Adrianna Cassar | Executive Director at Aspida Group Malta
In Guernsey, in respect of Crescendo Advisors International Limited and their executive Mr Hamish Few, the GFSC referenced a number of findings in relation to not meeting the necessary minimum criteria for licensing. This included ineffective relationship risk assessments (including not taking into account relevant high risk factors), failure to regularly review relationship risk assessments and understand the ownership and control structure of a customer and to identify PEPs.
Further failings extended to over reliance on information provided by relationship managers, outsourcing agreements between the licensee and group counterparty being inadequate, insufficient BRA/Risk Appetite (various aspects), insufficient procedures and controls for preventing and detecting money laundering and terrorist financing (having regard to the assessed risk), not implementing ECDD measures adequately in relation to SOF/SOW and corroboration therein, inadequate procedures to deal with trigger events; and particular reference to Corporate Governance failings, including outsourcing to the Group office without adequate mind, management, and control within the Bailiwick.
Finally, the importance of noting that the outsourcing of the Compliance function is the responsibility of the Board and the necessity to monitor it, noting that the significant failings identified by the Commission’s investigation were not picked up by the Compliance function.
The GFSC in its recent industry presentations outlined that regulatory visits and the forthcoming MONEYVAL visit in 2024 will focus on Corporate Governance and the effectiveness of the AML/CFT framework. Findings in relation to this recent announcement therefore underpin why this degree of regulatory focus is being applied.
In the case of Lutea Holdings Limited and Lutea Trustees Limited, the JFSC sanctioned the companies for breaches of the requirements of the MLO, the AML/CFT code and several Principals of the TCB code. They concluded that the root cause of these breaches was the ineffective Corporate Governance at Board level, its lack of awareness of regulatory requirements and its engendering of an organisational culture without due regard for compliance. Of particular note, is that the Board had not approved any compliance monitoring plans for 2018 and 2019, and that there had been limited ad hoc compliance monitoring testing with no evidence of identified deficiencies being discussed by the Board.
In Malta, a local Forex trader, Triton Capital Markets Limited previously known as FXDD Malta Limited, was fined by the Financial Intelligence Analysis Unit (‘FIAU’) over a series of shortcomings which were identified by the FIAU during an inspection. Some of the deficiencies identified by the FIAU include the following: failure on the part of the licensee to assess the risks of ML/FT arising from its operations, not documenting such assessment, not having a documented customer risk assessment in all the client files reviewed and a number of other shortcomings were also observed by the FIAU in relation to the identification and verification carried out on its clients . The FIAU also noted significant failings in the PEP identification and mitigation procedures applied by the licensee. For these reasons, the FIAU found the licensee to have systemically failed from adhering to several Regulations and therefore awarded the licensee with an Administrative Penalty of two hundred twenty-six thousand, nine hundred and two Euro (€226,902) for the breaches outlined above. The decision was taken after the FIAU concluded that the series of breaches committed by the licensee could have led to the unintentional facilitation of ML/FT..
A Common Theme
The common theme running throughout these cases is the need for an effective Corporate Governance Framework and AML/CFT controls. This extends to ensuring that responsibility for the compliance function, whether outsourced or in-house, is at Board level and that the business has the necessary breadth and depth of experience/capacity to operate effectively in conjunction with the client risk profiles that you have.
The Compliance function requires a diversity of skills in order to take into account regulatory requirements and the types of business and clients in situ. The requirement for an effective compliance officer/MLRO/MLCO, no matter how they are resourced, is paramount, with a broad range of experiences that span across the regulatory spectrum.
Increasingly, in a resource constrained environment, attaining the necessary specialist skills in house is financially challenging for small/medium sized businesses. The benefits of having access to outsourced resources that are effective, proven and trusted within industry whether in performing prescribed roles, or in supporting your in-house prevision with specialist advice with regards to Corporate Governance/AML/CFT effectiveness via an internal audit; are invaluable.
For a discussion on options available to facilitate your requirements, please contact email@example.com in the first instance.