GFSC fine Equiom (Guernsey) Limited £455,000.00 for AML/CTF failures

On 19 July 2024, the Guernsey Financial Services Commission (“the Commission”) imposed a financial penalty of £455,000 on the Licensee under section 39 of the Enforcement Powers Law.  

Background

EQUIOM (GUERNSEY) LIMITED [THE LICENSEE]:-

• Was established in Guernsey in August 1976 and undertakes fiduciary activities under a full fiduciary licence issued in November 2001.
• In May 2019, the Licensee’s ultimate parent company was acquired by a private equity investor, who remained in place until August 2022, when its current majority shareholder acquired it.
• In January 2020, another licensed fiduciary (“Fiduciary A”) amalgamated with the Licensee, although for several years before that date, the two licensees were sister companies with common staff and procedures.
• Is a large business with a high-risk appetite and many high-risk relationships.
• As of 30 June 2021, approximately 68% of its business relationships were high-risk.
• A significant number of clients were from, or linked to, jurisdictions that pose a higher risk of money laundering, terrorist financing and/or bribery and corruption.
• According to media reports, ◦ Many clients were allegedly involved in criminal activity.

THE GFSC VISITED THE LICENSEE IN 2017 (“THE 2017 VISIT”) AND IDENTIFIED MANY ISSUES, INCLUDING:

• That the composition of the board of the Licensee was not appropriate, in particular:-

• Due to the number of recent resignations of executive directors,
• The geographical separation of further executive directors and
• No Guernsey-based director was responsible for compliance and risk.

• The number of ongoing financial crime-related projects, including

• A project to review all customer due diligence (“the CDD Project”),
• A project to clear a backlog of overdue periodic reviews and
• Resulting action points and a project to review the Licensee’s policies, procedures and controls; and

• The client files reviewed contained contraventions of the regulations and handbook.

• These related to a lack of regular relationship risk assessment reviews, appropriate CDD, reasonable measures to establish source of wealth and source of funds, and ongoing and effective monitoring.

Source: https://www.gfsc.gg/news/equiom-guernsey-limited or read a Comsure summary below.

REMEDIATION PROGRAMME FOLLOWING THE 2017 VISIT.

The Licensee was required to complete a remediation programme following the 2017 Visit.

The GFSC revisited the Licensee in 2021 (“the 2021 Visit”) and identified similar issues to those identified at the 2017 Visit.

In particular, the GFSC identified:

• An inappropriate board composition and an under-resourced board.

• At the time of the 2021 Visit, only one executive director was based in Guernsey.
• The GFSC also noted that there had been seven resignations from the board and only one appointment over the last two calendar years;

• A backlog of periodic risk reviews and action points; and
• Deficiencies in the client files were reviewed, including:

• initial and periodic risk assessments,
• enhanced customer due diligence (“ECDD”) and
• monitoring of transactions and activity.

THE GFSC’S INVESTIGATION BEGAN FOLLOWING THE 2021 VISIT.

Findings

• The GFSC’s investigation found that the Licensee's board was ineffective from 1 January 2018 to 7 September 2023 (“the Relevant Period”), at times under-resourced, and that the Licensee did not have an adequate number of staff with the skills, knowledge, and experience to fulfil the Licensee’s duties.
• However, during the latter stages of the Relevant Period, steps were taken to improve the board's effectiveness. The board has also been relatively stable in the last 12 months.
• The ineffective board and the lack of adequate staff resulted in the Licensee failing to monitor and manage the financial crime risks associated with its customers as required by Schedule 3 and the rules within the Handbook (“the Rules”).
• This was particularly concerning due to the size of the Licensee’s business and the large proportion of high-risk clients.
• Following many acquisitions, with little apparent attention paid to synergies or post-acquisition integration, and the takeover of the ultimate parent company by the then private equity investor, cost-cutting measures, including redundancies, were imposed on the Licensee through 2018 and 2019 when it was already under-resourced, and the Licensee was under pressure to upstream funds.
• This resulted in the ultimate parent company and its private equity investor in place at the time appearing to the GFSC to be more interested in its financial position than in the Licensee’s compliance with Bailiwick’s regulatory framework.

IN PARTICULAR, THE GFSC FOUND:

THE LICENSEE NEEDED AN EFFECTIVE BOARD RESPONSIBLE FOR GOVERNANCE.

1. The Minimum Criteria for Licensing requires a licensee to have.
• An appropriate number of executive and non-executive directors regarding the nature and scale of its operations.
• At least two individual’s resident in the Bailiwick effectively directing the business.
2. The Code of Corporate Governance requires a licensee to have an effective board responsible for governance.
3. In the Relevant Period,
• Twenty directors were appointed to the board, and twenty resigned, a significant turnover of directors in five years for a large firm with a high-risk business book.
• The frequent changes in the Licensee's board of directors highlight that the board's composition was inappropriate for the company's circumstances and the nature and scale of its operations.
4. The significant turnover of directors resulted in the Licensee needing to be headed by an effective board.
• In particular, the constant changing of directors meant no director could take ownership and ensure that the remediation following the 2017 and 2021 Visits was completed satisfactorily.
5. Between October 2021 and June 2022, the Licensee only had one Guernsey-based director for eight months.
6. As noted below,

• The Licensee had a significant staff turnover and needed more sufficient staff resources.

The licensee board did not resolve this serious issue during the Relevant Period.

The GFSC noted that the Licensee's parent company had to approve any new staff, including replacements for leaving staff.

Approval was often delayed and, at times, refused, resulting in the Licensee's inability to resolve staffing issue

• Despite the Licensee being aware of staffing issues,

Many employees were made redundant in 2019.

The parent company imposed the redundancies, and the Licensee board was ineffective in preventing them.

• The board of the Licensee are responsible for the proper running of the company, not the shareholders.

THE LICENSEE NEEDED TO HAVE EMPLOYEES OF 1] AN ADEQUATE NUMBER, 2] SKILLS, 3] KNOWLEDGE AND 4] EXPERIENCE.

1. The Minimum Criteria for Licensing require a licensee to conduct its business prudently. This includes having adequate staff, skills, knowledge, and experience to undertake and fulfil the duties of a licensee.
2. In the Relevant Period, the Licensee had a significant staff turnover, including a turnover of 50% or more in two consecutive years.
3. The Licensee board was often informed of and discussed a need for more staff resources in the Relevant Period. At the same time, the Licensee board was also informed of and discussed backlogs of periodic reviews and relationship risk assessment reviews, which were essential given the high-risk nature of the Licensee’s business.
4. The backlogs, which were never rectified in the Relevant Period, demonstrated that the Licensee did not have sufficient staff, skills, knowledge, and experience to fulfil its duties.
5. The redundancies made in 2019 had the obvious effect of making the staff resourcing issues worse. The parent company sometimes refused the Licensee board's requests for additional staff after the redundancies.

THE LICENSEE NEEDED TO HAVE EFFECTIVE POLICIES, PROCEDURES AND CONTROLS.

1. Schedule 3 requires firms.
• To have in place effective policies, procedures, and controls to identify, assess, mitigate, manage, review, and monitor its money laundering and terrorist financing risks.
• To establish and maintain an effective policy, for which the board is responsible, for reviewing their compliance with the requirements of Schedule 3 and the Handbook. Such policy shall include provisions regarding the extent and frequency of such reviews.
2. In addition, following the introduction of Schedule 3 and the new Handbook in March 2019, firms were required to
• Review and revise their policies, procedures, and controls by 30 September 2020 to comply with Schedule 3 and the new Handbook.
3. Before the GFSC’s visit in 2021,
• The Licensee informed the GFSC that it had not updated its policies, procedures, and controls in accordance with the new Handbook.
4. The GFSC’s review of several client files demonstrated that the Licensee’s policies, procedures, and controls were ineffective. The client examples below highlight this.
5. Issues, such as the backlog of relationship risk assessments and periodic reviews, were never remediated during the Relevant Period despite being raised with the board on several occasions, demonstrating that the Licensee’s policy of reviewing its compliance with Schedule 3 and the Handbook was not effective.

THE LICENSEE FAILED TO REVIEW RELATIONSHIP RISK ASSESSMENTS REGULARLY.

1. Paragraph 3(4)(b) of Schedule 3 requires firms to regularly review relationship risk assessments to keep them up to date and where changes are needed to make those changes.
2. The Licensee’s policies, procedures, and controls require an annual review of high-risk clients every two years, standard-risk clients every three years, and low-risk clients every three years.
3. Reports to the Licensee board often referred to a backlog of relationship risk reviews, particularly from 2020 onwards following the redundancies in 2019. For example, 216 reviews were outstanding in January 2020, and 596 were outstanding in quarter 3 of 2021. The backlog of relationship risk assessments was evident in the client files reviewed by the Commission.
4. For the purposes of this public statement, the GFSC provides examples of three such relationships only to depict the types of systemic failings within the Licensee.

Example 1

1. Client 1 is a high-risk individual from a Central American country who was once the subject of open-source information that alleged he was involved in drug trafficking and laundering the proceeds.
2. In addition, Client 1 had previously received a significant financial penalty from another financial services regulator for providing misleading information regarding his acquisition of a bank.
3. Fiduciary A [which subsequently amalgamated with the Licensee] was aware of these issues when it took on Client 1.
4. Client 1 settled a trust in 1998. Fiduciary A provided administration services to the trust in 2007, and the Licensee provided administration services in January 2020 following the amalgamation of the Licensee and Fiduciary A.
5. During the relationship with Client 1, there were several potential red flags, including several enquiries from law enforcement authorities either directly with the Licensee or about Client 1’s other business interests, which the Licensee became aware of.
6. Despite the adverse media coverage and continuing interest of law enforcement in Client 1, the Licensee’s records show that as of 30 March 2022, the last relationship risk assessment was carried out on Client 1 in July 2019.
7. According to the licensee's procedures, as a high-risk relationship, it should have been reviewed at least twice during that period.
8. The Licensee's failure to review this high-risk client for three years represented a severe failure and demonstrated the ineffectiveness of its policies, procedures, and controls.
9. The trust ceased to be a client of the Licensee in December 2022.

Example 2

1. Client 2 is a high-risk Russian client and a politically exposed person (“PEP”) arrested for embezzlement.
2. Client 2 settled a trust in April 2002. The Licensee has been the trustee since the trust's formation.
3. A relationship risk assessment that should have been conducted in January 2020 was not started until January 2021 and was not signed off until October 2021, nearly two years late.
4. The relationship risk assessment notes that lockdown and workload pressures caused the delay, corroborating the board's reports that review backlogs were, at least in part, due to resources.
5. The previous relationship risk assessment, which was in February 2019, was a risk scoring sheet.
6. However, the Licensee’s procedures at that time did not mention a risk scoring sheet and required the completion of a detailed risk assessment form.
7. The fact that a different risk assessment form was being used in the procedures demonstrates the ineffectiveness of the Licensee’s policies, procedures and controls.

Example 3

1. Client 3 is a Russian national employed by a private equity group owned by another Russian client (“Client 4”). The Licensee rated Client 3 as high-risk.
2. Client 3 owned a company (“Company A”) for which Fiduciary A provided administrative services and corporate directors in 2012. The Licensee continued to provide administration services and corporate directors following the amalgamation of the Licensee and Fiduciary A in January 2020.
3. Company A acted as a guarantor for a loan obtained by Client 3 about a separate property transaction.
4. According to the Licensee’s relationship risk assessment, Company A's source of funds and wealth was Client 3’s employment with the private equity group and consultancy agreements with other companies owned by Client 4.
5. However, documents on the file show that the Licensee was aware that Client 4, not Client 3, was the source of the funds within Company A.
6. In April 2022, Client 4 was added to the European Union and United Kingdom lists of sanctioned individuals following the invasion of Ukraine.
7. The funds in Company A were subsequently used to repay the loan obtained by Client 3 for the separate property transaction. This resulted in Client 4’s funds being used to purchase Client 3’s property.
• Paragraph 3(5)(a) of Schedule 3 requires a firm to consider risk factors relating to the product, service, transaction and delivery channel. In addition,
• Rule 80 of Chapter 3 of the Handbook requires licensees also to consider the purpose and intended nature of the business relationship and the type, volume and regularity of activity expected. The Licensee failed to believe in its risk assessments the risk that Client 3 was being used as a nominee for Client 4 or that this was a method of disguising the transfer of value from Client 4 to Client 3.
8. Company A ceased to be a client of the Licensee in November 2023.

THE LICENSEE FAILED TO UNDERTAKE REASONABLE MEASURES TO ESTABLISH A SOURCE OF FUNDS AND WEALTH

1. Paragraph 5(1) of Schedule 3 requires firms to undertake ECDD for high-risk customers.
• This includes undertaking reasonable measures to establish the customer's source of funds and wealth.
2. The Licensee’s policies, procedures and controls require establishing the source of funds and wealth. The policies, procedures and controls also state that it would not be a reasonable measure to accept a client’s responses to the source of wealth and source of funds questions at face value. The policies, procedures, and controls give some examples of acceptable verification of sources of wealth.
3. The Licensee’s policies, procedures, and controls also clearly state that the CDD and ECDD requirements apply to existing customers and that any deficiencies identified during reviews should be remediated within a reasonable time frame.
4. Following the release of the GFSC’s Thematic Report on Source of Funds and Source of Wealth in the Private Wealth Management Sector in July 2020, the Licensee commenced a project to review all high-risk clients to ensure the source of wealth and source of funds information held met the requirements of Schedule 3 and the Handbook.
• This included producing a summary memorandum for the file, sourcing information from archived files and open-source resources, and obtaining further documentary evidence from the clients or their advisers (“The Source of Funds and Source of Wealth Project”).
• The Source of Funds and Source of Wealth Project was undertaken as part of the Licensee’s review of clients required by Rule 27 of Chapter 17 of the Handbook following the introduction of Schedule 3 and the new Handbook in 2019. This required all clients to be reviewed by 31 December 2021, with paragraph 26 of the Handbook guiding that high-risk clients should be reviewed by 30 June 2021. The Licensee confirmed to the GFSC in July 2021 that all high-risk clients had been reviewed and memorandums produced.
5. Therefore, by July 2021, all high-risk client files should have contained evidence that reasonable measures to establish the source of funds and wealth had been undertaken.
6. A number of files reviewed by the GFSC showed that reasonable measures had not been taken to establish the source of wealth or funds despite the project undertaken. This demonstrates that the Licensee’s policies, procedures, and controls regarding the source of funds and wealth were ineffective.

Example 4

1. As noted above, Client 1 was a high-risk client from a Central American country who had, at one stage, been suspected of laundering money for drug cartels.
2. The memorandum for Client 1, produced in June 2021 as part of the Source of Funds and Source of Wealth Project, stated that it was not always possible to obtain documentary evidence for all of the sources of funds and source of wealth due to the length of time the structure had been in existence. The memorandum also noted that the Licensee would not now be able to request further documentation on the original source of wealth and source of funds to the level required by Schedule 3 and the Handbook due to the length of time the trust existed.
3. The memorandum in relation to Client 1 is an admission that it had not undertaken reasonable measures to establish the source of funds and wealth and had no intention of doing so, despite its own policies, procedures, and controls and Rule 28 of Chapter 17 of the Handbook. This demonstrates the ineffectiveness of the Licensees’ policies, procedures, and controls.
4. The memorandum concludes, “There has been much adverse publicity against [Client 1] claiming that he deals in drugs and launders money. However, there has been no evidence to support these allegations. Much of the money added to the structure has been since the sale of [the bank owned by Client 1]. We do not suspect that the funds in the structure have originated from illegal activities.”
5. Given the Licensee’s knowledge of the allegations of money laundering and the admission that it had not undertaken reasonable measures to establish the source of funds and wealth, it is difficult to see how the Licensee came to the conclusion that there was no suspicion that the funds originated from illegal activities.

Example 5

1. Client 5 is a Russian businessman who was formerly a senior manager at a large company. Client 5 settled a trust in 2009. Fiduciary A acted as trustee from the trust formation, and the Licensee continued as the trustee following the amalgamation of Fiduciary A with the Licensee in January 2020.
2. Since the takeover, Client 5 has been rated as high-risk by the Licensee, which means the Licensee was always required to undertake ECDD, including taking reasonable measures to establish the source of wealth and funds.
3. The Licensee only held information about Client 5's source of wealth and source of funds: a letter from Client 5 himself and a third-party due diligence report.
4. The memorandum produced as a result of the Source of Funds and Source of Wealth Project in January 2021 also only refers to the letter from Client 5 and the third-party due diligence report and did not provide evidence of any attempts to obtain further source of wealth information by the Licensee. In addition, the memorandum evidences that the Licensee needed to be fully aware of the source of approximately US$48 million paid into the trust above. For example, funds were received from an unknown account in 2010, and the Licensee requested the name of the account holder from Client 5 in 2021, for which no further information was provided.
5. The Licensee accepted Client 5’s letter as evidence of a source of wealth despite its policies, procedures, and controls stating that this is not acceptable. The policies, procedures, and controls required the source of funds and source of wealth information to be verified, and any deficiencies identified had to be remedied within a reasonable time and applied to existing customers.
6. The Source of Funds and Source of Wealth Project should also have identified Client 5's reliance on Client 5 to provide his [Client 5’s] source of wealth. This was not identified until a Risk Committee meeting in November 2021, when Client 5 was discussed, as adverse media had been discovered. The adverse media stated that Client 5 was suspected of embezzling significant funds from another state-owned company.
7. Despite the Risk Committee raising concerns with the source of wealth and source of funds, the Licensee decided to retain Client 5 as a client.
8. The trust ceased to be a client of the Licensee in November 2023.

THE LICENSEE FAILED TO MONITOR TRANSACTIONS AND ACTIVITY EFFECTIVELY

Paragraph 11(1) requires firms to perform ongoing and effective monitoring of any business relationship, including scrutinising transactions or other activities to ensure the transactions are consistent with the firm’s customer knowledge.

As part of the Licensee’s monitoring policies, procedures, and controls, periodic reviews were undertaken on a risk basis. High-risk clients were to be reviewed annually, standard-risk clients every two years, and low-risk clients every three years.

As with the relationship risk assessment reviews, reports to the Licensee board often referred to a backlog of periodic reviews from 2020 onwards following the redundancies in 2019.

Example 6

1. Despite the previously mentioned Client 1 being rated high-risk and the Licensee being aware that Client 1 had in the past been suspected of laundering the proceeds of crime, the only periodic review on the file following the amalgamation of Fiduciary A with the Licensee was dated March 2022.
2. The periodic review was unsigned when the Licensee’s stated procedure was for periodic reviews to be signed off by senior management.
3. The Licensee also used various forms to review transactions at the time they occurred, such as asset purchases or sales. For example,
• The previously mentioned trust settled by Client 1 acquired a car for almost €3 million in August 2019, recorded on an Asset Purchase or Sales Form.
• However, in an email from January 2020 regarding how to account for the purchase of the car, it was explained that the car had been transferred from the trust to another of Client 1’s trusts and then used to part-repay a loan to a company owned by that other trust.
• These relevant further details needed to be documented on the Asset Purchase or Sales Form, demonstrating that this monitoring tool was required to be more effective.

Example 7

1. A periodic review of Client 2 [the high-risk Russian client and PEP] was completed in February 2019. The following review was not completed until October 2021, nearly two years after it was due according to the Licensee’s policies, procedures and controls, despite Client 2 being rated high-risk.
2. The trust, settled by Client 2, owned a company (“Company B”). Company B made many loans to other parties, including parties also owned by Client 2 or related persons.
• As part of the CDD Project, the Licensee attempted to obtain further details of the loan counterparties.
• However, the representatives of Client 2 noted that a number of the counterparties had been put into liquidation or struck off several years previously or had not been dealt with for several years.
• Company B was struck off in November 2019, leaving the trust with no assets.
3. The Licensee's ignorance that some of the counterparties to loans made were in liquidation or that there had not been contact for a number of years clearly shows that the Licensee was not monitoring the transactions and activity of Company B and Client 2’s trust.
4. The lack of monitoring of Company B's loans was a serious failing, given that loan writing off is a known potential red flag for money laundering.
5. Given Client 2’s subsequent arrest for embezzlement, the Licensee could have been used to facilitate the laundering of the proceeds of crime.

Source

https://www.gfsc.gg/news/equiom-guernsey-limited

Addition Reading From The Statement

Aggravating Factors

1. The Licensee had a large book of business and a high-risk appetite with many high-risk clients, including several clients suspected of criminality.
2. The issues identified following the 2021 Visit and in the investigation were repeats of the problems identified following the 2017 Visit, despite the remediation undertaken by the Licensee.
3. With such a high-volume, high-risk book of business, the Licensee required an effective board and sufficient staff resources appropriate to the circumstances of the company and the size, nature and complexity of its business. It did not have this during the Relevant Period, contributing significantly to the backlog of relationship risk assessments and periodic reviews.
• At the time, the ultimate parent company and its private equity investor appeared to be more interested in the Licensee's financial position and upstreaming of funds than in its compliance with Bailiwick’s regulatory framework.
4. Given the significant number of high-risk clients, this exposed the Licensee to the real risk of being used in the laundering of criminal proceeds or the financing of terrorism and posed a danger to Bailiwick's reputation as an international finance centre.
5. The GFSC should have been informed of the severe staff resourcing issues.
6. Given the seriousness of the issues, the GFSC would have expected to have been informed of them and given a plan to mitigate the risks.
7. During the Relevant Period (1 January 2018 to 7 September 2023), twenty directors resigned and were appointed. Directors have served only part of the Relevant Period.
8. This was predominantly due to the environment created by the 2019 Private Equity investor shareholder, including a failure to adequately integrate recently acquired businesses with different cultures.

Mitigating Factors

1. The Licensee identified some issues and informed the GFSC before the 2021 Visit. In particular, the Licensee informed the GFSC of the failure to update policies, procedures, and controls following the introduction of Schedule 3 and the revised Handbook, the failure to review relationship risk assessments regularly, and the failure to be effectively directed by two individual’s resident in the Bailiwick.
2. The Licensee took steps to remedy the issues following both the 2017 Visit and the 2021 Visit, including hiring third parties to review or assist with their remediation. However, the repeat issues identified following the 2021 Visit demonstrate that the remediation could have been more effective following the 2017 Visit.
3. The remediation following the 2021 Visit is ongoing. The Licensee has taken substantial steps and invested significant resources in attempting to remediate the failings identified in this public statement. At the GFSC’s direction, the Licensee appointed a third party to provide leadership, project management, and assurance of the remediation.
4. The remediation includes exiting many clients, including those examples referred to above.
5. Steps have been taken to improve the board's effectiveness under a new leadership team and a new majority shareholder, all of whom came in after the 2021 Visit. The board has also been relatively stable in the last 12 months. In addition, staff turnover has reduced in the previous 12 months. Contractors have also been brought in to assist with remediation and business exiting.
6. At all times, the Licensee has cooperated fully with the GFSC and agreed to settle at an early stage of the process, which has been taken into account by applying a 30% discount in setting the financial penalty.

Equiom (Guernsey) Limited

26th July 2024

The Financial Services Business (Enforcement Powers) (Bailiwick of Guernsey) Law, 2020 (the “Enforcement Powers Law”)

The Regulation of Fiduciaries, Administration Businesses and Company Directors, etc (Bailiwick of Guernsey) Law, 2020 (the “Fiduciaries Law”)^[i]

The Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) Regulations, 2007 (the “Regulations”)

Schedule 3 to the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 (“Schedule 3”)^[ii]

The Handbook on Countering Financial Crime and Terrorist Financing (the “Handbook”)

The Finance Sector Code of Corporate Governance (the “Code of Corporate Governance”)

Equiom (Guernsey) Limited (the “Licensee” or the “Firm”)

Source

https://www.gfsc.gg/news/equiom-guernsey-limited