SGKH Entities, during the Relevant Period, failed to demonstrate they had adequate risk management systems in place, breaching certain paragraphs of Principle 3 of the Codes.

3.2 The JFSC has also concluded that during the Relevant Period, the SGKH Entities failed to notify the JFSC in writing as soon as they became aware of certain matters which required notification, breaching certain paragraphs of Principle 6 of the Codes.

3.3 The SGKH Entities’ failures outlined in paragraphs 3.5 to 3.36 below are considered to be significant and material because it left them under-informed of Compliance Risk[2]and whether they were operating robust systems and controls to, inter alia, mitigate against money laundering and the financing of terrorism (ML/TF). Consequently, the SGKH Entities’ conduct increased the risk of failing to identify financial crime, which is of concern given such activity can undermine the integrity and stability of Jersey’s financial services industry.

3.4 Common failings amongst each of the SGKH Entities were identified with respect to, inter alia:

Board Oversight

3.5 The Codes require the business and affairs of Registered Persons to be adequately monitored and controlled at Senior Management and/or Board level. This includes keeping adequate, orderly and up-to-date records of Board and management minutes.

3.6 The AML/CFT Handbook requires that boards must assess both the effectiveness of and compliance with systems and controls (including policies and procedures) and take prompt action necessary to address any deficiencies. Boards must also consider what barriers (including cultural) exist to prevent the operation of effective systems and controls (including policies and procedures) to counter ML/TF and must take effective measures to address them.

3.7 A review of 2018 board minutes identified, in some cases that, whilst certain matters had been discussed, insufficient detail was recorded evidencing that significant matters were discussed in any detail. Examples included the:

• Review of the SGKH Entities’ AML/CFT Business Risk Assessments (AML/CFT BRAs);

• Determination of the Compliance Monitoring Programme (CMP), its status, monitoring activity performed, results of testing and remedial action;

• Consideration of compliance resourcing concerns raised by the Compliance Function; and

• Consideration of or explanation for the lack of adequate progress made in relation to a number of requirements and/or actions raised by the Compliance Function.

3.8 The JFSC would expect robust discussion of significant compliance matters at board meetings and adequate recording of such discussions in the minutes. As a result of the lack of documented detail of board discussions, the Boards of the SGKH Entities (the Boards) were unable to demonstrate they adequately monitored and controlled the SGKH Entities’ activities.

3.9 With all Registered Persons, the JFSC places great weight on Senior Management and/or the board to ensure the on-going fitness and propriety of the Registered Person and its compliance with the specific Jersey Regulatory and AML/CFT Regime. On the facts of the case, the JFSC considers that had robust oversight been exercised by the Boards and had they adequately responded to the issues being raised with respect to the Compliance Function, the matters identified during the On-Site Examination, as detailed below, could have been mitigated.

Compliance Function Resources

3.10 The Codes require Registered Persons to operate a compliance function that, inter alia, has sufficient resources to effectively discharge the responsibilities of the function.

3.11 Prior to the commencement of the On-Site Examination, the SGKH Entities confirmed to the JFSC that compliance resources were considered adequate. However, during the course of the On-Site Examination the JFSC identified that:

• A number of actions required of the Compliance Function having not been progressed/completed;

• In some cases, high priority actions required of the Compliance Function being delayed due to resources working on other projects;

• The large number of Key Person positions held by the SGKH Entities’ Compliance Officer;

• Key members of the Compliance Function working considerable hours of overtime; and

• Concerns over resourcing being raised within Board minutes (but with insufficient record therein of the steps taken to address those concerns).

3.12 The JFSC acknowledges that the Compliance Function's resources (and therefore its ability to fully discharge its functions) were impacted by a number of factors such as: turnover of compliance staff and maternity leave arrangements; significant project work that had to be undertaken; and operational complexities in the businesses following an earlier merger. Nonetheless, the JFSC considers that the concerns above were also partly the result of the Compliance Function not being adequately resourced to sufficiently discharge its functions in full.

Compliance Arrangements

3.13 The AML/CFT Handbook requires that responsibilities for countering ML/TF must be clearly apportioned, in particular, those of the Money Laundering Reporting Officer (MLRO) and the Money Laundering Compliance Officer (MLCO). Similarly, the Codes require that responsibilities must be apportioned among a Registered Person’s Key Persons, Senior Managers and/or Directors so that their individual responsibilities are clear.

3.14 The Codes also require that Senior Management of a Registered Person (most often the board), be responsible for ensuring it has robust arrangements in place for compliance with the regulatory framework, which must include: (i) approval of a compliance policy; (ii) establishment of a permanent and effective compliance function, whose responsibilities are formally documented; and (iii) assessment, on at least an annual basis, of the extent of which Compliance Risk is managed effectively. The responsibilities of its compliance function include the implementation of the aforementioned compliance policy.

3.15 The On-Site Examination identified a number of failings relating to the compliance arrangements adopted by the SGKH Entities. Specifically, the On-Site Examination found:

3.16 Approval of a compliance policy

• Whilst the SGKH Entities confirmed to the JFSC that they did have a Compliance Manual in place during the Relevant Period, there was no Board approved compliance policy as required by the Codes and, by extension, no in place and were implementation of such an approved policy.

3.17 Establishment of a permanent and effective Compliance Function, whose responsibilities are formally documented

• The responsibilities of the Compliance Function were not formally documented.

• The effectiveness of the Compliance Function was affected by carrying out activity that was the responsibility of other departments in accordance with the ‘three lines of defence’ model.

3.18 Assessment, on at least an annual basis, of the extent to which Compliance Risk is managed effectively

• The SGKH Entities adopted a risk assessment tool that had not been adapted to the specific Jersey Regulatory and AML/CFT Regime. The SGKH Entities therefore could not demonstrate that the risk assessment tool in use would be fully effective in mitigating instances of non-compliance with Jersey’s specific regulatory regime.

• The SGKH Entities failed to clearly articulate the key areas of Compliance Risk in respect of their respective regulated activities under the specific Jersey Regulatory and AML/CFT Regime. Accordingly, it was not possible to fully demonstrate an assessment of the extent the Compliance Risk to which they were exposed was managed effectively.

• The JFSC recognises that the issues identified in paragraphs 3.15 to 3.18 above have been included in the SGKH Entities’ comprehensive remediation plan that the SGKH Entities have reported to be substantially complete.

Compliance Monitoring

3.19 The Codes and the MLO require Registered Persons to operate robust arrangements for meeting the standards and requirements of the specific Jersey Regulatory and AML/CFT Regime. These arrangements must include maintaining and testing adherence to systems and controls (including policies and procedures) that cover the operations of the business.

3.20 The board retains overall responsibility for the above, however, it is assisted by the Compliance Officer/MLCO in monitoring that internal policies and procedures are being consistently and effectively adhered to; assessing and recommending amendments to internal systems and controls (including policies and procedures) to facilitate compliance with the regulatory framework; and, where appropriate, promptly instigating action to remedy any deficiencies.

3.21 The JFSC’s Guidance Note: Compliance Monitoring[3](the CM Guidance), confirms Compliance Monitoring is an integral part of a Registered Person’s risk management framework, specifically concerning Compliance Risk. When conducted effectively, in conjunction with other activities, it gives some comfort that Compliance Risk is being proactively and appropriately managed and that issues requiring notification are being made to the JFSC in a timely manner.

3.22 The On-Site Examination identified a number of failings with respect to the Compliance Monitoring undertaken by the SGKH Entities in the Relevant Period. In particular, it was found:

3.23 Determination of the CMP

• There was no documented process for the determination of the 2018 and 2019 CMPs. As noted in paragraph 3.178.2 above, an assessment of Compliance Risk had not been undertaken to determine the CMPs, and so it was not clear to the JFSC whether an effective risk-based approach had been used.

• Certain activity recorded on the CMPs was not monitoring adherence to applicable legislative and regulatory requirements for corresponding controls.

3.24 Execution of the CMP

• There was a lack of clarity regarding the purpose and objectives of certain CMP tests such as what would constitute Compliance Monitoring as opposed to ‘business as usual’ activity.

• In some instances, the CMP tests were not effective as CMP tests as they did not address the risks present for the specific area and/or did not test what was stated on the CMP.

• There was not a procedure for all CMP tests. In some instances, the procedures produced were not relevant to the CMP and/or a number of relevant procedures were in draft form only.

3.25 Output of the CMP

• In most cases, the CMP tests documentation that the JFSC reviewed during the On-Site Examination did not adequately evidence the monitoring activity performed, the results of any testing and any remedial action undertaken.

• The SGKH Entities records did not evidence adequate reporting to the Boards concerning Compliance Monitoring, including the status of the CMP, monitoring of activity performed, results of testing and any remedial action.

• There were some gaps in terms of oversight and knowledge of the CMP.

• In consequence to the above, the SGKH Entities were unable to demonstrate effective oversight of the CMP by the Compliance Function and the Boards.

3.26 Regarding SGKH Corporate, the FSB Code requires that a Registered Person must operate robust internal systems and controls to ensure compliance with the Applicable Rules which must be reviewed periodically to ensure they are working effectively. Applicable Rules includes Fund Services Business Arrangements, therefore, SGKH Corporate is required to operate and review robust internal systems and controls to ensure compliance with, inter alia, Fund Services Business Agreements concerning the provision of compliance services to client funds and managed entities.

3.27 SGKH Corporate was unable to demonstrate that at the time of the On-Site Examination it had undertaken Compliance Monitoring for 2018 for its client funds. In addition, it was identified that whilst SGKH Corporate did conduct Compliance Monitoring for its managed entities for 2018, it did so retrospectively in 2019. SGKH Corporate therefore failed to carry out such monitoring within a reasonable time period.

Compliance Reporting

3.28 Pursuant to the Codes, Registered Persons are required to ensure its Compliance Officer is responsible for providing senior management and the Board with regular written reports in respect of the Registered Person’s compliance with regulatory requirements.

3.29 It was identified the compliance reports to the Boards were inadequate during the Relevant Period, as follows:

• They contained a significant amount of information and, in some cases, it was unclear as to the key messages and highest priority items the Compliance Function wished to communicate.

• Key compliance items were recurring each quarter with apparent lack of action.

• Some key compliance items were either missing or only briefly referenced. For example, in most cases, there was not a clear summary of the CMP status, key findings of testing conducted and any remedial action.

• They failed to clearly articulate the Compliance Function’s view of Compliance Risk.

3.30 The On-Site Examination also found that there had been no compliance reporting for SGKH Corporate’s client funds/managed entities during 2018.

AML/CFT BRA

3.31 The AML/CFT Handbook requires the Board of a Registered Person to conduct and record a business risk assessment. In particular, the Board must consider, on an on-going basis, its risk appetite and the extent of its exposure to ML/TF risks in the round, and the cumulative effect of risks identified. The AML/CFT BRA must be kept up-to-date. In this case of a business that is dynamic and growing, demonstrating this can be achieved by the Board reviewing it on an annual basis or when events (internal and external) occur that may materially change ML/TF risk, whereas in some other cases this may be too often.

3.32 The SGKH Entities confirmed the AML/CFT BRAs were subject to both annual and quarterly review by the Boards. However, it was identified the AML/CFT BRAs were out of date as they contained historic information and had not been updated between the first quarter of 2018 and the end of the Relevant Period.

3.33 It was identified from Board minutes that documented discussion by the Boards concerning the AML/CFT BRAs was minimal. The JFSC was also unable to locate evidence in any Board minutes or compliance reporting that quarterly reviews of the AML/CFT BRAs had been conducted.

Notifications to the JFSC

3.34 The Codes require Registered Persons to deal with the JFSC in an open and transparent manner and to advise the JFSC, in writing, as soon as it becomes aware of any matter that might reasonably be expected to affect its registration or be in the interests of its customers to disclose. The JFSC provides a list of which indicative notifications are considered necessary.

3.35 The SGKH Entities failed to notify the JFSC as soon as they became aware of the concerns as to compliance resourcing, despite the concerns being raised in its compliance reporting and previously, for an extended period of time, by the JFSC.

3.36 SGKH Corporate failed to notify the JFSC of its failings relating to the Compliance Monitoring of its client funds and managed entities during 2018.The JFSC only became aware of the non-compliance by SGKH Corporate and scale of such, when conducting interviews with key staff during the On-Site Examination.

Aggravating Factors

4.1 SGKH Bank’s regulatory compliance record.

4.2 The failure by the SGKH Entities to act with the expected candour with the JFSC by failing to notify the JFSC of regulatory breaches promptly and completely.

4.3 The failure by the Boards to materially recognise and/or address concerns raised by the Compliance Function and the JFSC.

Mitigating Factors

5.1 Post the On-Site Examination, the SGKH Entities have co-operated fully with the JFSC.

5.2 The Boards immediately responded to the matters identified from the On-Site Examination and retained the services of a regulatory consulting firm to support them in addressing the findings, identify root causes and implement a significant remediation exercise.

5.3 The remediation exercise has been fully supported by the Boards, SG Group and KH UK.

5.4 Significant financial resources have been invested in further strengthening the SGKH Entities’ commitment to enhancing and developing its business operations in Jersey, including the Compliance Function.

5.5 No customer/client has suffered losses as a result of the matters set out above.

Sanction

6.1 On 12 February 2021 the JFSC decided to impose civil financial penalties, pursuant to the Financial Services Commission (Financial Penalties) Order 2015 of (i) £510,599.67 to SGKH Bank; (ii) £155,476.54 to SGKH Trust; and (iii) to £53,375.00 SGKH Corporate.

For further enquiries, please contact Kerry Petulla.

[1] Codes of Practice for:

(i) Trust Company Business;

(ii) Fund Services Business (FSB Code);

(iii) Deposit Taking Business; and

(iv) Investment Business.

[2] Compliance Risk (as defined by the Basel Committee on Banking Supervision): the risk of legal or regulatory sanctions, material financial loss, or loss to reputation a [registered person] may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organisation standards, and codes of conduct applicable to its [regulated activities]. In this Public Statement, the term ‘Compliance Risk’ is used solely in relation to the specific legal and regulatory requirements imposed on the SGKH Entities under the specific Jersey Regulatory and AML/CFT Regime.

[3] https://www.jerseyfsc.org/media/2881/gn-compliance-monitoring.pdf

https://www.jerseyfsc.org/news-and-events/sgkh-entities/

SGKH Entities

SGKH Entities SGKH Entities

Public Statement

SG Kleinwort Hambros Bank (CI) Limited (SGKH Bank)

SG Kleinwort Hambros Trust Company (CI) Limited (SGKH Trust)

SG Kleinwort Hambros Corporate Services (CI) Limited (SGKH Corporate)

(together, the SGKH Entities)

Issued: 16 February 2021

Banking Business (Jersey) Law 1991 (BB(J)L)

Financial Services (Jersey) Law 1998 (FS(J)L)

Codes of Practice[1] (together, the Codes)

Money Laundering (Jersey) Order 2008 (MLO)

Handbook for the Prevention and Detection of Money Laundering and the Financing of Terrorism for Regulated Financial Services Business (AML/CFT Handbook)

(collectively, the Jersey Regulatory and AML/CFT Regime)