With the end of 2020 when we look forward to a better 2021, the GFSC released another stark reminder of the consequences of not adhering to the AML/CFT requirements. Usually I shake my head when reading such a public statement but this time, quite frankly, my jaw dropped.
On the whole, the findings of such statements over the years generally remind us of the importance of taking note of the observations made after a GFSC’s site visit – and make sure that the concerns raised are rectified before the next such visit. But the saga of the failures of Safehaven and its directors and MLRO are such that they were so severe when first identified, I am not suprised the firm was not given a second chance.
Safehaven International was a typical small business set up in the 1980s having one shareholder who was also the managing director. In 2002, it obtained a full fiduciary licence, its primary business being administering companies owning aircraft and yachts for ultra-high net worths. In every sense of the words, these were high risk relationships. Failure to follow a firm’s own manual in this business is one thing, not adhering to the law is another but when it involves such risky clients, the outcome seriously endangers Guernsey’s reputation.
Yet, whilst the catalogue of failures include the familiar three: lack of source of wealth and funds information, poor quality client risk assessments and missing ECDD, this report lists even more egregious errors than that. There was poor transaction monitoring, the failure to comply with the 2009 Instruction 6 requiring the remedy of CDD deficiencies by 31st March 2010 and even the suspicious activity procedures were inadequate.
A particular example which highlights the lack of oversight is not identifying one client as a PEP for more than 10 years despite four seperate risk reviews noting material information on the client’s status. Another involved basic company administration failures as well as a lack of AML checks as the proceeds from the charters of the administered company’s yacht and its sale at an undervalue was paid into the client’s personal bank account. In 2018 these errors came home to roost not just for the firm but this Island – the client was convicted of fraud and Guernsey named as a location for their bank accounts.
Whilst the outcome of this enforcement action can be traced back to an October 2016 GFSC site visit, it is interesting to note that a 2017 employment tribunal involving Safehaven concluded that “The [AML] training received was limited, generic and relatively infrequent.“ It may even be no coincidence that the event which sparked the successful unfair dismissal claim regarding an unfounded accusation of bribery occured late in September 2016 as preparations for a site visit always clarifies the mind on what the AML Framework requires.
Quality training for employees as we all know is important but this public statement illustrates much more than that. It shows that there are still board members in Guernsey who expect their staff to know what is expected under the AML legislation yet they themselves do not know what it means to be a fit and proper person and what is required to comply with the AML Framework. Indeed, in this case, it appears they didn’t know the very basics required to run a high risk financial services business.
It is interesting that the directors – including non-executive directors – are again held to higher account than the MLRO by virtue of the penalties imposed: penalties which no doubt would have been higher if under the current penalty system and if the indidivuals involved had not co-operated with the GFSC. The directors are, of course, ultimately responsible but it does beg the question at what point should an MLRO or indeed any member of staff notify the GFSC of a serious concern. Whilst there is guidance in the Handbook on when the board is required to notify the GFSC under Rule 2.49, having been at a recent GACO discussion on this topic, it is clear that it would be useful to have more detail on the MLRO and now also the MLCO’s responsibilities in this regard.
That said, it is clear that, in this case, not only was the archetypal dominant individual present but his fellow directors appear to have been in the dark about the overworked and inexperienced MLRO. Blame does lie with the MLRO to some extent but more especially with each member of the Board, one of whom was an ex-MLRO. They did not take their responsibilities seriously or indeed heed the warnings of external compliance advisors during the 2014 remediation project.
Some may say that, even though there was a failure rate of 70%, this was by virtue of a review of only 13 files of which 9 were deficient. But how can the level of files reviewed be criticised when the severity of the failures found included the likelihood that Safehaven International may have been used for transactions involving the proceeds of crime? This would appear to be a staggering example of how a culture of compliance was totally lacking within a board when all the signs were there – not just the red flags but the blue lights too.