Source: Zedra Trust Company (Guernsey) Limited and Mr Colin Andrew Borman — GFSC
On 7 October 2024, the Guernsey Financial Services Commission (“the Commission”) decided:
- To impose a financial penalty of £90,000 on the Licensee under section 39 of the Enforcement Powers Law;
- To impose a financial penalty of £15,000 on Mr Borman under section 39 of the Enforcement Powers Law;
- To make an order under section 33 of the Enforcement Powers Law prohibiting Mr Borman from the position of controller, director, money laundering reporting officer and money laundering compliance officer a period of two years;
- To issue a Notice under section 32 of the Enforcement Powers Law disapplying the exemption set out in 3(1)(g) of the Fiduciaries Law in respect of Mr Borman for a period of two years; and
- To make this public statement under section 38 of the Enforcement Powers Law.
The Commission considered it reasonable and necessary to make these decisions having concluded that the Licensee and Mr Borman had failed to ensure compliance with the regulatory requirements and failed to meet the Minimum Criteria for Licensing pursuant to Schedule 1 of the Fiduciaries Law.
The findings in this case related to one client file involving a Guernsey investment holding company (“Client A”) and were serious in nature but not systemic and were caused by multiple human failures. The investigation into the Licensee and Mr Borman focussed on the activity of the Firm in relation to this Client. The investigation examined the period 1 January 2020 to 31 December 2021.
Background
The Licensee is a subsidiary of the Zedra Group, who acquired the business from a previous Guernsey licensed entity at the end of 2015. The Firm is licensed to conduct regulated activities under the Fiduciaries Law.
Mr Borman was an executive director from 17 March 2014 until he resigned from the board on 7 May 2021. Mr Borman was the head of the Licensee’s Private Client team and he continued to be employed by the Firm until 3 December 2021.
The Commission’s investigation into the Licensee and Mr Borman commenced in 2022 following a full risk assessment on-site visit to the Licensee by the Financial Crime Division in December 2021. The Firm had previously been subject to a full risk assessment with an onsite visit by the Investment, Fiduciary and Pension Division in July 2019 which had resulted in the Firm undertaking a Risk Mitigation Programme (“RMP”). The findings made during the December 2021 onsite visit by the Commission raised significant concerns regarding the Firm’s policies, procedures and controls, particularly in respect of the onboarding and subsequent administration of Client A and Mr Borman’s role in this.
Client A
The stated purpose of Client A was making purchases from a U.K. property development group which had become distressed following the arrest of its company director, (“Mr X”). Mr X had been arrested on suspicion of conspiracy to defraud, bribery and corruption. The arrest had caused investor and funder concern.
An individual (“Mr Y”) sought to establish Client A for what was said to be his own benefit. Mr Y was a professional, working in a reputable legal practice known to the Licensee. He explained that his practice included providing services to the U.K. property development group. He approached the Licensee (specifically Mr Borman) to establish Client A.
The Licensee and Mr Borman failed to identify, manage and mitigate the evident risk that Mr X was potentially the beneficial owner of Client A and attempting to disguise that beneficial ownership and could potentially be using or intending to use Client A to mislead investors and possibly to launder the proceeds of crime.
Once Client A had been established, the Licensee and Mr Borman failed to identify the red flags in the Client relationship, even when attempts were made by Client A to transact business outside its stated initial purpose. For example, a proposal was made that Client A should make a loan to Mr X which would be funded by Mr Y. Mr Borman also failed to identify the red flags in relation to an unusual transfer of ownership of Client A from Mr Y to his long-standing friend (“Mr Z”), who was stated to have a significant financial connection with Mr X, in 2021.
The investigation also revealed the Licensee’s procedures and controls in relation to Client A had not been followed properly at key stages. The investigation also highlighted that the concerns and advice from the Firm’s own compliance staff were not always appropriately considered.
Findings
The Commission’s investigation found that the Licensee, in part due to the conduct of Mr Borman, had failed to identify, monitor and manage the financial crime risks associated with Client A as required by Schedule 3 and the Rules within the Handbook (the “Rules”).
In particular, the Commission found:
The Licensee failed to carry out effective risk assessments regarding Client A
Paragraph 3(5) of Schedule 3 requires a financial services business to take into account its risk appetite and risk factors relating to the type of customer (and the beneficial owners of the customer), country or geographic area, and product, service, transaction and delivery channel that are relevant to the business relationship or occasional transaction in question. It also requires a financial services business to understand that such risk factors, and any other risk factors, either singly or in combination, may increase or decrease the potential risk posed by the business relationship or occasional transaction.
The Firm’s New Business Form, including an AML Risk Scorecard, was not completed correctly and as a consequence did not result in an effective risk rating process on this occasion, nor did other parts of the process.
Mr Borman failed to ensure complete and accurate information was provided on the new business forms for both Mr Y and Mr Z and himself treated each of the cases inappropriately as standard risk. Mr Borman failed, for example, to acknowledge Client A’s link to the construction industry, which, according to the Firm’s policies should have been one of the additional indicators leading to an increased risk rating. Mr Borman also failed to correctly disclose the ongoing status of the criminal investigation into Mr X on Client A’s new business form.
Furthermore, there were weaknesses in the Licensee’s onboarding procedures and controls; there was insufficient and ineffective scrutiny of Client A’s information. Although the on-boarding of Client A was considered by members of the Reputational Risk Committee, the compliance department did not have to see all documents provided to the Reputational Risk Committee. None of Mr Borman, the Reputational Risk Committee or the independent reviewers of the New Business Form (who were some of the Licensee’s directors and senior managers), reacted to a document which contrasted sharply with the basis on which the business was proposed. The independent reviewers signed off on Client A’s new business form despite there being several obvious errors. Client A was incorrectly risk rated.
The Licensee and Mr Borman failed to understand the ownership and control structure of a customer
Paragraph 4(1) and 4(3)(c) of Schedule 3 require a financial services business to identify the beneficial owner and take reasonable measures to verify such identity. This shall include measures to understand the ownership and control structure of the customer. Paragraph 22(2) of Schedule 3 defines beneficial ownership. Paragraph 4(3)(c) requires a firm to understand both the ownership and control of the client and apply the three-step test. In failing to take reasonable measures to understand the ownership and control structure the Firm failed to correctly identify the beneficial ownership of Client A as required by Section 9 of the Beneficial Ownership Law. Moreover, Section 12 of the Beneficial Ownership Law requires firms to notify the Registrar of changes.
The Licensee and Mr Borman failed to understand the ownership and control structure and failed, until a very late stage, to identify Mr X as the potential beneficial owner of Client A and the potential risks to which this exposed the Firm given Mr X’s ongoing criminal investigation. Key employees of the Licensee had concerns regarding Mr X’s beneficial ownership status before the business relationship had been established; however, initially Mr Borman and thereafter certain members of the then management team failed to react appropriately to these concerns.
Mr Borman failed to scrutinise properly the unusual transfer of ownership from Mr Y to Mr Z of Client A in 2021. Neither he, nor the signatories approving the transfer, explored the rationale for the transfer and the potential red flags, including Mr X’s control over Client A, that it exhibited.
This is particularly important when considering that Mr Z’s source of funds ultimately derived from Mr X, and the manner in which Mr Z came to receive those funds. Mr Z had purportedly provided consultancy services to Mr X and his organisation. The remuneration was paid not in money but in other assets, the disposal proceeds of which were to be used to fund the purchase by Client A of a company from Mr X.
In the cases of both Mr Y and Mr Z, Mr Borman and the Licensee failed to identify the potential control Mr X had over Client A. As a result of these failings, the Registrar of Beneficial Ownership was given incorrect information on the beneficial ownership of Client A (the information was later corrected).
The Licensee failed to collect sufficient client due diligence and apply enhanced measures
By failing to carry out an effective risk assessment and consider all of the risk factors affecting the risk rating of Client A, Mr Borman, and the Licensee, failed to take reasonable measures to establish and understand the source of any funds and wealth of the customer as required by Paragraph 5(3)(a)(iii) of Schedule 3.
Paragraph 5(2)(a) of Schedule 3 requires a financial services business to carry out enhanced measures in relation to business relationships and occasional transactions, whether otherwise high risk or not, which involve or are in relation to a customer who is not a resident in the Bailiwick. The Licensee’s policies, procedures and controls required the Firm to establish and understand the source of any funds provided to Client A, where, as seen in this case, the funds derived from a non-resident of the Bailiwick of Guernsey.
The Licensee, essentially due to the poor conduct of Mr Borman, failed to fully carry out enhanced measures on Mr Z. Specifically, the Licensee failed to corroborate the basis of his source of funds. The Firm did not obtain a copy of Mr Z’s consultancy agreement for services he purportedly provided to Mr X. This was critical as Mr Z’s source of funds to be used by Client A apparently derived from Mr X.
Despite the risks of the share purchase agreement being a circular transaction and the financial crime red flags attached, Mr Borman and the Firm failed to identify, manage and mitigate the risks of potential money laundering presented by this transaction.
The Licensee failed to keep proper accounts and records
Paragraph 5(2)(d) of Schedule 1 of the Fiduciaries Law stipulates that a licensee will not be regarded as conducting business in a prudent manner unless the licensee maintains adequate records and systems of control of their business and records.
Principle 6 of the CSP Code and Principle 9 of the Principles of Conduct of Finance Business require firms to keep and preserve appropriate records including records of material communications with Clients, Client companies and others and of proceedings at company meetings.
These principles were not properly observed.
Discussions and decisions about Client A were frequently not recorded by the Licensee and Mr Borman, and on material occasions not by others.
Prior to being onboarded, Client A was reviewed by a Reputational Risk Committee. The Reputational Risk Committee was a Group initiative for the purpose of managing perceived and/or actual reputational risk. Despite its key role in allowing the take-on procedure of Client A to proceed, the Licensee’s internal procedures did not require the taking of minutes of meetings of the Committee. The Commission found no records or minutes of the meeting of the Reputational Risk Committee that met to discuss the reputational risk posed by Client A.
Ineffective board of directors and systems of controls
Paragraph 2 and 15(1)(b) of Schedule 3 requires a licensee to have in place effective policies, procedures and controls to identify, assess, mitigate, manage and review and monitor risks and establish such other policies, procedures and controls as appropriate and effective for the purposes of forestalling, preventing and detecting money laundering and terrorist financing.
The investigation into the Licensee and Mr Borman regarding Client A revealed that a section of the then management team, at board level, was not sufficiently alert or astute to deal in the particular matter with material showing serious reputational risk. In relation to Client A, there were issues around clear and transparent communications between the Firm’s compliance function and its administrative function. As results, (1) those in the compliance function did not see at the material time the document which contrasted sharply with the basis on which the business was proposed (2) concerns from compliance staff in April 2021 were not communicated to the appropriate individual or acted upon effectively until far too late.
While, in terms of documentation, the Firm’s systems were adequate, and training was delivered by competent personnel to Mr Borman and his team, in practice human error made them ineffective; the risk management of Client A was not effective.
Timing of identification and verification
Paragraph 7(1) of Schedule 3 requires firms to carry out identification and verification of the identity of any person or legal arrangement before or during the course of establishing a business relationship or before carrying out an occasional transaction.
The Licensee, due to Mr Borman’s actions, signed and began to action the share purchase agreement for the U.K. property development group (including receiving funds into its client account) despite not having sufficient identification and verification on Mr Z, who had also not signed a letter of engagement with the Licensee.
The Licensee received a payment of large sums from Mr Z on two occasions, both prior to the completion of enhanced measures on Mr Z. The funds had been returned to Mr Z when they were first received on the understanding that the Firm was still to complete the identification and verification process. However, Mr Borman failed to ensure that adequate due diligence had been obtained from Mr Z before the funds were again remitted to the Firm.
Mr Borman
The Commission’s investigation identified that Mr Borman failed to fulfil the fit and proper requirements set out in Schedule 1 of the Fiduciaries Law, as he failed to demonstrate that he acted with competence, soundness of judgement and diligence.
For example, Mr Borman:
- failed to ensure adequate and accurate information was completed on the new business forms for Mr Y and Mr Z;
- failed to identify, manage and mitigate financial crime risks and take appropriate action in accordance with the Firm’s procedures;
- failed to ensure enhanced measures were completed on a non-resident of the Bailiwick of Guernsey, in accordance with the Firm’s procedures;
- failed to appropriately consider and understand the ownership and control structure of the customer; and
- failed to prevent the Bailiwick of Guernsey from potentially being used to disguise the beneficial ownership of assets from an individual arrested and under investigation for bribery, corruption and fraud and money laundering, and thereby being exposed to the risk of reputational damage.
Aggravating Factors
Following the Commission’s Full Risk Assessment of the Licensee in July 2019, the Firm undertook a RMP to address the identified deficiencies. Despite confirming to the Commission that the RMP had been satisfactorily completed in January 2020, the Licensee was found to have similar failings when the on-site team reviewed the file for Client A during the December 2021 visit. Some of the deficiencies had not been effectively resolved and these contributed to the Licensee’s breaches regarding Client A.
The Licensee’s own compliance staff issued repeated warnings in reports to the board of directors and made specific reference to Mr Borman and Client A. The Licensee failed to consider the concerns from compliance staff appropriately and implement any effective change.
Errors were made at the time of take-on of Client A and throughout the business relationship, including not completing appropriate risk assessments and failing to undertake sufficient enhanced measures on Mr Z.
The Licensee also failed to bring this matter to the attention of the Commission prior to the conclusion of an external investigation undertaken by the Licensee, in November 2021.
Mitigating Factors
The Licensee identified the issues in relation to Client A, and in mid-2021 it engaged a firm of advocates to conduct an investigation into the incorporation and administration of Client A. This culminated in recommendations being made for improvements in certain areas of the Licensee’s systems and controls.
The Licensee co-operated fully with the Commission throughout the investigation and provided it with a copy of its internal investigation report during the on-site visit.
Following the on-site visit, the Licensee completed a second RMP which involved improvements to policies, procedures and controls being made. Additionally, the Licensee has made changes to the composition of its senior management team/Board, additional training has been provided to all staff and has taken steps to improve its governance and compliance framework and its onboarding procedure.
Mr Borman co-operated fully with the Commission throughout the investigation. The effect of the prohibition order was a material factor in determining the level of penalty.