The Financial Services Authority ( “FSA”) in the UK fines both Firm and Employee for Money Laundering Control Failure
In October 2008 the FSA issued its first penalty to an individual for failing to comply with Anti-Money Laundering Regulations, in addition to fining his employer, Sindicatum Holdings Limited (“SHL”). So far as we are aware the Guernsey Financial Services Commission (“GFSC”) is yet to issue a fine against either a firm or individual(s) for failing to comply with Guernsey’s Anti-Money Laundering Regime (“AML Regime”) which was the subject of significant change at the end of 2007 with the introduction of: the Criminal Justice (Proceeds of Crime) (Financial Services Business) (Bailiwick of Guernsey) Regulations 2007 (the “Regulations”); the Handbook for Financial Services Businesses on Countering Financial Crime and Terrorist Financing (the “Handbook”); and, the Disclosure (Bailiwick of Guernsey) Law, 2007. However, the circumstances surrounding the fine levied by the FSA on SHL and its money laundering reporting officer (“MLRO”) are a timely reminder of the need for Guernsey businesses to remain vigilant in their adherence to Guernsey’s AML requirements, particularly because the breaches by SHL and its MLRO would almost certainly also amount to breaches of the Guernsey AML Regime. This article provides a summary of the case and the various failings on the part of SHL and its MLRO which led to the penalties levied by the FSA.
SHL was a corporate advisory firm with approximately 35 clients. SHL provided periodic advice to those clients and arranged dealing in investments. Its clients were predominantly small and medium corporates, based overseas. As a result of breaches of the UK’s Anti-Money Laundering Regulations, described in further detail below, SHL was fined £49,000 and the firm’s MLRO, Michael Wheelhouse, was fined £17,500 personally. As the firm’s MLRO, Mr Wheelhouse had responsibility for the firm’s compliance with the FSA’s rules on systems and controls against money laundering. The FSA found that Mr Wheelhouse, in performing that role, had failed to take reasonable steps to ensure that the business of the firm (for which he was responsible in his control function) complied with the relevant standards and requirements of the FSA’s regulatory system. Importantly, the FSA found that these failures occurred against a background of heightened public awareness of the need for firms to maintain adequate systems and controls for verifying client identity.
During the relevant period, SHL had provided 26 of its clients with services which constituted the carrying on of ‘regulated activities’ for the purpose of the relevant legislation and was thus subject to the requirements of the UK’s AML Regime.
Summary of breaches
The various failings found by the FSA are listed below. Many of these involve failings in what might well be regarded as basic administrative steps and procedures, which should be second nature to any regulated business.
Due diligence on high risk clients
In relation to 13 clients who were not considered ‘low risk’, SHL had undertaken some customer due diligence (“CDD”), but either did not obtain sufficient evidence to verify their identity or did not make and retain a record of that evidence.
Those clients were incorporated in various countries, including Lithuania, Slovenia, Russia, Hungary, Czech Republic and the UK. Some of these clients were considered by the FSA to be ‘high risk’ because they were incorporated in less transparent jurisdictions. On that basis, the FSA found that SHL had failed in the following respects:
Identification not completed at the time of client take on – In the case of 3 clients, identification evidence was not obtained at the time of client take on. In one case, evidence of an individual’s address was not obtained by the firm until 4 years after client take on. In another case, the relevant individuals’ passports were not certified until 3 years after client take on.
Information obtained from clients – In taking on 5 clients, SHL had accepted information concerning the directors, beneficial owners or controllers of the 5 clients from the clients, rather than obtaining evidence of those matters from independent sources.
With respect to a further 6 corporate clients, no evidence was obtained to verify that particular individuals were in fact the directors, beneficial owners or controllers of the clients.
Documents in foreign languages – In the case of 5 clients, company and personal records obtained by SHL were in foreign languages, including Lithuanian, Hungarian, Russian and Czech. While some staff at SHL or its subsidiaries could understand these languages (and many staff were able to speak them fluently), there was inadequate evidence to demonstrate that these documents (or translations of them) had been adequately reviewed by the firm’s MLRO in order to confirm their contents.
Copies not adequately certified – In the case of 2 clients, photocopies of identification documentation were accepted as evidence of identity with no evidence that the originals had been citied or that the copies were true copies.
Lost/missing identity documentation – In the case of 2 clients, SHL’s records suggested that identification had been verified but the relevant documentation was missing from the firm’s client file. The firm explained that the documents had been lost or mislaid. In one case, the lost documentation included copy passports of the client’s beneficial owners.
Check list not completed/reviewed – Client acceptance check lists had been prepared which listed various categories of information about clients which should have been obtained prior to an account being opened. SHL’s procedures required this check list to be signed and dated by account executives and for the MLRO to confirm that sufficient evidence of identity had been obtained and reviewed. This signing off of check lists was an important control in the take-on of clients.
In 7 cases, client acceptance check lists were not fully completed by account executives or the MLRO until a significant period after client take-on (up to three years) or in some cases not at all.
Lessons to be learned
The action taken by the FSA to enforce the UK’s AML regime and the substantial fines imposed for failure to comply with it signals an increased focus in the UK on investigating AML compliance. Although we are not aware of any action being taken by the GFSC in respect of AML breaches, the GFSC has taken action (both informal and formal) against licensees in respect of breach of other legislation and is likely to pursue breaches of AML which come to its attention. That being so, the findings in the SHL case are a timely reminder for regulated entities in Guernsey of the need to ensure that:
- Directors, MLROs and employees are each fully aware of their responsibilities under the AML Regime;
- Existing AML procedures, processes and controls are reviewed and amended to implement the changes to the AML Regime introduced by the Regulations and Handbook;
- New procedures, processes and controls are reviewed and amended as appropriate on an ongoing basis;
- Appropriate training is provided to all relevant employees (and records of this training kept);
- AML actions taken by firms are clearly documented and noted;
- All of the above is continually reviewed and action taken to ensure that directors, MLROs and employees are aware of developments and best practice regarding AML procedures.