Fides Corporate Services Limited, Mr David Charles Housley Whitworth, Mr Paul Conway and Mr Stuart Turner
5th March 2024The Financial Services Business (Enforcement Powers) (Bailiwick of Guernsey) Law, 2020 (the “Enforcement Powers Law”)
The Regulation of Fiduciaries, Administration Businesses and Company Directors, etc (Bailiwick of Guernsey) Law, 2020 (the “Fiduciaries Law”)[1]
The Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) Regulations, 2007 (the “Regulations”)
Schedule 3 to Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 (“Schedule 3”)[2]
The Handbook on Countering Financial Crime and Terrorist Financing (the “Handbook”)
The Finance Sector Code of Corporate Governance (the “Code of Corporate Governance”)
The Principles of Conduct of Finance Business (the “Principles of Conduct”)
Fides Corporate Services Limited (the “Licensee” or the “Firm”)
and
Mr David Charles Housley Whitworth (“Mr Whitworth”)
Mr Paul Conway (“Mr Conway”)
Mr Stuart Turner (“Mr Turner”)
(together “the Directors”)
On 28 February 2024, the Guernsey Financial Services Commission (“the Commission”) decided:
- To impose a financial penalty of £140,000 on the Licensee under section 39 of the Enforcement Powers Law;
- To impose a financial penalty of £70,000 on Mr Whitworth under section 39 of the Enforcement Powers Law;
- To impose a financial penalty of £35,000 on Mr Conway under section 39 of the Enforcement Powers Law;
- To impose a financial penalty of £21,000 on Mr Turner under section 39 of the Enforcement Powers Law;
- To make an order under section 33 of the Enforcement Powers Law prohibiting Mr Whitworth from holding a supervised role for a period of 3 years and 6 months;
- To make an order under section 33 of the Enforcement Powers Law prohibiting Mr Conway from holding a supervised role for a period of 2 years and 10 months;
- To issue a Notice under section 32 of the Enforcement Powers Law disapplying the exemption set out in 3(1)(g) of the Fiduciaries Law in respect of Mr Whitworth for a period of 3 years and 6 months;
- To issue a Notice under section 32 of the Enforcement Powers Law disapplying the exemption set out in 3(1)(g) of the Fiduciaries Law in respect of Mr Conway for a period of 3 years and 6 months; and
- To make this public statement under section 38 of the Enforcement Powers Law.
The Commission considered it reasonable and necessary to make these decisions having concluded that the Licensee, Mr Whitworth, Mr Conway and Mr Turner had failed to ensure compliance with the regulatory requirements; and failed to meet the Minimum Criteria for Licensing pursuant to Schedule 1 of the Fiduciaries Law (the “MCL”).
The findings in this case were serious and spanned a significant period, including after 13 November 2017 when The Financial Services Commission (Bailiwick of Guernsey) (Amendment) Law, 2016 came into force, which increased the maximum level of financial penalties.
Background
The Firm was established in Guernsey in August 2009 and undertakes fiduciary activities under a full fiduciary licence.
The Licensee provides the full range of trust and company services, including formation and administration of trusts, advice on formation and administration of trusts and the provision of trustees. The Licensee also provides company administration services, including company and/or corporate administration, company formation, provision of directors and secretaries, nominee services, registered office and registered agent services.
Mr Whitworth has been a Shareholder Controller of the Licensee since it was incorporated in August 2009. He was a Director of the Firm from August 2009 to December 2019 and was the Compliance Officer from October 2009 to January 2019.
Mr Conway was a Director and the Nominated Officer of the Firm from October 2015 to March 2023.
Mr Turner was a Senior Manager at the Firm from March 2018. He has been a Director of the Firm and its Compliance Officer since January 2019. Mr Turner has also been the Money Laundering Compliance Officer (“MLCO”) at the Firm since March 2019 and its Money Laundering Reporting Officer (“MLRO”) since March 2020.
The Commission’s investigation began following an on-site visit to the Licensee in July 2021 which identified breaches of the regulatory requirements in 70% of the client files reviewed. This was despite a remediation programme having been purportedly completed by the Licensee following a previous Commission visit in 2017. An inspector was appointed under section 8 of the Enforcement Powers Law as part of the investigation (the “Inspector”).
Findings
The Inspector identified breaches in all of the client files it reviewed, as well as in the corporate governance of the Firm. In particular, the investigation found:
The Licensee failed to carry out and regularly review relationship risk assessments
The Regulations, Schedule 3 and the rules in the Handbook require that in order for a financial services business to consider the extent of its potential exposure to the risk of money laundering and terrorist financing it must assess the risk of any proposed business relationship prior to the establishment of that relationship and regularly review such a risk assessment so as to keep it up to date.
The Inspector found that half of the files reviewed were inappropriately risk assessed at take-on.
Client 1
In the case of Client 1, shortly after it agreed to provide director, administrator, registered office, registered agent and company secretary services to the company, the Licensee became aware that the ultimate beneficial owner (“UBO”) intended to issue bearer shares through the company. The Licensee failed to evidence that it had taken this high-risk indicator into account when conducting its risk assessment, in breach of the Rules in the Handbook.
Client 2
The Licensee failed to correctly risk assess Client 2, rating it from low risk to medium risk from 2012 to 2020, despite the UBO having adverse media relating to bribery and corruption, religious friction, its use of offshore accounts as well as court cases related to acquisitions of properties and political unrest.
Client 3
Client 3 was appropriately rated high-risk by the Licensee due to the UBO’s links to the oil and gas industry as well as to certain high-risk jurisdictions and government officials, however, several high-risk factors present in the relationship were not fully considered by the Firm and therefore measures to mitigate them were inadequate. This unlisted technology company, which the Licensee provided registered office and registered agent services to, was valued at $6-10 billion in 2020 and $225 billion in 2021. The Firm failed to risk assess the validity of the valuations provided to them by the UBO, despite being aware that shareholders had specifically raised their concerns about the validity of such high valuations with him.
The Licensee failed to identify the customer and understand the ownership and control structure of a customer
Deficiencies in the customer due diligence (“CDD”) held by the Firm were found in all of the files reviewed by the Inspector, in breach of the Regulations/Schedule 3 and the Handbook, including incomplete identification and verification of the customer and underlying principals and inadequate certification of verification documents.
In addition, in three of the client files, the Firm did not have adequate information on the underlying beneficial ownership.
Trust 1
In the case of Trust 1, the Licensee acted as Trustee and also provided registered office and registered agent and company secretarial services to the underlying companies owned by the Trust. The Inspector found no evidence that appropriate verification of identity documentation had been obtained by the Firm on the client or its underlying UBOs until four years after the start of the relationship.
The Regulations and Schedule 3 require a financial services business to make a determination as to whether the customer, beneficial owner and any underlying principal is a politically exposed person (“PEP”). Despite holding the evidence on file, from the outset of the relationship, which indicated that the underlying client was a PEP, the Licensee incorrectly risk rated the relationship as ‘normal risk’ and failed to identify the existence of a PEP in Trust 1 for the first five years of the relationship.
The Licensee failed to comply with the Rules in the Handbook relating to Introducer Relationships
The Handbook requires a financial services business, when establishing an introducer relationship, to satisfy itself that the introducer has appropriate risk-grading procedures in place to differentiate between the CDD requirements for high and low risk relationships and conducts appropriate and effective CDD procedures in respect of its customers, including enhanced CDD measures for PEP and other high-risk relationships.
Financial services businesses are also required to have a programme of testing to ensure that introducers are able to fulfil the requirement that certified copies or originals of the identification data will be provided upon request and without delay.
Client 1
The Firm relied on an introducer relationship in the case of Client 1. Client 1, a Guernsey company incorporated in 2006, became a client of the Licensee in 2011. It was wholly owned by a regulated UK entity to hold shares, warrants and other investments on behalf of the group. The assets were funded by loans from the group’s clients.
In May 2012, the Licensee was informed by the group that funds loaned to Client 1 had been transferred through a complex structure and that the bearer notes from Client 1 had been issued to two companies in another jurisdiction. These companies were owned by two other companies incorporated in a third jurisdiction, which in turn were owned through two foundations in a fourth jurisdiction. The Licensee relied upon an introducer certificate provided by the group detailing the identity of the UBOs and Mr Whitworth visited the group office to view the CDD they held on file for the two individuals, which he deemed to be appropriate.
The Commission noted open-source adverse media which linked the individual who ultimately funded Client 1 with the Mafia, as well as highlighting links to allegations of money laundering from as early as July 2011. There was no evidence that the Licensee had considered this, or later such reports which were published in 2015 and 2016. The adverse media was not noted by the Firm until a risk review in 2017 but there was no evidence that it was referred to the MLRO, although the relationship risk rating was increased to high at that point due to other factors such as country risk, bearer notes and other information which had been available to the Firm for the duration of the relationship.
A review of the relationship and the introducer’s files in 2018 revealed that the introducer had not appropriately risk assessed the client as high risk and held no corroborating documents relating to the source of funds or source of wealth for the underlying clients who had funded Client 1.
No evidence was seen to demonstrate that the Firm had complied with the requirements of the Regulations and Handbook with regard to Introducer relationships.
The Licensee failed to carry out Enhanced Customer Due Diligence (“ECDD”) and Enhanced Measures
The Regulations, Schedule 3 and the relevant provisions of the Handbook detail the ECDD requirements required for high-risk customers and, in particular, the requirement to take reasonable measures to establish the source of any funds (“SOF”) and of the source of wealth (“SOW”) of the customer, beneficial owner and underlying principal.
Schedule 3 requires firms to carry out enhanced measures on customers who were not resident in the Bailiwick (whether assessed as high risk or otherwise). The Handbook provides guidance on what type of action may be taken by firms to comply with this requirement.
The Handbook requires ECDD to be carried out where the customer has issued, or has the potential to issue, bearer shares.
In four of the cases where the Inspector found the risk of the relationship had been incorrectly assessed as standard or medium, no ECDD had been carried out and the SOF and SOW of the customer had not been established. In the case of Trust 1, the PEP status was not recognised until five years after the relationship commenced, however, ECDD was not then conducted on the customer when the risk rating was increased to high.
In the files reviewed for Client 3 and two related foundations, which were rated by the Licensee as high-risk at the outset of each of the relationships in 2020, no evidence was found to demonstrate that the Licensee had established the SOF and SOW.
The Inspector found no evidence of enhanced measures being carried out in any of the applicable files reviewed.
In the case of Client 1, the Firm was aware at the outset of the relationship that the intention was for the customer to issue bearer shares. This was not considered in the original risk assessment and no ECDD was conducted then, or later on in the relationship when the Firm issued bearer notes on behalf of the customer.
The Licensee failed to Monitor Activity and Transactions
Firms are required to perform ongoing and effective monitoring of existing business relationships, including scrutiny of any transactions or other activity. For high-risk clients there must be more frequent and more extensive monitoring.
The Inspector found that the Firm’s monitoring policies and procedures were not effective in four of the files reviewed. Reviews were not consistently carried out in accordance with procedures and no evidence was seen of the adequacy of the reviews. In the case of Client 2, the client’s due diligence was still deficient nine years into the relationship.
The Licensee failed to ensure it had appropriate and effective AML/CFT procedures and failed to review its compliance with the Regulations/Schedule 3
The Regulations and Schedule 3 require firms to ensure that their policies, procedures and controls on forestalling, preventing and detecting money laundering and terrorist financing are appropriate and effective, having regard to the assessed risk. There is also a requirement to establish and maintain an effective policy, for which responsibility must be taken by the board, for the review of its compliance and such policy shall include provision as to the extent and frequency of such reviews. The Handbook requires the board to ensure that the compliance review policy takes into account the size, nature and complexity of the business and includes a requirement for sample testing of the effectiveness and adequacy of the policy, procedures and controls.
Despite being aware of deficiencies in the AML/CFT policies and procedures of the Firm and confirming to the Commission in 2017 that these were being remediated, the board of the Licensee failed to bring the Firm into compliance with the Regulations and implement effective and appropriate AML/CFT controls. The Inspector found that that the Firm took a tick-box approach to reviewing compliance and its compliance monitoring programme was therefore ineffective. Insufficient attention was paid by the board to reviewing the effectiveness of compliance, as demonstrated by the lack of record of discussion in board meeting minutes and the failure to address deficiencies raised or to put in place a plan to remedy them.
The Licensee’s Board of Directors and systems of control were ineffective
In accordance with the Code of Corporate Governance and the Principles of Conduct, directors have responsibility for supervising the affairs of the business and must operate in accordance with all the relevant legislation.
The board should provide suitable oversight of risk management and maintain a sound system of risk measurement and control and firms must organise and control their internal affairs in a responsible manner, ensuring that it has well-defined compliance procedures.
Financial institutions should deal with the Commission in an open and cooperative manner and keep the Commission promptly informed of anything concerning the financial institution which might reasonably be expected to be disclosed to it in accordance with the Principles of Conduct.
The numerous examples of non-compliance with applicable laws, regulations, rules, codes and principles evidenced by the Commission above, demonstrate that the board of the Licensee failed to effectively direct and supervise the affairs of the business. Information provided to the board by third party compliance consultants, as well as its own compliance staff and internal consultants was not adequately considered and acted upon to ensure that the Firm’s failings were remediated and recurrence prevented. Rather than inform the Commission that remediation had not been satisfactorily completed, the Firm gave assurances that all risk mitigation programme (“RMP”) points had been met.
Despite having engaged a consultant to carry out a gap analysis of its corporate governance, the Firm was unable to demonstrate to the Inspector that it had produced a meaningful plan of action to address the short comings.
The Firm, Mr Conway and Mr Turner failed to avoid, manage or minimise conflicts of interest
The Code of Corporate Governance states that boards should establish, implement and maintain an effective conflicts of interest policy and that directors have a duty to avoid, manage or minimise conflicts of interest and should, wherever possible, arrange their personal and business affairs so as to avoid direct or indirect conflicts of interest. In addition, directors have a duty to act in the best interests of the company.
The Principles of Conduct also require a financial services business to either avoid any conflict of interest or ensure fair treatment to all its customers by disclosure, internal rules of confidentiality, declining to act or otherwise.
Despite having a conflicts of interest policy which included a conflicts’ register, the board of the Licensee failed to maintain an effective conflicts of interest policy.
Client 3
In lieu of payment of fees, the Firm accepted shares in Client 3 and Mr Turner, Mr Conway and several other members of staff also received shares from Client 3 as a reward for services. The purported value of the shares gifted to Mr Turner and Mr Conway and others as at March 2021 was USD315 million each. The UBO of Client 3 had the right to unilaterally remove shares from shareholders at any time, thus potentially giving the UBO the ability to exercise control over the Firm.
Although the gifts of shares were recorded on the Firm’s conflicts of interest register, no attempt by Mr Turner, Mr Conway or the Firm to avoid or minimise the direct conflict of interest posed by accepting shares in Client 3 was evidenced and no effective management of the conflict was found to be in place.
The Directors failed to act in the best interests of the company
The extent of the breaches identified on the client files and the Firm’s failure to complete the requirements of the RMP following the 2017 on-site visit evidence that the Directors have failed to fulfil their fiduciary duties to act in the best interests of the company in accordance with the Code of Corporate Governance.
Mr Whitworth
The Commission’s investigation identified that Mr Whitworth failed to fulfil the fit and proper requirements of the MCL as he demonstrated a lack of competence, sound judgement and diligence by allowing clients to be incorrectly risk-rated, accepting and relying on inadequate due diligence from clients and introducers and failing to address deficiencies identified at the Firm he managed, whilst providing unsubstantiated assurances to the Commission.
Mr Conway
The Commission’s investigation identified that Mr Conway failed to fulfil the fit and proper requirements of the MCL as he demonstrated a lack of competence, sound judgement and diligence by failing to ensure that remediation action was completed and was effective, prior to confirming to the Commission that it was. Mr Conway also allowed clients to be incorrectly risk assessed without adequate measures taken to address the risk they posed and failed to avoid, manage or minimise a direct conflict of interest.
Mr Turner
The Commission’s investigation identified that Mr Turner failed to fulfil the fit and proper requirements of the MCL as he demonstrated a lack of competence, experience, sound judgement and diligence by failing to ensure that compliance standards at the Firm had improved as a result of the remediation action purportedly undertaken prior to his employment and his acceptance of the MLCO/MLRO role in particular. Mr Turner also failed to avoid, manage or minimise a direct conflict of interest.
Aggravating Factors
The findings in this case were serious and systemic and persisted despite reassurances made to the Commission that remediation was being undertaken following the on-site visit to the Firm in 2017.
The Firm and Mr Turner fail to recognise the severity of the risk presented by the conflict of interest with Client 3.
Mitigating Factors
Mr Turner joined the board of the Licensee in 2019, after the purported completion of the remediation programme. Furthermore, Mr Turner has cooperated fully with the Commission and has been instrumental in attempting to resolve certain issues arising during the course of the investigation.
The Licensee and the Directors agreed to settle at an early stage of the process and this has been taken into account by applying a discount in setting the financial penalties and the duration of the Prohibitions.
End