In the 27 years between 1987 and September 2014 the Guernsey Financial Services Commission issued five public statements and prohibited four persons from performing functions under the relevant regulatory laws. In contrast, between September 2014 and December 2016 the Commission issued 11 public statements and prohibited 12 persons from performing functions under the relevant regulatory laws.
Lessons for directors arising from recent commission enforcement actions
This briefing note:
- explains why there has been such an increase in enforcement actions in recent years; and
- summarises the lessons directors can learn from the Commission's recent enforcement actions.
Has the quality of Guernsey's regulated businesses declined? Or is there another factor at work? In order to put those questions into context, it is necessary to understand the regulatory significance of the month of September 2014. Before September 2014 the Commission did not have a separate Enforcement Division. Consequently, very few enforcement actions were brought. However, in September 2014, the Commission established a dedicated Enforcement Division, which meant that regulatory actions could be brought by existing or newly-recruited staff with the necessary skills, experience, time and newly determined budget.
In addition, when the Commission published its "Guidance Note on the Decision Making Process" in September 2014, the big reveal was that the Commission would have, for the first time, a panel of "Senior Decision Makers".
These Senior Decision Makers, who are all Queen's Counsel from the U.K., were brought in to ensure independence of decision-making and to remove any possibility of (real or perceived) local bias.
The role of the Senior Decision Makers is to act as a pseudo-judiciary on enforcement actions brought by the Commission. Their job is to review the evidence obtained by the Commission, decide whether or not an enforcement action should proceed and, if the case proceeds, to gather further evidence if necessary and to prepare the Commission's Decision Notice.
Enforcement Actions Since September 2014
How has the Commission exercised its enhanced enforcement capacity since September 2014?
The Commission's published approach to enforcement states that: "Where appropriate, the Commission will address contraventions or misconduct by agreement with the licensee or individual(s) concerned through ordinary supervisory processes and will endeavour to agree the implementation of a remedial action plan to restore that licensee or individual to compliance as soon as possible. ... However, that approach is not always possible."
Anecdotal evidence supports the veracity of this statement in those cases where rectification by agreement is appropriate. Where rectification by agreement is not appropriate, however, the Commission appears to have been largely successful with the enforcement actions it has brought. It is of course necessary to qualify that statement in circumstances where several of the Commission's enforcement actions have been appealed to the Royal Court, where elements of the Commission's approach have received judicial criticism. Such criticism is to be expected as any new system needs time and experience in order to attain equilibrium.
The Commission's enforcement actions can be categorised into two groups, namely "AML" enforcements and "conduct" enforcements.
What went wrong so as to give rise to the AML enforcement cases? The key themes arising from the AML cases appear to be as follows:
- failure to conduct customer due diligence in accordance with the regulations and the rules in the handbook with regards to identifying and verifying all customers, beneficial owners, underlying principals and persons purporting to act on behalf of the customer, in particular individuals to whom a power of attorney had been granted and potential beneficiaries of trusts. In one case the deficiency arose because customer due diligence and risk assessments were being conducted by the London limb of the entity without anyone verifying that such reviews complied with Guernsey law;
- failing to demonstrate that adequate enhanced due diligence had been conducted on high risk clients (particularly with regard to politically exposed persons and high profile individuals who had links to sensitive jurisdictions and those known to be associated with bribery and corruption risks);
- relying on meetings with clients in person as sufficient to satisfy enhanced due diligence requirements (particularly with regard to source of funds and source of wealth where the client was classed as high risk, but documentation was not obtained to evidence that source of funds and source of wealth had been established);
- acting on instructions from clients without full customer due diligence being conducted on all relevant parties to the relationship;
- failure to be satisfied that client due diligence information appropriate to the assessed risk was held in respect of each business relationship;
- failure to undertake and regularly review relationship risk assessments;
- failure to effectively monitor on-going activity and business relationships and not picking up on adverse information relating to clients;
- failure to scrutinise unusual transactions;
- failure to evidence consideration of the suspicion reporting requirements (together with failure to document the reasons for delays in making disclosures to the Financial Intelligence Service); and
- failure to conduct remedial action requested by the Commission following on-site visits. In two of the cases, problems were identified by the Commission in multiple on-site visits over a period of as much as five years, and enforcement proceedings were brought following continued non-compliance.
The lessons directors can learn from these themes are:
- that if you think the cost of AML compliance is expensive, try the cost of non-compliance (i.e. the cost of the penalties imposed after you have breached the law may dwarf the cost of obtaining and implementing the appropriate advice up front);
- that if the Commission identifies an AML issue in an on-site visit and offers the option for rectification by agreement, ensure that you comply with the agreed components of the remedial action plan to the letter; and
- that if you have structured your AML processes correctly up front, monitor AML developments as they occur and instigate relevant changes promptly and work with the Commission in good faith in any AML remediation, you are unlikely to face an AML enforcement action.
What went wrong so as to give rise to the conduct enforcement cases? The key themes arising from the conduct cases appear to be as follows:
- corporate governance failures including:
- failure to monitor delegated powers;
- failure to specify which natural persons would act in respect of a corporate director;
- failing to understand the risk profile of the client and the client's investments;
- having extremely limited (or no) knowledge of the asset class(es) into which the client is investing;
- abdication (either partial or total) of directors' responsibilities to their companies;
- failure to give meaningful consideration to proposed transactions (including the artifice of considering phantom deals – i.e. deals which are intended to be rejected by the board to present the illusion of meaningful consideration);
- irregularities in the process for the correct minuting of meetings;
- having concerns about a matter but failing to implement enhanced compliance procedures or inform the Commission;
- failure to identify and actively and appropriately manage conflicts of interest;
- delays (due to administrator resourcing issues) in the preparation of net asset values;
- the reckless promotion of a high-risk investment which was unsuitable for retail investors;
- the deliberate misappropriation of client funds;
- failure to obtain sufficient information about clients' financial and personal circumstances to adequately assess their ability and willingness to take risks (i.e. in the absence of this information it is not possible to assess whether recommended products were suitable for the client);
- failure to evidence research of the marketplace prior to making a recommendation to clients;
- failure to demonstrate that explanations of products, risks, charges and commissions had been consistently provided in sufficient detail that the client was likely to understand; and
- failure to keep adequate accounting and other records;
- documentary failures including:
- failure to lay down and record responsibilities at board level (for example, in one case there was no record of any decision of the board of the administration company in question accepting its position as a director and shareholder of a group of client companies);
- failure to document delegation of powers;
- back-dating of documents/records and the creation of false board minutes;
- failure to have key documents (such as investment advisory agreements) in place; and
- management failures including:
- failing to exercise oversight functions (such as designated manager requirements to ensure compliance with constitutional documents);
- the failure to deal openly and co-operatively with the Commission; and
- the provision of erroneous answers to Commission enquiries.
The lessons directors can learn from these themes are:
- that if you fail to live up to the standards required by the minimum criteria for licensing and applicable law, for example by deliberately misappropriating client funds and/or giving reckless advice for personal gain, you can and most probably will end up facing a conduct enforcement action. However, this is simply the corollary of conducting business in a well regulated environment and should not come as a surprise to anyone;
- that the probability of facing a conduct enforcement action can
be reduced, and the implications of such an action once it has
started can be mitigated, by:
- ensuring that appropriate professional advice is sought, and followed, in relation to all novel structures and circumstances;
- ensuring that any gaps in documentation are filled prior to acceptance of the relevant mandate;
- ensuring that you understand your client's business and the asset classes they invest into;
- always acting in your client's best interests, including insisting upon sufficient time to give meaningful consideration to proposed transactions and actively managing any conflicts of interest that arise;
- ensuring that accurate, timely and appropriate record keeping remains a constant priority; and
- taking appropriate professional advice as soon as a problem is identified (in a number of cases for example, the Commission criticised (quite rightly) the "back-dating" of board minutes, where the correct approach would have been a board ratification after the relevant event); and
- that if you live up to the standards required by the minimum criteria for licensing and applicable legislation and guidance, and obey the simple rules set out above you are unlikely to face a conduct enforcement action.
In addition to the thematic lessons described above, directors should also be aware of certain non-thematic lessons that certain directors have learned as a result of recent enforcement actions:
- that it is a misconception to think that the Commission will differentiate between executive and non-executive directors (i.e. non-executive directors are not entitled to a lighter fiduciary or regulatory burden simply because they are paid less than the executive directors and spend less time with the business in question than the executive directors);
- that the relief from liability potentially available for Companies Law offences under section 522 of the Companies Law where the director in question has acted honestly and reasonably and ought fairly to be excused, is not replicated under the regulatory laws; and
- the costs and pressures arising from an enforcement action are
often greater than those arising from a civil claim because:
- insurance and indemnification arrangements which apply to civil claims do not always cover regulatory investigations and enforcement actions; and
- the financial implications of a civil claim will often have less permanent implications than the potentially career ending implications of an enforcement action.
The number of Commission enforcement actions has risen recently simply because the Commission now has a well-resourced and appropriately structured Enforcement Division.
The enforcement actions brought by the Commission recently have focused on:
- egregious cases, such as those involving the deliberate misappropriation of client funds or the reckless promotion of a high-risk investments;
- systemic failure cases, such as many of the AML enforcements and those relating to risk profiling and market research failures; and
- reactive cases, where the Commission has brought enforcement actions following the collapse of the business in question.
Following the Commission's success in tackling these egregious and systemic cases, it remains to be seen where the Commission's enforcement focus will lie going forward.
Directors are advised to re-appraise themselves of their fiduciary and regulatory duties and to ensure that the entities which they represent have robust processes and procedures in place to deal with the administration of the business, the management of investor money and the source and utilisation of client wealth.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.