GFSC issue £105,000.00 fine on Zedra Trust Company (Guernsey) Limited and Mr Colin Andrew Borman

On 7 October 2024, the Guernsey Financial Services Commission (“the Commission”)

1. Imposed a FINANCIAL PENALTY of £90,000 on the Licensee under section 39 of the Enforcement Powers Law.
2. Imposed a FINANCIAL PENALTY of £15,000 on Mr Borman under section 39 of the Enforcement Powers Law.
3. Made an order under section 33 of the Enforcement Powers Law PROHIBITING Mr Borman from the position of controller, director, money laundering reporting officer and money laundering compliance officer for two years.
4. Issued a Notice under section 32 of the Enforcement Powers Law DISAPPLYING THE EXEMPTION set out in 3(1)(g) of the Fiduciaries Law in respect of Mr Borman for two years; and

THE PUBLIC STATEMENT IS HERE: https://www.gfsc.gg/news/zedra-trust-company-guernsey-limited-and-mr-colin-andrew-borman - It is also summarised below

THE CASE RELATED TO ONE CLIENT FILE INVOLVING A GUERNSEY INVESTMENT HOLDING COMPANY (“CLIENT A”)

1. The investigation examined 1 January 2020 to 31 December 2021.
2. The findings in this case related to
1. One client file involving a Guernsey investment holding company (“Client A”) was serious but not systemic and caused by multiple human failures.
2. The investigation into the Licensee and Mr Borman focused on the Firm's activity regarding this Client.  
3. The Commission’s investigation found that the Licensee, in part due to the conduct of Mr Borman, had failed to
1. Identify, monitor, and manage the financial crime risks associated with Client A as required by Schedule 3 and the Rules within the Handbook (the “Rules”).

BACKGROUND

1. The Licensee is a subsidiary of the Zedra Group, which acquired the business from a previous Guernsey-licensed entity at the end of 2015. The Firm is licensed to conduct regulated activities under the Fiduciaries Law.  
2. Mr Borman was:-
1. An executive director from 17 March 2014 until he resigned from the board on 7 May 2021.
2. Head of the Licensee’s Private Client team and continued to be employed by the Firm until 3 December 2021.
3. The Commission’s investigation into the Licensee and Mr Borman commenced in 2022 following a full risk assessment on-site visit to the Licensee by the Financial Crime Division in December 2021.  
4. The Firm had previously been subject to a full risk assessment, which included an on-site visit by the Investment, Fiduciary, and Pension Division in July 2019. This resulted in the Firm undertaking a Risk Mitigation Programme (“RMP”).  
5. The findings made during the Commission's December 2021 on-site visit raised significant concerns regarding the Firm’s policies, procedures, and controls, particularly concerning the onboarding and subsequent administration of Client A and Mr Borman’s role in this.

CLIENT A

1. The stated purpose of Client A was to make purchases from a U.K. property development group which had become distressed following the arrest of its company director (“Mr X”). 
1. Mr X had been arrested on suspicion of conspiracy to defraud, bribery, and corruption, which had caused concern among investors and funders.
2. An individual (“Mr Y”) sought to establish Client A for what was said to be his benefit.
1. Mr Y was a professional who worked in a reputable legal practice known to the Licensee.
2. He explained that his practice included providing services to the U.K. property development group.
3. He approached the Licensee (specifically Mr Borman) to establish Client A.
3. The Licensee and Mr Borman failed to identify, manage, and mitigate the evident risk that Mr X was potentially the beneficial owner of Client A and attempted to disguise that beneficial ownership.
1. They could be using or intending to use Client A to mislead investors and possibly to launder the proceeds of crime.
4. Once Client A had been established,
1. The Licensee and Mr Borman failed to identify the red flags in the Client relationship, even when Client A attempted to transact business outside its stated initial purpose. 
5. For example:-
1. A proposal was made that Client A make a loan to Mr X, which would be funded by Mr Y.
2. Mr Borman also failed to identify the red flags concerning an unusual transfer of ownership of Client A from Mr Y to his long-standing friend (“Mr Z”), who was stated to have a significant financial connection with Mr X in 2021.
6. The investigation:-
1. Revealed the Licensee’s procedures and controls concerning Client A had not been appropriately followed at critical stages.
2. Highlighted that the concerns and advice from the Firm’s compliance staff were not always appropriately considered.

Findings

The Licensee failed to carry out effective risk assessments regarding Client A

1. Paragraph 3(5) of Schedule 3 requires a financial services business to:-
1. Consider its risk appetite and risk factors relating to the type of customer (and the beneficial owners of the customer), country or geographic area, and product, service, transaction, and delivery channel relevant to the business relationship or occasional transaction in question.  
2. Understand that such risk factors and any other risk factors, either singly or in combination, may increase or decrease the potential risk posed by the business relationship or occasional transaction.
2. The Firm’s New Business Form, including an AML Risk Scorecard, was not completed correctly, and as a consequence, it did not result in an effective risk rating process on this occasion, nor did other parts of the process.  
3. Mr Borman failed to:-
1. Ensure complete and accurate information was provided on the new business forms for both Mr Y and Mr Z, and he treated each case inappropriately as standard risk.  
2. (For example), To acknowledge Client A’s link to the construction industry, according to the Firm’s policies, should have been one of the additional indicators leading to an increased risk rating.  
3. Correctly disclose the ongoing status of the criminal investigation into Mr X on Client A’s new business form.
4. Furthermore, there were weaknesses in the Licensee’s onboarding procedures and controls.
1. There was insufficient and ineffective scrutiny of Client A’s information.
2. Although members of the Reputational Risk Committee considered Client A's onboarding, the compliance department did not have to see all documents provided to the Reputational Risk Committee.
3. None of Mr Borman, the Reputational Risk Committee, or the independent reviewers of the New Business Form (who were some of the Licensee’s directors and senior managers) reacted to a document that contrasted sharply with the basis on which the business was proposed.
4. The independent reviewers signed off on Client A’s new business form despite several apparent errors.  
5. Client A was incorrectly risk-rated. 

THE LICENSEE AND MR BORMAN FAILED TO UNDERSTAND THE OWNERSHIP AND CONTROL STRUCTURE OF A CUSTOMER

1. The firm failed to take reasonable measures to understand the ownership and control structure, which required it to correctly identify Client A's beneficial ownership as required by Section 9 of the Beneficial Ownership Law. 
1. Paragraph 4(1) and 4(3)(c) of Schedule 3 require a financial services business to
2. Identify the beneficial owner and take reasonable measures to verify such identity. This shall include measures to understand the customer's ownership and control structure.
1. Paragraph 22(2) of Schedule 3 defines beneficial ownership.
2. Paragraph 4(3)(c) requires a firm to understand the client's ownership and control and apply the three-step test.
3. Section 12 of the Beneficial Ownership Law requires firms to notify the Registrar of changes.
3. The Licensee and Mr Borman failed to
1. Understand the ownership and control structure and fail, until a very late stage, to identify Mr X as the potential beneficial owner of Client A and the potential risks to which this exposed the Firm, given Mr X’s ongoing criminal investigation.   
2. Key employees of the Licensee had concerns regarding Mr X’s beneficial ownership status before the business relationship had been established; however, initially, Mr Borman and, after that, certain members of the then-management team failed to react appropriately to these concerns.
4. Mr Borman failed to
1. Scrutinise the unusual transfer of ownership from Mr Y to Mr Z of Client A in 2021.  Neither he nor the signatories approving the transfer explored the rationale for the transfer and the potential red flags, including Mr X’s control over Client A, that it exhibited.  
2. This is particularly important when considering that Mr Z’s source of funds ultimately derived from Mr X and how Mr Z came to receive those funds. Mr Z had purportedly provided consultancy services to Mr X and his organisation.
3. The remuneration was paid not in money but in other assets, the disposal proceeds of which were to be used to fund Client A's company purchase from Mr X.  
5. In the cases of both Mr Y and Mr Z, Mr Borman and the Licensee failed to
1. Identify the potential control Mr X had over Client A.  
2. As a result of these failings, the Registrar of Beneficial Ownership was given incorrect information on Client A's beneficial ownership (the information was later corrected).

THE LICENSEE FAILED TO COLLECT SUFFICIENT CLIENT DUE DILIGENCE AND APPLY ENHANCED MEASURES.

1. By failing to carry out an effective risk assessment and consider all of the risk factors affecting the risk rating of Client A, Mr Borman and the Licensee failed to

1. 1. Take reasonable measures to establish and understand the source of any funds and wealth of the customer as required by Paragraph 5(3)(a)(iii) of Schedule 3.
2. Paragraph 5(2)(a) of Schedule 3 requires a financial services business to
   1. Carry out enhanced measures in relation to business relationships and occasional transactions, whether otherwise high risk or not, that involve or are in relation to a customer who is not a resident of the Bailiwick.
   2. The Licensee’s policies, procedures and controls required the Firm to establish and understand the source of any funds provided to Client A, where, as seen in this case, the funds derived from a non-resident of the Bailiwick of Guernsey. 
3. The Licensee failed to fully implement enhanced measures on Mr Z, essentially due to Mr Borman's poor conduct.  
   1. Specifically, the Licensee failed to corroborate the basis of his source of funds.
   2. The Firm did not obtain a copy of Mr Z’s consultancy agreement for services he purportedly provided to Mr X. 
   3. This was critical as Mr Z’s source of funds for Client A was derived from Mr X.
4. Despite the risks of the share purchase agreement being a circular transaction and the financial crime red flags attached, Mr Borman and the Firm failed to
5. 1. Identify, manage and mitigate the potential money laundering risks presented by this transaction.

THE LICENSEE FAILED TO KEEP PROPER ACCOUNTS AND RECORDS

1. Paragraph 5(2)(d) of Schedule 1 of the Fiduciaries Law stipulates that:-
1. A licensee will only be regarded as prudently conducting business if the licensee maintains adequate records and systems of control of their business and records.
2. Principle 6 of the CSP Code and Principle 9 of the Principles of Conduct of Finance Business require firms to:-
1. Keep and preserve appropriate records, including records of material communications with Clients, Client companies, and others and of proceedings at company meetings.
3. These principles needed to be correctly observed:-
1. The Licensee and Mr Borman frequently did not record discussions and decisions about Client A, and on material occasions, others did not.  
4. Before being onboarded, Client A was reviewed by a Reputational Risk Committee:-
1. The Reputational Risk Committee was a Group initiative to manage perceived and/or actual reputational risk.
2. Despite its key role in allowing Client A's take-on procedure to proceed, the Licensee’s internal procedures did not require the taking of minutes of the Committee's meetings.
3. The Commission found no records or minutes of the Reputational Risk Committee meeting, which discussed Client A's reputational risk.  

INEFFECTIVE BOARD OF DIRECTORS AND SYSTEMS OF CONTROLS

1. Paragraph 2 and 15(1)(b) of Schedule 3 requires a licensee to:-
   1. Have in place effective policies, procedures, and controls to identify, assess, mitigate, manage, review, and monitor risks and establish such other policies, procedures, and controls as appropriate and effective for the purposes of forestalling, preventing, and detecting money laundering and terrorist financing.
2. The investigation into the Licensee and Mr Borman regarding Client A revealed that:-
   1. A section of the then-management team, at the board level, was not sufficiently alert or astute to deal with the particular matter, which involved material showing serious reputational risk.
   2. Regarding Client A, there were issues regarding clear and transparent communications between the Firm’s compliance function and its administrative function.
   3. As a result,
      1. Those in the compliance function did not see at the material time the document, which contrasted sharply with the basis on which the business was proposed,
      2. Concerns from compliance staff in April 2021 were not communicated to the appropriate individual or acted upon effectively until too late.
   4. While, in terms of documentation,
      1. The firm’s systems were adequate, and training was delivered by competent personnel to Mr Borman and his team,
      2. In practice, human error made them ineffective; Client A's risk management could have been more effective.

TIMING OF IDENTIFICATION AND VERIFICATION

1. Paragraph 7(1) of Schedule 3 requires firms to:-
1. Carry out identification and verification of the identity of any person or legal arrangement before or during establishing a business relationship or before carrying out an occasional transaction.
2. The Licensee, due to Mr Borman’s actions:-
1. Signed and began to action the share purchase agreement for the U.K. property development group (including receiving funds into its client account) despite needing more identification and verification on Mr Z, who had also not signed a letter of engagement with the Licensee.
2. The Licensee received a payment of large sums from Mr Z on two occasions, both before the completion of enhanced measures on Mr Z. 
3. When they were first received, the funds were returned to Mr Z on the understanding that the Firm still needed to complete the identification and verification process.  
4. However, Mr Borman needed to ensure adequate due diligence was obtained from Mr Z before the funds were again remitted to the Firm.

MR BORMAN

1. The Commission’s investigation identified that Mr Borman failed to fulfil the fit and proper requirements set out in Schedule 1 of the Fiduciaries Law, as he failed to demonstrate that he acted with competence, soundness of judgement and diligence.
2. For example, Mr Borman:-
1. Failed to ensure adequate and accurate information was completed on the new business forms for Mr Y and Mr Z;
2. Failed to identify, manage and mitigate financial crime risks and take appropriate action under the Firm’s procedures.
3. Failed to ensure enhanced measures were completed on a non-resident of the Bailiwick of Guernsey under the Firm’s procedures.
4. Failed to appropriately consider and understand the ownership and control structure of the customer; and
5. Failed to prevent the Bailiwick of Guernsey from potentially being used to disguise the beneficial ownership of assets from an individual arrested and under investigation for bribery, corruption fraud and money laundering, and thereby being exposed to the risk of reputational damage.

AGGRAVATING FACTORS

1. Following the Commission’s Full Risk Assessment of the Licensee in July 2019, the Firm undertook an RMP to address the identified deficiencies.
2. Despite confirming to the Commission that the RMP had been satisfactorily completed in January 2020, the Licensee was found to have similar failings when the on-site team reviewed the file for Client A during the December 2021 visit.
3. Some deficiencies were not effectively resolved and contributed to the Licensee’s breaches regarding Client A.
4. The Licensee’s compliance staff issued repeated warnings in reports to the board of directors, specifically referencing Mr Borman and Client A. 
5. The Licensee should have considered the concerns of compliance staff appropriately and implemented any effective change.
6. Errors were made at the time of Client A's takeover and throughout the business relationship, including the need to complete appropriate risk assessments and undertake sufficient enhanced measures on Mr Z.
7. The Licensee also should have brought this matter to the Commission's attention before the conclusion of an external investigation undertaken by the Licensee in November 2021.

MITIGATING FACTORS

1. The Licensee identified the issues related to Client A, and in mid-2021, it engaged a firm of advocates to conduct an investigation into Client A's incorporation and administration. This culminated in recommendations for improvements in certain areas of the Licensee’s systems and controls.  
2. The Licensee cooperated fully with the Commission throughout the investigation and provided it with a copy of its internal investigation report during the on-site visit.
3. Following the on-site visit, the Licensee completed a second RMP, which involved improving policies, procedures, and controls.
4. Additionally, the Licensee has changed the composition of its senior management team/Board, provided additional training to all staff, and taken steps to improve its governance and compliance framework and onboarding procedure.
5. Mr Borman cooperated fully with the Commission throughout the investigation. The prohibition order's effect was a material factor in determining the level of penalty.

End

 The Financial Services Business (Enforcement Powers) (Bailiwick of Guernsey) Law, 2020 (the “Enforcement Powers Law”)

The Regulation of Fiduciaries, Administration Businesses and Company Directors, etc. (Bailiwick of Guernsey) Law, 2020 (the “Fiduciaries Law”)[1]

The Beneficial Ownership of Legal Persons (Guernsey) Law, 2017 (the “Beneficial Ownership Law”)

Schedule 3 to Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 (“Schedule 3”)[2]

The Handbook for Financial Services Businesses on Countering Financial Crime and Terrorist Financing (the “Handbook”)

Code of Practice – Corporate Service Providers (“the CSP Code”)

The Finance Sector Code of Corporate Governance

The Principles of Conduct of Finance Business

 Zedra Trust Company (Guernsey) Limited (the “Licensee” or the “Firm”)

Mr Colin Andrew Borman (“Mr Borman”)

[1] Which replaced the Regulation of Fiduciaries, Administration Businesses and Client Directors, etc. (Bailiwick of Guernsey) Law, 2000, effective 1 November 2021.

[2] Which replaced the Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) Regulations, 2007 on 31 March 2019.

SOURCE

https://www.gfsc.gg/news/zedra-trust-company-guernsey-limited-and-mr-colin-andrew-borman