Final Notice
On , the Financial Conduct Authority issued a Final Notice to BASTION CAPITAL LONDON LTD
FINAL NOTICE
To:
BASTION CAPITAL LONDON LTD
1. ACTION
1.1
For the reasons given in this Final Notice, pursuant to section 206 of the Financial
Services and Markets Act 2000 (“the Act”), the Financial Conduct Authority (“the
Authority”) hereby imposes on Bastion Capital London Limited (“Bastion” or “the
Firm”) a financial penalty of £2,452,700.
1.2
Bastion agreed to resolve this matter and qualified for a 30% (Stage 1) discount
under the Authority’s executive settlement procedures. Were it not for this
discount, the Authority would have imposed a financial penalty of £2,837,600 on
Bastion.
2. SUMMARY OF REASONS
2.1
Fighting financial crime is an issue of international importance, and forms part of
the Authority’s operational objective of protecting and enhancing the integrity of
the UK financial system. Reducing and preventing financial crime is one of the key
priorities of the Authority as set out in its published business plan. Authorised firms
are at risk of being abused by those seeking to conduct financial crime, such as
fraudulent trading and money laundering. Therefore, it is imperative that firms
have in place effective systems and controls to identify and mitigate the risk of
their businesses being used for such purposes, and that firms will act with due skill,
care and diligence to adhere to the systems and controls they have put in place,
and to properly assess, monitor and manage the risk of financial crime.
2.2
Between 29 January 2014 and 29 September 2015 (the “Relevant Period”),
a) had inadequate systems and controls to identify and mitigate the risk of
being used to facilitate fraudulent trading and money laundering in relation
to business related to four authorised entities known as the Solo Group,
thereby breaching Principle 3; and
b) breached Principle 2 as it did not exercise due skill, care and diligence in
applying its AML policies and procedures, and in failing to properly assess,
monitor and mitigate the risk of financial crime in relation to business
related to the Solo Group, as set out in this Notice.
2.3
The Solo Clients were off-shore companies including British Virgin Islands (“BVI”)
and Cayman Islands incorporated entities and a number of individual US 401(k)
pension plans previously unknown to Bastion. They were introduced by the Solo
Group, which purported to provide clearing and settlement services as custodians
to clients within a closed network, via a custom over the counter (“OTC”) post-
trade order matching platform in 2014 and a trading and settlement platform in
2015, known as Brokermesh. They were controlled by a small number of
individuals, some of whom had worked for the Solo Group, without apparent access
to funds to settle the transactions.
2.4
On behalf of the Solo Clients, Bastion executed purported OTC equity trades to the
value of approximately £49.03 billion in Danish equities and £22.48 billion in
Belgian equities and received gross commission of approximately £1.55 million.
2.5
The Solo Trading was characterised by a purported circular pattern of extremely
high value OTC equity trading, back-to-back securities lending arrangements and
forward transactions, involving EU equities on or around the last day of cum-
dividend. Following the purported Cum-Dividend Trading that took place on
designated days, the same trades were subsequently purportedly reversed over
3
several days or weeks to neutralise the apparent shareholding positions (the
“Unwind Trading”).
2.6
The purported OTC trades executed by Bastion on behalf of Solo Clients, were
initially conducted via email and a post-trade order matching platform in 2014, and
then in 2015 executed on Brokermesh, which did not have access to liquidity from
public exchanges. Yet the purported trades almost invariably were filled within a
matter of minutes, and represented up to 30% of the shares outstanding in the
companies listed on the Danish stock exchange, and up to 10% of the equivalent
Belgian stocks. The volumes also equated to an average of 41 times the total
number of all shares traded in the Danish stocks on European exchanges, and 23
times the Belgian stocks traded on European exchanges on the relevant last cum-
dividend trading date.
2.7
The Authority’s investigation and conclusions in respect of the purported trading
are based on a range of information including, in part, analysis of transaction
reporting data, material received from Bastion, the Solo Group, and five other
Broker Firms that participated in the Solo Trading. The combined volume of the
Cum-Dividend Trading across the six Broker Firms was between 15 and 61% of the
shares outstanding in the Danish stocks traded, and between 7 and 30% of the
shares outstanding in the Belgian stocks traded. These volumes are considered
implausible, especially in circumstances where there is an obligation to publicise
holders of over 5% of Danish and Belgian listed stocks.
2.8
As a broker for the equity trades, Bastion executed the purported Cum-Dividend
Trading and the purported Unwind Trading. However, the Authority believes it is
unlikely that Bastion would have executed both the purported cum-dividend trades
and purported unwind trades for the same client in the same stock in the same size
trades and therefore it is likely Bastion only saw one side of the purported trading.
Additionally, the Authority considers that purported stock loans and forwards linked
to the Solo Trading are likely to have been used to obfuscate and/or give apparent
legitimacy to the overall scheme. However, Bastion did not execute the purported
stock loans and forwards.
2.9
The purpose of the purported trading was so the Solo Group could arrange for
Dividend Credit Advice Slips (“DCAS”) to be created, which purported to show that
the Solo Clients held the relevant shares on the record date for dividend. The DCAS
were in some cases then used to make withholding tax (“WHT”) reclaims from the
tax agencies in Denmark and Belgium, pursuant to Double Taxation Treaties. In
2014 and 2015, the value of Danish and Belgian WHT reclaims made, which are
attributable to the Solo Group, were approximately £899.27 million and £188.00
million respectively. In 2014 and 2015, of the reclaims made, the Danish and
Belgian tax authorities paid approximately £845.90 million and £42.33 million
respectively.
2.10
The Authority refers to the trading as ‘purported’ as it has found no evidence of
ownership of the shares by the Solo Clients, or custody of the shares and settlement
of the trades by the Solo Group. This, coupled with the high volumes of shares
purported to have been traded, is highly suggestive of sophisticated financial crime.
2.11
Bastion had in place inadequate systems and controls to identify and mitigate the
risk of being used to facilitate fraudulent trading and money laundering in relation
to business related to four authorised entities known as the Solo Group. In addition,
Bastion staff did not exercise due skill, care and diligence in applying AML policies
and procedures and in failing to properly assess, monitor and mitigate the risk of
financial crime in relation to business related to the Solo Group.
2.12
Bastion did not have adequate policies and procedures in place to properly assess
the risks of the Solo Group business, and lacked an appreciation of the risks
involved in the purported equity trading that the Solo Clients were engaged in,
which resulted in inadequate CDD being conducted and a failure to adequately
monitor transactions and to identify unusual transactions. This heightened the risk
that the Firm could be used for the purposes of facilitating financial crime in relation
to the purported equity trading (the “Solo Trading”) executed by Bastion between
2.13
The way these purported trades were conducted in combination with their scale
and volume are highly suggestive of financial crime. The Authority’s findings are
made in the context of this finding and in consideration that these matters have
given rise to additional investigation by other tax agencies and/or law enforcement
agencies, as has been publicly reported.
2.14
In addition to the Solo Trading, Bastion executed a series of trades on behalf of 11
Solo Clients on 18, 19 and 30 June 2014 and 20 May 2015, in German and Belgian
listed stocks. Each of these trades resulted in a single Solo Client (Ganymede
Cayman Ltd, an entity wholly owned by the Solo Group’s controller) making a loss,
and cumulatively resulted in a combined loss of EUR €22,729,508.15 million to the
benefit of the remaining 10 Solo Clients.
2.15
These trades were materially different from the Solo Trading for various reasons as
set out in this Notice. In the days before the transactions took place, some of these
Solo Clients were urgently onboarded at the request of the Solo Group. The trades
were executed using intraday prices, instead of end of day prices and not executed
based on cum-dividend dates.
2.16
Bastion acted as the only executing broker for all of these trades on behalf of the
11 Solo Clients. On each occasion, the trades were reversed by the same clients
within hours, at different prices, meaning a substantial net loss for one client and
profits for the other parties, therefore making the economic rationale for the
transactions unclear and highly suggestive of financial crime.
2.17
Bastion ignored or failed to notice a series of red flags in relation to these sets of
trades it executed on behalf of these 11 Solo Clients, which had no apparent
economic purpose except to transfer funds from the Solo Group’s controller to his
business associates. The circumstances of the onboarding and trading relating to
these Solo Clients ought to have prompted Bastion to adequately consider
associated financial crime risks posed to the Firm.
2.18
The Authority considers that Bastion failed to take reasonable care to organise and
control its affairs responsibly and effectively with adequate risk management
systems, as required by Principle 3, in relation to business related to the Solo
Group. Its policies and procedures were inadequate for identifying, assessing and
mitigating the risk of financial crime posed by the Solo Group business as they:
a)
Failed to establish the requirement for risk assessments to be documented,
as well as to document the rationale for any due diligence measures the firm
waived when compared to its standard approach, in view of its risk
assessment of a particular customer;
b)
Failed to set out adequate processes and procedures for EDD;
c)
Failed to set out adequate processes and procedures for client
categorisation; and
d)
Failed to set out adequate processes and procedures for transaction
monitoring, including how transactions are monitored, and with what
frequency, and set out adequate processes and procedures for how to
identify suspicious transactions.
2.19
The Authority considers that Bastion failed to act with due skill, care and diligence
as required by Principle 2 in that it failed to properly assess, monitor and manage
the risk of financial crime associated with the business related to the Solo Group,
in that the Firm:
a) Failed to properly conduct customer due diligence prior to onboarding,
and consequently failed to identify that the Solo Clients presented a
higher risk of financial crime before they started trading;
b) Failed to gather information to enable it to understand the purpose and
intended nature of the business that the Solo Clients were going to
undertake, the likely size or frequency of the purported trading intended
by the Solo Clients or their source of funds;
c) Failed to undertake and document a risk assessment for each of the Solo
Clients prior to onboarding and trading for the Solo Clients;
d) Failed to complete EDD for any of the Solo Clients despite the fact that
none of the Solo Clients were physically present for identification
purposes and a number of other risk factors were present;
e) Failed to assess each of the Solo Clients against the categorisation
criteria set out in COBS 3.5.2R and failed to record the results of such
assessments,
including
sufficient
information
to
support
the
categorisation, contrary to COBS 3.8.2(2)(a);
f) Failed to conduct transaction monitoring of the Solo Clients’ purported
trades;
g) Failed to recognise numerous red flags with the purported trading,
including failing to consider whether it was plausible and/or realistic that
sufficient liquidity was sourced within a closed network of entities for the
size and volumes of trading conducted by the Solo Clients. Likewise,
failing to consider or recognise that the profiles of the Solo Clients meant
that they were highly unlikely to meet the scale and volume of the
trading purportedly being carried out, and failed to at least obtain
sufficient evidence of the clients’ source of funds to satisfy itself to the
contrary; and
7
h) Failed to recognise numerous red flags arising from the purported
Ganymede trades and adequately consider financial crime and money
laundering risks they posed to the Firm.
2.20
Bastion’s failings merit the imposition of a significant financial penalty. The
Authority considers the failings to be particularly serious because they left the Firm
exposed to the risk that it could be used to further financial crime;
1) Bastion onboarded 327 clients, some of which emanated from jurisdictions
which did not have AML requirements equivalent to those in the UK;
2) Bastion’s AML policies and procedures were not proportionate to the risks in
the Solo business that it was undertaking;
3) Bastion failed to review and analyse the KYC materials that were provided
by the Solo Group properly or ask appropriate follow up questions to red
flags in the KYC materials;
4) Even after a number of red flags appeared, Bastion failed to conduct any
ongoing monitoring, allowing these same clients to purportedly trade
equities totalling more than £71.5 billion;
5) Because Bastion failed to both have and apply appropriate AML systems and
controls in relation to the Solo business, there was an unacceptable risk that
Bastion could be used by clients to launder the proceeds of crime;
6) Bastion executed a series of uneconomic trades, while ignoring numerous
red flags that were highly suggestive of financial crime.
7) Finally, these failings were not identified Bastion.
2.21
Accordingly, to further the Authority’s operational objective of protecting and
enhancing the integrity of the UK financial system, the Authority hereby imposes
on Bastion a financial penalty of £2,452,700.
3. DEFINITIONS
3.1
The following definitions are used in this Notice:
“401(k) pension plan” means an employer-sponsored retirement plan in the
United States. Eligible employees may make pre-tax contributions to the plan but
are taxed on withdrawals from the account. A Roth 401(k) plan is similar in nature;
however, contributions are made post-tax although, withdrawals are tax-free. For
the 2014 tax year, the annual contribution limit was $17,500 for an employee, plus
an additional $5,500 catch-up contribution for those aged 50 and over. For the tax
year 2015, the contribution limits were $18,000 for an employee and the catch-up
contribution was $6,000. For a more detailed analysis, please see Annex C;
“2007 Regulations” or “Regulation” means the Money Laundering Regulations
2007;
“the Act” means the Financial Services and Markets Act 2000;
“AML” means Anti-Money Laundering;
“AML certificate” means an AML introduction form which is supplied by one
authorised firm to another. The form confirms that a regulated firm has carried out
CDD obligations in relation to a client and authorises another regulated firm to
place reliance on it in accordance with Regulation 17;
“AML policy” means Bastion’s ‘Anti Money Laundering and Combating Terrorist
Financing Policy’ dated September 2013;
“Authority” means the Financial Conduct Authority, known prior to 1 April 2013 as
the Financial Services Authority;
“Bastion” means Bastion Capital London Ltd;
“Broker Firms” means the other broker firms who agreed with the Solo Group to
carry out the Solo Trading;
“Brokermesh” means the bespoke electronic platform set up by the Solo Group
for the Solo Clients to submit orders to buy or sell cash equities, and for the Broker
Firms to provide or seek liquidity and execute the purported trading;
“CDD” means customer due diligence measures, the measures a firm must take to
identify each customer and verify their identity and to obtain information on the
purpose and intended nature of the business relationship, as required by Regulation
5;
“Clearing broker” means an intermediary with responsibility to reconcile trade
orders between transacting parties. Typically, the clearing broker validates the
availability of the appropriate funds, ensures the delivery of the securities in
exchange for cash as agreed at the point the trade was executed, and records the
transfer;
“COBS” means the Authority’s Conduct of Business Sourcebook Rules;
“Compliance Manual” means Bastion’s Compliance Manuals dated 1 May 2013
and 6 October 2014, which were applicable during the Relevant Period;
“Cum-dividend” means when a buyer of a security is entitled to receive the next
dividend scheduled for distribution, which has been declared but not paid. A stock
trades cum-dividend up until the ex-dividend date, after which the stock trades
without its dividend rights;
“Cum-Dividend Trading” means the purported trading that the Solo Clients
conducted where the shares are cum-dividend in order to demonstrate apparent
shareholding positions that would be entitled to receive dividends, for the purposes
of submitting WHT reclaims;
“Custodian” means a financial institution that holds customers’ securities for
safekeeping. They also offer other services such as account administration,
transaction settlements, the collection of dividends and interest payments, tax
support and foreign exchange;
“DCAS” means Dividend Credit Advice Slips. These are completed and submitted
to overseas tax authorities in order to reclaim the tax paid on dividends received;
“DEPP” means the Authority’s Decision Procedure and Penalties Manual;
“Dividend Arbitrage” means the practice of placing shares in an alternative tax
jurisdiction around dividend dates with the aim of minimising withholding taxes
(WHT), or generating WHT reclaims. Dividend Arbitrage may include several
different activities including trading and lending equities and trading derivatives,
including futures and total return swaps, designed to hedge movements in the price
of the securities over the dividend dates;
“Double Taxation Treaty” means a treaty entered into between the country
where the income is paid and the country of residence of the recipient. Double
Taxation Treaties may allow for a reduction or rebate of the applicable WHT;
“EDD” means enhanced due diligence, the measures a firm must take in certain
situations, as outlined in Regulation 14;
“European exchanges” means registered execution venues, including regulated
markets, multilateral trading facilities, organised trading facilities and alternative
trading systems encapsulated in Bloomberg’s European Composite;
“Executing broker” means a broker that merely buys and sells shares on behalf
of clients. The broker does not give advice to clients on when to buy or sell shares;
“Financial Crime Guide” means the Authority’s consolidated guidance on financial
crime, which is published under the name “Financial crime: a guide for firms”. In
this Notice, the applicable versions for the Relevant Period were published in April
2013, April 2014, January 2015 (incorporating updates which came into effect on
1 June 2014) and April 2015. The Financial Crime Guide contains “general
guidance” as defined in section 139B FSMA. The guidance is not binding and the
Authority will not presume that a firm’s departure from the guidance indicates that
it has breached the Authority’s rules. But as stated in FCG 1.1.8 the Authority
expect firms to be aware of the Financial Crime Guide where it applies to them, and
to consider applicable guidance when establishing, implementing and maintaining
their anti-financial crime systems and controls;
“Ganymede” means Ganymede Cayman Ltd, a private entity incorporated in the
Cayman Islands and wholly owned by Sanjay Shah, who was also the owner and
controller of the Solo Group.
“Ganymede trades” means a series of trades in German and Belgian stocks
executed by Bastion on 18, 19 and 30 June 2014 and 20 May 2015 on behalf of
eleven clients with connections to the Solo Group.
“Handbook” means the collection of regulatory rules, manuals and guidance issued
by the Authority;
“JMLSG” means the Joint Money Laundering Steering Group, which is comprised
of leading UK trade associations in the financial services sector;
“JMLSG Guidance” means the ‘Prevention of money laundering/combating
terrorist finance guidance for the UK financial sector’ issued by the JMLSG, which
has been approved by a Treasury Minister in compliance with the legal requirements
in the 2007 Regulations. The JMLSG Guidance sets out good practice for the UK
financial services sector on the prevention of money laundering and combating
terrorist financing. In this Notice, applicable provisions from the version dated 20
November 2013 and 19 November 2014 have been referred to.
The Authority has regard to whether firms have followed the relevant provisions of
the JMLSG Guidance when deciding whether a breach of its rules on systems and
controls against money laundering has occurred, and in considering whether to take
action for a financial penalty or censure in respect of a breach of those rules (SYSC
3.2.6E and DEPP 6.2.3G);
“KYC” means Know Your Customer, which refers to CDD and EDD obligations;
“KYC pack” means the bundle of client identity information received, which usually
included incorporation documents, certified copies of identity documents, utility
bills and CVs;
“Matched principal trading” means a transaction where the facilitator interposes
itself between the buyer and the seller to the transaction in such a way that it is
never exposed to market risk throughout the execution of the transaction, with
both sides executed simultaneously, and where the transaction is concluded at a
price where the facilitator makes no profit or loss, other than a previously disclosed
commission, fee or charge for the transaction;
“MLRO” means Money Laundering Reporting Officer;
“OTC” means over the counter trading which does not take place on a regulated
exchange;
“Principles” means the Authority’s Principles for Businesses as set out in the
Handbook;
“Relevant Period” means the period from 29 January 2014 to 29 September
2015;
“SCP” means Solo Capital Partners LLP;
“Solo Clients” means the entities introduced by the Solo Group to Bastion and the
other brokers on whose behalf Bastion executed purported equity trades for some
of the clients during the Relevant Period;
“Solo Group” or “Solo” means the four authorised firms owned by Sanjay Shah,
a British national residing in Dubai, details of which are set out in paragraph 4.6;
“Solo Trading” means purported Cum-Dividend Trading and the purported Unwind
Trading executed for Solo Clients during the Relevant Period;
“Tribunal” means the Upper Tribunal (Tax and Chancery Chamber);
“UBO” means ultimate beneficial owner with “beneficial owner” being defined in
Regulation 6;
“Unwind Trading” means purported trading that took place over several days or
weeks to reverse the Cum-Dividend Trading to neutralise the apparent shareholding
positions;
“Withholding Tax” or “WHT” means a levy deducted at source from income and
passed to the government by the entity paying it. Many securities pay periodic
income in the form of dividends or interest, and local tax regulations often impose
a WHT on such income; and
“Withholding Tax Reclaims” means in certain cases where WHT is levied on
payments to a foreign entity, the WHT may be reclaimed if there is a Double
Taxation Treaty between the country in which the income is paid and the country
of residence of the recipient. Double Taxation Treaties may allow for a reduction or
rebate of the applicable WHT.
4. FACTS AND MATTERS
Bastion
4.1
During the Relevant Period, Bastion was a UK-based brokerage firm, incorporated
in 2004 and authorised by the Authority to deal as a matched principal or agent in
a variety of investment types. It did not have permission to hold positions or client
money and conducted all of its trading on a give-up basis, with clearing and
settlement undertaken by separate FCA authorised entities. Bastion was not
authorised to trade for retail clients and the majority of its top 20 clients during the
Relevant Period were large financial institutions.
4.2
On 7 June 2019, a special resolution that the Firm be wound up voluntarily was
passed and joint liquidators were appointed.
4.3
Bastion’s compliance function was managed internally, although it also received
support from an external compliance adviser who conducted the firm’s Compliance
Monitoring Programme and produced periodic reports on the Firm’s compliance with
rules in the Authority’s handbook. Despite Bastion stating that it also relied upon
the external compliance adviser to flag issues regarding the Firm’s financial crime
risk, in its annual firm-specific risk assessment conducted by the same external
compliance adviser, such risk did not feature.
4.4
However, Bastion’s external compliance adviser has confirmed that its advice was
usually provided on a general basis and was not specific to the Solo business. In
fact, the adviser stated that it was not even aware of Bastion’s ongoing relationship
with Solo until it was referenced in September 2014, eight months after the
commencement of the Solo Trading. The adviser has also stated that it did not see
the transactions that took place, and were dependant on Bastion providing records
to them for review.
4.5
Bastion staff had in place inadequate systems and controls to identify and mitigate
the risk of being used to facilitate fraudulent trading and money laundering in
relation to business introduced by four authorised entities known as the Solo Group.
In addition, Bastion staff did not exercise due skill, care and diligence in applying
AML policies and procedures, and in failing to properly assess, monitor and mitigate
the risk of financial crime in relation to the Solo Clients and the purported trading.
The Solo Group
4.6
The four authorised firms referred to by the Authority as the Solo Group were
owned by Sanjay Shah, a British national currently based in Dubai:
•
Solo Capital Partners LLP (“SCP”) was first authorised in March 2012 and
was a broker.
•
West Point Derivatives Ltd was first authorised in July 2005 and was a broker
in the derivatives market.
•
Old Park Lane Capital Ltd was first authorised in April 2008 and was an
agency stockbroker and corporate broker.
•
Telesto Markets LLP was first authorised on 27 August 2014 and was a
wholesale custody bank and fund administrator.
4.7
During the Relevant Period, SCP, and others in the Solo Group at various stages,
held regulatory permissions to provide custody and clearing services. The Solo
Group has not been permitted to carry out any activities regulated by the
Authority since December 2015 and Solo Capital Partners formally entered
Special Administration insolvency proceedings in September 2016. The three
other entities are in administration proceedings.
Statutory and Regulatory Provisions
4.8
The statutory and regulatory provisions relevant to this Notice are set out in
Annex B.
4.9
Principle 3 requires firms to take reasonable care to organise and control their
affairs responsibly and effectively, with adequate risk management systems.
The 2007 Regulations and rules in the Authority’s Handbook further require firms
to create and implement policies and procedures to prevent and detect money
laundering, and to counter the risk of being used to facilitate financial crime.
These include systems and controls to identify, assess and monitor money
laundering risk, as well as conducting CDD and ongoing monitoring of business
relationships and transactions.
4.10
Principle 2 requires firms to conduct their businesses with due skill, care and
diligence. A firm merely having systems and controls as required by Principle 3
is not sufficient to avoid the ever-present financial crime risk. A firm must also
carefully apply those systems and controls with due skill, care and diligence as
required by Principle 2 to protect itself, and to properly assess, monitor and
manage the risk of financial crime.
4.11
Money laundering is not a victimless crime. It is used to fund terrorists, drug
dealers and people traffickers as well as numerous other crimes. If firms fail to
apply money laundering systems and controls, they risk facilitating these crimes.
4.12
As a result, money laundering risk should be taken into account by firms as part
of their day-to-day operations, including those in relation to the development of
new products, the taking on of new clients and changes in its business profile.
In doing so, firms should take account of their customer, product and activity
profiles and the complexity and volume of their transactions.
4.13
The JMLSG has published detailed guidance with the aim of promoting good
practice and giving practical assistance in interpreting the 2007 Regulations and
evolving practice within the financial services industry. When considering
whether a breach of its rules on systems and controls against money laundering
has occurred, the Authority will have regard to whether a firm has followed the
relevant provisions in the JMLSG guidance.
4.14
Substantial guidance for firms has also been published by the Authority
regarding the importance of AML controls, in the form of its Financial Crime
Guide, which cites examples of good and bad practice, publications of AML
thematic reviews and regulatory notices.
Background of Dividend Arbitrage and the Purported Solo Trading
Dividend Arbitrage Trading
4.15
The aim of dividend arbitrage is to place shares in certain tax jurisdictions around
dividend dates, with the aim of minimising withholding taxes or to generate WHT
reclaims. WHT is a levy deducted at source from dividend payments made to
shareholders.
4.16
If the beneficial owner is based outside of the country of issue of the shares, he
may be entitled to reclaim that tax if the country of issue has a relevant treaty
(a “Double Taxation Treaty”) with the country of residence of the beneficial
owner. Accordingly, dividend arbitrage aims at transferring the beneficial
ownership of shares temporarily overseas, in sync with the dates upon which
dividends become payable, in order that the criteria for making a withholding
tax reclaim are fulfilled.
4.17
As the strategy is one of temporary transfer only, it is often executed using
‘stock lending’ transactions. While such transactions are structured economically
as loans, the entitlement to a tax rebate depends on actual transfer of title. The
legal structure of the ‘loan’ is therefore a sale of the shares, on condition that
the borrower is obliged to supply equivalent shares to the lender at a specified
future date.
4.18
Dividend arbitrage may give rise to significant market risk for either party as the
shares may rise or fall in value during the life cycle of the loan. In order to
mitigate this, the strategy will often include a series of derivative transactions,
which hedge this market exposure.
4.19
A key role of the share custodian in connection with dividend arbitrage strategies
is to issue a voucher to the beneficial owner which certifies such ownership on
the date on which the entitlement to a dividend arose. The voucher will also
specify the amount of the dividend and the sum withheld at source. This is
sometimes known as a Dividend Credit Advice Slip’ or ‘Credit Advice Note’. The
purpose of the voucher is for the beneficial owner to produce it (assuming the
existence of a relevant Double Taxation Treaty), to the relevant tax authority to
reclaim the withholding tax. The voucher generally certifies that 1) the
shareholder was the beneficial owner of the share at the relevant time, 2) the
shareholder had received the dividend, 3) the amount of the dividend, and 4)
the amount of tax withheld from the dividend.
4.20
Given the nature of dividend arbitrage trading, the costs of executing the
strategy will usually be commercially justifiable only if large quantities of shares
are traded.
4.21
The Authority’s investigation and understanding of the purported trading in this
case is based, in part, on analysis of transaction reporting data and material
received from Bastion, the Solo Group, and five other Broker Firms that
participated in the Solo Trading. The Solo Trading was characterised by a circular
pattern of purported extremely large-scale OTC equity trading, back-to-back
securities lending arrangements and forward transactions.
4.22
The Solo Trading can be broken into two phases:
1) purported trading conducted when shares were cum-dividend in order to
demonstrate apparent shareholding positions that would be entitled to receive
dividends, for the purposes of submitting WHT reclaims (“Cum-Dividend
Trading”); and
2) the purported trading conducted when shares were ex dividend, in relation to
the scheduled dividend distribution event which followed the Cum-Dividend
Trading, in order to reverse the apparent shareholding positions taken by the
Solo Group clients during Cum-Dividend Trading (“Unwind Trading”).
4.23
The combined volume of the purported Cum-Dividend Trading across the six
Broker Firms was between 15 and 61% of the shares outstanding in the Danish
stocks traded, and between 7 and 30% of the shares outstanding in the Belgian
stocks traded.
4.24
As a broker for the equity trades, Bastion executed the purported Cum-Dividend
Trading and the purported Unwind Trading. However, the Authority believes it is
unlikely that Bastion would have executed both the purported cum-dividend
trades and purported unwind trades for the same client in the same stock in the
same size trades and therefore it is likely Bastion only saw one side of the
purported trading. Additionally, the Authority considers that purported stock
loans and forwards linked to the Solo Trading are likely to have been used to
obfuscate and/or give apparent legitimacy to the overall scheme. However,
Bastion did not execute the purported stock loans and forwards.
4.25
The purpose of the purported trading was to enable the Solo Group to arrange
for Dividend Credit Advice Slips (“DCAS”) to be created, which purported to show
that the Solo Clients held the relevant shares on the record date for dividend.
The DCAS were in some cases then used to make WHT reclaims from the tax
agencies in Denmark and Belgium, pursuant to Double Taxation Treaties. In
2014 and 2015, the value of Danish and Belgian WHT reclaims made, which are
attributable to the Solo Group, was approximately £899.27 million and £188.00
million respectively. In 2014 and 2015, of the reclaims made, the Danish and
Belgian tax authorities paid approximately £845.90 million and £42.33 million
respectively.
4.26
The Authority refers to the trading as ‘purported’ as it has found no evidence of
ownership of the shares by the Solo Clients, or custody of the shares and
settlement of the trades by the Solo Group.
Bastion’s introduction to the Solo Group business
4.27
Prior to the Relevant Period, Bastion had a pre-existing relationship, trading
futures for SCP between 15 June 2012 and 2 October 2013, although the Firm’s
management was not involved in managing the day to day relationship. In that
instance, Bastion had performed the function of an introducing broker and had
facilitated an arrangement between SCP and one of Bastion’s clearers. SCP had
been a trading client of Bastion and not a custodian with underlying clients.
4.28
At the start of the Relevant Period, Bastion understood SCP to be a successful
hedge fund, which had the potential to be become a large institution. Based on
its previous work with, and knowledge of, SCP, and with a view to obtaining
additional revenue, Bastion was keen to be involved when it was approached by
SCP about a new line of business it was looking to conduct.
4.29
Bastion met with SCP early 2014 to discuss a proposal from SCP whereby Bastion
would execute equity trades on behalf of clients introduced by SCP, and SCP
would clear and settle the trades using its own platform. Bastion did not make
and/or retain any notes of the initial meetings or discussions, but has confirmed
that only onboarding and settlement processes were discussed, and not the
detail of the clearing and settlement, or strategy of the proposed trading.
4.30
Bastion has stated that before the trading commenced it did not have any
understanding about the expected size or frequency of the anticipated trading,
or the level of commission it would generate for the Firm. Additionally, it stated
that it did not know whether the trades would be linked to particular stocks,
dates or markets.
4.31
Bastion signed and returned a custody agreement with SCP on 19 February
2014. A custody agreement with OPL was executed on 31 July 2014 and further
service agreements with each of the Solo Group entities were signed by Bastion
on 27 and 28 January 2015.
Onboarding of the Solo Clients
Introduction to Onboarding requirements
4.32
The 2007 Money Laundering Regulations required authorised firms to use their
onboarding process to obtain and review information about a potential customer
to satisfy their KYC obligations.
4.33
As set out in Regulation 7 of the 2007 Regulations, a firm must conduct
Customer Due Diligence (“CDD”) when it establishes a business relationship or
carries out an occasional transaction.
4.34
As part of the CDD process, first, a firm must identify the customer and verify
their identity. Second, a firm must identify the beneficial owner, if relevant, and
verify their identity. Finally, a firm must obtain information on the purpose and
intended nature of the business relationship.
4.35
To confirm the appropriate level of CDD that a firm must apply, a firm must
perform a risk assessment, taking into account the type of customer, business
relationship, product or transaction. The firm must also document its risk
assessments and keep its risk assessments up to date.
4.36
If the firm determines through their risk assessment that the customer poses a
higher risk of money laundering or terrorist financing then it must apply
Enhanced Due Diligence (“EDD”). This may mean that the firm should obtain
additional information regarding the customer, the beneficial owner to the extent
there is one, and the purpose and intended nature of the business relationship.
Additional information gained during EDD should then be used to further inform
its risk assessment process in order to manage its money laundering/terrorist
financing risks effectively. The information firms are required to obtain about
the circumstances and business of their customers is necessary to provide a
basis for monitoring customer activity and transactions, so firms can effectively
detect the use of its products for money laundering and/or terrorist financing.
Chronology of the onboarding
4.37
On 29 January 2014, the onboarding process commenced for the Solo Clients.
This involved Bastion receiving onboarding requests from the Solo Clients, which
authorised Solo to supply Bastion with the clients’ KYC documents.
4.38
Once Bastion had received the onboarding requests, Solo supplied Bastion with
the corresponding AML certificates or KYC documents which usually contained
company or trust formation documents, photocopies of identity documents and
occasionally CVs of the UBO or authorised representative. Solo also arranged for
tri-partite give-up agreements to be signed between itself, Bastion and the Solo
Clients.
4.39
Throughout the process, Bastion maintained a checklist of the Solo Clients which
showed the stage each client was at within the onboarding process. The initial
list on 13 February 2014 contained 19 clients that had requested to be
onboarded, and by 19 February 2014 there were 80. In an email to Solo on 16
February 2014, Bastion acknowledged that 60 new clients would need to be set
up the next week, however it had not onboarded that number of clients at once
before. Bastion was also not used to having “small hedge funds [like Solo] as a
primary point of on-boarding into the regulatory environment”.
4.40
Given that Bastion did not hold any prior information about the Solo Clients, it
was at the point of onboarding that the Firm first became aware of the names
and jurisdictions of the clients and ought to have noticed that the entities were
a significant departure from its usual institutional and regulated client base.
4.41
By 8 June 2014, Bastion had received onboarding requests from 92 Solo Clients
who were custodied with SCP. Onboarding continued throughout the Relevant
Period, with the number of Solo Clients increasing significantly after OPL became
involved in the Solo Trading from July 2014, and Westpoint and Telesto from
February 2015.
4.42
By the end of the Relevant Period, Bastion had onboarded 327 Solo Clients. The
Solo Clients consisted of 260 US 401(k) pension plans, 61 companies
incorporated in the British Virgin Islands (BVI), the Cayman Islands, Labuan in
Malaysia and Seychelles, plus 6 others incorporated in the UK, Luxembourg,
Germany and UAE. More than half of these entities had been incorporated in
2014.
4.43
Despite such a large number of clients, the majority of the onboarding requests
were sent from a limited number of representatives, which Bastion identified
through the use of colour coding on the client checklists. For instance, a
spreadsheet sent from SCP to Bastion on 4 March 2015 contained the names
and account representatives for 165 clients, broken down across the four
custodian firms. Out of the 165 clients on the list, there were just 17
representatives, each of which had a minimum of 3 clients, with one individual
responsible for 38 US 401(k) pension plans, and another for 25 US 401(k)
pension plans.
4.44
Bastion was also aware from the KYC material that some of the client
representatives were former Solo employees. In fact, a CV within the KYC
materials provided to Bastion showed that an ex-Solo employee was the ultimate
beneficial owner of four of the Malaysian companies. Bastion also received KYC
documents which showed that Sanjay Shah was the UBO and/or former director
of at least one entity that Bastion onboarded.
4.45
CDD is an essential part of the onboarding process, which must be conducted
when onboarding a new client. Firms must obtain and hold sufficient information
about their clients to inform the risk assessment process and manage the risk
of money laundering.
4.46
As part of the CDD process first, under Regulation 5 of the 2007 Money
Laundering Regulations, a firm must identify the customer and verify their
identity. Second, a firm must identify the beneficial owner, if relevant, and verify
their identity. Finally, a firm must obtain information on the purpose and
intended nature of the business relationship.
A. Customer Identification and Verification
4.47
Regulation 20 of the 2007 Money Laundering Regulations requires that firms
establish and maintain appropriate and risk-sensitive policies and procedures
related to customer due diligence, and SYSC 6.3.1 requires that the policies
must be comprehensive and proportionate to the nature, scale and complexity
of its activities.
4.48
During the Relevant Period, Bastion’s policies and procedures relating to client
onboarding, financial crime and AML comprised of several documents including:
•
Anti-Money Laundering (AML) and Combating Terrorist Financing (CTF)
Policy dated September 2013;
•
Compliance Manual dated 1 May 2013;
•
Compliance Manual dated 6 October 2014;
4.49
Bastion’s Compliance Manual required the Firm to obtain satisfactory evidence
of the identity of each customer with whom it had a business relationship. The
policy stipulated that as a minimum this ought to involve identifying the
customer and beneficial owner and verifying their identities, as well as obtaining
information on the purpose and intended nature of the business relationship.
4.50
For private and unregulated corporate entities, such as the Solo Clients, the
documented procedure was that Bastion should verify the identity of directors
or individuals owning more than 25% of the shares or voting rights, or
individuals with principal control over the firm’s assets.
4.51
An alternative approach was set out in an appendix to the Compliance Manual,
which stated that Bastion could rely upon CDD conducted by another financial
institution, in accordance with Regulation 17.
4.52
Regulation 17 permitted firms to place reliance on CDD conducted by other
authorised firms, provided that firm consented to being relied upon, however
the firm placing reliance remained responsible for any failure to apply adequate
CDD. The JMLSG Guidance contained a pro-forma document, also known as an
AML certificate, the provision of which implied that consent had been provided
by the firm relied upon.
4.53
Bastion did engage with its external compliance consultants specifically about
the form of AML certificates who advised that it would need to be as per the
JMLSG Guidance. Bastion agreed with its external compliance consultants that if
the Firm received an “appropriate AML form or appropriate KYC documents from
another FCA entity about a client then we can accept those for AML on-boarding
purposes”.
4.54
In relation to the Solo Clients, Bastion received KYC documents for some, but
only AML certificates for others, although it was unclear to the firm why they
were divided in this way.
4.55
Bastion therefore undertook two separate processes for conducting CDD on the
i) Review of KYC documents
4.56
Bastion’s review of KYC documents was to make sure that each new client was
incorporated and controlled by “acceptable” individuals and raised queries with
the custodian about the accuracy and completeness of the information.
ii) Reliance on AML certificates from the Solo Group
4.57
Bastion accepted AML certificates in lieu of KYC packs for approximately a third
of the Solo Clients. The AML certificates contained the name and address of the
Solo Clients and their beneficial owners, details of the directors, and stated that
the Solo Group entity had conducted the appropriate CDD checks. It also stated
that the certificate would not affect Bastion’s responsibility to comply with
applicable AML regulations.
4.58
AML certificates continued to be received by Bastion throughout the Relevant
Period, the final batch being received in respect of 74 new clients on 6 August
2015. Bastion did request the Solo Group for these clients’ KYC packs following
receipt of AML Certificates. However, the Authority has seen no evidence that
Bastion received any of the requested KYC packs. Nevertheless, some clients
from this batch were onboarded on the same day.
B. Purpose and Intended Nature of a Business Relationship
4.59
As part of CDD, Regulation 5(c) of the 2007 Regulations requires firms to obtain
information on the purpose and intended nature of a business relationship. The
firm should use this information to assess whether a customer’s financial
behaviour over time is in line with expectations, whether or not the client is likely
to be engaged in criminal activity, and to provide them with a meaningful basis
for ongoing monitoring of the relationship.
4.60
Regulation 20 of the 2007 Money Laundering Regulations requires that firms
establish and maintain appropriate and risk-sensitive policies and procedures
related to customer due diligence, and SYSC 6.3.1R requires that the policies
must be comprehensive and proportionate to the nature, scale and complexity
of its activities.
4.61
Bastion’s Compliance Manual required the Firm, in relation to corporate clients,
to obtain “sufficient additional information on the nature of company’s business,
and the reasons for seeking the product or service”.
4.62
Although not referred to in its compliance policies, Bastion had two ‘Know your
client forms’ (one for individuals and one for corporate clients) for staff at the
Firm to complete. The first question on both of the forms was ‘what is the
purpose and reason for the client wishing to open the account?’. Others included
‘what are the client’s objectives in entering into this account?’ and ‘what is the
projected volume of business?’. Although these forms existed and were sent to
other clients, Bastion did not send them to the Solo Clients and so did not obtain
details about the purpose and intended nature of the Solo business from the
Solo Clients.
4.63
Despite the questions on the form, Bastion has denied that it would normally
discuss with clients the expectations of the sort of trading they would look to be
doing or any limits they had, on the basis that “size is good” and “you don’t go,
‘Oh, this guy’s doing too much size, you know. This is a problem, this is
suspicious’…”
4.64
As the Solo Clients were a significant departure from Bastion’s usual client base
(see paragraph 4.40), it was particularly important for the Firm to understand
the nature and purpose of the intended trading. As a result of not enquiring with
the Solo Clients about the nature and expected volumes or sizes of trading,
Bastion had insufficient information on which to adequately evaluate whether
the trading was in line with expectations and to identify unusually large
transactions. This left Bastion exposed to the risk of facilitating financial crime,
notwithstanding that the Firm did not hold client money.
4.65
The JMLSG Guidance also states, “if a firm cannot satisfy itself as to the identity
of a customer; verify that identity; or obtain sufficient information on the nature
and intended purpose of the business relationship, it must not enter into a new
relationship and must terminate an existing one”. Despite the obvious issues
with the lack of information available to Bastion about the nature and intended
purpose of the business relationship, it onboarded 327 Solo Clients.
Risk assessment
4.66
As part of the onboarding and due diligence process, firms need to undertake
and document risk assessments for every client. Such assessments should be
based on information contained in the clients’ KYC documents.
4.67
Conducting a thorough risk assessment for each client assists firms in
determining the correct level of CDD to be applied, including whether EDD is
warranted. If a customer is not properly assessed, firms are unlikely to be fully
apprised of the risks posed by each client, which increases the risk of financial
crime.
4.68
Under Regulation 20 of the 2007 Regulations, firms are required to maintain
appropriate and risk-sensitive policies and procedures related to risk
assessments and management.
4.69
Bastion’s AML policy set out its risk based approach to managing money
laundering risks, which was focussed on the risks presented by the firm’s
customer base; products; delivery channels and geographical areas of operation.
4.70
Bastion’s policies and procedures failed to establish the requirement for risk
assessments to be documented. Documentation of risk assessments is
necessary to demonstrate the basis upon which they are being made, to keep
these assessments up to date and to provide appropriate risk assessment
information to authorities. Bastion’s policies also failed to set out that Bastion
should document the rationale for any due diligence measures it waived when
compared to its standard approach, in view of its risk assessment of a particular
customer.
4.71
In any event, Bastion did not conduct or record risk assessments for any of the
Solo Clients pursuant to its AML policy and/or its Compliance Manual.
4.72
The only type of risk assessment Bastion conducted across its client-base, was
within the documents for its ‘Risk Based MiFID Compliance Monitoring
Programme’. Here, Bastion classed all its clients as ‘low risk’ on the basis that
either: “most clients are authorised by the FCA or equivalent”, which was
something Bastion knew not to be true in relation to the Solo Clients; or because
“all clients are traded on give up agreements with a clearer…[and] must have
cleared the AML requirements of the clearing broker” which was not a criteria
set out in the risk classification diagram or within the Firm’s AML policy. This
classification was inconsistent with the wording of Bastion’s AML policy, which
stated that “generally our AML/CTF risk would be medium and high.”
4.73
Bastion did not conduct sufficient analysis to determine whether the Solo Clients
posed a higher risk of financial crime. Even a brief analysis shows the following
risk factors:
•
Bastion had no former relationship with the Solo Clients and failed to obtain
information regarding the nature of the business each client was going to
undertake. Therefore, Bastion did not have a profile against which to base
an assessment of their purported trading for the purposes of ongoing
monitoring.
•
The Solo Clients’ KYC material showed that almost all of the clients had just
a single director, shareholder and/or beneficiary.
•
In addition to none of the Solo Clients being regulated, the vast majority of
them were based in countries outside the EU with no assumed regulatory
equivalence.
•
The Solo Clients were introduced by the Solo Group, where there was a
possibility of a conflict of interest as some UBOs were former employees of
SCP. Bastion relied on AML certificates provided by Solo for their ex-
employees. Because of Solo Group’s relationship with their former
employees, Solo Group was not in a position to provide an unbiased view.
•
Over half of the Solo Clients were US 401(k) pension plans, linked to trusts,
which were classed in Bastion’s AML policy as higher-risk vehicles for money
laundering, especially if set up in a non-EEA country. The JMSLG has noted
that “some trusts established in jurisdictions with favourable tax regimes
have in the past been associated with tax evasion and money laundering.”
•
Additionally, Bastion had no awareness of how US 401(k) pension plans
operated, the rules for establishment, or the limits for investment.
•
None of the Solo Clients were physically present for identification purposes
as the onboarding process was conducted via email. This is identified in the
2007 Regulations as being indicative of higher risk and therefore firms are
required to take measures to compensate for the higher risk associated with
these clients.
•
The Solo Clients purportedly sought to do OTC equity trading which under
the JMSLG guidance needs a more considered risk based approach and
assessment.
•
The transactions subsequently undertaken by Bastion on behalf of the Solo
Clients were larger than the equity transactions it executed for institutional
clients.
4.74
The Authority has not seen any evidence that Bastion assessed the risks posed
by each Solo Client on an individual basis or that it documented the risk factors
pertinent to each client or how they could be mitigated.
EDD
4.75
Firms must conduct EDD on customers which present a higher risk of money
laundering, so they are able to judge whether or not the higher risk is likely to
materialise.
4.76
Regulation 14(1)(b) states that firms “must apply on a risk-sensitive basis
enhanced customer due diligence and enhanced ongoing monitoring in any . . .
situation which by its nature can present a higher risk of money laundering or
terrorist financing.” The 2007 Regulations further require firms to implement
EDD measures for any client that was not physically present for identification
purposes.
4.77
Regulation 20 of the 2007 Regulations requires firms to maintain appropriate
and risk-sensitive policies and procedures related to customer due diligence
measures, which includes enhanced due diligence. SYSC 6.3.1R further requires
that the policies must be comprehensive and proportionate to the nature, scale
and complexity of its activities.
4.78
Bastion’s AML policy required the Firm to conduct “enhanced levels of customer,
product, geographical location and transaction due diligence” for all higher risk
customers, and review the use of the accounts and transactions undertaken.
Higher risk entities were described in the policy as being companies not
incorporated in the UK/EU, or ones that had an opaque structure, or if the entity
was cash driven such as a casino or bureau de change. The Compliance Manual
also mandated that EDD was required in three specific types of relationship,
including where the customer was not physically present for identification
purposes; in respect of a correspondent banking relationship; and in respect of
a business relationship or occasional transaction with Politically Exposed
Persons.
4.79
A training presentation delivered to staff at Bastion by its external compliance
advisers in January 2015 also stated that EDD was mandated for higher risk
customers, including “clients you do not physically meet”, which would have
included the Solo Clients.
4.80
Bastion’s policies were deficient in that they did not provide a consistent
definition of higher risk customers, or a documented process which explained
step-by-step how to handle higher risk clients and how to undertake EDD in
order to be satisfied that Bastion had countered the risk of money laundering in
each occasion. The only procedure referred to in the AML policy that was drafted
to apply to all higher risk entities was a requirement to verify the identity of all
directors and shareholders with an interest over 25%, albeit it was the Firm’s
standard policy to obtain this information for at least two directors and all
shareholders with an interest over 25% for every client.
4.81
Aside from the above reference to verification, the EDD procedures within
Bastion’s compliance documents only related to specific circumstances. For
example, the Compliance Manual only stipulated additional documents or
verification methods which could be used in relation to non face-to-face client
relationships and trust accounts. The AML policy also required the Firm to gain
“an understanding of the source of funds” only in relation to ‘unregulated funds’,
which itself was an undefined term. This piecemeal approach created a risk that
adequate EDD would not be applied consistently in relation to customers that
presented other high risk factors.
4.82
Furthermore, no guidance was given as to what would constitute “customer,
product, geographical location and transaction due diligence”.
4.83
Given that Bastion did not meet a single Solo Client, the Firm was required to
implement EDD. However, even if the clients had been present during the CDD
process, for the reasons set out in paragraph 4.73, a number of risk factors
indicated that the Solo Clients may have presented a higher risk of money
laundering, and therefore Bastion ought to have applied EDD by obtaining
additional information about the clients and the proposed trading.
4.84
In view of the connections between some of the Solo Clients and the Solo Group,
Bastion should have recognised the risks that this posed and should have taken
steps to mitigate the risk, for example, by undertaking independent enquiries
on the sources of funds for the Solo Clients to ensure that they were not still
financially connected to the Solo Group as employees, and had sufficient funds
to conduct the anticipated trading.
4.85
Bastion also failed to apply a reasonable level of scrutiny as to the plausibility of
the Solo Clients being able to conduct professional trading, particularly in
relation to the level of funds that they would need to hold. An example of a client
that was onboarded by Bastion was a 401(k) pension plan where an identity
document showed that the sole beneficiary was a 18-year-old college student.
The individual was also the sole beneficiary for four other pension plans
onboarded by Bastion. Instead of making enquiries as how the beneficiary had
sufficient funds and experience to conduct trading as a per se professional client,
the purpose of such trading, or his reason for having five 401(k) Pension Plans,
Bastion simply relied upon the fact that the client had been “qualified by an FCA
firm”.
4.86
The Firm also considered that it was possible that the trades were leveraged in
some way, or that the funding may have been provided by the Solo Group. Other
than these assumptions, the Firm had no actual knowledge of the source of funds
apparently available to any of the Solo Clients and did not take any steps to
obtain this information, even after trading had commenced and the volumes
involved had become apparent.
4.87
Part of the onboarding process also includes categorising clients according to the
COBS rules, which is a requirement additional and separate to carrying out risk
assessments. Pursuant to COBS 3.3.1R, firms must notify customers of their
categorisation as a retail client, professional client or eligible counterparty.
Authorised firms must assess and categorise clients based on their level of
trading experience, risk knowledge and access to funds, in order to ensure
suitable products are offered. Proper application of the rules also ensures that
firms only act for clients within the scope of their permissions. Firms are required
to notify clients as to the categorisation made by the Firm. Pursuant to COBS
3.8.2R, firms must also keep records in relation to each client, including
sufficient information to support that categorisation.
4.88
During the Relevant Period, Bastion was authorised to deal as an agent for
professional clients and eligible counterparties, which are types of clients that
are considered to have experience, knowledge, and expertise to make their own
investment decisions. Bastion was aware that it could not accept clients unless
they were in one of these categories. There are two types of professional clients:
per se professionals and elective professionals. Each of these categories has
prescriptive criteria, as listed in the COBS rules.
4.89
Bastion’s Compliance Manual contained its policy regarding client categorisation,
however, it did not set out or explain a clear procedure that should be used, or
the types of information and evidence Bastion was required to obtain to verify
the status of its clients. Further, there was no procedure requiring Bastion to
document the categorisation given to clients in accordance with COBS 3.8.2R,
including the basis upon which the decision was made, with reference to the
appropriate information gathered and reviewed.
4.90
Instead of categorising the Solo Clients according to its policy and the COBS
rules, Bastion sought advice from its external compliance consultant about
whether it could rely upon the categorisation of the clients given by the Solo
Group, so that it would not “need to go through the classification procedure by
looking at trading experience and assets etc”.
4.91
Bastion received inaccurate advice that this was permissible and subsequently
made a request to Solo for its client categorisation letters. When Solo questioned
why the letters were needed, Bastion reiterated the advice it had received and
asked for an email confirming the client name and categorisation as an
alternative option. When it did not receive a reply, Bastion emailed Solo stating
that it would “assume that Solo is classifying all clients as per se professional
unless…advised otherwise when the aml kyc is sent over". Bastion did not
independently verify this categorisation with the clients.
4.92
Bastion was not able to recall any instances, other than in relation to the Solo
Clients, when it had sought to rely upon another firm’s categorisation in this
way. Nevertheless, after sending the above email to Solo, Bastion commenced
issuing client categorisation letters to the Solo Clients confirming their status as
per se professionals. Although the letters asked the Solo Clients to confirm they
had read and accepted the terms of the categorisation, the cover emails stated
that Bastion would assume the letters were acceptable, unless it heard
otherwise. There was no attempt by Bastion to determine if the Solo Clients
actually met the rules set out in COBS, or to comply with the assessment process
in its policy.
4.93
It is not clear from Bastion’s records on what basis it believed the Solo Clients
could be categorised as per se professionals, other than the fact that Solo was
not permissioned to trade on behalf of retail clients.
4.94
For the type of business conducted by Bastion, per se professional clients would
include authorised firms, government bodies, institutional investors or large
undertakings meeting two of: a balance sheet total of EUR 20,000,000; and/or
a net turnover of EUR 40,000,000; and/or own funds of EUR 2,000,000.
4.95
From the limited KYC material provided to Bastion, it would have been evident
that a large proportion of the Solo Clients were personal pension plans with
single beneficiaries and therefore not institutions. Bastion was also aware that
the Solo Clients were not regulated entities. Notwithstanding this, even if Bastion
had considered that the first limb of the test was met, it is noted that they did
not seek any information to enable them to assess whether the second limb was
met, such as evidence from the Solo Clients about their level of wealth, sufficient
to judge whether they met the financial thresholds.
Ongoing monitoring
4.96
Regulation 8(1) requires firms to conduct ongoing monitoring of the business
relationship with their customers. Ongoing monitoring of a business relationship
includes scrutiny of transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to ensure that the
transactions are consistent with the firm’s knowledge of the customer, his
business and risk profile.
4.97
Monitoring customer activity helps identify unusual activity. If unusual activities
cannot be rationally explained, they may involve money laundering or terrorist
financing. Monitoring customer activity and transactions that take place
throughout a relationship helps firms know their customers, assists them to
assess risk and provides greater assurance that the firm is not being used for
the purpose of financial crime.
Transaction monitoring
4.98
As part of a firm’s ongoing monitoring of a client relationship, Regulation 8
requires that firms must scrutinise transactions undertaken throughout the
course of the relationship (including, where necessary, the source of funds) to
ensure that the transactions are consistent with the relevant person’s knowledge
of the customer, his business and risk profile.
4.99
Furthermore, Regulation 14(1) states that enhanced ongoing monitoring must
be applied in situations, which can present a higher risk of money laundering or
terrorist financing.
4.100 Regulation 20 requires firms to have appropriate and risk-sensitive policies and
procedures related to ongoing monitoring. These policies must include
procedures to identify and scrutinise: 1) complex or unusually large
transactions; 2) unusual patterns of activities which have no apparent economic
of visible lawful purpose; and 3) any other activity which the relevant person
regards as likely by its nature to be related to money laundering or terrorist
financing.
4.101 Bastion’s AML Policy stated that monitoring customer activity would include
“reviewing transactions undertaken throughout the course of the customer
relationship to ensure that transactions are consistent with the customer’s
business and risk profile”. The policy also stated that the process would only be
carried out in relation to higher risk customers and so should have applied to
the Solo Clients for the reasons stated in paragraph 4.73.
4.102 The policy was deficient as it did not set out any procedures regarding how, or
the frequency with which, client activity should have been monitored, even for
higher risk clients, which created a risk that transaction monitoring would not
be conducted consistently or at all.
4.103 Bastion did not have an electronic surveillance system and so its trade
monitoring process was reliant on the management team being involved in the
trading process, who could monitor transactions “in real time”. Bastion has
informed the Authority that it monitored transactions for market abuse and for
incorrect pricing provided to clients, however the Authority has not seen any
records suggesting that the Firm checked whether the transactions were
consistent with the profile of the Solo Clients, for the purpose of identifying
money laundering risk.
4.104 Furthermore, Bastion did not compare the amount it had traded in the Danish
and Belgian stocks to the volumes conducted on exchange, as it considered that
market surveillance was not its responsibility and that other market participants
would do it within the ‘market transaction reporting arena’.
4.105 Bastion did not consult its external compliance advisers on whether its
monitoring system (which did not include any monitoring for AML purposes) was
appropriate for the volume of trades that the Firm was conducting. Furthermore,
no records were kept of information provided to the external compliance advisers
during their monthly visits to the Firm as part of the Compliance Monitoring
Programme. The external compliance advisers have also confirmed that very
little advice was given during the course of its relationship with Bastion relating
specifically to the Solo business and that it never saw any of the transactions
that took place. It was also not consulted about whether any of the transactions
could be suspicious.
4.106 It is therefore unlikely that the compliance advisers were fully apprised of the
scale of the trading executed for the Solo Clients and the associated money
laundering risks. In any event, Bastion remained responsible for ensuring
compliance with the relevant rules in the event of compliance outsourcing.
4.107 During the Relevant Period, Bastion purportedly executed high volume Cum-
Dividend trades for the Solo Clients worth approximately £49 billion in Danish
equities and £22 billion in Belgian equities, and received commission of £1.55
million, which made up 26% of Bastion’s total revenue for the Relevant Period.
4.108 Bastion started executing the purported trades on behalf of the Solo Clients on
26 February 2014. The trades were initially purportedly cleared by SCP, although
it was extended to other entities of the Solo Group from July 2014 onwards.
4.109 From 26 February 2014, orders were placed via email and the purported trades
were executed using a post-trade order matching platform that relied on the
brokers uploading trade details into spreadsheets before they were approved by
the custodians.
4.110 From 25 February 2015, the order and trading process was automated using a
system called Brokermesh. This was an electronic platform, developed by an
entity associated with the Solo Group, which generated trade orders from clients
and sourced and matched liquidity amongst the Solo Clients and brokers
including Bastion. The purported trading on the platform was conducted via an
automated process whereby once an order appeared on the system, a broker
would seek liquidity from the Solo Clients available on the system. Then, once
the liquidity was established, the order would be matched subject to trade
authorisation from the relevant custodian.
4.111 Liquidity on the Brokermesh platform was sourced from a closed network
consisting only of Solo Clients, of which Bastion onboarded 327 during the
Relevant Period. Nevertheless, Bastion has recollected that liquidity was virtually
always found, and whilst the time varied, liquidity was generally found within
one day.
4.112 Bastion considered that Brokermesh was similar to other trade settlement
platforms on the market. However, the functionality differed from other
legitimate trading platforms as trading records were wiped from Bastion’s view
the day after the trades took place, and so it was necessary for the Firm to retain
its own records.
4.113 In one instance, on 30 March 2015 Bastion was purportedly able to source
liquidity to buy shares in a Danish listed stock within six minutes for a trade that
represented over 4 times the volume of shares traded in that stock on European
exchanges on that date. In total that day, for the same stock, Bastion
purportedly executed trades approximately 97 times the number of shares
traded on all European exchanges.
A. Trade sizes
4.114 During the Relevant Period, Bastion purportedly executed Cum-Dividend Trading
to the value of approximately £49.03 billion in Danish equities and £22.48 billion
in Belgian equities on behalf of Solo Clients.
4.115 Analysis of the Cum-Dividend Trading reveals the following:
•
Between February 2014 and August 2015, Bastion purportedly executed orders
on behalf of Solo Clients in 16 listed Danish stocks over 22 cum-dividend dates.
An average of 14.98% of the outstanding shares in each stock was traded,
which were cumulatively worth a total of £49 billion. The volumes also equated
to an average of 40 times the total number of all shares traded in those stocks
on European exchanges.
•
Between February 2014 and August 2015, Bastion purportedly executed orders
on behalf of Solo Clients in 15 listed Belgian stocks over 14 cum-dividend dates.
An average of 5.81% of the outstanding shares in each stock was traded, which
were cumulatively worth a total of £22 billion. The volumes also equated to an
average of 22 times the total number of all shares traded in those stocks on
European exchanges.
4.116 The Authority considers that it is significant for market surveillance and visibility
that individual trades were below the applicable disclosable thresholds. For
example, Section 29 of the Danish Securities Trading Act required shareholders
holding over 5% of Danish-listed stock to be publicised. Similarly Belgian law
requires pursuant to Article 6 of the ‘Law of 2 May 2007 on disclosure of major
holdings in issues whose shares are admitted to trading on a regulated market
and laying down miscellaneous provisions’ requires holders of more than 5% of
the existing voting rights to notify the issuer and the Belgian Financial Services
Markets Authority of the number and proportion of voting rights that he/she
holds.
4.117 Bastion has confirmed that it was aware of the large size of the trading, but did
not consider whether the size and volume of the transactions were in line with
expectations of the Solo Clients. In this context, it believed that ‘no trade was
too big’ and that large trade sizes could not be indicative of market abuse.
Furthermore, the Firm did not consider that it was part of its role to consider
whether trades were too large for the customer type. This was notwithstanding
that the purported trades for the Solo Clients were larger that the Firm had
executed for its institutional clients.
4.118 A possible explanation suggested by Bastion for the large sizes of the purported
trades was that they were highly leveraged, however there is no evidence that
Bastion was told by the Solo Group or the Solo Clients that the trades would be
leveraged.
4.119 Bastion has stated that it would check the volumes of shares it had purportedly
traded against the number of shares outstanding in the market on a daily basis,
and was aware that they regularly exceeded 8%. However, the volumes did not
concern the firm as it considered that an unrealistic volume would be “maybe
101%”. Instead, the firm took comfort from the fact that the high volume trades
were transaction reported by a FCA regulated firm and continued over a period
of 18 months.
4.120 The issue that did concern Bastion once trading commenced was the level of
commission received, which was dependent upon the brokerage level and
volume. Bastion was not concerned with other aspects of the trading including
the impact the trades had on the market on either an individual or cumulative
basis.
4.121 Bastion took the view that because they were executing brokers, and the trades
were subject to custodian approval, the size of trades was not their risk
responsibility. Although execution-only broking may have reduced counterparty
risk, all regulated firms must consider and mitigate the risk that they could be
used to facilitate financial crime, even if client monies do not flow through the
firm.
4.122 As the Firm perceived that it bore no risk of loss, it failed to recognise more
general risks, including financial crime risk, which applies to all regulated firms.
Consequently, there is no evidence that the Firm appreciated the potential risk
that the Firm might be used to ‘further money laundering’. The Authority has
published considerable guidance on managing the risk of financial crime,
particularly in its Financial Crime Guide which was first published in December
2011 and which Bastion ought to have been aware of.
B. Trading Red Flags
4.123 Once the purported Solo Trading commenced, a number of red flags in relation
to the trading ought to have alerted Bastion to the risk that it could be used for
the purposes of financial crime and prompted it to obtain explanations from the
Solo Group or the Solo Clients on a number of matters, decline to execute
particular trades, or cease its trading relationship with the Solo Clients:
•
The Solo Clients placed extremely high value trades, yet most of them
had only been recently incorporated, were based in non-EU/EEA
countries and in a number of instances, were managed or owned by a
single shareholder and/or UBO or former employees of the Solo Group.
•
For the recently incorporated 401(k) pension plans, the value of the
purported trades far exceeded the investment amounts which could
reasonably have accrued given the annual contribution limits and limited
number of ultimate beneficial owners, which should have alerted Bastion
as to the unrealistic nature of the trades.
•
The Solo Group purported to have sourced a custom automatic trade
matching and settlement platform from an entity owned by Mr Shah.
Brokermesh was able to locate liquidity for OTC trades worth over £36.5
billion that were purportedly executed by Bastion, even though access
to the platform was limited to a closed pool of clients introduced to the
Brokers Firms by the Solo Group.
•
Bastion purportedly traded an average of 14.98% of the shares
outstanding in the market on major listed Danish stocks, in
circumstances where share ownership over 5% required publication.
This was an average of 40 times higher than were reported on European
exchanges for the same Danish stocks.
4.124 Bastion failed to identify or mitigate any red flags arising from the Solo Trading
and as a consequence of this, failed to sufficiently address the risk that it might
be used for the purposes of financial crime.
The Ganymede trades
4.125 As part of assessing how the Firm might likely be used for the purposes of money
laundering and financial crime, Bastion was required to assess the risks posed
by its clients’ trading behaviours, particularly in instances where there was no
apparent economic or lawful purpose.
4.126 Firms must have adequate policies and procedures, systems and controls which
provide for the identification and scrutiny of complex or large transactions;
unusual patterns of transactions which have no apparent economic or visible
lawful purpose; and any other activity which may be related to money
laundering.
4.127 As set out in further detail below, on 18, 19 and 30 June 2014 and 20 May 2015,
Bastion executed a series of trades in German and Belgian listed stocks on behalf
of 11 Solo Clients. Together these trades (the “Ganymede trades”) resulted in a
single client entitled Ganymede Cayman Ltd (“Ganymede”), owned by Sanjay
Shah, making a loss of EUR €22,729,508.15 million to the benefit of the
remaining 10 clients. The Ganymede trades had no apparent economic purpose
except to transfer funds from a Sanjay Shah controlled entity to his associates
and individuals connected with the Solo Group.
4.128 The Ganymede trades materially differed from the Solo Trading for the following
reasons, as they:
a) were not executed based on cum-dividend dates;
b) were executed using intraday prices, instead of end of day prices;
c) were executed on behalf of a small number of new clients to Bastion,
from high risk jurisdictions, who were ‘urgently’ onboarded at the
request of the Solo Group in the days before the transactions took place;
d) were reversed by the same clients within hours, at different prices,
meaning a substantial net loss for one client and profits for the other
parties, therefore making the economic rationale for the transactions
unclear and/or highly suggestive of money laundering.
e) trades had been carried out between clients with Bastion as the only
broker executing the buy and sell orders.
Chronology of the Ganymede Trades
4.129 On 16 June 2014, Bastion received onboarding requests from four new clients,
as set out below.
•
Client A was a private company that had been incorporated in the British
Virgin Islands on 3 June 2014. The sole director and shareholder of Client A
was a Dubai based individual who had held a senior position at SCP. The
email from SCP attaching the KYC documents stated that it was an ‘urgent
onboarding’.
•
Client B was a private company that had been incorporated in the British
Virgin Islands on 5 June 2014. The CV supplied for the director of Client B
showed that he was a current employee of SCP. The email from SCP
attaching the KYC documents stated that it was an ‘urgent onboarding’.
•
Client C was a private company incorporated in the Cayman Islands on 18
February 2013. The client’s KYC documents showed that one of the two
directors was 21 years old and had a total of four months experience
working at a financial services firm that was subsequently purchased by the
Solo Group on 6 July 2015. The email from SCP attaching the KYC
documents stated that it was an ‘urgent onboarding’.
•
Client D was a private company that had been incorporated in the Cayman
Islands on 4 October 2013. The sole director and shareholder was a Dubai
based individual. The email from SCP attaching the KYC documents stated
that it was an ‘urgent onboarding’.
4.130 On 17 June 2014, Bastion received onboarding requests from a further three
clients:
•
Client E was a private company incorporated in the Seychelles on 28 April
2014. The sole director and shareholder was an individual who held a senior
position at SCP until 2013.
•
Client F was a private company incorporated in the Seychelles on 25 March
2014. The sole director and shareholder was a Hong Kong based individual
who was a current employee of SCP.
•
Ganymede was a private company incorporated in the Cayman Islands on
16 June 2010. The sole director and shareholder was Sanjay Shah.
4.131 Bastion stated that it felt pressured by SCP to urgently onboard these clients,
particularly as it was told that one of the client entities was owned by Sanjay
Shah. On the morning of 18 June 2014, Bastion confirmed to SCP that it had
onboarded six of the entities but was yet to receive KYC documents for Client F.
SCP thanked Bastion for onboarding the entities so quickly and sent the
remaining KYC documents to the Firm at 09:16 on 18 June 2014.
4.132 Three hours later, between 12:49 and 13:29, Bastion received a series of trade
orders via email from Clients A to F requesting to buy equity shares in varying
volumes in a German listed stock (“German stock A”). All of the orders requested
an identical specific intraday purchase price of €160.1, which was around the
same as the market closing price on 17 June 2014 of €160.12, but below the
exchange price at 12:49 of €160.95. One of the orders from Client E was written
as if the trade had already been agreed, which was also suggestive of the co-
ordinated nature of the trades. It stated “[Client E] buys [German stock A],
668,521 160.1”. This was subsequently corrected by the client, who re-sent the
order in a “more cleanly written” format.
4.133 At 13:12, Bastion sought liquidity from Ganymede and stated “I have some form
on [German stock A], are you in the market today for this?” A few minutes later
another email from Bastion to Ganymede stated “I need to buy 3303496, can
you show me an offer please?”. At 13:47 Ganymede responded and stated that
it could sell 3,964,905 shares at a price of €160.10. This in fact corresponded to
the total number of shares in German stock A requested by Clients A to F and
at the requested identical specific intraday purchase price of €160.1.
4.134 At 14:23, approximately an hour after the trades had been agreed, Ganymede
indicated that it wanted to buy back the 3,964,905 shares in German stock A,
equivalent to the amount it had just sold. Bastion approached Clients A to F who
all replied agreeing to sell the shares they had just purchased. Five of the six
clients proactively offered an identical price of €160.97, which was accepted by
Ganymede. This price was €0.87 above the price Ganymede had sold the shares
for, but was below the current exchange price of €161.05. At 15:10, Bastion
confirmed to Ganymede that it had purchased all 3,964,905 German stock A
shares at a price of €160.97.
4.135 The result of the trading was that Ganymede sold 3,964,905 shares in German
stock A for consideration of €634,781,290.50 to six clients (Clients A to F). It
then re-purchased the same shares an hour later at a higher price for
consideration of €638,230,757.85, resulting in a net loss to Ganymede of
€3,449,467.35, to the benefit of Clients A to F.
The timing of the orders was as follows:
Time of
order
Seller
Quantity
Unit
Price
(€)
Consideration (€)
12:49:53
Client E
13:47
Ganymede
668,521
160.1
107,030,212.10
13:00:58
Client D
13:47
Ganymede
649,382
160.1
103,966,058.20
14:23
Ganymede
14:36
Client D
649,382
160.97
104,531,020.54
4.136 Another possible indicator of the co-ordinated nature of these Ganymede trades
was that at 16:16 Ganymede indicated to Bastion that it wanted to trade again
and would be “send[ing] something through shortly”. However, at 16:29, it was
not Ganymede but Client E that sent through an order to buy German stock A
at a specific price of €160.25. This was quickly followed by similar trade orders
from Client F and Client A, which prompted Bastion to email Ganymede at 16:44
asking if it had any German stock A to sell. At 16:55, Ganymede replied offering
to sell 11,279,140 shares (which was the exact cumulative total of the trade
orders from Clients E, F and A to whom it had sold and then repurchased the
shares from just ninety minutes earlier) at the same specific price of €160.25.
At 16:58, Bastion confirmed to Ganymede that the order had been filled.
4.137 Just two minutes later, Ganymede began the process of unwinding the trade and
buying back the shares at a higher price, as it had done earlier that day. This
time, the price Ganymede specified was €161.25, which was €1 more per share
than it had sold them for, and above the market closing price of €161. After
receiving the order from Ganymede, Bastion approached Clients A, E and F and
re-purchased the shares, resulting in a loss of €11,279,140 for Ganymede.
The timing of the orders was as follows:
Time
of
order
Trade
Price (€)
(€)
17:00
Ganymede 17:17
Client E
4,657,387
161.25
751,003,653.75
4.138 The methodology described above was again employed by Ganymede and other
Solo Clients linked to the Solo Group in a series of trades executed by Bastion
on 19 June 2014, 30 June 2014 and 20 May 2015, resulting in a total loss to
Ganymede of €22,729,508.15 across the four days.
Analysis of the Ganymede Trades
4.139 All of the Ganymede trades involved the shares purportedly being repurchased
by Ganymede the same day, within the T+2 or T+3 settlement period, and
therefore the shares did not need to be transferred. The net result of the trading
was that a total of €22,729,508.15 was owed by Ganymede to the other clients.
4.140 Bastion has confirmed that it was aware that the Ganymede trades resulted in
losses to Ganymede. However, it failed to question the rationale for the trading
as it considered that there might have been other simultaneous transactions
involving the same clients, that the Firm was not privy to. However, Bastion was
the only broker involved in these trades and in each instance arranged the buy
and sell transactions. Even if there had been other legs of the transactions that
Bastion was not aware of, Bastion ought to have recognised from the buy and
sell transactions that the losses to Ganymede resulted in direct profits for the
other counterparties. At a minimum, this should have caused the Firm to
question the clients about the rationale for the trading and consider whether the
nature of these series of transactions were suspicious.
4.141 Furthermore, if Bastion had examined the trade orders prior to trading on 18
June 2014, or for the purpose of transaction monitoring and post trade
surveillance after trading, it ought to have noticed that the requested volume of
11,279,140 shares on 18 June 2014 was 17 times the Average Daily Volume
(ADV) of German stock A shares sold on European exchanges. If Bastion had
noticed this red flag on receiving the trade order, it should have declined to
execute the trade, or at a minimum queried the volumes with the clients.
4.142 Instead, Bastion failed to identify and/or flag any queries in relation to the
unusual features of the Ganymede trades, either internally, or with the clients,
or the Solo Group, including:
a) why the clients had to be urgently onboarded;
b) why the majority of the clients’ directors/UBOs were connected to the Solo
Group;
c) why the shares were purchased and sold at intraday prices, instead of the
usual end of day price;
d) why the trades were unwound on the same day;
e) why the orders from clients A, B, D, E and F specified identical prices;
f) why the specified price was below the current intraday market price;
g) why the volume of shares transacted was 17 times the ADV of German Stock
A shares sold on European exchanges;
h) why Ganymede would want to buy back the shares it had sold a short while
earlier at a higher price, resulting in a loss for it on each occasion; and
i) why the Ganymede trades on 20 May 2015 took place by email, even though
all other Solo Trading took place on Brokermesh at that time;
4.143 At a minimum, these red flags should have prompted Bastion to question the
clients about the purpose of the trading, however Bastion did not query the
Ganymede trades with Ganymede or flag the potential loss to the client before
or after execution.
4.144 Bastion ought to have queried how these clients would have been able to source
such sizeable liquidity in such short order, whether this liquidity was in line with
the trading levels which could be expected from these clients, given the
information previously obtained through CDD.
4.145 Bastion has stated that it did not have any suspicions about the Ganymede
trades as it trusted Sanjay Shah’s reputation. This raises serious concerns about
the firm’s risk appetite and the extent and effectiveness of its transaction
monitoring.
End of the Purported Solo Trading
4.146 Bastion executed its last trade for a Solo Client on 29 September 2015. The Solo
Clients ceased the purported trading with all the six Broker Firms after
unannounced visits by the Authority to the offices of the Solo Group entities and
the Broker Firms between 2 – 4 November 2015.
Bastion failed to Identify Any of the Above Issues
4.147 Bastion failed to identify any of the above issues. With respect to AML, in both
2014 and 2015, Bastion did not identify any transactions raising any suspicions
and no breaches were reported or observed.
5. FAILINGS
5.1
The statutory and regulatory provisions relevant to this Notice are referred to in
Annex B.
5.2
The JMLSG Guidance has also been included in Annex B, because in determining
whether breaches of its rules on systems and controls against money laundering
have occurred, and in determining whether to take action for a financial penalty or
censure in respect of a breach of those rules, the Authority has also had regard to
whether Bastion followed the JMLSG Guidance.
5.3
Principle 3 requires a firm to take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems.
5.4
Bastion breached this requirement during the Relevant Period, in relation to
business related to the Solo Group, as its policies and procedures were inadequate
for identifying, assessing and mitigating the risk of financial crime as they failed to:
5.4.1 Establish the requirement for risk assessments to be documented, as well as
to document the rationale for any due diligence measures the firm waived
when compared to its standard approach, in view of its risk assessment of a
particular customer;
5.4.2 Set out adequate processes and procedures for EDD;
5.4.3 Set out adequate processes and procedures for client categorisation;
5.4.4 Set out adequate processes and procedures for transaction monitoring,
including how transactions are monitored, and with what frequency, and set
out adequate processes and procedures for how to identify suspicious
transactions.
5.5
The Authority considers that Bastion failed to act with due skill, care and diligence
as required by Principle 2 to properly assess, monitor and manage the risk of
financial crime associated with the business related to the Solo Group in that the
a) Failed to properly conduct customer due diligence prior to onboarding,
and consequently failed to identify that the Solo Clients presented a
higher risk of financial crime before they started trading;
b) Failed to gather adequate information to enable it to understand the
purpose and intended nature of the business that the Solo Clients were
going to undertake, the likely size or frequency of the purported trading
intended by the Solo Clients or their source of funds;
c) Failed to undertake and document a risk assessment for each of the Solo
Clients prior to onboarding and trading for the Solo Clients;
d) Failed to complete EDD for any of the Solo Clients despite the fact that
none of the Solo Clients were physically present for identification
purposes and a number of other risk factors were present;
e) Failed to assess each of the Solo Clients against the categorisation
criteria set out in COBS 3.5.2R and failed to record the results of such
assessments,
including
sufficient
information
to
support
the
categorisation, contrary to COBS 3.8.2(2)(a);
f) Failed to conduct transaction monitoring of the Solo Clients’ purported
trades;
g) Failed to recognise numerous red flags with the purported trading,
including failing to consider whether it was plausible and/or realistic that
sufficient liquidity was sourced within a closed network of entities for the
size and volumes of trading conducted by the Solo Clients. Likewise,
failing to consider or recognise that the profiles of the Solo Clients meant
that they were highly unlikely to meet the scale and volume of the
trading purportedly being carried out, and/or failed to at least obtain
sufficient evidence of the clients’ source of funds to satisfy itself to the
contrary; and
h) Failed to recognise numerous red flags arising from the purported
Ganymede trades and adequately consider financial crime and money
laundering risks they posed to the Firm.
6. SANCTION
6.1
The Authority has considered the disciplinary and other options available to it and
has concluded that a financial penalty is the appropriate sanction in the
circumstances of this particular case.
6.2
The Authority’s policy on the imposition of financial penalties is set out in Chapter
6 of DEPP. In determining the proposed financial penalty, the Authority has had
regard to this guidance.
6.3
DEPP 6.5A sets out a five-step framework to determine the appropriate level of
financial penalty.
Step 1: disgorgement
6.4
Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the
financial benefit derived directly from the breach where it is practicable to quantify.
6.5
The financial benefit associated with Bastion’s failings is quantifiable by reference
to the revenue it derived from the business related to the Solo Group as described
in the Notice.
6.6
The figure after Step 1 is therefore £1,554,855.40.
Step 2: the seriousness of the breach
6.7
Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that reflects
the seriousness of the breach. Where the amount of revenue generated by a firm
from a particular product line or business area is indicative of the harm or potential
harm that its breach may cause, that figure will be based on a percentage of the
firm’s revenue from the relevant products or business area.
6.8
The Authority considers that the revenue generated by Bastion is indicative of the
harm or potential harm caused by its breach. The Authority has therefore
determined a figure based on a percentage of Bastion’s revenue during the period
of the breach.
6.9
Bastion’s revenue is the revenue derived from business associated with the Solo
Group. The period of Bastion’s breach was between 29 January 2014 and 29
September 2015. The Authority considers Bastion’s revenue for this period to be
£1,554,855.40.
6.10
In deciding on the percentage of the revenue that forms the basis of the step 2
figure, the Authority considers the seriousness of the breach and chooses a
percentage between 0% and 20%. This range is divided into five fixed levels which
represent, on a sliding scale, the seriousness of the breach; the more serious the
breach, the higher the level. For penalties imposed on firms there are the following
five levels:
Level 1 – 0%
Level 2 – 5%
Level 3 – 10%
Level 5 – 20%
6.11
In assessing the seriousness level, Authority takes into account various factors
which reflect the impact and nature of the breach, and whether it was committed
deliberately or recklessly. DEPP 6.5A.2G lists factors likely to be considered ‘level
4 or 5 factors’. Of these, the Authority considers the following factors to be
relevant:
1. The breaches revealed serious or systemic weaknesses in both the Firm’s
procedures and the management systems or internal controls relating to all or
part of the Firm’s business; and
2. The breaches created a significant risk that financial crime would be facilitated,
occasioned or otherwise occur.
6.12
Taking all of these factors into account, Authority considers the seriousness of the
breach to be level 4 and so the Step 2 figure is 15% of £1,554,855.40.
6.13
Step 2 is therefore £233,228.31.
Step 3: Mitigating and aggravating factors
6.14
Pursuant to DEPP 6.5A.3G, at Step 3, the Authority may increase or decrease the
amount of the financial penalty arrived at after Step 2, but not including any
amount to be disgorged as set out in Step 1, to take into account factors which
aggravate or mitigate the breach.
6.15
The Authority considers that the following factors aggravates the breach:
(1) The Authority and the JMLSG have published numerous documents highlighting
financial crime risks and the standards expected of firms when dealing with
those risks. The most significant publications include the JMLSG Guidance and
Financial Crime Guide (including the thematic reviews that are referred to
therein) which was first published in December 2011. These publications set out
good practice examples to assist firms, for example in managing and mitigating
money laundering risk by (amongst other things) conducting appropriate
customer due diligence, monitoring of customers’ activity and guidance of
dealing with higher-risk situations. Given the number and detailed nature of
such publications, and past enforcement action taken by the Authority in respect
of similar failings by other firms, Bastion should have been aware of the
importance of appropriately assessing, managing and monitoring the risk that
the Firm could be used for the purposes of financial crime.
6.16
Having taken into account these aggravating and mitigating factors, the Authority
considers that the Step 2 figure should be increased by 10%.
6.17
Step 3 is therefore £256,551.14.
Step 4: adjustment for deterrence
6.18
Pursuant to DEPP 6.5A.4G, if the Authority considers that the figure arrived at after
Step 3 is insufficient to deter the firm who committed the breach, or others, from
committing further of similar breaches, then the Authority may increase the
penalty.
6.19
The Authority considers that DEPP 6.5A.4G(1)(a) is relevant in this instance and
has therefore determined that this is an appropriate case where an adjustment for
deterrence is necessary. Without an adjustment for deterrence, the financial
penalty would be £256,551.14. In the circumstances of this case, the Authority
considers that a penalty of this size would not serve as a credible deterrent to
Bastion and others. This small penalty does not meet the Authority’s objective of
credible deterrence. As a result, it is necessary for the Authority to increase the
penalty to achieve credible deterrence.
6.20
Having taken into account the factor outlined in DEPP 6.5A.4G, the Authority
considers that a multiplier of five should be applied at Step 4.
6.21
Step 4 is therefore £1,282,755.71.
Step 5: settlement discount
6.22
Pursuant to DEPP 6.5A.5G, if the Authority and the firm on whom a penalty is to
be imposed agree the amount of the financial penalty and other terms, DEPP 6.7
provides that the amount of the financial penalty which might otherwise have been
payable will be reduced to reflect the stage at which the Authority and the firm
reached agreement. The settlement discount does not apply to the disgorgement
of any benefit calculated at Step 1.
6.23
The Authority and Bastion did reach agreement to settle so a 30% discount applies
to the Step 4 figure.
6.24
The total financial penalty (that would have been imposed) is therefore
£2,452,700.
7. PROCEDURAL MATTERS
7.1
This Notice is given to Bastion under and in accordance with section 390 of the Act.
7.2
The following statutory rights are important.
Decision maker
7.3
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
Manner and time for payment
7.4
The financial penalty must be admitted in the liquidation of the Firm by no later
than 14 days from the date of the Final Notice. The financial penalty will be ranked
with other creditors of the Firm but the Authority will keep it under review in order
that legitimate creditors are satisfied prior to any funds realised in the liquidation
being used to pay some, or all, of the financial penalty.
7.5
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this notice relates. Under those provisions,
the Authority must publish such information about the matter to which this notice
relates as the Authority considers appropriate. The information may be published
in such manner as the Authority considers appropriate. However, the Authority may
not publish information if such publication would, in the opinion of the Authority,
be unfair to you or prejudicial to the interests of consumers or detrimental to the
stability of the UK financial system.
7.6
The Authority intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
Authority contacts
7.7
For more information concerning this matter generally, contact Giles Harry (direct
line: 020 7066 8072) at the Authority.
Financial Conduct Authority, Enforcement and Market Oversight Division
ANNEX A: CHRONOLOGY
2004
Bastion was incorporated and authorised by the Authority.
January 2014
Initial discussions took place with SCP.
19 February 2014
Bastion signed a custody agreement with SCP.
29 January-April 2014 Initial onboarding of Solo Clients.
26 February 2014
Trading commenced in Danish stocks.
17 April 2014
Trading commenced in Belgian stocks.
16/17 June 2014
“Urgent” onboarding of 7 new clients.
18/19/30 June 2014
Trades in German and Belgian stocks via the 7 recently onboarded
clients, resulting in total losses to Ganymede Cayman of €18.52 million.
27 January 2015
Further services agreement with Solo Group signed by Bastion.
28 January 2015
Services Agreements and Transaction Reporting Notices signed with
West Point and Telesto.
3 February 2015
Services Agreement signed with OPL.
18 February 2015
Brokermesh licence agreement signed.
25 February 2015
Trading on Brokermesh commenced.
20 May 2015
Further trade in German stock resulting in a loss of €1.86m for
Ganymede Cayman.
1 June 2015
Last cum-dividend trade in Belgian stock by Bastion on Brokermesh.
6 August 2015
Last batch of Solo Clients onboarded by Bastion.
7 August 2015
Last cum-dividend trade in Danish stock by Bastion on Brokermesh
29 September 2015
Last instance of Unwind Trading by Bastion for Solo Clients.
3 November 2015
Unannounced visit by the Authority.
ANNEX B: RELEVANT STATUTORY AND REGULATORY PROVISIONS
RELEVANT STATUTORY PROVISIONS
1.1
Pursuant to sections 1B and 1D of the Act, one of the Authority’s operational
objectives is protecting and enhancing the integrity of the UK financial system.
1.2
Pursuant to section 206 of the Act, if the Authority considers that an authorised
person has contravened a requirement imposed on it by or under the Act, it may
impose on that person a penalty in respect of the contravention of such amount as
it considers appropriate.
THE 2007 REGULATIONS
1.3
Regulation 5 provides:
Meaning of customer due diligence measures
“Customer due diligence measures” means—
(a) identifying the customer and verifying the customer’s identity on the basis of
documents, data or information obtained from a reliable and independent
source;
(b) identifying, where there is a beneficial owner who is not the customer, the
beneficial owner and taking adequate measures, on a risk-sensitive basis, to
verify his identity so that the relevant person is satisfied that he knows who the
beneficial owner is, including, in the case of a legal person, trust or similar legal
arrangement, measures to understand the ownership and control structure of
the person, trust or arrangement; and
(c) obtaining information on the purpose and intended nature of the business
relationship.”
1.4
Regulation 6 provides:
Meaning of beneficial owner
In the case of a body corporate, “beneficial owner” means any individual who—
(a) as respects any body other than a company whose securities are listed on a
regulated market, ultimately owns or controls (whether through direct or
indirect ownership or control, including through bearer share holdings) more
than 25% of the shares or voting rights in the body; or
(b) as respects any body corporate, otherwise exercises control over the
management of the body.
In the case of a trust, “beneficial owner” means—
(a) any individual who is entitled to a specified interest in at least 25% of the capital
of the trust property;
(b) as respects any trust other than one which is set up or operates entirely for the
benefit of individuals falling within sub-paragraph (a), the class of persons in
whose main interest the trust is set up or operates;
(c) any individual who has control over the trust.
1.5
Regulation 7 provides:
Application of customer due diligence measures
(1) …, a relevant person must apply customer due diligence measures when he—
(a) establishes a business relationship;
(b) carries out an occasional transaction;
(c) suspects money laundering or terrorist financing;
(d) doubts the veracity or adequacy of documents, data or information
previously obtained for the purposes of identification or verification.
(2) Subject to regulation 16(4), a relevant person must also apply customer due
diligence measures at other appropriate times to existing customers on a risk-
sensitive basis.
1.6
Regulation 8 provides:
Ongoing monitoring
“(1) A relevant person must conduct ongoing monitoring of a business relationship.
(2) “Ongoing monitoring” of a business relationship means—
(a) scrutiny of transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to ensure
that the transactions are consistent with the relevant person’s
knowledge of the customer, his business and risk profile; and
(b) keeping the documents, data or information obtained for the purpose of
applying customer due diligence measures up-to-date.
(3) Regulation 7(3) applies to the duty to conduct ongoing monitoring under
paragraph (1) as it applies to customer due diligence measures. “
1.7
Regulation 14 provides:
Enhanced customer due diligence and ongoing monitoring
“(1) A relevant person must apply on a risk-sensitive basis enhanced customer due
diligence measures and enhanced ongoing monitoring—
(a) in accordance with paragraphs (2) to (4);
(b) in any other situation which by its nature can present a higher risk of
money laundering or terrorist financing.
(2) Where the customer has not been physically present for identification purposes,
a relevant person must take specific and adequate measures to compensate for the
higher risk, for example, by applying one or more of the following measures—
(a) ensuring that the customer’s identity is established by additional
documents, data or information;
(b) supplementary measures to verify or certify the documents supplied, or
requiring confirmatory certification by a credit or financial institution
which is subject to the money laundering directive;
(c) ensuring that the first payment is carried out through an account opened
in the customer’s name with a credit institution.”
1.8
Regulation 17 provides:
“(1) A relevant person may rely on a person who falls within paragraph (2) (or who
the relevant person has reasonable grounds to believe falls within paragraph (2))
to apply any customer due diligence measures provided that—
(a) the other person consents to being relied on; and
(b) notwithstanding the relevant person’s reliance on the other person, the
relevant person remains liable for any failure to apply such measures.
(2) The persons are—
(a) a credit or financial institution which is an authorised person;
…
(4) Nothing in this regulation prevents a relevant person applying customer due
diligence measures by means of an outsourcing service provider or agent provided
that the relevant person remains liable for any failure to apply such measures.”
1.9
Regulation 20 provides:
Policies and Procedures
“(1) A relevant person must establish and maintain appropriate and risk-sensitive
policies and procedures relating to—
(a) customer due diligence measures and ongoing monitoring;
(b) reporting;
(c) record-keeping;
(d) internal control;
(e) risk assessment and management;
(f) the monitoring and management of compliance with, and the internal
communication of, such policies and procedures,
in order to prevent activities related to money laundering and terrorist financing.
(2) The policies and procedures referred to in paragraph (1) include policies and
procedures—
(a) which provide for the identification and scrutiny of—
(i) complex or unusually large transactions;
(ii) unusual patterns of transactions which have no apparent economic
or visible lawful purpose; and
(iii) any other activity which the relevant person regards as particularly
likely by its nature to be related to money laundering or terrorist
financing;”
RELEVANT REGULATORY PROVISIONS
2.1
In exercising its powers to impose a financial penalty, the Authority has had regard
to the relevant regulatory provisions published in the Authority’s Handbook. The
main provisions that the Authority considers relevant are set out below.
Principles for Business (“Principles”)
2.2
The Principles are a general statement of the fundamental obligations of firms
under the regulatory system and are set out in the Authority’s Handbook.
2.3
Principle 2 provides:
“A firm must conduct its business with due skill, care and diligence.
“A firm must take reasonable care to organise and control its affairs responsibly
and effectively, with adequate risk management systems.”
SENIOR
MANAGEMENT
ARRANGEMENTS,
SYSTEMS
AND
CONTROLS
(“SYSC”)
2.5
SYSC 3.2.4G provides:
“The guidance relevant to delegation within the firm is also relevant to external
delegation (‘outsourcing’). A firm cannot contract out its regulatory obligations. So,
for example, under Principle 3 a firm should take reasonable care to supervise the
discharge of outsourced functions by its contractor.
A firm should take steps to obtain sufficient information from its contractor to
enable it to assess the impact of outsourcing on its systems and controls.”
2.6
SYSC 3.2.6E provides:
“The FCA, when considering whether a breach of its rules on systems and controls
against money laundering has occurred, will have regard to whether a firm has
followed relevant provisions in the guidance for the UK financial sector issued by
the Joint Money Laundering Steering Group”.
2.7
SYSC 3.2.6R provides:
“A firm must take reasonable care to establish and maintain effective systems and
controls for compliance with applicable requirements and standards under the
regulatory system and for countering the risk that the firm might be used to further
financial crime.”
2.8
SYSC 6.1.1R provides:
“A firm must establish, implement and maintain adequate policies and procedures
sufficient to ensure compliance of the firm including its managers, employees and
appointed representatives (or where applicable, tied agents) with its obligations
under the regulatory system and for countering the risk that the firm might be used
to further financial crime.”
2.9
SYSC 6.3.1R provides:
A firm must ensure the policies and procedures established under SYSC 6.1.1 R
include systems and controls that:
(1) enable it to identify, assess, monitor and manage money laundering risk; and
(2) are comprehensive and proportionate to the nature, scale and complexity of its
activities.
2.10
SYSC 6.3.2G provides:
"Money laundering risk" is the risk that a firm may be used to further money
laundering. Failure by a firm to manage this risk effectively will increase the risk to
society of crime and terrorism.
2.11
SYSC 6.3.6 provides:
“In identifying its money laundering risk and in establishing the nature of these
systems and controls, a firm should consider a range of factors, including:
(1) its customer, product and activity profiles;
(2) its distribution channels;
(3) the complexity and volume of its transactions;
(4) its processes and systems; and
(5) its operating environment”.
2.12
SYSC 6.3.7 provides:
“A firm should ensure that the systems and controls include:
(3) appropriate documentation of its risk management policies and risk profile in
relation to money laundering, including documentation of its application of those
policies;
(4) appropriate measures to ensure that money laundering risk is taken into
account in its day-to-day operation, including in relation to:
(a) the development of new products;
(b) the taking-on of new customers; and
(c) changes in its business profile”.
2.13
SYSC 9.1.1 R provides:
“A firm must arrange for orderly records to be kept of its business and internal
organisation, including all services and transactions undertaken by it, which must
be sufficient to enable the appropriate regulator or any other relevant competent
authority under MiFID or the UCITS Directive to monitor the firm's compliance with
the requirements under the regulatory system, and in particular to ascertain that
the firm has complied with all obligations with respect to clients.”
CONDUCT OF BUSINESS SOURCEBOOK (COBS)
2.14
COBS 3.3.1A(EU) provides:
“Articles 45(1) and (2) of the MiFID Org Regulation require firms to provide clients
with specified information concerning client categorisation.
45(1) Investment firms shall notify new clients, and existing clients that the
investment firm has newly categorised as required by Directive 2014/65/EU, of
their categorisation as a retail client, a professional client or eligible counterparty
in accordance with that Directive.
(2) Investment firms shall inform clients in a durable medium about any right that
client has to request a different categorisation and about any limitations to the level
of client protection that a different categorisation would entail.
[Note: articles 45(1) and (2) of the MiFID Org Regulation]”
2.15
COBS 3.3.1B(R) provides:
“The information referred to in article 45(2) of the MiFID Org Regulation (as
reproduced at COBS 3.3.1AEU) must be provided to clients prior to any provision
of services.
[Note: paragraph 2 of section I of annex II to MiFID]”
2.16
COBS 3.5.2 provides:
“Each of the following is a per se professional client unless and to the extent it is
an eligible counterparty or is given a different categorisation under this chapter:
(1) an entity required to be authorised or regulated to operate in the financial
markets. The following list includes all authorised entities carrying out the
characteristic activities of the entities mentioned, whether authorised by an EEA
State or a third country and whether or not authorised by reference to a directive:
(a) a credit institution;
(b) an investment firm;
(c) any other authorised or regulated financial institution;
(d) an insurance company;
(e) a collective investment scheme or the management company of such a
scheme;
(f) a pension fund or the management company of a pension fund;
(g) a commodity or commodity derivatives dealer;
(h) a local;
(i) any other institutional investor;
(2) in relation to MiFID or equivalent third country business a large undertaking
meeting two of the following size requirements on a company basis:
(a) balance sheet total of EUR 20,000,000;
(b) net turnover of EUR 40,000,000;
(c) own funds of EUR 2,000,000;
(3) in relation to business that is not MiFID or equivalent third country business a
large undertaking meeting any1of the following conditions:
(a) a body corporate (including a limited liability partnership) which has (or
any of whose holding companies or subsidiaries has) (or has had at any
time during the previous two years) 1called up share capital or net
assets 1of at least £51 million (or its equivalent in any other currency at
the relevant time);
(b) an undertaking that meets (or any of whose holding companies or
subsidiaries meets) two of the following tests:
(i)
a balance sheet total of EUR 12,500,000;
(ii)
a net turnover of EUR 25,000,000;
(iii)
an average number of employees during the year of 250;
(c) a partnership or unincorporated association which has (or has had at
any time during the previous two years) net assets of at least £5 million
(or its equivalent in any other currency at the relevant time) and
calculated in the case of a limited partnership without deducting loans
owing to any of the partners;
(d) a trustee of a trust (other than an occupational pension scheme, SSAS,
personal pension scheme or stakeholder pension scheme) which has (or
has had at any time during the previous two years) assets of at least
£10 million (or its equivalent in any other currency at the relevant time)
calculated by aggregating the value of the cash and designated
investments forming part of the trust's assets, but before deducting its
liabilities;
(e) a trustee of an occupational pension scheme or SSAS, or a trustee or
operator of a personal pension scheme or stakeholder pension scheme
where the scheme has (or has had at any time during the previous two
years):
(i) at least 50 members; and
(ii) assets under management of at least £10 million (or its
equivalent in any other currency at the relevant time);
(f) a local authority or public authority.
(4) a national or regional government, a public body that manages public debt, a
central bank, an international or supranational institution (such as the World Bank,
the IMF, the ECP, the EIB) or another similar international organisation;
(5) another institutional investor whose main activity is to invest in financial
instruments (in relation to the firm's MiFID or equivalent third country business) or
designated investments (in relation to the firm's other business). This includes
entities dedicated to the securitisation of assets or other financing transactions.”
2.17
COBS 3.5.3 provides:
Elective professional clients
A firm may treat a client other than a local public authority or municipality3 as an
elective professional client if it complies with (1) and (3) and, where applicable,
(2):
(1) the firm undertakes an adequate assessment of the expertise, experience and
knowledge of the client that gives reasonable assurance, in light of the nature of
the transactions or services envisaged, that the client is capable of making his own
investment decisions and understanding the risks involved (the "qualitative test");
(2) in relation to MiFID or equivalent third country business in the course of that
assessment, at least two of the following criteria are satisfied:
(a) the client has carried out transactions, in significant size, on the relevant
market at an average frequency of 10 per quarter over the previous four
quarters;
(b) the size of the client's financial instrument portfolio, defined as including
cash deposits and financial instruments, exceeds EUR 500,000;
(c) the client works or has worked in the financial sector for at least one
year in a professional position, which requires knowledge of the transactions
or services envisaged; (the "quantitative test"); and
(3) the following procedure is followed:
(a) the client must state in writing to the firm that it wishes to be treated
as a professional client either generally or in respect of a particular service
or transaction or type of transaction or product;
(b) the firm must give the client a clear written warning of the protections
and investor compensation rights the client may lose; and
(c) the client must state in writing, in a separate document from the
contract, that it is aware of the consequences of losing such protections.
2.18
COBS 3.8.2R provides:
(2) A firm must make a record in relation to each client of:
(a) the categorisation established for the client under this chapter, including
sufficient information to support that categorisation;
DECISION PROCEDURE AND PENALTIES MANUAL (“DEPP”)
2.19
Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the
Authority’s statement of policy with respect to the imposition and amount of
financial penalties under the Act. In particular, DEPP 6.5A sets out the five steps
for penalties imposed on firms.
ENFORCEMENT GUIDE
2.20
The Enforcement Guide sets out the Authority’s approach to taking disciplinary
action. The Authority’s approach to financial penalties and suspensions (including
restrictions) is set out in Chapter 7 of the Enforcement Guide.
JMLSG GUIDANCE– PART I (published 20 November 2013)
Outsourcing
3.16
Where AML/CTF tasks are delegated by a firm’s MLRO, the FCA will expect
the MLRO to take ultimate managerial responsibility.
Risk-based approach
4.14
A risk-based approach starts with the identification and assessment of the
risk that has to be managed. Examples of the risks in particular industry
sectors are set out in the sectoral guidance in Part II, and at
www.jmlsg.org.uk.
4.8
A risk-based approach takes a number of discrete steps in assessing the
most cost effective and proportionate way to manage and mitigate the
money laundering and terrorist financing risks faced by the firm. These
steps are to:
•
identify the money laundering and terrorist financing risks that are
relevant to the firm;
•
assess the risks presented by the firm’s particular
o
customers and any underlying beneficial owners*;
o
products;
o
delivery channels;
o
geographical areas of operation;
•
design and implement controls to manage and mitigate these
assessed risks, in the context of the firm’s risk appetite;
•
monitor and improve the effective operation of these controls; and
•
record appropriately what has been done, and why.
* In this Chapter, references to ‘customer’ should be taken to include
beneficial owner, where appropriate.
4.9
Whatever approach is considered most appropriate to the firm’s money
laundering/terrorist financing risk, the broad objective is that the firm
should know at the outset of the relationship who their customers are, what
they do, their expected level of activity with the firm and whether or not
they are likely to be engaged in criminal activity. The firm then should
consider how the profile of the customer’s financial behaviour builds up over
time, thus allowing the firm to identify transactions or activity that may be
suspicious.
4.12
A risk assessment will often result in a stylised categorisation of risk: e.g.,
high/medium/low. Criteria will be attached to each category to assist in
allocating customers and products to risk categories, in order to determine
the different treatments of identification, verification, additional customer
information and monitoring for each category, in a way that minimises
complexity.
4.15
While a risk assessment should always be performed at the inception of the
customer relationship (although see paragraph 4.16 below), for some
customers a comprehensive risk profile may only become evident once the
customer has begun transacting through an account, making the monitoring
of transactions and on-going reviews a fundamental component of a
reasonably designed RBA. A firm may also have to adjust its risk assessment
of a particular customer based on information received from a competent
authority.
4.34
Based on the risk assessment carried out, a firm will determine the level of
CDD that should be applied in respect of each customer and beneficial
owner. It is likely that there will be a standard level of CDD that will apply
to the generality of customer, based on the firm’s risk appetite.
4.39
Where a customer is assessed as carrying a higher risk, then depending on
the product sought, it will be necessary to seek additional information in
respect of the customer, to be better able to judge whether or not the higher
risk that the customer is perceived to present is likely to materialise. Such
additional information may include an understanding of where the
customer’s funds and wealth have come from. Guidance on the types of
additional information that may be sought is set out in section 5.5.
4.40
Where the risks of ML/TF are higher, firms must conduct enhanced due
diligence measures consistent with the risks identified. In particular, they
should increase the degree and nature of monitoring of the business
relationship, in order to determine whether these transactions or activities
appear unusual or suspicious. Examples of EDD measures that could be
applied for higher risk business relationships include:
•
Obtaining, and where appropriate verifying, additional information
on the customer and updating more regularly the identification of the
customer and any beneficial owner
•
Obtaining additional information on the intended nature of the
business relationship
•
Obtaining information on the source of funds or source of wealth of
the customer
•
Obtaining information on the reasons for intended or performed
transactions
•
Obtaining the approval of senior management to commence or
continue the business relationship
•
Conducting enhanced monitoring of the business relationship, by
increasing the number and timing of controls applied, and selecting
patterns of transactions that need further examination
•
Requiring the first payment to be carried out through an account in
the customer’s name with a bank subject to similar CDD standards.
4.50
Firms must document their risk assessments in order to be able to
demonstrate their basis, keep these assessments up to date, and have
appropriate mechanisms to provide appropriate risk assessment information
to competent authorities.
4.52
In addition, on a case-by-case basis, firms should document the rationale
for any additional due diligence measures it has undertaken (or any it has
waived) compared to its standard approach, in view of its risk assessment
of a particular customer.
Customer due diligence
5.1.5
The CDD measures that must be carried out involve: (a) identifying the
customer, and verifying his identity (see paragraphs 5.3.2ff); (b) identifying
the beneficial owner, where relevant, and verifying his identity (see
paragraphs 5.3.8ff); and (c) obtaining information on the purpose and
intended nature of the business relationship (see paragraphs 5.3.20ff).
5.2.6
Where a firm is unable to apply CDD measures in relation to a customer,
the firm (a) must not carry out a transaction with or for the customer
through a bank account; (b) must not establish a business relationship or
carry out an occasional transaction with the customer; (c) must terminate
any existing business relationship with the customer; (d) must consider
whether it ought to be making a report to the NCA, in accordance with its
obligations under POCA and the Terrorism Act.
5.3.21
A firm must understand the purpose and intended nature of the business
relationship or transaction to assess whether the proposed business
relationship is in line with the firm’s expectation and to provide the firm with
a meaningful basis for ongoing monitoring. In some instances this will be
self-evident, but in many cases the firm may have to obtain information in
this regard.
5.3.261
For situations presenting a lower money laundering or terrorist financing
risk, the standard evidence will be sufficient. However, less transparent and
more complex structures, with numerous layers, may pose a higher money
laundering or terrorist financing risk. Also, some trusts established in
jurisdictions with favourable tax regimes have in the past been associated
with tax evasion and money laundering. In respect of trusts in the latter
category, the firm’s risk assessment may lead it to require additional
information on the purpose, funding and beneficiaries of the trust.
Enhanced due diligence
5.5.1
A firm must apply EDD measures on a risk-sensitive basis in any situation
which by its nature can present a higher risk of money laundering or terrorist
financing. As part of this, a firm may conclude, under its risk-based
approach, that the information it has collected as part of the customer due
diligence process (see section 5.3) is insufficient in relation to the money
laundering or terrorist financing risk, and that it must obtain additional
information about a particular customer, the customer’s beneficial owner,
where applicable, and the purpose and intended nature of the business
relationship.
5.5.2
As a part of a risk-based approach, therefore, firms should hold sufficient
information about the circumstances and business of their customers and,
where applicable, their customers’ beneficial owners, for two principal
reasons: to inform its risk assessment process, and thus manage its money
laundering/terrorist financing risks effectively; and to provide a basis for
monitoring customer activity and transactions, thus increasing the likelihood
that they will detect the use of their products and services for money
laundering and terrorist financing.
5.5.4
In practice, under a risk-based approach, it will not be appropriate for every
product or service provider to know their customers equally well, regardless
of the purpose, use, value, etc., of the product or service provided. Firms’
information
demands
need
to
be
proportionate,
appropriate
and
discriminating, and to be able to be justified to customers.
5.5.5.
A firm should hold a fuller set of information in respect of those business
relationships it assessed as carrying a higher money laundering or terrorist
financing risk, or where the customer is seeking a product or service that
carries a higher risk of being used for money laundering or terrorist
financing purposes.
5.5.6
When someone becomes a new customer, or applies for a new product or
service, or where there are indications that the risk associated with an
existing business relationship might have increased, the firm should,
depending on the nature of the product or service for which they are
applying, request information as to the customer’s residential status,
employment and salary details, and other sources of income or wealth (e.g.,
inheritance, divorce settlement, property sale), in order to decide whether
to accept the application or continue with the relationship. The firm should
consider whether, in some circumstances, evidence of source of wealth or
income should be required (for example, if from an inheritance, see a copy
of the will). The firm should also consider whether or not there is a need to
enhance its activity monitoring in respect of the relationship. A firm should
have a clear policy regarding the escalation of decisions to senior
management concerning the acceptance or continuation of high-risk
business relationships.
5.5.9
The ML Regulations prescribe three specific types of relationship in respect
of which EDD measures must be applied. These are:
•
where the customer has not been physically present for identification
purposes (see paragraphs 5.5.10ff);
•
in respect of a correspondent banking relationship (see Part II, sector
16: Correspondent banking);
•
in respect of a business relationship or occasional transaction with a
PEP (see paragraphs 5.5.18ff).
Reliance on third parties
5.6.4
The ML Regulations expressly permit a firm to rely on another person to
apply any or all of the CDD measures, provided that the other person is
listed in Regulation 17(2), and that consent to being relied on has been
given (see paragraph 5.6.8). The relying firm, however, retains
responsibility for any failure to comply with a requirement of the
Regulations, as this responsibility cannot be delegated.
5.6.14
Whether a firm wishes to place reliance on a third party will be part of the
firm’s risk-based assessment, which, in addition to confirming the third
party’s regulated status, may include consideration of matters such as:
•
its public disciplinary record, to the extent that this is available;
•
the nature of the customer, the product/service sought and the
•
sums involved;
•
any adverse experience of the other firm’s general efficiency in
business dealings;
•
any other knowledge, whether obtained at the outset of the
relationship or subsequently, that the firm has regarding the
standing of the firm to be relied upon.
5.6.16
In practice, the firm relying on the confirmation of a third party needs to
know:
•
the identity of the customer or beneficial owner whose identity is
being verified;
•
the level of CDD that has been carried out; and
•
confirmation of the third party’s understanding of his obligation to
make available, on request, copies of the verification data,
documents or other information.
In order to standardise the process of firms confirming to one another that
appropriate CDD measures have been carried out on customers, guidance
is given in paragraphs 5.6.30 to 5.6.33 below on the use of pro-forma
confirmations containing the above information.
5.6.24
A firm must also document the steps taken to confirm that the firm relied
upon satisfies the requirements in Regulation 17(2). This is particularly
important where the firm relied upon is situated outside the EEA.
5.6.25
Part of the firm’s AML/CTF policy statement should address the
circumstances where reliance may be placed on other firms and how the
firm will assess whether the other firm satisfies the definition of third party
in Regulation 17(2) (see paragraph 5.6.6).
Monitoring customer activity
5.7.1
Firms must conduct ongoing monitoring of the business relationship with
their customers. Ongoing monitoring of a business relationship includes:
•
Scrutiny of transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to
ensure that the transactions are consistent with the firm’s knowledge
of the customer, his business and risk profile;
•
Ensuring that the documents, data or information held by the firm
are kept up to date.
5.7.2
Monitoring customer activity helps identify unusual activity. If unusual
activities cannot be rationally explained, they may involve money laundering
or terrorist financing. Monitoring customer activity and transactions that
take place throughout a relationship helps firms know their customers,
assist them to assess risk and provides greater assurance that the firm is
not being used for the purposes of financial crime.
5.7.3
The essentials of any system of monitoring are that:
•
it flags up transactions and/or activities for further examination;
•
these reports are reviewed promptly by the right person(s); and
•
appropriate action is taken on the findings of any further
examination.
5.7.4
Monitoring can be either:
•
in real time, in that transactions and/or activities can be reviewed as
they take place or are about to take place, or
•
after the event, through some independent review of the
transactions and/or activities that a customer has undertaken
and in either case, unusual transactions or activities will be flagged for
further examination.
5.7.7
In designing monitoring arrangements, it is important that appropriate
account be taken of the frequency, volume and size of transactions with
customers, in the context of the assessed customer and product risk.
5.7.8
Monitoring is not a mechanical process and does not necessarily require
sophisticated electronic systems. The scope and complexity of the process
will be influenced by the firm’s business activities, and whether the firm is
large or small. The key elements of any system are having up-to-date
customer information, on the basis of which it will be possible to spot the
unusual, and asking pertinent questions to elicit the reasons for unusual
transactions or activities in order to judge whether they may represent
something suspicious.
5.7.12
Higher risk accounts and customer relationships require enhanced ongoing
monitoring. This will generally mean more frequent or intensive monitoring.
JMLSG Part II – Wholesale Markets
18.14
OTC and exchange-based trading can also present very different money
laundering risk profiles. Exchanges that are regulated in equivalent
jurisdictions, are transparent and have a central counterparty to clear
trades, can largely be seen as carrying a lower generic money laundering
risk. OTC business may, generally, be less well regulated and it is not
possible to make the same generalisations concerning the money laundering
risk as with exchange-traded products... Hence, when dealing in the OTC
markets firms will need to take a more considered risk-based approach and
undertake more detailed risk-based assessment.
JMLSG GUIDANCE– PART I (published 19 November 2014)
Risk-based approach
4.5
A risk-based approach requires the full commitment and support of senior
management, and the active co-operation of business units. The risk-based
approach needs to be part of the firm’s philosophy, and as such reflected in
the procedures and controls. There needs to be a clear communication of
policies and procedures across the firm, along with the robust mechanisms
to ensure that they are carried out effectively, weaknesses are identified,
and improvements are made wherever necessary.
4.6
Although the ML/TF risks facing the firm fundamentally arise through its
customers, the nature of the business and their activities, it is important
that the firm considers its customer risks in the context of the wider ML/TF
environment inherent in the jurisdictions in which the firm and its customers
operate. Firms should bear in mind that some jurisdictions have close links
with other, perhaps higher risk jurisdictions, and where appropriate and
relevant regard should be had to this.
4.9
The procedures, systems and controls designed to mitigate assessed ML/TF
risks should be appropriate and proportionate to these risks, and should be
designed to provide an effective level of mitigation.
4.12
A risk-based approach takes a number of discrete steps in assessing the
most cost effective and proportionate way to manage and mitigate the
money laundering and terrorist financing risks based by the firm. These
steps are to:
•
identify the money laundering and terrorist financing risks that are
relevant to the firm;
•
assess the risks presented by the firm’s particular
o
customers and any underlying beneficial owners*;
o
products;
o
delivery channels;
o
geographical areas of operation;
•
design and implement controls to manage and mitigate these assessed
risks, in the context of the firm’s risk appetite;
•
monitor and improve the effective operation of these controls; and
•
record appropriately what has been done, and why.
* In this Chapter, references to ‘customer’ should be taken to include
beneficial owner, where appropriate.
4.13
Whatever approach is considered the most appropriate to the firm’s money
laundering/terrorist financing risk, the broad objective is that the firm should
know at the outset of the relationship who their customers are, where they
operate, what they do, their expected level of activity with the firm and
whether or not they are likely to be engaged in criminal activity. The firm
then should consider how the profile of the customer’s financial behaviour
builds up over time, thus allowing the firm to identify transactions that may
be suspicious.
4.20
In reaching an appropriate level of satisfaction as to whether the customer
is acceptable, requesting more and more identification is not always the
right answer – it is sometimes better to reach a full and documented
understanding of what the customer does, and the transactions it is likely to
undertake. Some business lines carry an inherently higher risk of being
used for ML/TF purposes than others.
4.21
However, as stated in paragraph 5.2.6, if a firm cannot satisfy itself as to
the identity of the customer; verify that identity; or obtain sufficient
information on the nature and intended purpose of the business relationship,
it must not enter into a new relationship and must terminate an existing
one.
4.22
While a risk assessment should always be performed at the inception of a
customer relationship (although see paragraph 4.16 below), for some
customers a comprehensive risk profile may only become evident once the
customer has begun transacting through an account, making the monitoring
of transactions and on-going reviews a fundamental component of a
reasonably designed RBA. A firm may also have to adjust its risk
assessment of a particular customer based on information received from a
competent authority.
4.25
For firms which operate internationally, or which have customers based or
operating abroad, there are additional jurisdictional risk considerations
relating to the position of the jurisdictions involved, and their reputation and
standing as regards the inherent ML/TF risk, and the effectiveness of their
AML/CTF enforcement regime.
4.45
Based on the risk assessment carried out, a firm will determine the level of
CDD that should be applied in respect of each customer and beneficial
owner. It is likely that there will be a standard level of CDD that will apply
to the generality of customer, based on the firm’s risk appetite.
4.50
Where a customer is assessed as carrying a higher risk, then depending on
the product sought, it will be necessary to seek additional information in
respect of the customer, to be better able to judge whether or not the higher
risk that the customer is perceived to present is likely to materialise. Such
additional information may include an understanding of where the
customer’s funds and wealth have come from. Guidance on the types of
additional information that may be sought is set out in section 5.5.
4.51
Where the risks of ML/TF are higher, firms must conduct enhanced due
diligence measures consistent with the risks identified. In particular, they
should increase the degree and nature of monitoring of the business
relationship, in order to determine whether these transactions or activities
appear unusual or suspicious. Examples of EDD measures that could be
applied for higher risk business relationships include:
•
Obtaining, and where appropriate verifying, additional information on
the customer and updating more regularly the identification of the
customer and any beneficial owner
•
Obtaining additional information on the intended nature of the business
relationship
•
Obtaining information on the source of funds or source of wealth of the
customer
•
Obtaining information on the reasons for intended or performed
transactions
•
Obtaining the approval of senior management to commence or continue
the business relationship
•
Conducting enhanced monitoring of the business relationship, by
increasing the number and timing of controls applied, and selecting
patterns of transactions that need further examination
•
Requiring the first payment to be carried out through an account in the
customer’s name with a bank subject to similar CDD standards
4.61
Firms must document their risk assessments in order to be able to
demonstrate their basis, keep these assessments up to date, and have
appropriate mechanisms to provide appropriate risk assessment information
to competent authorities.
4.63
In addition, on a case-by-case basis, firms should document the rationale
for any additional due diligence measures it has undertaken (or any it has
waived) compared to its standard approach, in view of its risk assessment
of a particular customer.
Customer due diligence
5.1.5
The CDD measures that must be carried out involve: (a) identifying the
customer, and verifying his identity (see paragraphs 5.3.2ff); (b) identifying
the beneficial owner, where relevant, and verifying his identity (see
paragraphs 5.3.8ff); and (c) obtaining information on the purpose and
intended nature of the business relationship (see paragraphs 5.3.20ff).
5.2.6
Where a firm is unable to apply CDD measures in relation to a customer,
the firm (a) must not carry out a transaction with or for the customer
through a bank account; (b) must not establish a business relationship or
carry out an occasional transaction with the customer; (c) must terminate
any existing business relationship with the customer; (d) must consider
whether it ought to be making a report to the NCA, in accordance with its
obligations under POCA and the Terrorism Act.
5.3.20
A firm must understand the purpose and intended nature of the business
relationship or transaction to assess whether the proposed business
relationship is in line with the firm’s expectation and to provide the firm with
a meaningful basis for ongoing monitoring. In some instances this will be
self-evident, but in many cases the firm may have to obtain information in
this regard.
5.3.253
For situations presenting a lower money laundering or terrorist financing
risk, the standard evidence will be sufficient. However, less transparent and
more complex structures, with numerous layers, may pose a higher money
laundering or terrorist financing risk. Also, some trusts established in
jurisdictions with favourable tax regimes have in the past been associated
with tax evasion and money laundering. In respect of trusts in the latter
category, the firm’s risk assessment may lead it to require additional
information on the purpose, funding and beneficiaries of the trust.
Enhanced due diligence
5.5.1
A firm must apply EDD measures on a risk-sensitive basis in any situation
which by its nature can present a higher risk of money laundering or terrorist
financing. As part of this, a firm may conclude, under its risk-based
approach, that the information it has collected as part of the customer due
diligence process (see section 5.3) is insufficient in relation to the money
laundering or terrorist financing risk, and that it must obtain additional
information about a particular customer, the customer’s beneficial owner,
where applicable, and the purpose and intended nature of the business
relationship.
5.5.2
As a part of a risk-based approach, therefore, firms should hold sufficient
information about the circumstances and business of their customers and,
where applicable, their customers’ beneficial owners, for two principal
reasons: to inform its risk assessment process, and thus manage its money
laundering/terrorist financing risks effectively; and to provide a basis for
monitoring customer activity and transactions, thus increasing the likelihood
that they will detect the use of their products and services for money
laundering and terrorist financing.
5.5.4
In practice, under a risk-based approach, it will not be appropriate for every
product or service provider to know their customers equally well, regardless
of the purpose, use, value, etc. of the product or service provided. Firms’
information
demands
need
to
be
proportionate,
appropriate
and
discriminating, and to be able to be justified to customers.
5.5.5
A firm should hold a fuller set of information in respect of those business
relationships it assessed as carrying a higher money laundering or terrorist
financing risk, or where the customer is seeking a product or service that
carries a higher risk of being used for money laundering or terrorist financing
purposes.
5.5.6
When someone becomes a new customer, or applies for a new product or
service, or where there are indications that the risk associated with an
existing business relationship might have increased, the firm should,
depending upon the nature of the product or service for which they are
applying, request information as to the customer’s residential status,
employment and salary details, and other sources of income or wealth (e.g.,
inheritance, divorce settlement, property sale), in order to decide whether
to accept the application or continue with the relationship. The firm should
consider whether or not there is a need to enhance its activity monitoring in
respect of the relationship. A firm should have a clear policy regarding the
escalation of decisions to senior management concerning the acceptance or
continuation of high-risk business relationships.
5.5.9
The ML Regulations prescribe three specific types of relationship in respect
of which EDD must be applied. They are:
•
where the customer has not been physically present for identification
purposes (see paragraphs 5.5.10ff);
•
in respect of a correspondent banking relationship (see Part II, sector
16: Correspondent banking);
•
in respect of a business relationship or occasional transaction with a PEP
(see paragraph 5.5.18ff).
Reliance on third parties
5.6.4
The ML Regulations expressly permit a firm to rely on another person to
apply any or all of the CDD measures, provided that the other person is
listed in Regulation 17(2), and that consent to be relied on has been given
(see paragraph 5.6.8). The relying firm, however, retains responsibility for
any failure to comply with a requirement of the Regulations, as this
responsibility cannot be delegated.
5.6.14
Whether a firm wishes to place reliance on a third party will be part of the
firm’s risk-based assessment, which, in addition to confirming the third
party’s regulated status, may include consideration of matters such as:
•
its public disciplinary record, to the extent that this is available; the
nature of the customer, the product/service sought and the sums
involved; any adverse experience of the other firm’s general efficiency
in business dealings; any other knowledge, whether obtained at the
outset of the relationship or subsequently, that the firm has regarding
the standing of the firm to be relied upon.
5.6.16
In practice, the firm relying on the confirmation of a third party needs to
know:
•
the identity of the customer or beneficial owner whose identity is being
verified; the level of CDD that has been carried out; and confirmation of
the third party’s understanding of his obligation to make available, on
request, copies of the verification data, documents or other information.
In order to standardise the process of firms confirming to one another that
appropriate CDD measures have been carried out on customers, guidance
is given in paragraphs 5.6.30 to 5.6.33 below on the use of pro-forma
confirmations containing the above information.
5.6.24
A firm must also document the steps taken to confirm that the firm relied
upon satisfies the requirements in Regulation 17(2). This is particularly
important where the firm relied upon is situated outside the EEA.
5.6.25
Part of the firm’s AML/CTF policy statement should address the
circumstances where reliance may be placed on other firms and how the
firm will assess whether the other firm satisfies the definition of third party
in Regulation 17(2) (see paragraph 5.6.6).
Monitoring customer activity
5.7.1
Firms must conduct ongoing monitoring of the business relationship with
their customers. Ongoing monitoring of a business relationship includes:
•
Scrutiny of transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to ensure
that the transactions are consistent with the firm’s knowledge of the
customer, his business and risk profile; Ensuring that the documents,
data or information held by the firm are kept up to date.
5.7.2
Monitoring customer activity helps identify unusual activity. If unusual
activities cannot be rationally explained, they may involve money laundering
or terrorist financing. Monitoring customer activity and transactions that
take place throughout a relationship helps firms know their customers,
assist them to assess risk and provides greater assurance that the firm is
not being used for the purposes of financial crime.
5.7.3
The essentials of any system of monitoring are that:
•
it flags up transactions and/or activities for further examination;
•
these reports are reviewed promptly by the right person(s); and
•
appropriate action is taken on the findings of any further examination.
5.7.4
Monitoring can be either:
•
in real time, in that transactions and/or activities can be reviewed as
they take place or are about to take place, or
•
after the event, through some independent review of the transactions
and/or activities that a customer has undertaken
and in either case, unusual transactions or activities will be flagged for
further examination.
5.7.7
In designing monitoring arrangements, it is important that appropriate
account be taken of the frequency, volume and size of transactions with
customers, in the context of the assessed customer and product risk.
5.7.8
Monitoring is not a mechanical process and does not necessarily require
sophisticated electronic systems. The scope and complexity of the process
will be influenced by the firm’s business activities, and whether the firm is
large or small. The key elements of any system are having up-to-date
customer information, on the basis of which it will be possible to spot the
unusual, and asking pertinent questions to elicit the reasons for unusual
transactions or activities in order to judge whether they may represent
something suspicious.
5.7.12
Higher risk accounts and customer relationships require enhanced ongoing
monitoring. This will generally mean more frequent or intensive monitoring.
JMLSG Part II – Wholesale Markets
18.14
OTC and exchange-based trading can also present very different money
laundering risk profiles. Exchanges that are regulated in equivalent
jurisdictions, are transparent and have a central counterparty to clear
trades, can largely be seen as carrying a lower generic money laundering
risk. OTC business may, generally, be less well regulated and it is not
possible to make the same generalisations concerning the money laundering
risk as with exchange-traded products. For example, trades that are
executed as OTC but then are centrally cleared, have a different risk profile
to trades that are executed and settled OTC. Hence, when dealing in the
OTC markets firms will need to take a more considered risk-based approach
and undertake more detailed risk-based assessment.
Employer Created 401(k) Plans
A 401(k) is a qualified profit sharing plan that allows employees to contribute a portion of
their wages to individual retirement accounts. Employers can also contribute to employees’
accounts. Any money that is contributed to a 401(k) below the annual contribution limit is
not subject to income tax in the year the money is earned, but then is taxable at
retirement. For example, if John Doe earns $100,000 in 2018, he is allowed to contribute
$18,500, which is the 2018 limit, to his 401(k) plan. If he contributes the full amount that
he is allowed, then although he earned $100,000, his taxable income for income tax
purposes would be $81,500. Then, he would pay income tax upon any money that he
withdraws from his 401(k) at retirement. If he withdraws any money prior to age 59 1/2,
he would be subject to various penalties and taxes.
Contribution to a 401(k) plan must not exceed certain limits described in the Internal
Revenue Code. The limits apply to the total amount of employer contributions, employee
elective deferrals and forfeitures credits to the participant’s account during the year. The
contribution limits apply to the aggregate of all retirement plans in which the employee
participates. The contribution limits have been increased over time. Below is a chart of the
contribution limits:
Employer
Contribution
Limit
Catch Up
Contribution
(only for
individuals Age
50+)
1999
$10,000
$20,000
$30,000
0
2000
$10,500
$19,500
$30,000
0
2001
$10,500
$24,500
$35,000
0
2014
$17,500
$34,500
$52,000
$5,500
2015
$18,000
$35,000
$53,000
$6,000
If an individual was aged 30 in 1999, the absolute maximum that he could have
contributed including the maximum employer contributions would be $746,000.
Minimum Age Requirements
In the United States, the general minimum age limit for employment is 14. Because of
this, an individual may make contributions into 401(k) plans from this age if the terms of
the plan allow it. The federal government does not legally require employers to include
employees in their 401(k) plans until they are at least 21 years of age. If you are at least
21 and have been working for your employer for at least one year, your employer must
allow you to participate in the company’s 401(k) plan. As a result, some employers’ plans
will not allow individuals to invest until they are at least 18 or 21 depending upon the
terms of the plan.
One-Participant 401(k) Plans
A one-participant 401(k) plan are sometimes called a solo 401(k). This plan covers a self-
employed business owner, and their spouse, who has no employees. These plans have
the same rules and requirements as other 401(k) plans, but the self-employed individual
wears two hats, the employer and the employee.
To:
BASTION CAPITAL LONDON LTD
1. ACTION
1.1
For the reasons given in this Final Notice, pursuant to section 206 of the Financial
Services and Markets Act 2000 (“the Act”), the Financial Conduct Authority (“the
Authority”) hereby imposes on Bastion Capital London Limited (“Bastion” or “the
Firm”) a financial penalty of £2,452,700.
1.2
Bastion agreed to resolve this matter and qualified for a 30% (Stage 1) discount
under the Authority’s executive settlement procedures. Were it not for this
discount, the Authority would have imposed a financial penalty of £2,837,600 on
Bastion.
2. SUMMARY OF REASONS
2.1
Fighting financial crime is an issue of international importance, and forms part of
the Authority’s operational objective of protecting and enhancing the integrity of
the UK financial system. Reducing and preventing financial crime is one of the key
priorities of the Authority as set out in its published business plan. Authorised firms
are at risk of being abused by those seeking to conduct financial crime, such as
fraudulent trading and money laundering. Therefore, it is imperative that firms
have in place effective systems and controls to identify and mitigate the risk of
their businesses being used for such purposes, and that firms will act with due skill,
care and diligence to adhere to the systems and controls they have put in place,
and to properly assess, monitor and manage the risk of financial crime.
2.2
Between 29 January 2014 and 29 September 2015 (the “Relevant Period”),
a) had inadequate systems and controls to identify and mitigate the risk of
being used to facilitate fraudulent trading and money laundering in relation
to business related to four authorised entities known as the Solo Group,
thereby breaching Principle 3; and
b) breached Principle 2 as it did not exercise due skill, care and diligence in
applying its AML policies and procedures, and in failing to properly assess,
monitor and mitigate the risk of financial crime in relation to business
related to the Solo Group, as set out in this Notice.
2.3
The Solo Clients were off-shore companies including British Virgin Islands (“BVI”)
and Cayman Islands incorporated entities and a number of individual US 401(k)
pension plans previously unknown to Bastion. They were introduced by the Solo
Group, which purported to provide clearing and settlement services as custodians
to clients within a closed network, via a custom over the counter (“OTC”) post-
trade order matching platform in 2014 and a trading and settlement platform in
2015, known as Brokermesh. They were controlled by a small number of
individuals, some of whom had worked for the Solo Group, without apparent access
to funds to settle the transactions.
2.4
On behalf of the Solo Clients, Bastion executed purported OTC equity trades to the
value of approximately £49.03 billion in Danish equities and £22.48 billion in
Belgian equities and received gross commission of approximately £1.55 million.
2.5
The Solo Trading was characterised by a purported circular pattern of extremely
high value OTC equity trading, back-to-back securities lending arrangements and
forward transactions, involving EU equities on or around the last day of cum-
dividend. Following the purported Cum-Dividend Trading that took place on
designated days, the same trades were subsequently purportedly reversed over
3
several days or weeks to neutralise the apparent shareholding positions (the
“Unwind Trading”).
2.6
The purported OTC trades executed by Bastion on behalf of Solo Clients, were
initially conducted via email and a post-trade order matching platform in 2014, and
then in 2015 executed on Brokermesh, which did not have access to liquidity from
public exchanges. Yet the purported trades almost invariably were filled within a
matter of minutes, and represented up to 30% of the shares outstanding in the
companies listed on the Danish stock exchange, and up to 10% of the equivalent
Belgian stocks. The volumes also equated to an average of 41 times the total
number of all shares traded in the Danish stocks on European exchanges, and 23
times the Belgian stocks traded on European exchanges on the relevant last cum-
dividend trading date.
2.7
The Authority’s investigation and conclusions in respect of the purported trading
are based on a range of information including, in part, analysis of transaction
reporting data, material received from Bastion, the Solo Group, and five other
Broker Firms that participated in the Solo Trading. The combined volume of the
Cum-Dividend Trading across the six Broker Firms was between 15 and 61% of the
shares outstanding in the Danish stocks traded, and between 7 and 30% of the
shares outstanding in the Belgian stocks traded. These volumes are considered
implausible, especially in circumstances where there is an obligation to publicise
holders of over 5% of Danish and Belgian listed stocks.
2.8
As a broker for the equity trades, Bastion executed the purported Cum-Dividend
Trading and the purported Unwind Trading. However, the Authority believes it is
unlikely that Bastion would have executed both the purported cum-dividend trades
and purported unwind trades for the same client in the same stock in the same size
trades and therefore it is likely Bastion only saw one side of the purported trading.
Additionally, the Authority considers that purported stock loans and forwards linked
to the Solo Trading are likely to have been used to obfuscate and/or give apparent
legitimacy to the overall scheme. However, Bastion did not execute the purported
stock loans and forwards.
2.9
The purpose of the purported trading was so the Solo Group could arrange for
Dividend Credit Advice Slips (“DCAS”) to be created, which purported to show that
the Solo Clients held the relevant shares on the record date for dividend. The DCAS
were in some cases then used to make withholding tax (“WHT”) reclaims from the
tax agencies in Denmark and Belgium, pursuant to Double Taxation Treaties. In
2014 and 2015, the value of Danish and Belgian WHT reclaims made, which are
attributable to the Solo Group, were approximately £899.27 million and £188.00
million respectively. In 2014 and 2015, of the reclaims made, the Danish and
Belgian tax authorities paid approximately £845.90 million and £42.33 million
respectively.
2.10
The Authority refers to the trading as ‘purported’ as it has found no evidence of
ownership of the shares by the Solo Clients, or custody of the shares and settlement
of the trades by the Solo Group. This, coupled with the high volumes of shares
purported to have been traded, is highly suggestive of sophisticated financial crime.
2.11
Bastion had in place inadequate systems and controls to identify and mitigate the
risk of being used to facilitate fraudulent trading and money laundering in relation
to business related to four authorised entities known as the Solo Group. In addition,
Bastion staff did not exercise due skill, care and diligence in applying AML policies
and procedures and in failing to properly assess, monitor and mitigate the risk of
financial crime in relation to business related to the Solo Group.
2.12
Bastion did not have adequate policies and procedures in place to properly assess
the risks of the Solo Group business, and lacked an appreciation of the risks
involved in the purported equity trading that the Solo Clients were engaged in,
which resulted in inadequate CDD being conducted and a failure to adequately
monitor transactions and to identify unusual transactions. This heightened the risk
that the Firm could be used for the purposes of facilitating financial crime in relation
to the purported equity trading (the “Solo Trading”) executed by Bastion between
2.13
The way these purported trades were conducted in combination with their scale
and volume are highly suggestive of financial crime. The Authority’s findings are
made in the context of this finding and in consideration that these matters have
given rise to additional investigation by other tax agencies and/or law enforcement
agencies, as has been publicly reported.
2.14
In addition to the Solo Trading, Bastion executed a series of trades on behalf of 11
Solo Clients on 18, 19 and 30 June 2014 and 20 May 2015, in German and Belgian
listed stocks. Each of these trades resulted in a single Solo Client (Ganymede
Cayman Ltd, an entity wholly owned by the Solo Group’s controller) making a loss,
and cumulatively resulted in a combined loss of EUR €22,729,508.15 million to the
benefit of the remaining 10 Solo Clients.
2.15
These trades were materially different from the Solo Trading for various reasons as
set out in this Notice. In the days before the transactions took place, some of these
Solo Clients were urgently onboarded at the request of the Solo Group. The trades
were executed using intraday prices, instead of end of day prices and not executed
based on cum-dividend dates.
2.16
Bastion acted as the only executing broker for all of these trades on behalf of the
11 Solo Clients. On each occasion, the trades were reversed by the same clients
within hours, at different prices, meaning a substantial net loss for one client and
profits for the other parties, therefore making the economic rationale for the
transactions unclear and highly suggestive of financial crime.
2.17
Bastion ignored or failed to notice a series of red flags in relation to these sets of
trades it executed on behalf of these 11 Solo Clients, which had no apparent
economic purpose except to transfer funds from the Solo Group’s controller to his
business associates. The circumstances of the onboarding and trading relating to
these Solo Clients ought to have prompted Bastion to adequately consider
associated financial crime risks posed to the Firm.
2.18
The Authority considers that Bastion failed to take reasonable care to organise and
control its affairs responsibly and effectively with adequate risk management
systems, as required by Principle 3, in relation to business related to the Solo
Group. Its policies and procedures were inadequate for identifying, assessing and
mitigating the risk of financial crime posed by the Solo Group business as they:
a)
Failed to establish the requirement for risk assessments to be documented,
as well as to document the rationale for any due diligence measures the firm
waived when compared to its standard approach, in view of its risk
assessment of a particular customer;
b)
Failed to set out adequate processes and procedures for EDD;
c)
Failed to set out adequate processes and procedures for client
categorisation; and
d)
Failed to set out adequate processes and procedures for transaction
monitoring, including how transactions are monitored, and with what
frequency, and set out adequate processes and procedures for how to
identify suspicious transactions.
2.19
The Authority considers that Bastion failed to act with due skill, care and diligence
as required by Principle 2 in that it failed to properly assess, monitor and manage
the risk of financial crime associated with the business related to the Solo Group,
in that the Firm:
a) Failed to properly conduct customer due diligence prior to onboarding,
and consequently failed to identify that the Solo Clients presented a
higher risk of financial crime before they started trading;
b) Failed to gather information to enable it to understand the purpose and
intended nature of the business that the Solo Clients were going to
undertake, the likely size or frequency of the purported trading intended
by the Solo Clients or their source of funds;
c) Failed to undertake and document a risk assessment for each of the Solo
Clients prior to onboarding and trading for the Solo Clients;
d) Failed to complete EDD for any of the Solo Clients despite the fact that
none of the Solo Clients were physically present for identification
purposes and a number of other risk factors were present;
e) Failed to assess each of the Solo Clients against the categorisation
criteria set out in COBS 3.5.2R and failed to record the results of such
assessments,
including
sufficient
information
to
support
the
categorisation, contrary to COBS 3.8.2(2)(a);
f) Failed to conduct transaction monitoring of the Solo Clients’ purported
trades;
g) Failed to recognise numerous red flags with the purported trading,
including failing to consider whether it was plausible and/or realistic that
sufficient liquidity was sourced within a closed network of entities for the
size and volumes of trading conducted by the Solo Clients. Likewise,
failing to consider or recognise that the profiles of the Solo Clients meant
that they were highly unlikely to meet the scale and volume of the
trading purportedly being carried out, and failed to at least obtain
sufficient evidence of the clients’ source of funds to satisfy itself to the
contrary; and
7
h) Failed to recognise numerous red flags arising from the purported
Ganymede trades and adequately consider financial crime and money
laundering risks they posed to the Firm.
2.20
Bastion’s failings merit the imposition of a significant financial penalty. The
Authority considers the failings to be particularly serious because they left the Firm
exposed to the risk that it could be used to further financial crime;
1) Bastion onboarded 327 clients, some of which emanated from jurisdictions
which did not have AML requirements equivalent to those in the UK;
2) Bastion’s AML policies and procedures were not proportionate to the risks in
the Solo business that it was undertaking;
3) Bastion failed to review and analyse the KYC materials that were provided
by the Solo Group properly or ask appropriate follow up questions to red
flags in the KYC materials;
4) Even after a number of red flags appeared, Bastion failed to conduct any
ongoing monitoring, allowing these same clients to purportedly trade
equities totalling more than £71.5 billion;
5) Because Bastion failed to both have and apply appropriate AML systems and
controls in relation to the Solo business, there was an unacceptable risk that
Bastion could be used by clients to launder the proceeds of crime;
6) Bastion executed a series of uneconomic trades, while ignoring numerous
red flags that were highly suggestive of financial crime.
7) Finally, these failings were not identified Bastion.
2.21
Accordingly, to further the Authority’s operational objective of protecting and
enhancing the integrity of the UK financial system, the Authority hereby imposes
on Bastion a financial penalty of £2,452,700.
3. DEFINITIONS
3.1
The following definitions are used in this Notice:
“401(k) pension plan” means an employer-sponsored retirement plan in the
United States. Eligible employees may make pre-tax contributions to the plan but
are taxed on withdrawals from the account. A Roth 401(k) plan is similar in nature;
however, contributions are made post-tax although, withdrawals are tax-free. For
the 2014 tax year, the annual contribution limit was $17,500 for an employee, plus
an additional $5,500 catch-up contribution for those aged 50 and over. For the tax
year 2015, the contribution limits were $18,000 for an employee and the catch-up
contribution was $6,000. For a more detailed analysis, please see Annex C;
“2007 Regulations” or “Regulation” means the Money Laundering Regulations
2007;
“the Act” means the Financial Services and Markets Act 2000;
“AML” means Anti-Money Laundering;
“AML certificate” means an AML introduction form which is supplied by one
authorised firm to another. The form confirms that a regulated firm has carried out
CDD obligations in relation to a client and authorises another regulated firm to
place reliance on it in accordance with Regulation 17;
“AML policy” means Bastion’s ‘Anti Money Laundering and Combating Terrorist
Financing Policy’ dated September 2013;
“Authority” means the Financial Conduct Authority, known prior to 1 April 2013 as
the Financial Services Authority;
“Bastion” means Bastion Capital London Ltd;
“Broker Firms” means the other broker firms who agreed with the Solo Group to
carry out the Solo Trading;
“Brokermesh” means the bespoke electronic platform set up by the Solo Group
for the Solo Clients to submit orders to buy or sell cash equities, and for the Broker
Firms to provide or seek liquidity and execute the purported trading;
“CDD” means customer due diligence measures, the measures a firm must take to
identify each customer and verify their identity and to obtain information on the
purpose and intended nature of the business relationship, as required by Regulation
5;
“Clearing broker” means an intermediary with responsibility to reconcile trade
orders between transacting parties. Typically, the clearing broker validates the
availability of the appropriate funds, ensures the delivery of the securities in
exchange for cash as agreed at the point the trade was executed, and records the
transfer;
“COBS” means the Authority’s Conduct of Business Sourcebook Rules;
“Compliance Manual” means Bastion’s Compliance Manuals dated 1 May 2013
and 6 October 2014, which were applicable during the Relevant Period;
“Cum-dividend” means when a buyer of a security is entitled to receive the next
dividend scheduled for distribution, which has been declared but not paid. A stock
trades cum-dividend up until the ex-dividend date, after which the stock trades
without its dividend rights;
“Cum-Dividend Trading” means the purported trading that the Solo Clients
conducted where the shares are cum-dividend in order to demonstrate apparent
shareholding positions that would be entitled to receive dividends, for the purposes
of submitting WHT reclaims;
“Custodian” means a financial institution that holds customers’ securities for
safekeeping. They also offer other services such as account administration,
transaction settlements, the collection of dividends and interest payments, tax
support and foreign exchange;
“DCAS” means Dividend Credit Advice Slips. These are completed and submitted
to overseas tax authorities in order to reclaim the tax paid on dividends received;
“DEPP” means the Authority’s Decision Procedure and Penalties Manual;
“Dividend Arbitrage” means the practice of placing shares in an alternative tax
jurisdiction around dividend dates with the aim of minimising withholding taxes
(WHT), or generating WHT reclaims. Dividend Arbitrage may include several
different activities including trading and lending equities and trading derivatives,
including futures and total return swaps, designed to hedge movements in the price
of the securities over the dividend dates;
“Double Taxation Treaty” means a treaty entered into between the country
where the income is paid and the country of residence of the recipient. Double
Taxation Treaties may allow for a reduction or rebate of the applicable WHT;
“EDD” means enhanced due diligence, the measures a firm must take in certain
situations, as outlined in Regulation 14;
“European exchanges” means registered execution venues, including regulated
markets, multilateral trading facilities, organised trading facilities and alternative
trading systems encapsulated in Bloomberg’s European Composite;
“Executing broker” means a broker that merely buys and sells shares on behalf
of clients. The broker does not give advice to clients on when to buy or sell shares;
“Financial Crime Guide” means the Authority’s consolidated guidance on financial
crime, which is published under the name “Financial crime: a guide for firms”. In
this Notice, the applicable versions for the Relevant Period were published in April
2013, April 2014, January 2015 (incorporating updates which came into effect on
1 June 2014) and April 2015. The Financial Crime Guide contains “general
guidance” as defined in section 139B FSMA. The guidance is not binding and the
Authority will not presume that a firm’s departure from the guidance indicates that
it has breached the Authority’s rules. But as stated in FCG 1.1.8 the Authority
expect firms to be aware of the Financial Crime Guide where it applies to them, and
to consider applicable guidance when establishing, implementing and maintaining
their anti-financial crime systems and controls;
“Ganymede” means Ganymede Cayman Ltd, a private entity incorporated in the
Cayman Islands and wholly owned by Sanjay Shah, who was also the owner and
controller of the Solo Group.
“Ganymede trades” means a series of trades in German and Belgian stocks
executed by Bastion on 18, 19 and 30 June 2014 and 20 May 2015 on behalf of
eleven clients with connections to the Solo Group.
“Handbook” means the collection of regulatory rules, manuals and guidance issued
by the Authority;
“JMLSG” means the Joint Money Laundering Steering Group, which is comprised
of leading UK trade associations in the financial services sector;
“JMLSG Guidance” means the ‘Prevention of money laundering/combating
terrorist finance guidance for the UK financial sector’ issued by the JMLSG, which
has been approved by a Treasury Minister in compliance with the legal requirements
in the 2007 Regulations. The JMLSG Guidance sets out good practice for the UK
financial services sector on the prevention of money laundering and combating
terrorist financing. In this Notice, applicable provisions from the version dated 20
November 2013 and 19 November 2014 have been referred to.
The Authority has regard to whether firms have followed the relevant provisions of
the JMLSG Guidance when deciding whether a breach of its rules on systems and
controls against money laundering has occurred, and in considering whether to take
action for a financial penalty or censure in respect of a breach of those rules (SYSC
3.2.6E and DEPP 6.2.3G);
“KYC” means Know Your Customer, which refers to CDD and EDD obligations;
“KYC pack” means the bundle of client identity information received, which usually
included incorporation documents, certified copies of identity documents, utility
bills and CVs;
“Matched principal trading” means a transaction where the facilitator interposes
itself between the buyer and the seller to the transaction in such a way that it is
never exposed to market risk throughout the execution of the transaction, with
both sides executed simultaneously, and where the transaction is concluded at a
price where the facilitator makes no profit or loss, other than a previously disclosed
commission, fee or charge for the transaction;
“MLRO” means Money Laundering Reporting Officer;
“OTC” means over the counter trading which does not take place on a regulated
exchange;
“Principles” means the Authority’s Principles for Businesses as set out in the
Handbook;
“Relevant Period” means the period from 29 January 2014 to 29 September
2015;
“SCP” means Solo Capital Partners LLP;
“Solo Clients” means the entities introduced by the Solo Group to Bastion and the
other brokers on whose behalf Bastion executed purported equity trades for some
of the clients during the Relevant Period;
“Solo Group” or “Solo” means the four authorised firms owned by Sanjay Shah,
a British national residing in Dubai, details of which are set out in paragraph 4.6;
“Solo Trading” means purported Cum-Dividend Trading and the purported Unwind
Trading executed for Solo Clients during the Relevant Period;
“Tribunal” means the Upper Tribunal (Tax and Chancery Chamber);
“UBO” means ultimate beneficial owner with “beneficial owner” being defined in
Regulation 6;
“Unwind Trading” means purported trading that took place over several days or
weeks to reverse the Cum-Dividend Trading to neutralise the apparent shareholding
positions;
“Withholding Tax” or “WHT” means a levy deducted at source from income and
passed to the government by the entity paying it. Many securities pay periodic
income in the form of dividends or interest, and local tax regulations often impose
a WHT on such income; and
“Withholding Tax Reclaims” means in certain cases where WHT is levied on
payments to a foreign entity, the WHT may be reclaimed if there is a Double
Taxation Treaty between the country in which the income is paid and the country
of residence of the recipient. Double Taxation Treaties may allow for a reduction or
rebate of the applicable WHT.
4. FACTS AND MATTERS
Bastion
4.1
During the Relevant Period, Bastion was a UK-based brokerage firm, incorporated
in 2004 and authorised by the Authority to deal as a matched principal or agent in
a variety of investment types. It did not have permission to hold positions or client
money and conducted all of its trading on a give-up basis, with clearing and
settlement undertaken by separate FCA authorised entities. Bastion was not
authorised to trade for retail clients and the majority of its top 20 clients during the
Relevant Period were large financial institutions.
4.2
On 7 June 2019, a special resolution that the Firm be wound up voluntarily was
passed and joint liquidators were appointed.
4.3
Bastion’s compliance function was managed internally, although it also received
support from an external compliance adviser who conducted the firm’s Compliance
Monitoring Programme and produced periodic reports on the Firm’s compliance with
rules in the Authority’s handbook. Despite Bastion stating that it also relied upon
the external compliance adviser to flag issues regarding the Firm’s financial crime
risk, in its annual firm-specific risk assessment conducted by the same external
compliance adviser, such risk did not feature.
4.4
However, Bastion’s external compliance adviser has confirmed that its advice was
usually provided on a general basis and was not specific to the Solo business. In
fact, the adviser stated that it was not even aware of Bastion’s ongoing relationship
with Solo until it was referenced in September 2014, eight months after the
commencement of the Solo Trading. The adviser has also stated that it did not see
the transactions that took place, and were dependant on Bastion providing records
to them for review.
4.5
Bastion staff had in place inadequate systems and controls to identify and mitigate
the risk of being used to facilitate fraudulent trading and money laundering in
relation to business introduced by four authorised entities known as the Solo Group.
In addition, Bastion staff did not exercise due skill, care and diligence in applying
AML policies and procedures, and in failing to properly assess, monitor and mitigate
the risk of financial crime in relation to the Solo Clients and the purported trading.
The Solo Group
4.6
The four authorised firms referred to by the Authority as the Solo Group were
owned by Sanjay Shah, a British national currently based in Dubai:
•
Solo Capital Partners LLP (“SCP”) was first authorised in March 2012 and
was a broker.
•
West Point Derivatives Ltd was first authorised in July 2005 and was a broker
in the derivatives market.
•
Old Park Lane Capital Ltd was first authorised in April 2008 and was an
agency stockbroker and corporate broker.
•
Telesto Markets LLP was first authorised on 27 August 2014 and was a
wholesale custody bank and fund administrator.
4.7
During the Relevant Period, SCP, and others in the Solo Group at various stages,
held regulatory permissions to provide custody and clearing services. The Solo
Group has not been permitted to carry out any activities regulated by the
Authority since December 2015 and Solo Capital Partners formally entered
Special Administration insolvency proceedings in September 2016. The three
other entities are in administration proceedings.
Statutory and Regulatory Provisions
4.8
The statutory and regulatory provisions relevant to this Notice are set out in
Annex B.
4.9
Principle 3 requires firms to take reasonable care to organise and control their
affairs responsibly and effectively, with adequate risk management systems.
The 2007 Regulations and rules in the Authority’s Handbook further require firms
to create and implement policies and procedures to prevent and detect money
laundering, and to counter the risk of being used to facilitate financial crime.
These include systems and controls to identify, assess and monitor money
laundering risk, as well as conducting CDD and ongoing monitoring of business
relationships and transactions.
4.10
Principle 2 requires firms to conduct their businesses with due skill, care and
diligence. A firm merely having systems and controls as required by Principle 3
is not sufficient to avoid the ever-present financial crime risk. A firm must also
carefully apply those systems and controls with due skill, care and diligence as
required by Principle 2 to protect itself, and to properly assess, monitor and
manage the risk of financial crime.
4.11
Money laundering is not a victimless crime. It is used to fund terrorists, drug
dealers and people traffickers as well as numerous other crimes. If firms fail to
apply money laundering systems and controls, they risk facilitating these crimes.
4.12
As a result, money laundering risk should be taken into account by firms as part
of their day-to-day operations, including those in relation to the development of
new products, the taking on of new clients and changes in its business profile.
In doing so, firms should take account of their customer, product and activity
profiles and the complexity and volume of their transactions.
4.13
The JMLSG has published detailed guidance with the aim of promoting good
practice and giving practical assistance in interpreting the 2007 Regulations and
evolving practice within the financial services industry. When considering
whether a breach of its rules on systems and controls against money laundering
has occurred, the Authority will have regard to whether a firm has followed the
relevant provisions in the JMLSG guidance.
4.14
Substantial guidance for firms has also been published by the Authority
regarding the importance of AML controls, in the form of its Financial Crime
Guide, which cites examples of good and bad practice, publications of AML
thematic reviews and regulatory notices.
Background of Dividend Arbitrage and the Purported Solo Trading
Dividend Arbitrage Trading
4.15
The aim of dividend arbitrage is to place shares in certain tax jurisdictions around
dividend dates, with the aim of minimising withholding taxes or to generate WHT
reclaims. WHT is a levy deducted at source from dividend payments made to
shareholders.
4.16
If the beneficial owner is based outside of the country of issue of the shares, he
may be entitled to reclaim that tax if the country of issue has a relevant treaty
(a “Double Taxation Treaty”) with the country of residence of the beneficial
owner. Accordingly, dividend arbitrage aims at transferring the beneficial
ownership of shares temporarily overseas, in sync with the dates upon which
dividends become payable, in order that the criteria for making a withholding
tax reclaim are fulfilled.
4.17
As the strategy is one of temporary transfer only, it is often executed using
‘stock lending’ transactions. While such transactions are structured economically
as loans, the entitlement to a tax rebate depends on actual transfer of title. The
legal structure of the ‘loan’ is therefore a sale of the shares, on condition that
the borrower is obliged to supply equivalent shares to the lender at a specified
future date.
4.18
Dividend arbitrage may give rise to significant market risk for either party as the
shares may rise or fall in value during the life cycle of the loan. In order to
mitigate this, the strategy will often include a series of derivative transactions,
which hedge this market exposure.
4.19
A key role of the share custodian in connection with dividend arbitrage strategies
is to issue a voucher to the beneficial owner which certifies such ownership on
the date on which the entitlement to a dividend arose. The voucher will also
specify the amount of the dividend and the sum withheld at source. This is
sometimes known as a Dividend Credit Advice Slip’ or ‘Credit Advice Note’. The
purpose of the voucher is for the beneficial owner to produce it (assuming the
existence of a relevant Double Taxation Treaty), to the relevant tax authority to
reclaim the withholding tax. The voucher generally certifies that 1) the
shareholder was the beneficial owner of the share at the relevant time, 2) the
shareholder had received the dividend, 3) the amount of the dividend, and 4)
the amount of tax withheld from the dividend.
4.20
Given the nature of dividend arbitrage trading, the costs of executing the
strategy will usually be commercially justifiable only if large quantities of shares
are traded.
4.21
The Authority’s investigation and understanding of the purported trading in this
case is based, in part, on analysis of transaction reporting data and material
received from Bastion, the Solo Group, and five other Broker Firms that
participated in the Solo Trading. The Solo Trading was characterised by a circular
pattern of purported extremely large-scale OTC equity trading, back-to-back
securities lending arrangements and forward transactions.
4.22
The Solo Trading can be broken into two phases:
1) purported trading conducted when shares were cum-dividend in order to
demonstrate apparent shareholding positions that would be entitled to receive
dividends, for the purposes of submitting WHT reclaims (“Cum-Dividend
Trading”); and
2) the purported trading conducted when shares were ex dividend, in relation to
the scheduled dividend distribution event which followed the Cum-Dividend
Trading, in order to reverse the apparent shareholding positions taken by the
Solo Group clients during Cum-Dividend Trading (“Unwind Trading”).
4.23
The combined volume of the purported Cum-Dividend Trading across the six
Broker Firms was between 15 and 61% of the shares outstanding in the Danish
stocks traded, and between 7 and 30% of the shares outstanding in the Belgian
stocks traded.
4.24
As a broker for the equity trades, Bastion executed the purported Cum-Dividend
Trading and the purported Unwind Trading. However, the Authority believes it is
unlikely that Bastion would have executed both the purported cum-dividend
trades and purported unwind trades for the same client in the same stock in the
same size trades and therefore it is likely Bastion only saw one side of the
purported trading. Additionally, the Authority considers that purported stock
loans and forwards linked to the Solo Trading are likely to have been used to
obfuscate and/or give apparent legitimacy to the overall scheme. However,
Bastion did not execute the purported stock loans and forwards.
4.25
The purpose of the purported trading was to enable the Solo Group to arrange
for Dividend Credit Advice Slips (“DCAS”) to be created, which purported to show
that the Solo Clients held the relevant shares on the record date for dividend.
The DCAS were in some cases then used to make WHT reclaims from the tax
agencies in Denmark and Belgium, pursuant to Double Taxation Treaties. In
2014 and 2015, the value of Danish and Belgian WHT reclaims made, which are
attributable to the Solo Group, was approximately £899.27 million and £188.00
million respectively. In 2014 and 2015, of the reclaims made, the Danish and
Belgian tax authorities paid approximately £845.90 million and £42.33 million
respectively.
4.26
The Authority refers to the trading as ‘purported’ as it has found no evidence of
ownership of the shares by the Solo Clients, or custody of the shares and
settlement of the trades by the Solo Group.
Bastion’s introduction to the Solo Group business
4.27
Prior to the Relevant Period, Bastion had a pre-existing relationship, trading
futures for SCP between 15 June 2012 and 2 October 2013, although the Firm’s
management was not involved in managing the day to day relationship. In that
instance, Bastion had performed the function of an introducing broker and had
facilitated an arrangement between SCP and one of Bastion’s clearers. SCP had
been a trading client of Bastion and not a custodian with underlying clients.
4.28
At the start of the Relevant Period, Bastion understood SCP to be a successful
hedge fund, which had the potential to be become a large institution. Based on
its previous work with, and knowledge of, SCP, and with a view to obtaining
additional revenue, Bastion was keen to be involved when it was approached by
SCP about a new line of business it was looking to conduct.
4.29
Bastion met with SCP early 2014 to discuss a proposal from SCP whereby Bastion
would execute equity trades on behalf of clients introduced by SCP, and SCP
would clear and settle the trades using its own platform. Bastion did not make
and/or retain any notes of the initial meetings or discussions, but has confirmed
that only onboarding and settlement processes were discussed, and not the
detail of the clearing and settlement, or strategy of the proposed trading.
4.30
Bastion has stated that before the trading commenced it did not have any
understanding about the expected size or frequency of the anticipated trading,
or the level of commission it would generate for the Firm. Additionally, it stated
that it did not know whether the trades would be linked to particular stocks,
dates or markets.
4.31
Bastion signed and returned a custody agreement with SCP on 19 February
2014. A custody agreement with OPL was executed on 31 July 2014 and further
service agreements with each of the Solo Group entities were signed by Bastion
on 27 and 28 January 2015.
Onboarding of the Solo Clients
Introduction to Onboarding requirements
4.32
The 2007 Money Laundering Regulations required authorised firms to use their
onboarding process to obtain and review information about a potential customer
to satisfy their KYC obligations.
4.33
As set out in Regulation 7 of the 2007 Regulations, a firm must conduct
Customer Due Diligence (“CDD”) when it establishes a business relationship or
carries out an occasional transaction.
4.34
As part of the CDD process, first, a firm must identify the customer and verify
their identity. Second, a firm must identify the beneficial owner, if relevant, and
verify their identity. Finally, a firm must obtain information on the purpose and
intended nature of the business relationship.
4.35
To confirm the appropriate level of CDD that a firm must apply, a firm must
perform a risk assessment, taking into account the type of customer, business
relationship, product or transaction. The firm must also document its risk
assessments and keep its risk assessments up to date.
4.36
If the firm determines through their risk assessment that the customer poses a
higher risk of money laundering or terrorist financing then it must apply
Enhanced Due Diligence (“EDD”). This may mean that the firm should obtain
additional information regarding the customer, the beneficial owner to the extent
there is one, and the purpose and intended nature of the business relationship.
Additional information gained during EDD should then be used to further inform
its risk assessment process in order to manage its money laundering/terrorist
financing risks effectively. The information firms are required to obtain about
the circumstances and business of their customers is necessary to provide a
basis for monitoring customer activity and transactions, so firms can effectively
detect the use of its products for money laundering and/or terrorist financing.
Chronology of the onboarding
4.37
On 29 January 2014, the onboarding process commenced for the Solo Clients.
This involved Bastion receiving onboarding requests from the Solo Clients, which
authorised Solo to supply Bastion with the clients’ KYC documents.
4.38
Once Bastion had received the onboarding requests, Solo supplied Bastion with
the corresponding AML certificates or KYC documents which usually contained
company or trust formation documents, photocopies of identity documents and
occasionally CVs of the UBO or authorised representative. Solo also arranged for
tri-partite give-up agreements to be signed between itself, Bastion and the Solo
Clients.
4.39
Throughout the process, Bastion maintained a checklist of the Solo Clients which
showed the stage each client was at within the onboarding process. The initial
list on 13 February 2014 contained 19 clients that had requested to be
onboarded, and by 19 February 2014 there were 80. In an email to Solo on 16
February 2014, Bastion acknowledged that 60 new clients would need to be set
up the next week, however it had not onboarded that number of clients at once
before. Bastion was also not used to having “small hedge funds [like Solo] as a
primary point of on-boarding into the regulatory environment”.
4.40
Given that Bastion did not hold any prior information about the Solo Clients, it
was at the point of onboarding that the Firm first became aware of the names
and jurisdictions of the clients and ought to have noticed that the entities were
a significant departure from its usual institutional and regulated client base.
4.41
By 8 June 2014, Bastion had received onboarding requests from 92 Solo Clients
who were custodied with SCP. Onboarding continued throughout the Relevant
Period, with the number of Solo Clients increasing significantly after OPL became
involved in the Solo Trading from July 2014, and Westpoint and Telesto from
February 2015.
4.42
By the end of the Relevant Period, Bastion had onboarded 327 Solo Clients. The
Solo Clients consisted of 260 US 401(k) pension plans, 61 companies
incorporated in the British Virgin Islands (BVI), the Cayman Islands, Labuan in
Malaysia and Seychelles, plus 6 others incorporated in the UK, Luxembourg,
Germany and UAE. More than half of these entities had been incorporated in
2014.
4.43
Despite such a large number of clients, the majority of the onboarding requests
were sent from a limited number of representatives, which Bastion identified
through the use of colour coding on the client checklists. For instance, a
spreadsheet sent from SCP to Bastion on 4 March 2015 contained the names
and account representatives for 165 clients, broken down across the four
custodian firms. Out of the 165 clients on the list, there were just 17
representatives, each of which had a minimum of 3 clients, with one individual
responsible for 38 US 401(k) pension plans, and another for 25 US 401(k)
pension plans.
4.44
Bastion was also aware from the KYC material that some of the client
representatives were former Solo employees. In fact, a CV within the KYC
materials provided to Bastion showed that an ex-Solo employee was the ultimate
beneficial owner of four of the Malaysian companies. Bastion also received KYC
documents which showed that Sanjay Shah was the UBO and/or former director
of at least one entity that Bastion onboarded.
4.45
CDD is an essential part of the onboarding process, which must be conducted
when onboarding a new client. Firms must obtain and hold sufficient information
about their clients to inform the risk assessment process and manage the risk
of money laundering.
4.46
As part of the CDD process first, under Regulation 5 of the 2007 Money
Laundering Regulations, a firm must identify the customer and verify their
identity. Second, a firm must identify the beneficial owner, if relevant, and verify
their identity. Finally, a firm must obtain information on the purpose and
intended nature of the business relationship.
A. Customer Identification and Verification
4.47
Regulation 20 of the 2007 Money Laundering Regulations requires that firms
establish and maintain appropriate and risk-sensitive policies and procedures
related to customer due diligence, and SYSC 6.3.1 requires that the policies
must be comprehensive and proportionate to the nature, scale and complexity
of its activities.
4.48
During the Relevant Period, Bastion’s policies and procedures relating to client
onboarding, financial crime and AML comprised of several documents including:
•
Anti-Money Laundering (AML) and Combating Terrorist Financing (CTF)
Policy dated September 2013;
•
Compliance Manual dated 1 May 2013;
•
Compliance Manual dated 6 October 2014;
4.49
Bastion’s Compliance Manual required the Firm to obtain satisfactory evidence
of the identity of each customer with whom it had a business relationship. The
policy stipulated that as a minimum this ought to involve identifying the
customer and beneficial owner and verifying their identities, as well as obtaining
information on the purpose and intended nature of the business relationship.
4.50
For private and unregulated corporate entities, such as the Solo Clients, the
documented procedure was that Bastion should verify the identity of directors
or individuals owning more than 25% of the shares or voting rights, or
individuals with principal control over the firm’s assets.
4.51
An alternative approach was set out in an appendix to the Compliance Manual,
which stated that Bastion could rely upon CDD conducted by another financial
institution, in accordance with Regulation 17.
4.52
Regulation 17 permitted firms to place reliance on CDD conducted by other
authorised firms, provided that firm consented to being relied upon, however
the firm placing reliance remained responsible for any failure to apply adequate
CDD. The JMLSG Guidance contained a pro-forma document, also known as an
AML certificate, the provision of which implied that consent had been provided
by the firm relied upon.
4.53
Bastion did engage with its external compliance consultants specifically about
the form of AML certificates who advised that it would need to be as per the
JMLSG Guidance. Bastion agreed with its external compliance consultants that if
the Firm received an “appropriate AML form or appropriate KYC documents from
another FCA entity about a client then we can accept those for AML on-boarding
purposes”.
4.54
In relation to the Solo Clients, Bastion received KYC documents for some, but
only AML certificates for others, although it was unclear to the firm why they
were divided in this way.
4.55
Bastion therefore undertook two separate processes for conducting CDD on the
i) Review of KYC documents
4.56
Bastion’s review of KYC documents was to make sure that each new client was
incorporated and controlled by “acceptable” individuals and raised queries with
the custodian about the accuracy and completeness of the information.
ii) Reliance on AML certificates from the Solo Group
4.57
Bastion accepted AML certificates in lieu of KYC packs for approximately a third
of the Solo Clients. The AML certificates contained the name and address of the
Solo Clients and their beneficial owners, details of the directors, and stated that
the Solo Group entity had conducted the appropriate CDD checks. It also stated
that the certificate would not affect Bastion’s responsibility to comply with
applicable AML regulations.
4.58
AML certificates continued to be received by Bastion throughout the Relevant
Period, the final batch being received in respect of 74 new clients on 6 August
2015. Bastion did request the Solo Group for these clients’ KYC packs following
receipt of AML Certificates. However, the Authority has seen no evidence that
Bastion received any of the requested KYC packs. Nevertheless, some clients
from this batch were onboarded on the same day.
B. Purpose and Intended Nature of a Business Relationship
4.59
As part of CDD, Regulation 5(c) of the 2007 Regulations requires firms to obtain
information on the purpose and intended nature of a business relationship. The
firm should use this information to assess whether a customer’s financial
behaviour over time is in line with expectations, whether or not the client is likely
to be engaged in criminal activity, and to provide them with a meaningful basis
for ongoing monitoring of the relationship.
4.60
Regulation 20 of the 2007 Money Laundering Regulations requires that firms
establish and maintain appropriate and risk-sensitive policies and procedures
related to customer due diligence, and SYSC 6.3.1R requires that the policies
must be comprehensive and proportionate to the nature, scale and complexity
of its activities.
4.61
Bastion’s Compliance Manual required the Firm, in relation to corporate clients,
to obtain “sufficient additional information on the nature of company’s business,
and the reasons for seeking the product or service”.
4.62
Although not referred to in its compliance policies, Bastion had two ‘Know your
client forms’ (one for individuals and one for corporate clients) for staff at the
Firm to complete. The first question on both of the forms was ‘what is the
purpose and reason for the client wishing to open the account?’. Others included
‘what are the client’s objectives in entering into this account?’ and ‘what is the
projected volume of business?’. Although these forms existed and were sent to
other clients, Bastion did not send them to the Solo Clients and so did not obtain
details about the purpose and intended nature of the Solo business from the
Solo Clients.
4.63
Despite the questions on the form, Bastion has denied that it would normally
discuss with clients the expectations of the sort of trading they would look to be
doing or any limits they had, on the basis that “size is good” and “you don’t go,
‘Oh, this guy’s doing too much size, you know. This is a problem, this is
suspicious’…”
4.64
As the Solo Clients were a significant departure from Bastion’s usual client base
(see paragraph 4.40), it was particularly important for the Firm to understand
the nature and purpose of the intended trading. As a result of not enquiring with
the Solo Clients about the nature and expected volumes or sizes of trading,
Bastion had insufficient information on which to adequately evaluate whether
the trading was in line with expectations and to identify unusually large
transactions. This left Bastion exposed to the risk of facilitating financial crime,
notwithstanding that the Firm did not hold client money.
4.65
The JMLSG Guidance also states, “if a firm cannot satisfy itself as to the identity
of a customer; verify that identity; or obtain sufficient information on the nature
and intended purpose of the business relationship, it must not enter into a new
relationship and must terminate an existing one”. Despite the obvious issues
with the lack of information available to Bastion about the nature and intended
purpose of the business relationship, it onboarded 327 Solo Clients.
Risk assessment
4.66
As part of the onboarding and due diligence process, firms need to undertake
and document risk assessments for every client. Such assessments should be
based on information contained in the clients’ KYC documents.
4.67
Conducting a thorough risk assessment for each client assists firms in
determining the correct level of CDD to be applied, including whether EDD is
warranted. If a customer is not properly assessed, firms are unlikely to be fully
apprised of the risks posed by each client, which increases the risk of financial
crime.
4.68
Under Regulation 20 of the 2007 Regulations, firms are required to maintain
appropriate and risk-sensitive policies and procedures related to risk
assessments and management.
4.69
Bastion’s AML policy set out its risk based approach to managing money
laundering risks, which was focussed on the risks presented by the firm’s
customer base; products; delivery channels and geographical areas of operation.
4.70
Bastion’s policies and procedures failed to establish the requirement for risk
assessments to be documented. Documentation of risk assessments is
necessary to demonstrate the basis upon which they are being made, to keep
these assessments up to date and to provide appropriate risk assessment
information to authorities. Bastion’s policies also failed to set out that Bastion
should document the rationale for any due diligence measures it waived when
compared to its standard approach, in view of its risk assessment of a particular
customer.
4.71
In any event, Bastion did not conduct or record risk assessments for any of the
Solo Clients pursuant to its AML policy and/or its Compliance Manual.
4.72
The only type of risk assessment Bastion conducted across its client-base, was
within the documents for its ‘Risk Based MiFID Compliance Monitoring
Programme’. Here, Bastion classed all its clients as ‘low risk’ on the basis that
either: “most clients are authorised by the FCA or equivalent”, which was
something Bastion knew not to be true in relation to the Solo Clients; or because
“all clients are traded on give up agreements with a clearer…[and] must have
cleared the AML requirements of the clearing broker” which was not a criteria
set out in the risk classification diagram or within the Firm’s AML policy. This
classification was inconsistent with the wording of Bastion’s AML policy, which
stated that “generally our AML/CTF risk would be medium and high.”
4.73
Bastion did not conduct sufficient analysis to determine whether the Solo Clients
posed a higher risk of financial crime. Even a brief analysis shows the following
risk factors:
•
Bastion had no former relationship with the Solo Clients and failed to obtain
information regarding the nature of the business each client was going to
undertake. Therefore, Bastion did not have a profile against which to base
an assessment of their purported trading for the purposes of ongoing
monitoring.
•
The Solo Clients’ KYC material showed that almost all of the clients had just
a single director, shareholder and/or beneficiary.
•
In addition to none of the Solo Clients being regulated, the vast majority of
them were based in countries outside the EU with no assumed regulatory
equivalence.
•
The Solo Clients were introduced by the Solo Group, where there was a
possibility of a conflict of interest as some UBOs were former employees of
SCP. Bastion relied on AML certificates provided by Solo for their ex-
employees. Because of Solo Group’s relationship with their former
employees, Solo Group was not in a position to provide an unbiased view.
•
Over half of the Solo Clients were US 401(k) pension plans, linked to trusts,
which were classed in Bastion’s AML policy as higher-risk vehicles for money
laundering, especially if set up in a non-EEA country. The JMSLG has noted
that “some trusts established in jurisdictions with favourable tax regimes
have in the past been associated with tax evasion and money laundering.”
•
Additionally, Bastion had no awareness of how US 401(k) pension plans
operated, the rules for establishment, or the limits for investment.
•
None of the Solo Clients were physically present for identification purposes
as the onboarding process was conducted via email. This is identified in the
2007 Regulations as being indicative of higher risk and therefore firms are
required to take measures to compensate for the higher risk associated with
these clients.
•
The Solo Clients purportedly sought to do OTC equity trading which under
the JMSLG guidance needs a more considered risk based approach and
assessment.
•
The transactions subsequently undertaken by Bastion on behalf of the Solo
Clients were larger than the equity transactions it executed for institutional
clients.
4.74
The Authority has not seen any evidence that Bastion assessed the risks posed
by each Solo Client on an individual basis or that it documented the risk factors
pertinent to each client or how they could be mitigated.
EDD
4.75
Firms must conduct EDD on customers which present a higher risk of money
laundering, so they are able to judge whether or not the higher risk is likely to
materialise.
4.76
Regulation 14(1)(b) states that firms “must apply on a risk-sensitive basis
enhanced customer due diligence and enhanced ongoing monitoring in any . . .
situation which by its nature can present a higher risk of money laundering or
terrorist financing.” The 2007 Regulations further require firms to implement
EDD measures for any client that was not physically present for identification
purposes.
4.77
Regulation 20 of the 2007 Regulations requires firms to maintain appropriate
and risk-sensitive policies and procedures related to customer due diligence
measures, which includes enhanced due diligence. SYSC 6.3.1R further requires
that the policies must be comprehensive and proportionate to the nature, scale
and complexity of its activities.
4.78
Bastion’s AML policy required the Firm to conduct “enhanced levels of customer,
product, geographical location and transaction due diligence” for all higher risk
customers, and review the use of the accounts and transactions undertaken.
Higher risk entities were described in the policy as being companies not
incorporated in the UK/EU, or ones that had an opaque structure, or if the entity
was cash driven such as a casino or bureau de change. The Compliance Manual
also mandated that EDD was required in three specific types of relationship,
including where the customer was not physically present for identification
purposes; in respect of a correspondent banking relationship; and in respect of
a business relationship or occasional transaction with Politically Exposed
Persons.
4.79
A training presentation delivered to staff at Bastion by its external compliance
advisers in January 2015 also stated that EDD was mandated for higher risk
customers, including “clients you do not physically meet”, which would have
included the Solo Clients.
4.80
Bastion’s policies were deficient in that they did not provide a consistent
definition of higher risk customers, or a documented process which explained
step-by-step how to handle higher risk clients and how to undertake EDD in
order to be satisfied that Bastion had countered the risk of money laundering in
each occasion. The only procedure referred to in the AML policy that was drafted
to apply to all higher risk entities was a requirement to verify the identity of all
directors and shareholders with an interest over 25%, albeit it was the Firm’s
standard policy to obtain this information for at least two directors and all
shareholders with an interest over 25% for every client.
4.81
Aside from the above reference to verification, the EDD procedures within
Bastion’s compliance documents only related to specific circumstances. For
example, the Compliance Manual only stipulated additional documents or
verification methods which could be used in relation to non face-to-face client
relationships and trust accounts. The AML policy also required the Firm to gain
“an understanding of the source of funds” only in relation to ‘unregulated funds’,
which itself was an undefined term. This piecemeal approach created a risk that
adequate EDD would not be applied consistently in relation to customers that
presented other high risk factors.
4.82
Furthermore, no guidance was given as to what would constitute “customer,
product, geographical location and transaction due diligence”.
4.83
Given that Bastion did not meet a single Solo Client, the Firm was required to
implement EDD. However, even if the clients had been present during the CDD
process, for the reasons set out in paragraph 4.73, a number of risk factors
indicated that the Solo Clients may have presented a higher risk of money
laundering, and therefore Bastion ought to have applied EDD by obtaining
additional information about the clients and the proposed trading.
4.84
In view of the connections between some of the Solo Clients and the Solo Group,
Bastion should have recognised the risks that this posed and should have taken
steps to mitigate the risk, for example, by undertaking independent enquiries
on the sources of funds for the Solo Clients to ensure that they were not still
financially connected to the Solo Group as employees, and had sufficient funds
to conduct the anticipated trading.
4.85
Bastion also failed to apply a reasonable level of scrutiny as to the plausibility of
the Solo Clients being able to conduct professional trading, particularly in
relation to the level of funds that they would need to hold. An example of a client
that was onboarded by Bastion was a 401(k) pension plan where an identity
document showed that the sole beneficiary was a 18-year-old college student.
The individual was also the sole beneficiary for four other pension plans
onboarded by Bastion. Instead of making enquiries as how the beneficiary had
sufficient funds and experience to conduct trading as a per se professional client,
the purpose of such trading, or his reason for having five 401(k) Pension Plans,
Bastion simply relied upon the fact that the client had been “qualified by an FCA
firm”.
4.86
The Firm also considered that it was possible that the trades were leveraged in
some way, or that the funding may have been provided by the Solo Group. Other
than these assumptions, the Firm had no actual knowledge of the source of funds
apparently available to any of the Solo Clients and did not take any steps to
obtain this information, even after trading had commenced and the volumes
involved had become apparent.
4.87
Part of the onboarding process also includes categorising clients according to the
COBS rules, which is a requirement additional and separate to carrying out risk
assessments. Pursuant to COBS 3.3.1R, firms must notify customers of their
categorisation as a retail client, professional client or eligible counterparty.
Authorised firms must assess and categorise clients based on their level of
trading experience, risk knowledge and access to funds, in order to ensure
suitable products are offered. Proper application of the rules also ensures that
firms only act for clients within the scope of their permissions. Firms are required
to notify clients as to the categorisation made by the Firm. Pursuant to COBS
3.8.2R, firms must also keep records in relation to each client, including
sufficient information to support that categorisation.
4.88
During the Relevant Period, Bastion was authorised to deal as an agent for
professional clients and eligible counterparties, which are types of clients that
are considered to have experience, knowledge, and expertise to make their own
investment decisions. Bastion was aware that it could not accept clients unless
they were in one of these categories. There are two types of professional clients:
per se professionals and elective professionals. Each of these categories has
prescriptive criteria, as listed in the COBS rules.
4.89
Bastion’s Compliance Manual contained its policy regarding client categorisation,
however, it did not set out or explain a clear procedure that should be used, or
the types of information and evidence Bastion was required to obtain to verify
the status of its clients. Further, there was no procedure requiring Bastion to
document the categorisation given to clients in accordance with COBS 3.8.2R,
including the basis upon which the decision was made, with reference to the
appropriate information gathered and reviewed.
4.90
Instead of categorising the Solo Clients according to its policy and the COBS
rules, Bastion sought advice from its external compliance consultant about
whether it could rely upon the categorisation of the clients given by the Solo
Group, so that it would not “need to go through the classification procedure by
looking at trading experience and assets etc”.
4.91
Bastion received inaccurate advice that this was permissible and subsequently
made a request to Solo for its client categorisation letters. When Solo questioned
why the letters were needed, Bastion reiterated the advice it had received and
asked for an email confirming the client name and categorisation as an
alternative option. When it did not receive a reply, Bastion emailed Solo stating
that it would “assume that Solo is classifying all clients as per se professional
unless…advised otherwise when the aml kyc is sent over". Bastion did not
independently verify this categorisation with the clients.
4.92
Bastion was not able to recall any instances, other than in relation to the Solo
Clients, when it had sought to rely upon another firm’s categorisation in this
way. Nevertheless, after sending the above email to Solo, Bastion commenced
issuing client categorisation letters to the Solo Clients confirming their status as
per se professionals. Although the letters asked the Solo Clients to confirm they
had read and accepted the terms of the categorisation, the cover emails stated
that Bastion would assume the letters were acceptable, unless it heard
otherwise. There was no attempt by Bastion to determine if the Solo Clients
actually met the rules set out in COBS, or to comply with the assessment process
in its policy.
4.93
It is not clear from Bastion’s records on what basis it believed the Solo Clients
could be categorised as per se professionals, other than the fact that Solo was
not permissioned to trade on behalf of retail clients.
4.94
For the type of business conducted by Bastion, per se professional clients would
include authorised firms, government bodies, institutional investors or large
undertakings meeting two of: a balance sheet total of EUR 20,000,000; and/or
a net turnover of EUR 40,000,000; and/or own funds of EUR 2,000,000.
4.95
From the limited KYC material provided to Bastion, it would have been evident
that a large proportion of the Solo Clients were personal pension plans with
single beneficiaries and therefore not institutions. Bastion was also aware that
the Solo Clients were not regulated entities. Notwithstanding this, even if Bastion
had considered that the first limb of the test was met, it is noted that they did
not seek any information to enable them to assess whether the second limb was
met, such as evidence from the Solo Clients about their level of wealth, sufficient
to judge whether they met the financial thresholds.
Ongoing monitoring
4.96
Regulation 8(1) requires firms to conduct ongoing monitoring of the business
relationship with their customers. Ongoing monitoring of a business relationship
includes scrutiny of transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to ensure that the
transactions are consistent with the firm’s knowledge of the customer, his
business and risk profile.
4.97
Monitoring customer activity helps identify unusual activity. If unusual activities
cannot be rationally explained, they may involve money laundering or terrorist
financing. Monitoring customer activity and transactions that take place
throughout a relationship helps firms know their customers, assists them to
assess risk and provides greater assurance that the firm is not being used for
the purpose of financial crime.
Transaction monitoring
4.98
As part of a firm’s ongoing monitoring of a client relationship, Regulation 8
requires that firms must scrutinise transactions undertaken throughout the
course of the relationship (including, where necessary, the source of funds) to
ensure that the transactions are consistent with the relevant person’s knowledge
of the customer, his business and risk profile.
4.99
Furthermore, Regulation 14(1) states that enhanced ongoing monitoring must
be applied in situations, which can present a higher risk of money laundering or
terrorist financing.
4.100 Regulation 20 requires firms to have appropriate and risk-sensitive policies and
procedures related to ongoing monitoring. These policies must include
procedures to identify and scrutinise: 1) complex or unusually large
transactions; 2) unusual patterns of activities which have no apparent economic
of visible lawful purpose; and 3) any other activity which the relevant person
regards as likely by its nature to be related to money laundering or terrorist
financing.
4.101 Bastion’s AML Policy stated that monitoring customer activity would include
“reviewing transactions undertaken throughout the course of the customer
relationship to ensure that transactions are consistent with the customer’s
business and risk profile”. The policy also stated that the process would only be
carried out in relation to higher risk customers and so should have applied to
the Solo Clients for the reasons stated in paragraph 4.73.
4.102 The policy was deficient as it did not set out any procedures regarding how, or
the frequency with which, client activity should have been monitored, even for
higher risk clients, which created a risk that transaction monitoring would not
be conducted consistently or at all.
4.103 Bastion did not have an electronic surveillance system and so its trade
monitoring process was reliant on the management team being involved in the
trading process, who could monitor transactions “in real time”. Bastion has
informed the Authority that it monitored transactions for market abuse and for
incorrect pricing provided to clients, however the Authority has not seen any
records suggesting that the Firm checked whether the transactions were
consistent with the profile of the Solo Clients, for the purpose of identifying
money laundering risk.
4.104 Furthermore, Bastion did not compare the amount it had traded in the Danish
and Belgian stocks to the volumes conducted on exchange, as it considered that
market surveillance was not its responsibility and that other market participants
would do it within the ‘market transaction reporting arena’.
4.105 Bastion did not consult its external compliance advisers on whether its
monitoring system (which did not include any monitoring for AML purposes) was
appropriate for the volume of trades that the Firm was conducting. Furthermore,
no records were kept of information provided to the external compliance advisers
during their monthly visits to the Firm as part of the Compliance Monitoring
Programme. The external compliance advisers have also confirmed that very
little advice was given during the course of its relationship with Bastion relating
specifically to the Solo business and that it never saw any of the transactions
that took place. It was also not consulted about whether any of the transactions
could be suspicious.
4.106 It is therefore unlikely that the compliance advisers were fully apprised of the
scale of the trading executed for the Solo Clients and the associated money
laundering risks. In any event, Bastion remained responsible for ensuring
compliance with the relevant rules in the event of compliance outsourcing.
4.107 During the Relevant Period, Bastion purportedly executed high volume Cum-
Dividend trades for the Solo Clients worth approximately £49 billion in Danish
equities and £22 billion in Belgian equities, and received commission of £1.55
million, which made up 26% of Bastion’s total revenue for the Relevant Period.
4.108 Bastion started executing the purported trades on behalf of the Solo Clients on
26 February 2014. The trades were initially purportedly cleared by SCP, although
it was extended to other entities of the Solo Group from July 2014 onwards.
4.109 From 26 February 2014, orders were placed via email and the purported trades
were executed using a post-trade order matching platform that relied on the
brokers uploading trade details into spreadsheets before they were approved by
the custodians.
4.110 From 25 February 2015, the order and trading process was automated using a
system called Brokermesh. This was an electronic platform, developed by an
entity associated with the Solo Group, which generated trade orders from clients
and sourced and matched liquidity amongst the Solo Clients and brokers
including Bastion. The purported trading on the platform was conducted via an
automated process whereby once an order appeared on the system, a broker
would seek liquidity from the Solo Clients available on the system. Then, once
the liquidity was established, the order would be matched subject to trade
authorisation from the relevant custodian.
4.111 Liquidity on the Brokermesh platform was sourced from a closed network
consisting only of Solo Clients, of which Bastion onboarded 327 during the
Relevant Period. Nevertheless, Bastion has recollected that liquidity was virtually
always found, and whilst the time varied, liquidity was generally found within
one day.
4.112 Bastion considered that Brokermesh was similar to other trade settlement
platforms on the market. However, the functionality differed from other
legitimate trading platforms as trading records were wiped from Bastion’s view
the day after the trades took place, and so it was necessary for the Firm to retain
its own records.
4.113 In one instance, on 30 March 2015 Bastion was purportedly able to source
liquidity to buy shares in a Danish listed stock within six minutes for a trade that
represented over 4 times the volume of shares traded in that stock on European
exchanges on that date. In total that day, for the same stock, Bastion
purportedly executed trades approximately 97 times the number of shares
traded on all European exchanges.
A. Trade sizes
4.114 During the Relevant Period, Bastion purportedly executed Cum-Dividend Trading
to the value of approximately £49.03 billion in Danish equities and £22.48 billion
in Belgian equities on behalf of Solo Clients.
4.115 Analysis of the Cum-Dividend Trading reveals the following:
•
Between February 2014 and August 2015, Bastion purportedly executed orders
on behalf of Solo Clients in 16 listed Danish stocks over 22 cum-dividend dates.
An average of 14.98% of the outstanding shares in each stock was traded,
which were cumulatively worth a total of £49 billion. The volumes also equated
to an average of 40 times the total number of all shares traded in those stocks
on European exchanges.
•
Between February 2014 and August 2015, Bastion purportedly executed orders
on behalf of Solo Clients in 15 listed Belgian stocks over 14 cum-dividend dates.
An average of 5.81% of the outstanding shares in each stock was traded, which
were cumulatively worth a total of £22 billion. The volumes also equated to an
average of 22 times the total number of all shares traded in those stocks on
European exchanges.
4.116 The Authority considers that it is significant for market surveillance and visibility
that individual trades were below the applicable disclosable thresholds. For
example, Section 29 of the Danish Securities Trading Act required shareholders
holding over 5% of Danish-listed stock to be publicised. Similarly Belgian law
requires pursuant to Article 6 of the ‘Law of 2 May 2007 on disclosure of major
holdings in issues whose shares are admitted to trading on a regulated market
and laying down miscellaneous provisions’ requires holders of more than 5% of
the existing voting rights to notify the issuer and the Belgian Financial Services
Markets Authority of the number and proportion of voting rights that he/she
holds.
4.117 Bastion has confirmed that it was aware of the large size of the trading, but did
not consider whether the size and volume of the transactions were in line with
expectations of the Solo Clients. In this context, it believed that ‘no trade was
too big’ and that large trade sizes could not be indicative of market abuse.
Furthermore, the Firm did not consider that it was part of its role to consider
whether trades were too large for the customer type. This was notwithstanding
that the purported trades for the Solo Clients were larger that the Firm had
executed for its institutional clients.
4.118 A possible explanation suggested by Bastion for the large sizes of the purported
trades was that they were highly leveraged, however there is no evidence that
Bastion was told by the Solo Group or the Solo Clients that the trades would be
leveraged.
4.119 Bastion has stated that it would check the volumes of shares it had purportedly
traded against the number of shares outstanding in the market on a daily basis,
and was aware that they regularly exceeded 8%. However, the volumes did not
concern the firm as it considered that an unrealistic volume would be “maybe
101%”. Instead, the firm took comfort from the fact that the high volume trades
were transaction reported by a FCA regulated firm and continued over a period
of 18 months.
4.120 The issue that did concern Bastion once trading commenced was the level of
commission received, which was dependent upon the brokerage level and
volume. Bastion was not concerned with other aspects of the trading including
the impact the trades had on the market on either an individual or cumulative
basis.
4.121 Bastion took the view that because they were executing brokers, and the trades
were subject to custodian approval, the size of trades was not their risk
responsibility. Although execution-only broking may have reduced counterparty
risk, all regulated firms must consider and mitigate the risk that they could be
used to facilitate financial crime, even if client monies do not flow through the
firm.
4.122 As the Firm perceived that it bore no risk of loss, it failed to recognise more
general risks, including financial crime risk, which applies to all regulated firms.
Consequently, there is no evidence that the Firm appreciated the potential risk
that the Firm might be used to ‘further money laundering’. The Authority has
published considerable guidance on managing the risk of financial crime,
particularly in its Financial Crime Guide which was first published in December
2011 and which Bastion ought to have been aware of.
B. Trading Red Flags
4.123 Once the purported Solo Trading commenced, a number of red flags in relation
to the trading ought to have alerted Bastion to the risk that it could be used for
the purposes of financial crime and prompted it to obtain explanations from the
Solo Group or the Solo Clients on a number of matters, decline to execute
particular trades, or cease its trading relationship with the Solo Clients:
•
The Solo Clients placed extremely high value trades, yet most of them
had only been recently incorporated, were based in non-EU/EEA
countries and in a number of instances, were managed or owned by a
single shareholder and/or UBO or former employees of the Solo Group.
•
For the recently incorporated 401(k) pension plans, the value of the
purported trades far exceeded the investment amounts which could
reasonably have accrued given the annual contribution limits and limited
number of ultimate beneficial owners, which should have alerted Bastion
as to the unrealistic nature of the trades.
•
The Solo Group purported to have sourced a custom automatic trade
matching and settlement platform from an entity owned by Mr Shah.
Brokermesh was able to locate liquidity for OTC trades worth over £36.5
billion that were purportedly executed by Bastion, even though access
to the platform was limited to a closed pool of clients introduced to the
Brokers Firms by the Solo Group.
•
Bastion purportedly traded an average of 14.98% of the shares
outstanding in the market on major listed Danish stocks, in
circumstances where share ownership over 5% required publication.
This was an average of 40 times higher than were reported on European
exchanges for the same Danish stocks.
4.124 Bastion failed to identify or mitigate any red flags arising from the Solo Trading
and as a consequence of this, failed to sufficiently address the risk that it might
be used for the purposes of financial crime.
The Ganymede trades
4.125 As part of assessing how the Firm might likely be used for the purposes of money
laundering and financial crime, Bastion was required to assess the risks posed
by its clients’ trading behaviours, particularly in instances where there was no
apparent economic or lawful purpose.
4.126 Firms must have adequate policies and procedures, systems and controls which
provide for the identification and scrutiny of complex or large transactions;
unusual patterns of transactions which have no apparent economic or visible
lawful purpose; and any other activity which may be related to money
laundering.
4.127 As set out in further detail below, on 18, 19 and 30 June 2014 and 20 May 2015,
Bastion executed a series of trades in German and Belgian listed stocks on behalf
of 11 Solo Clients. Together these trades (the “Ganymede trades”) resulted in a
single client entitled Ganymede Cayman Ltd (“Ganymede”), owned by Sanjay
Shah, making a loss of EUR €22,729,508.15 million to the benefit of the
remaining 10 clients. The Ganymede trades had no apparent economic purpose
except to transfer funds from a Sanjay Shah controlled entity to his associates
and individuals connected with the Solo Group.
4.128 The Ganymede trades materially differed from the Solo Trading for the following
reasons, as they:
a) were not executed based on cum-dividend dates;
b) were executed using intraday prices, instead of end of day prices;
c) were executed on behalf of a small number of new clients to Bastion,
from high risk jurisdictions, who were ‘urgently’ onboarded at the
request of the Solo Group in the days before the transactions took place;
d) were reversed by the same clients within hours, at different prices,
meaning a substantial net loss for one client and profits for the other
parties, therefore making the economic rationale for the transactions
unclear and/or highly suggestive of money laundering.
e) trades had been carried out between clients with Bastion as the only
broker executing the buy and sell orders.
Chronology of the Ganymede Trades
4.129 On 16 June 2014, Bastion received onboarding requests from four new clients,
as set out below.
•
Client A was a private company that had been incorporated in the British
Virgin Islands on 3 June 2014. The sole director and shareholder of Client A
was a Dubai based individual who had held a senior position at SCP. The
email from SCP attaching the KYC documents stated that it was an ‘urgent
onboarding’.
•
Client B was a private company that had been incorporated in the British
Virgin Islands on 5 June 2014. The CV supplied for the director of Client B
showed that he was a current employee of SCP. The email from SCP
attaching the KYC documents stated that it was an ‘urgent onboarding’.
•
Client C was a private company incorporated in the Cayman Islands on 18
February 2013. The client’s KYC documents showed that one of the two
directors was 21 years old and had a total of four months experience
working at a financial services firm that was subsequently purchased by the
Solo Group on 6 July 2015. The email from SCP attaching the KYC
documents stated that it was an ‘urgent onboarding’.
•
Client D was a private company that had been incorporated in the Cayman
Islands on 4 October 2013. The sole director and shareholder was a Dubai
based individual. The email from SCP attaching the KYC documents stated
that it was an ‘urgent onboarding’.
4.130 On 17 June 2014, Bastion received onboarding requests from a further three
clients:
•
Client E was a private company incorporated in the Seychelles on 28 April
2014. The sole director and shareholder was an individual who held a senior
position at SCP until 2013.
•
Client F was a private company incorporated in the Seychelles on 25 March
2014. The sole director and shareholder was a Hong Kong based individual
who was a current employee of SCP.
•
Ganymede was a private company incorporated in the Cayman Islands on
16 June 2010. The sole director and shareholder was Sanjay Shah.
4.131 Bastion stated that it felt pressured by SCP to urgently onboard these clients,
particularly as it was told that one of the client entities was owned by Sanjay
Shah. On the morning of 18 June 2014, Bastion confirmed to SCP that it had
onboarded six of the entities but was yet to receive KYC documents for Client F.
SCP thanked Bastion for onboarding the entities so quickly and sent the
remaining KYC documents to the Firm at 09:16 on 18 June 2014.
4.132 Three hours later, between 12:49 and 13:29, Bastion received a series of trade
orders via email from Clients A to F requesting to buy equity shares in varying
volumes in a German listed stock (“German stock A”). All of the orders requested
an identical specific intraday purchase price of €160.1, which was around the
same as the market closing price on 17 June 2014 of €160.12, but below the
exchange price at 12:49 of €160.95. One of the orders from Client E was written
as if the trade had already been agreed, which was also suggestive of the co-
ordinated nature of the trades. It stated “[Client E] buys [German stock A],
668,521 160.1”. This was subsequently corrected by the client, who re-sent the
order in a “more cleanly written” format.
4.133 At 13:12, Bastion sought liquidity from Ganymede and stated “I have some form
on [German stock A], are you in the market today for this?” A few minutes later
another email from Bastion to Ganymede stated “I need to buy 3303496, can
you show me an offer please?”. At 13:47 Ganymede responded and stated that
it could sell 3,964,905 shares at a price of €160.10. This in fact corresponded to
the total number of shares in German stock A requested by Clients A to F and
at the requested identical specific intraday purchase price of €160.1.
4.134 At 14:23, approximately an hour after the trades had been agreed, Ganymede
indicated that it wanted to buy back the 3,964,905 shares in German stock A,
equivalent to the amount it had just sold. Bastion approached Clients A to F who
all replied agreeing to sell the shares they had just purchased. Five of the six
clients proactively offered an identical price of €160.97, which was accepted by
Ganymede. This price was €0.87 above the price Ganymede had sold the shares
for, but was below the current exchange price of €161.05. At 15:10, Bastion
confirmed to Ganymede that it had purchased all 3,964,905 German stock A
shares at a price of €160.97.
4.135 The result of the trading was that Ganymede sold 3,964,905 shares in German
stock A for consideration of €634,781,290.50 to six clients (Clients A to F). It
then re-purchased the same shares an hour later at a higher price for
consideration of €638,230,757.85, resulting in a net loss to Ganymede of
€3,449,467.35, to the benefit of Clients A to F.
The timing of the orders was as follows:
Time of
order
Seller
Quantity
Unit
Price
(€)
Consideration (€)
12:49:53
Client E
13:47
Ganymede
668,521
160.1
107,030,212.10
13:00:58
Client D
13:47
Ganymede
649,382
160.1
103,966,058.20
14:23
Ganymede
14:36
Client D
649,382
160.97
104,531,020.54
4.136 Another possible indicator of the co-ordinated nature of these Ganymede trades
was that at 16:16 Ganymede indicated to Bastion that it wanted to trade again
and would be “send[ing] something through shortly”. However, at 16:29, it was
not Ganymede but Client E that sent through an order to buy German stock A
at a specific price of €160.25. This was quickly followed by similar trade orders
from Client F and Client A, which prompted Bastion to email Ganymede at 16:44
asking if it had any German stock A to sell. At 16:55, Ganymede replied offering
to sell 11,279,140 shares (which was the exact cumulative total of the trade
orders from Clients E, F and A to whom it had sold and then repurchased the
shares from just ninety minutes earlier) at the same specific price of €160.25.
At 16:58, Bastion confirmed to Ganymede that the order had been filled.
4.137 Just two minutes later, Ganymede began the process of unwinding the trade and
buying back the shares at a higher price, as it had done earlier that day. This
time, the price Ganymede specified was €161.25, which was €1 more per share
than it had sold them for, and above the market closing price of €161. After
receiving the order from Ganymede, Bastion approached Clients A, E and F and
re-purchased the shares, resulting in a loss of €11,279,140 for Ganymede.
The timing of the orders was as follows:
Time
of
order
Trade
Price (€)
(€)
17:00
Ganymede 17:17
Client E
4,657,387
161.25
751,003,653.75
4.138 The methodology described above was again employed by Ganymede and other
Solo Clients linked to the Solo Group in a series of trades executed by Bastion
on 19 June 2014, 30 June 2014 and 20 May 2015, resulting in a total loss to
Ganymede of €22,729,508.15 across the four days.
Analysis of the Ganymede Trades
4.139 All of the Ganymede trades involved the shares purportedly being repurchased
by Ganymede the same day, within the T+2 or T+3 settlement period, and
therefore the shares did not need to be transferred. The net result of the trading
was that a total of €22,729,508.15 was owed by Ganymede to the other clients.
4.140 Bastion has confirmed that it was aware that the Ganymede trades resulted in
losses to Ganymede. However, it failed to question the rationale for the trading
as it considered that there might have been other simultaneous transactions
involving the same clients, that the Firm was not privy to. However, Bastion was
the only broker involved in these trades and in each instance arranged the buy
and sell transactions. Even if there had been other legs of the transactions that
Bastion was not aware of, Bastion ought to have recognised from the buy and
sell transactions that the losses to Ganymede resulted in direct profits for the
other counterparties. At a minimum, this should have caused the Firm to
question the clients about the rationale for the trading and consider whether the
nature of these series of transactions were suspicious.
4.141 Furthermore, if Bastion had examined the trade orders prior to trading on 18
June 2014, or for the purpose of transaction monitoring and post trade
surveillance after trading, it ought to have noticed that the requested volume of
11,279,140 shares on 18 June 2014 was 17 times the Average Daily Volume
(ADV) of German stock A shares sold on European exchanges. If Bastion had
noticed this red flag on receiving the trade order, it should have declined to
execute the trade, or at a minimum queried the volumes with the clients.
4.142 Instead, Bastion failed to identify and/or flag any queries in relation to the
unusual features of the Ganymede trades, either internally, or with the clients,
or the Solo Group, including:
a) why the clients had to be urgently onboarded;
b) why the majority of the clients’ directors/UBOs were connected to the Solo
Group;
c) why the shares were purchased and sold at intraday prices, instead of the
usual end of day price;
d) why the trades were unwound on the same day;
e) why the orders from clients A, B, D, E and F specified identical prices;
f) why the specified price was below the current intraday market price;
g) why the volume of shares transacted was 17 times the ADV of German Stock
A shares sold on European exchanges;
h) why Ganymede would want to buy back the shares it had sold a short while
earlier at a higher price, resulting in a loss for it on each occasion; and
i) why the Ganymede trades on 20 May 2015 took place by email, even though
all other Solo Trading took place on Brokermesh at that time;
4.143 At a minimum, these red flags should have prompted Bastion to question the
clients about the purpose of the trading, however Bastion did not query the
Ganymede trades with Ganymede or flag the potential loss to the client before
or after execution.
4.144 Bastion ought to have queried how these clients would have been able to source
such sizeable liquidity in such short order, whether this liquidity was in line with
the trading levels which could be expected from these clients, given the
information previously obtained through CDD.
4.145 Bastion has stated that it did not have any suspicions about the Ganymede
trades as it trusted Sanjay Shah’s reputation. This raises serious concerns about
the firm’s risk appetite and the extent and effectiveness of its transaction
monitoring.
End of the Purported Solo Trading
4.146 Bastion executed its last trade for a Solo Client on 29 September 2015. The Solo
Clients ceased the purported trading with all the six Broker Firms after
unannounced visits by the Authority to the offices of the Solo Group entities and
the Broker Firms between 2 – 4 November 2015.
Bastion failed to Identify Any of the Above Issues
4.147 Bastion failed to identify any of the above issues. With respect to AML, in both
2014 and 2015, Bastion did not identify any transactions raising any suspicions
and no breaches were reported or observed.
5. FAILINGS
5.1
The statutory and regulatory provisions relevant to this Notice are referred to in
Annex B.
5.2
The JMLSG Guidance has also been included in Annex B, because in determining
whether breaches of its rules on systems and controls against money laundering
have occurred, and in determining whether to take action for a financial penalty or
censure in respect of a breach of those rules, the Authority has also had regard to
whether Bastion followed the JMLSG Guidance.
5.3
Principle 3 requires a firm to take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems.
5.4
Bastion breached this requirement during the Relevant Period, in relation to
business related to the Solo Group, as its policies and procedures were inadequate
for identifying, assessing and mitigating the risk of financial crime as they failed to:
5.4.1 Establish the requirement for risk assessments to be documented, as well as
to document the rationale for any due diligence measures the firm waived
when compared to its standard approach, in view of its risk assessment of a
particular customer;
5.4.2 Set out adequate processes and procedures for EDD;
5.4.3 Set out adequate processes and procedures for client categorisation;
5.4.4 Set out adequate processes and procedures for transaction monitoring,
including how transactions are monitored, and with what frequency, and set
out adequate processes and procedures for how to identify suspicious
transactions.
5.5
The Authority considers that Bastion failed to act with due skill, care and diligence
as required by Principle 2 to properly assess, monitor and manage the risk of
financial crime associated with the business related to the Solo Group in that the
a) Failed to properly conduct customer due diligence prior to onboarding,
and consequently failed to identify that the Solo Clients presented a
higher risk of financial crime before they started trading;
b) Failed to gather adequate information to enable it to understand the
purpose and intended nature of the business that the Solo Clients were
going to undertake, the likely size or frequency of the purported trading
intended by the Solo Clients or their source of funds;
c) Failed to undertake and document a risk assessment for each of the Solo
Clients prior to onboarding and trading for the Solo Clients;
d) Failed to complete EDD for any of the Solo Clients despite the fact that
none of the Solo Clients were physically present for identification
purposes and a number of other risk factors were present;
e) Failed to assess each of the Solo Clients against the categorisation
criteria set out in COBS 3.5.2R and failed to record the results of such
assessments,
including
sufficient
information
to
support
the
categorisation, contrary to COBS 3.8.2(2)(a);
f) Failed to conduct transaction monitoring of the Solo Clients’ purported
trades;
g) Failed to recognise numerous red flags with the purported trading,
including failing to consider whether it was plausible and/or realistic that
sufficient liquidity was sourced within a closed network of entities for the
size and volumes of trading conducted by the Solo Clients. Likewise,
failing to consider or recognise that the profiles of the Solo Clients meant
that they were highly unlikely to meet the scale and volume of the
trading purportedly being carried out, and/or failed to at least obtain
sufficient evidence of the clients’ source of funds to satisfy itself to the
contrary; and
h) Failed to recognise numerous red flags arising from the purported
Ganymede trades and adequately consider financial crime and money
laundering risks they posed to the Firm.
6. SANCTION
6.1
The Authority has considered the disciplinary and other options available to it and
has concluded that a financial penalty is the appropriate sanction in the
circumstances of this particular case.
6.2
The Authority’s policy on the imposition of financial penalties is set out in Chapter
6 of DEPP. In determining the proposed financial penalty, the Authority has had
regard to this guidance.
6.3
DEPP 6.5A sets out a five-step framework to determine the appropriate level of
financial penalty.
Step 1: disgorgement
6.4
Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the
financial benefit derived directly from the breach where it is practicable to quantify.
6.5
The financial benefit associated with Bastion’s failings is quantifiable by reference
to the revenue it derived from the business related to the Solo Group as described
in the Notice.
6.6
The figure after Step 1 is therefore £1,554,855.40.
Step 2: the seriousness of the breach
6.7
Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that reflects
the seriousness of the breach. Where the amount of revenue generated by a firm
from a particular product line or business area is indicative of the harm or potential
harm that its breach may cause, that figure will be based on a percentage of the
firm’s revenue from the relevant products or business area.
6.8
The Authority considers that the revenue generated by Bastion is indicative of the
harm or potential harm caused by its breach. The Authority has therefore
determined a figure based on a percentage of Bastion’s revenue during the period
of the breach.
6.9
Bastion’s revenue is the revenue derived from business associated with the Solo
Group. The period of Bastion’s breach was between 29 January 2014 and 29
September 2015. The Authority considers Bastion’s revenue for this period to be
£1,554,855.40.
6.10
In deciding on the percentage of the revenue that forms the basis of the step 2
figure, the Authority considers the seriousness of the breach and chooses a
percentage between 0% and 20%. This range is divided into five fixed levels which
represent, on a sliding scale, the seriousness of the breach; the more serious the
breach, the higher the level. For penalties imposed on firms there are the following
five levels:
Level 1 – 0%
Level 2 – 5%
Level 3 – 10%
Level 5 – 20%
6.11
In assessing the seriousness level, Authority takes into account various factors
which reflect the impact and nature of the breach, and whether it was committed
deliberately or recklessly. DEPP 6.5A.2G lists factors likely to be considered ‘level
4 or 5 factors’. Of these, the Authority considers the following factors to be
relevant:
1. The breaches revealed serious or systemic weaknesses in both the Firm’s
procedures and the management systems or internal controls relating to all or
part of the Firm’s business; and
2. The breaches created a significant risk that financial crime would be facilitated,
occasioned or otherwise occur.
6.12
Taking all of these factors into account, Authority considers the seriousness of the
breach to be level 4 and so the Step 2 figure is 15% of £1,554,855.40.
6.13
Step 2 is therefore £233,228.31.
Step 3: Mitigating and aggravating factors
6.14
Pursuant to DEPP 6.5A.3G, at Step 3, the Authority may increase or decrease the
amount of the financial penalty arrived at after Step 2, but not including any
amount to be disgorged as set out in Step 1, to take into account factors which
aggravate or mitigate the breach.
6.15
The Authority considers that the following factors aggravates the breach:
(1) The Authority and the JMLSG have published numerous documents highlighting
financial crime risks and the standards expected of firms when dealing with
those risks. The most significant publications include the JMLSG Guidance and
Financial Crime Guide (including the thematic reviews that are referred to
therein) which was first published in December 2011. These publications set out
good practice examples to assist firms, for example in managing and mitigating
money laundering risk by (amongst other things) conducting appropriate
customer due diligence, monitoring of customers’ activity and guidance of
dealing with higher-risk situations. Given the number and detailed nature of
such publications, and past enforcement action taken by the Authority in respect
of similar failings by other firms, Bastion should have been aware of the
importance of appropriately assessing, managing and monitoring the risk that
the Firm could be used for the purposes of financial crime.
6.16
Having taken into account these aggravating and mitigating factors, the Authority
considers that the Step 2 figure should be increased by 10%.
6.17
Step 3 is therefore £256,551.14.
Step 4: adjustment for deterrence
6.18
Pursuant to DEPP 6.5A.4G, if the Authority considers that the figure arrived at after
Step 3 is insufficient to deter the firm who committed the breach, or others, from
committing further of similar breaches, then the Authority may increase the
penalty.
6.19
The Authority considers that DEPP 6.5A.4G(1)(a) is relevant in this instance and
has therefore determined that this is an appropriate case where an adjustment for
deterrence is necessary. Without an adjustment for deterrence, the financial
penalty would be £256,551.14. In the circumstances of this case, the Authority
considers that a penalty of this size would not serve as a credible deterrent to
Bastion and others. This small penalty does not meet the Authority’s objective of
credible deterrence. As a result, it is necessary for the Authority to increase the
penalty to achieve credible deterrence.
6.20
Having taken into account the factor outlined in DEPP 6.5A.4G, the Authority
considers that a multiplier of five should be applied at Step 4.
6.21
Step 4 is therefore £1,282,755.71.
Step 5: settlement discount
6.22
Pursuant to DEPP 6.5A.5G, if the Authority and the firm on whom a penalty is to
be imposed agree the amount of the financial penalty and other terms, DEPP 6.7
provides that the amount of the financial penalty which might otherwise have been
payable will be reduced to reflect the stage at which the Authority and the firm
reached agreement. The settlement discount does not apply to the disgorgement
of any benefit calculated at Step 1.
6.23
The Authority and Bastion did reach agreement to settle so a 30% discount applies
to the Step 4 figure.
6.24
The total financial penalty (that would have been imposed) is therefore
£2,452,700.
7. PROCEDURAL MATTERS
7.1
This Notice is given to Bastion under and in accordance with section 390 of the Act.
7.2
The following statutory rights are important.
Decision maker
7.3
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
Manner and time for payment
7.4
The financial penalty must be admitted in the liquidation of the Firm by no later
than 14 days from the date of the Final Notice. The financial penalty will be ranked
with other creditors of the Firm but the Authority will keep it under review in order
that legitimate creditors are satisfied prior to any funds realised in the liquidation
being used to pay some, or all, of the financial penalty.
7.5
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this notice relates. Under those provisions,
the Authority must publish such information about the matter to which this notice
relates as the Authority considers appropriate. The information may be published
in such manner as the Authority considers appropriate. However, the Authority may
not publish information if such publication would, in the opinion of the Authority,
be unfair to you or prejudicial to the interests of consumers or detrimental to the
stability of the UK financial system.
7.6
The Authority intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
Authority contacts
7.7
For more information concerning this matter generally, contact Giles Harry (direct
line: 020 7066 8072) at the Authority.
Financial Conduct Authority, Enforcement and Market Oversight Division
ANNEX A: CHRONOLOGY
2004
Bastion was incorporated and authorised by the Authority.
January 2014
Initial discussions took place with SCP.
19 February 2014
Bastion signed a custody agreement with SCP.
29 January-April 2014 Initial onboarding of Solo Clients.
26 February 2014
Trading commenced in Danish stocks.
17 April 2014
Trading commenced in Belgian stocks.
16/17 June 2014
“Urgent” onboarding of 7 new clients.
18/19/30 June 2014
Trades in German and Belgian stocks via the 7 recently onboarded
clients, resulting in total losses to Ganymede Cayman of €18.52 million.
27 January 2015
Further services agreement with Solo Group signed by Bastion.
28 January 2015
Services Agreements and Transaction Reporting Notices signed with
West Point and Telesto.
3 February 2015
Services Agreement signed with OPL.
18 February 2015
Brokermesh licence agreement signed.
25 February 2015
Trading on Brokermesh commenced.
20 May 2015
Further trade in German stock resulting in a loss of €1.86m for
Ganymede Cayman.
1 June 2015
Last cum-dividend trade in Belgian stock by Bastion on Brokermesh.
6 August 2015
Last batch of Solo Clients onboarded by Bastion.
7 August 2015
Last cum-dividend trade in Danish stock by Bastion on Brokermesh
29 September 2015
Last instance of Unwind Trading by Bastion for Solo Clients.
3 November 2015
Unannounced visit by the Authority.
ANNEX B: RELEVANT STATUTORY AND REGULATORY PROVISIONS
RELEVANT STATUTORY PROVISIONS
1.1
Pursuant to sections 1B and 1D of the Act, one of the Authority’s operational
objectives is protecting and enhancing the integrity of the UK financial system.
1.2
Pursuant to section 206 of the Act, if the Authority considers that an authorised
person has contravened a requirement imposed on it by or under the Act, it may
impose on that person a penalty in respect of the contravention of such amount as
it considers appropriate.
THE 2007 REGULATIONS
1.3
Regulation 5 provides:
Meaning of customer due diligence measures
“Customer due diligence measures” means—
(a) identifying the customer and verifying the customer’s identity on the basis of
documents, data or information obtained from a reliable and independent
source;
(b) identifying, where there is a beneficial owner who is not the customer, the
beneficial owner and taking adequate measures, on a risk-sensitive basis, to
verify his identity so that the relevant person is satisfied that he knows who the
beneficial owner is, including, in the case of a legal person, trust or similar legal
arrangement, measures to understand the ownership and control structure of
the person, trust or arrangement; and
(c) obtaining information on the purpose and intended nature of the business
relationship.”
1.4
Regulation 6 provides:
Meaning of beneficial owner
In the case of a body corporate, “beneficial owner” means any individual who—
(a) as respects any body other than a company whose securities are listed on a
regulated market, ultimately owns or controls (whether through direct or
indirect ownership or control, including through bearer share holdings) more
than 25% of the shares or voting rights in the body; or
(b) as respects any body corporate, otherwise exercises control over the
management of the body.
In the case of a trust, “beneficial owner” means—
(a) any individual who is entitled to a specified interest in at least 25% of the capital
of the trust property;
(b) as respects any trust other than one which is set up or operates entirely for the
benefit of individuals falling within sub-paragraph (a), the class of persons in
whose main interest the trust is set up or operates;
(c) any individual who has control over the trust.
1.5
Regulation 7 provides:
Application of customer due diligence measures
(1) …, a relevant person must apply customer due diligence measures when he—
(a) establishes a business relationship;
(b) carries out an occasional transaction;
(c) suspects money laundering or terrorist financing;
(d) doubts the veracity or adequacy of documents, data or information
previously obtained for the purposes of identification or verification.
(2) Subject to regulation 16(4), a relevant person must also apply customer due
diligence measures at other appropriate times to existing customers on a risk-
sensitive basis.
1.6
Regulation 8 provides:
Ongoing monitoring
“(1) A relevant person must conduct ongoing monitoring of a business relationship.
(2) “Ongoing monitoring” of a business relationship means—
(a) scrutiny of transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to ensure
that the transactions are consistent with the relevant person’s
knowledge of the customer, his business and risk profile; and
(b) keeping the documents, data or information obtained for the purpose of
applying customer due diligence measures up-to-date.
(3) Regulation 7(3) applies to the duty to conduct ongoing monitoring under
paragraph (1) as it applies to customer due diligence measures. “
1.7
Regulation 14 provides:
Enhanced customer due diligence and ongoing monitoring
“(1) A relevant person must apply on a risk-sensitive basis enhanced customer due
diligence measures and enhanced ongoing monitoring—
(a) in accordance with paragraphs (2) to (4);
(b) in any other situation which by its nature can present a higher risk of
money laundering or terrorist financing.
(2) Where the customer has not been physically present for identification purposes,
a relevant person must take specific and adequate measures to compensate for the
higher risk, for example, by applying one or more of the following measures—
(a) ensuring that the customer’s identity is established by additional
documents, data or information;
(b) supplementary measures to verify or certify the documents supplied, or
requiring confirmatory certification by a credit or financial institution
which is subject to the money laundering directive;
(c) ensuring that the first payment is carried out through an account opened
in the customer’s name with a credit institution.”
1.8
Regulation 17 provides:
“(1) A relevant person may rely on a person who falls within paragraph (2) (or who
the relevant person has reasonable grounds to believe falls within paragraph (2))
to apply any customer due diligence measures provided that—
(a) the other person consents to being relied on; and
(b) notwithstanding the relevant person’s reliance on the other person, the
relevant person remains liable for any failure to apply such measures.
(2) The persons are—
(a) a credit or financial institution which is an authorised person;
…
(4) Nothing in this regulation prevents a relevant person applying customer due
diligence measures by means of an outsourcing service provider or agent provided
that the relevant person remains liable for any failure to apply such measures.”
1.9
Regulation 20 provides:
Policies and Procedures
“(1) A relevant person must establish and maintain appropriate and risk-sensitive
policies and procedures relating to—
(a) customer due diligence measures and ongoing monitoring;
(b) reporting;
(c) record-keeping;
(d) internal control;
(e) risk assessment and management;
(f) the monitoring and management of compliance with, and the internal
communication of, such policies and procedures,
in order to prevent activities related to money laundering and terrorist financing.
(2) The policies and procedures referred to in paragraph (1) include policies and
procedures—
(a) which provide for the identification and scrutiny of—
(i) complex or unusually large transactions;
(ii) unusual patterns of transactions which have no apparent economic
or visible lawful purpose; and
(iii) any other activity which the relevant person regards as particularly
likely by its nature to be related to money laundering or terrorist
financing;”
RELEVANT REGULATORY PROVISIONS
2.1
In exercising its powers to impose a financial penalty, the Authority has had regard
to the relevant regulatory provisions published in the Authority’s Handbook. The
main provisions that the Authority considers relevant are set out below.
Principles for Business (“Principles”)
2.2
The Principles are a general statement of the fundamental obligations of firms
under the regulatory system and are set out in the Authority’s Handbook.
2.3
Principle 2 provides:
“A firm must conduct its business with due skill, care and diligence.
“A firm must take reasonable care to organise and control its affairs responsibly
and effectively, with adequate risk management systems.”
SENIOR
MANAGEMENT
ARRANGEMENTS,
SYSTEMS
AND
CONTROLS
(“SYSC”)
2.5
SYSC 3.2.4G provides:
“The guidance relevant to delegation within the firm is also relevant to external
delegation (‘outsourcing’). A firm cannot contract out its regulatory obligations. So,
for example, under Principle 3 a firm should take reasonable care to supervise the
discharge of outsourced functions by its contractor.
A firm should take steps to obtain sufficient information from its contractor to
enable it to assess the impact of outsourcing on its systems and controls.”
2.6
SYSC 3.2.6E provides:
“The FCA, when considering whether a breach of its rules on systems and controls
against money laundering has occurred, will have regard to whether a firm has
followed relevant provisions in the guidance for the UK financial sector issued by
the Joint Money Laundering Steering Group”.
2.7
SYSC 3.2.6R provides:
“A firm must take reasonable care to establish and maintain effective systems and
controls for compliance with applicable requirements and standards under the
regulatory system and for countering the risk that the firm might be used to further
financial crime.”
2.8
SYSC 6.1.1R provides:
“A firm must establish, implement and maintain adequate policies and procedures
sufficient to ensure compliance of the firm including its managers, employees and
appointed representatives (or where applicable, tied agents) with its obligations
under the regulatory system and for countering the risk that the firm might be used
to further financial crime.”
2.9
SYSC 6.3.1R provides:
A firm must ensure the policies and procedures established under SYSC 6.1.1 R
include systems and controls that:
(1) enable it to identify, assess, monitor and manage money laundering risk; and
(2) are comprehensive and proportionate to the nature, scale and complexity of its
activities.
2.10
SYSC 6.3.2G provides:
"Money laundering risk" is the risk that a firm may be used to further money
laundering. Failure by a firm to manage this risk effectively will increase the risk to
society of crime and terrorism.
2.11
SYSC 6.3.6 provides:
“In identifying its money laundering risk and in establishing the nature of these
systems and controls, a firm should consider a range of factors, including:
(1) its customer, product and activity profiles;
(2) its distribution channels;
(3) the complexity and volume of its transactions;
(4) its processes and systems; and
(5) its operating environment”.
2.12
SYSC 6.3.7 provides:
“A firm should ensure that the systems and controls include:
(3) appropriate documentation of its risk management policies and risk profile in
relation to money laundering, including documentation of its application of those
policies;
(4) appropriate measures to ensure that money laundering risk is taken into
account in its day-to-day operation, including in relation to:
(a) the development of new products;
(b) the taking-on of new customers; and
(c) changes in its business profile”.
2.13
SYSC 9.1.1 R provides:
“A firm must arrange for orderly records to be kept of its business and internal
organisation, including all services and transactions undertaken by it, which must
be sufficient to enable the appropriate regulator or any other relevant competent
authority under MiFID or the UCITS Directive to monitor the firm's compliance with
the requirements under the regulatory system, and in particular to ascertain that
the firm has complied with all obligations with respect to clients.”
CONDUCT OF BUSINESS SOURCEBOOK (COBS)
2.14
COBS 3.3.1A(EU) provides:
“Articles 45(1) and (2) of the MiFID Org Regulation require firms to provide clients
with specified information concerning client categorisation.
45(1) Investment firms shall notify new clients, and existing clients that the
investment firm has newly categorised as required by Directive 2014/65/EU, of
their categorisation as a retail client, a professional client or eligible counterparty
in accordance with that Directive.
(2) Investment firms shall inform clients in a durable medium about any right that
client has to request a different categorisation and about any limitations to the level
of client protection that a different categorisation would entail.
[Note: articles 45(1) and (2) of the MiFID Org Regulation]”
2.15
COBS 3.3.1B(R) provides:
“The information referred to in article 45(2) of the MiFID Org Regulation (as
reproduced at COBS 3.3.1AEU) must be provided to clients prior to any provision
of services.
[Note: paragraph 2 of section I of annex II to MiFID]”
2.16
COBS 3.5.2 provides:
“Each of the following is a per se professional client unless and to the extent it is
an eligible counterparty or is given a different categorisation under this chapter:
(1) an entity required to be authorised or regulated to operate in the financial
markets. The following list includes all authorised entities carrying out the
characteristic activities of the entities mentioned, whether authorised by an EEA
State or a third country and whether or not authorised by reference to a directive:
(a) a credit institution;
(b) an investment firm;
(c) any other authorised or regulated financial institution;
(d) an insurance company;
(e) a collective investment scheme or the management company of such a
scheme;
(f) a pension fund or the management company of a pension fund;
(g) a commodity or commodity derivatives dealer;
(h) a local;
(i) any other institutional investor;
(2) in relation to MiFID or equivalent third country business a large undertaking
meeting two of the following size requirements on a company basis:
(a) balance sheet total of EUR 20,000,000;
(b) net turnover of EUR 40,000,000;
(c) own funds of EUR 2,000,000;
(3) in relation to business that is not MiFID or equivalent third country business a
large undertaking meeting any1of the following conditions:
(a) a body corporate (including a limited liability partnership) which has (or
any of whose holding companies or subsidiaries has) (or has had at any
time during the previous two years) 1called up share capital or net
assets 1of at least £51 million (or its equivalent in any other currency at
the relevant time);
(b) an undertaking that meets (or any of whose holding companies or
subsidiaries meets) two of the following tests:
(i)
a balance sheet total of EUR 12,500,000;
(ii)
a net turnover of EUR 25,000,000;
(iii)
an average number of employees during the year of 250;
(c) a partnership or unincorporated association which has (or has had at
any time during the previous two years) net assets of at least £5 million
(or its equivalent in any other currency at the relevant time) and
calculated in the case of a limited partnership without deducting loans
owing to any of the partners;
(d) a trustee of a trust (other than an occupational pension scheme, SSAS,
personal pension scheme or stakeholder pension scheme) which has (or
has had at any time during the previous two years) assets of at least
£10 million (or its equivalent in any other currency at the relevant time)
calculated by aggregating the value of the cash and designated
investments forming part of the trust's assets, but before deducting its
liabilities;
(e) a trustee of an occupational pension scheme or SSAS, or a trustee or
operator of a personal pension scheme or stakeholder pension scheme
where the scheme has (or has had at any time during the previous two
years):
(i) at least 50 members; and
(ii) assets under management of at least £10 million (or its
equivalent in any other currency at the relevant time);
(f) a local authority or public authority.
(4) a national or regional government, a public body that manages public debt, a
central bank, an international or supranational institution (such as the World Bank,
the IMF, the ECP, the EIB) or another similar international organisation;
(5) another institutional investor whose main activity is to invest in financial
instruments (in relation to the firm's MiFID or equivalent third country business) or
designated investments (in relation to the firm's other business). This includes
entities dedicated to the securitisation of assets or other financing transactions.”
2.17
COBS 3.5.3 provides:
Elective professional clients
A firm may treat a client other than a local public authority or municipality3 as an
elective professional client if it complies with (1) and (3) and, where applicable,
(2):
(1) the firm undertakes an adequate assessment of the expertise, experience and
knowledge of the client that gives reasonable assurance, in light of the nature of
the transactions or services envisaged, that the client is capable of making his own
investment decisions and understanding the risks involved (the "qualitative test");
(2) in relation to MiFID or equivalent third country business in the course of that
assessment, at least two of the following criteria are satisfied:
(a) the client has carried out transactions, in significant size, on the relevant
market at an average frequency of 10 per quarter over the previous four
quarters;
(b) the size of the client's financial instrument portfolio, defined as including
cash deposits and financial instruments, exceeds EUR 500,000;
(c) the client works or has worked in the financial sector for at least one
year in a professional position, which requires knowledge of the transactions
or services envisaged; (the "quantitative test"); and
(3) the following procedure is followed:
(a) the client must state in writing to the firm that it wishes to be treated
as a professional client either generally or in respect of a particular service
or transaction or type of transaction or product;
(b) the firm must give the client a clear written warning of the protections
and investor compensation rights the client may lose; and
(c) the client must state in writing, in a separate document from the
contract, that it is aware of the consequences of losing such protections.
2.18
COBS 3.8.2R provides:
(2) A firm must make a record in relation to each client of:
(a) the categorisation established for the client under this chapter, including
sufficient information to support that categorisation;
DECISION PROCEDURE AND PENALTIES MANUAL (“DEPP”)
2.19
Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the
Authority’s statement of policy with respect to the imposition and amount of
financial penalties under the Act. In particular, DEPP 6.5A sets out the five steps
for penalties imposed on firms.
ENFORCEMENT GUIDE
2.20
The Enforcement Guide sets out the Authority’s approach to taking disciplinary
action. The Authority’s approach to financial penalties and suspensions (including
restrictions) is set out in Chapter 7 of the Enforcement Guide.
JMLSG GUIDANCE– PART I (published 20 November 2013)
Outsourcing
3.16
Where AML/CTF tasks are delegated by a firm’s MLRO, the FCA will expect
the MLRO to take ultimate managerial responsibility.
Risk-based approach
4.14
A risk-based approach starts with the identification and assessment of the
risk that has to be managed. Examples of the risks in particular industry
sectors are set out in the sectoral guidance in Part II, and at
www.jmlsg.org.uk.
4.8
A risk-based approach takes a number of discrete steps in assessing the
most cost effective and proportionate way to manage and mitigate the
money laundering and terrorist financing risks faced by the firm. These
steps are to:
•
identify the money laundering and terrorist financing risks that are
relevant to the firm;
•
assess the risks presented by the firm’s particular
o
customers and any underlying beneficial owners*;
o
products;
o
delivery channels;
o
geographical areas of operation;
•
design and implement controls to manage and mitigate these
assessed risks, in the context of the firm’s risk appetite;
•
monitor and improve the effective operation of these controls; and
•
record appropriately what has been done, and why.
* In this Chapter, references to ‘customer’ should be taken to include
beneficial owner, where appropriate.
4.9
Whatever approach is considered most appropriate to the firm’s money
laundering/terrorist financing risk, the broad objective is that the firm
should know at the outset of the relationship who their customers are, what
they do, their expected level of activity with the firm and whether or not
they are likely to be engaged in criminal activity. The firm then should
consider how the profile of the customer’s financial behaviour builds up over
time, thus allowing the firm to identify transactions or activity that may be
suspicious.
4.12
A risk assessment will often result in a stylised categorisation of risk: e.g.,
high/medium/low. Criteria will be attached to each category to assist in
allocating customers and products to risk categories, in order to determine
the different treatments of identification, verification, additional customer
information and monitoring for each category, in a way that minimises
complexity.
4.15
While a risk assessment should always be performed at the inception of the
customer relationship (although see paragraph 4.16 below), for some
customers a comprehensive risk profile may only become evident once the
customer has begun transacting through an account, making the monitoring
of transactions and on-going reviews a fundamental component of a
reasonably designed RBA. A firm may also have to adjust its risk assessment
of a particular customer based on information received from a competent
authority.
4.34
Based on the risk assessment carried out, a firm will determine the level of
CDD that should be applied in respect of each customer and beneficial
owner. It is likely that there will be a standard level of CDD that will apply
to the generality of customer, based on the firm’s risk appetite.
4.39
Where a customer is assessed as carrying a higher risk, then depending on
the product sought, it will be necessary to seek additional information in
respect of the customer, to be better able to judge whether or not the higher
risk that the customer is perceived to present is likely to materialise. Such
additional information may include an understanding of where the
customer’s funds and wealth have come from. Guidance on the types of
additional information that may be sought is set out in section 5.5.
4.40
Where the risks of ML/TF are higher, firms must conduct enhanced due
diligence measures consistent with the risks identified. In particular, they
should increase the degree and nature of monitoring of the business
relationship, in order to determine whether these transactions or activities
appear unusual or suspicious. Examples of EDD measures that could be
applied for higher risk business relationships include:
•
Obtaining, and where appropriate verifying, additional information
on the customer and updating more regularly the identification of the
customer and any beneficial owner
•
Obtaining additional information on the intended nature of the
business relationship
•
Obtaining information on the source of funds or source of wealth of
the customer
•
Obtaining information on the reasons for intended or performed
transactions
•
Obtaining the approval of senior management to commence or
continue the business relationship
•
Conducting enhanced monitoring of the business relationship, by
increasing the number and timing of controls applied, and selecting
patterns of transactions that need further examination
•
Requiring the first payment to be carried out through an account in
the customer’s name with a bank subject to similar CDD standards.
4.50
Firms must document their risk assessments in order to be able to
demonstrate their basis, keep these assessments up to date, and have
appropriate mechanisms to provide appropriate risk assessment information
to competent authorities.
4.52
In addition, on a case-by-case basis, firms should document the rationale
for any additional due diligence measures it has undertaken (or any it has
waived) compared to its standard approach, in view of its risk assessment
of a particular customer.
Customer due diligence
5.1.5
The CDD measures that must be carried out involve: (a) identifying the
customer, and verifying his identity (see paragraphs 5.3.2ff); (b) identifying
the beneficial owner, where relevant, and verifying his identity (see
paragraphs 5.3.8ff); and (c) obtaining information on the purpose and
intended nature of the business relationship (see paragraphs 5.3.20ff).
5.2.6
Where a firm is unable to apply CDD measures in relation to a customer,
the firm (a) must not carry out a transaction with or for the customer
through a bank account; (b) must not establish a business relationship or
carry out an occasional transaction with the customer; (c) must terminate
any existing business relationship with the customer; (d) must consider
whether it ought to be making a report to the NCA, in accordance with its
obligations under POCA and the Terrorism Act.
5.3.21
A firm must understand the purpose and intended nature of the business
relationship or transaction to assess whether the proposed business
relationship is in line with the firm’s expectation and to provide the firm with
a meaningful basis for ongoing monitoring. In some instances this will be
self-evident, but in many cases the firm may have to obtain information in
this regard.
5.3.261
For situations presenting a lower money laundering or terrorist financing
risk, the standard evidence will be sufficient. However, less transparent and
more complex structures, with numerous layers, may pose a higher money
laundering or terrorist financing risk. Also, some trusts established in
jurisdictions with favourable tax regimes have in the past been associated
with tax evasion and money laundering. In respect of trusts in the latter
category, the firm’s risk assessment may lead it to require additional
information on the purpose, funding and beneficiaries of the trust.
Enhanced due diligence
5.5.1
A firm must apply EDD measures on a risk-sensitive basis in any situation
which by its nature can present a higher risk of money laundering or terrorist
financing. As part of this, a firm may conclude, under its risk-based
approach, that the information it has collected as part of the customer due
diligence process (see section 5.3) is insufficient in relation to the money
laundering or terrorist financing risk, and that it must obtain additional
information about a particular customer, the customer’s beneficial owner,
where applicable, and the purpose and intended nature of the business
relationship.
5.5.2
As a part of a risk-based approach, therefore, firms should hold sufficient
information about the circumstances and business of their customers and,
where applicable, their customers’ beneficial owners, for two principal
reasons: to inform its risk assessment process, and thus manage its money
laundering/terrorist financing risks effectively; and to provide a basis for
monitoring customer activity and transactions, thus increasing the likelihood
that they will detect the use of their products and services for money
laundering and terrorist financing.
5.5.4
In practice, under a risk-based approach, it will not be appropriate for every
product or service provider to know their customers equally well, regardless
of the purpose, use, value, etc., of the product or service provided. Firms’
information
demands
need
to
be
proportionate,
appropriate
and
discriminating, and to be able to be justified to customers.
5.5.5.
A firm should hold a fuller set of information in respect of those business
relationships it assessed as carrying a higher money laundering or terrorist
financing risk, or where the customer is seeking a product or service that
carries a higher risk of being used for money laundering or terrorist
financing purposes.
5.5.6
When someone becomes a new customer, or applies for a new product or
service, or where there are indications that the risk associated with an
existing business relationship might have increased, the firm should,
depending on the nature of the product or service for which they are
applying, request information as to the customer’s residential status,
employment and salary details, and other sources of income or wealth (e.g.,
inheritance, divorce settlement, property sale), in order to decide whether
to accept the application or continue with the relationship. The firm should
consider whether, in some circumstances, evidence of source of wealth or
income should be required (for example, if from an inheritance, see a copy
of the will). The firm should also consider whether or not there is a need to
enhance its activity monitoring in respect of the relationship. A firm should
have a clear policy regarding the escalation of decisions to senior
management concerning the acceptance or continuation of high-risk
business relationships.
5.5.9
The ML Regulations prescribe three specific types of relationship in respect
of which EDD measures must be applied. These are:
•
where the customer has not been physically present for identification
purposes (see paragraphs 5.5.10ff);
•
in respect of a correspondent banking relationship (see Part II, sector
16: Correspondent banking);
•
in respect of a business relationship or occasional transaction with a
PEP (see paragraphs 5.5.18ff).
Reliance on third parties
5.6.4
The ML Regulations expressly permit a firm to rely on another person to
apply any or all of the CDD measures, provided that the other person is
listed in Regulation 17(2), and that consent to being relied on has been
given (see paragraph 5.6.8). The relying firm, however, retains
responsibility for any failure to comply with a requirement of the
Regulations, as this responsibility cannot be delegated.
5.6.14
Whether a firm wishes to place reliance on a third party will be part of the
firm’s risk-based assessment, which, in addition to confirming the third
party’s regulated status, may include consideration of matters such as:
•
its public disciplinary record, to the extent that this is available;
•
the nature of the customer, the product/service sought and the
•
sums involved;
•
any adverse experience of the other firm’s general efficiency in
business dealings;
•
any other knowledge, whether obtained at the outset of the
relationship or subsequently, that the firm has regarding the
standing of the firm to be relied upon.
5.6.16
In practice, the firm relying on the confirmation of a third party needs to
know:
•
the identity of the customer or beneficial owner whose identity is
being verified;
•
the level of CDD that has been carried out; and
•
confirmation of the third party’s understanding of his obligation to
make available, on request, copies of the verification data,
documents or other information.
In order to standardise the process of firms confirming to one another that
appropriate CDD measures have been carried out on customers, guidance
is given in paragraphs 5.6.30 to 5.6.33 below on the use of pro-forma
confirmations containing the above information.
5.6.24
A firm must also document the steps taken to confirm that the firm relied
upon satisfies the requirements in Regulation 17(2). This is particularly
important where the firm relied upon is situated outside the EEA.
5.6.25
Part of the firm’s AML/CTF policy statement should address the
circumstances where reliance may be placed on other firms and how the
firm will assess whether the other firm satisfies the definition of third party
in Regulation 17(2) (see paragraph 5.6.6).
Monitoring customer activity
5.7.1
Firms must conduct ongoing monitoring of the business relationship with
their customers. Ongoing monitoring of a business relationship includes:
•
Scrutiny of transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to
ensure that the transactions are consistent with the firm’s knowledge
of the customer, his business and risk profile;
•
Ensuring that the documents, data or information held by the firm
are kept up to date.
5.7.2
Monitoring customer activity helps identify unusual activity. If unusual
activities cannot be rationally explained, they may involve money laundering
or terrorist financing. Monitoring customer activity and transactions that
take place throughout a relationship helps firms know their customers,
assist them to assess risk and provides greater assurance that the firm is
not being used for the purposes of financial crime.
5.7.3
The essentials of any system of monitoring are that:
•
it flags up transactions and/or activities for further examination;
•
these reports are reviewed promptly by the right person(s); and
•
appropriate action is taken on the findings of any further
examination.
5.7.4
Monitoring can be either:
•
in real time, in that transactions and/or activities can be reviewed as
they take place or are about to take place, or
•
after the event, through some independent review of the
transactions and/or activities that a customer has undertaken
and in either case, unusual transactions or activities will be flagged for
further examination.
5.7.7
In designing monitoring arrangements, it is important that appropriate
account be taken of the frequency, volume and size of transactions with
customers, in the context of the assessed customer and product risk.
5.7.8
Monitoring is not a mechanical process and does not necessarily require
sophisticated electronic systems. The scope and complexity of the process
will be influenced by the firm’s business activities, and whether the firm is
large or small. The key elements of any system are having up-to-date
customer information, on the basis of which it will be possible to spot the
unusual, and asking pertinent questions to elicit the reasons for unusual
transactions or activities in order to judge whether they may represent
something suspicious.
5.7.12
Higher risk accounts and customer relationships require enhanced ongoing
monitoring. This will generally mean more frequent or intensive monitoring.
JMLSG Part II – Wholesale Markets
18.14
OTC and exchange-based trading can also present very different money
laundering risk profiles. Exchanges that are regulated in equivalent
jurisdictions, are transparent and have a central counterparty to clear
trades, can largely be seen as carrying a lower generic money laundering
risk. OTC business may, generally, be less well regulated and it is not
possible to make the same generalisations concerning the money laundering
risk as with exchange-traded products... Hence, when dealing in the OTC
markets firms will need to take a more considered risk-based approach and
undertake more detailed risk-based assessment.
JMLSG GUIDANCE– PART I (published 19 November 2014)
Risk-based approach
4.5
A risk-based approach requires the full commitment and support of senior
management, and the active co-operation of business units. The risk-based
approach needs to be part of the firm’s philosophy, and as such reflected in
the procedures and controls. There needs to be a clear communication of
policies and procedures across the firm, along with the robust mechanisms
to ensure that they are carried out effectively, weaknesses are identified,
and improvements are made wherever necessary.
4.6
Although the ML/TF risks facing the firm fundamentally arise through its
customers, the nature of the business and their activities, it is important
that the firm considers its customer risks in the context of the wider ML/TF
environment inherent in the jurisdictions in which the firm and its customers
operate. Firms should bear in mind that some jurisdictions have close links
with other, perhaps higher risk jurisdictions, and where appropriate and
relevant regard should be had to this.
4.9
The procedures, systems and controls designed to mitigate assessed ML/TF
risks should be appropriate and proportionate to these risks, and should be
designed to provide an effective level of mitigation.
4.12
A risk-based approach takes a number of discrete steps in assessing the
most cost effective and proportionate way to manage and mitigate the
money laundering and terrorist financing risks based by the firm. These
steps are to:
•
identify the money laundering and terrorist financing risks that are
relevant to the firm;
•
assess the risks presented by the firm’s particular
o
customers and any underlying beneficial owners*;
o
products;
o
delivery channels;
o
geographical areas of operation;
•
design and implement controls to manage and mitigate these assessed
risks, in the context of the firm’s risk appetite;
•
monitor and improve the effective operation of these controls; and
•
record appropriately what has been done, and why.
* In this Chapter, references to ‘customer’ should be taken to include
beneficial owner, where appropriate.
4.13
Whatever approach is considered the most appropriate to the firm’s money
laundering/terrorist financing risk, the broad objective is that the firm should
know at the outset of the relationship who their customers are, where they
operate, what they do, their expected level of activity with the firm and
whether or not they are likely to be engaged in criminal activity. The firm
then should consider how the profile of the customer’s financial behaviour
builds up over time, thus allowing the firm to identify transactions that may
be suspicious.
4.20
In reaching an appropriate level of satisfaction as to whether the customer
is acceptable, requesting more and more identification is not always the
right answer – it is sometimes better to reach a full and documented
understanding of what the customer does, and the transactions it is likely to
undertake. Some business lines carry an inherently higher risk of being
used for ML/TF purposes than others.
4.21
However, as stated in paragraph 5.2.6, if a firm cannot satisfy itself as to
the identity of the customer; verify that identity; or obtain sufficient
information on the nature and intended purpose of the business relationship,
it must not enter into a new relationship and must terminate an existing
one.
4.22
While a risk assessment should always be performed at the inception of a
customer relationship (although see paragraph 4.16 below), for some
customers a comprehensive risk profile may only become evident once the
customer has begun transacting through an account, making the monitoring
of transactions and on-going reviews a fundamental component of a
reasonably designed RBA. A firm may also have to adjust its risk
assessment of a particular customer based on information received from a
competent authority.
4.25
For firms which operate internationally, or which have customers based or
operating abroad, there are additional jurisdictional risk considerations
relating to the position of the jurisdictions involved, and their reputation and
standing as regards the inherent ML/TF risk, and the effectiveness of their
AML/CTF enforcement regime.
4.45
Based on the risk assessment carried out, a firm will determine the level of
CDD that should be applied in respect of each customer and beneficial
owner. It is likely that there will be a standard level of CDD that will apply
to the generality of customer, based on the firm’s risk appetite.
4.50
Where a customer is assessed as carrying a higher risk, then depending on
the product sought, it will be necessary to seek additional information in
respect of the customer, to be better able to judge whether or not the higher
risk that the customer is perceived to present is likely to materialise. Such
additional information may include an understanding of where the
customer’s funds and wealth have come from. Guidance on the types of
additional information that may be sought is set out in section 5.5.
4.51
Where the risks of ML/TF are higher, firms must conduct enhanced due
diligence measures consistent with the risks identified. In particular, they
should increase the degree and nature of monitoring of the business
relationship, in order to determine whether these transactions or activities
appear unusual or suspicious. Examples of EDD measures that could be
applied for higher risk business relationships include:
•
Obtaining, and where appropriate verifying, additional information on
the customer and updating more regularly the identification of the
customer and any beneficial owner
•
Obtaining additional information on the intended nature of the business
relationship
•
Obtaining information on the source of funds or source of wealth of the
customer
•
Obtaining information on the reasons for intended or performed
transactions
•
Obtaining the approval of senior management to commence or continue
the business relationship
•
Conducting enhanced monitoring of the business relationship, by
increasing the number and timing of controls applied, and selecting
patterns of transactions that need further examination
•
Requiring the first payment to be carried out through an account in the
customer’s name with a bank subject to similar CDD standards
4.61
Firms must document their risk assessments in order to be able to
demonstrate their basis, keep these assessments up to date, and have
appropriate mechanisms to provide appropriate risk assessment information
to competent authorities.
4.63
In addition, on a case-by-case basis, firms should document the rationale
for any additional due diligence measures it has undertaken (or any it has
waived) compared to its standard approach, in view of its risk assessment
of a particular customer.
Customer due diligence
5.1.5
The CDD measures that must be carried out involve: (a) identifying the
customer, and verifying his identity (see paragraphs 5.3.2ff); (b) identifying
the beneficial owner, where relevant, and verifying his identity (see
paragraphs 5.3.8ff); and (c) obtaining information on the purpose and
intended nature of the business relationship (see paragraphs 5.3.20ff).
5.2.6
Where a firm is unable to apply CDD measures in relation to a customer,
the firm (a) must not carry out a transaction with or for the customer
through a bank account; (b) must not establish a business relationship or
carry out an occasional transaction with the customer; (c) must terminate
any existing business relationship with the customer; (d) must consider
whether it ought to be making a report to the NCA, in accordance with its
obligations under POCA and the Terrorism Act.
5.3.20
A firm must understand the purpose and intended nature of the business
relationship or transaction to assess whether the proposed business
relationship is in line with the firm’s expectation and to provide the firm with
a meaningful basis for ongoing monitoring. In some instances this will be
self-evident, but in many cases the firm may have to obtain information in
this regard.
5.3.253
For situations presenting a lower money laundering or terrorist financing
risk, the standard evidence will be sufficient. However, less transparent and
more complex structures, with numerous layers, may pose a higher money
laundering or terrorist financing risk. Also, some trusts established in
jurisdictions with favourable tax regimes have in the past been associated
with tax evasion and money laundering. In respect of trusts in the latter
category, the firm’s risk assessment may lead it to require additional
information on the purpose, funding and beneficiaries of the trust.
Enhanced due diligence
5.5.1
A firm must apply EDD measures on a risk-sensitive basis in any situation
which by its nature can present a higher risk of money laundering or terrorist
financing. As part of this, a firm may conclude, under its risk-based
approach, that the information it has collected as part of the customer due
diligence process (see section 5.3) is insufficient in relation to the money
laundering or terrorist financing risk, and that it must obtain additional
information about a particular customer, the customer’s beneficial owner,
where applicable, and the purpose and intended nature of the business
relationship.
5.5.2
As a part of a risk-based approach, therefore, firms should hold sufficient
information about the circumstances and business of their customers and,
where applicable, their customers’ beneficial owners, for two principal
reasons: to inform its risk assessment process, and thus manage its money
laundering/terrorist financing risks effectively; and to provide a basis for
monitoring customer activity and transactions, thus increasing the likelihood
that they will detect the use of their products and services for money
laundering and terrorist financing.
5.5.4
In practice, under a risk-based approach, it will not be appropriate for every
product or service provider to know their customers equally well, regardless
of the purpose, use, value, etc. of the product or service provided. Firms’
information
demands
need
to
be
proportionate,
appropriate
and
discriminating, and to be able to be justified to customers.
5.5.5
A firm should hold a fuller set of information in respect of those business
relationships it assessed as carrying a higher money laundering or terrorist
financing risk, or where the customer is seeking a product or service that
carries a higher risk of being used for money laundering or terrorist financing
purposes.
5.5.6
When someone becomes a new customer, or applies for a new product or
service, or where there are indications that the risk associated with an
existing business relationship might have increased, the firm should,
depending upon the nature of the product or service for which they are
applying, request information as to the customer’s residential status,
employment and salary details, and other sources of income or wealth (e.g.,
inheritance, divorce settlement, property sale), in order to decide whether
to accept the application or continue with the relationship. The firm should
consider whether or not there is a need to enhance its activity monitoring in
respect of the relationship. A firm should have a clear policy regarding the
escalation of decisions to senior management concerning the acceptance or
continuation of high-risk business relationships.
5.5.9
The ML Regulations prescribe three specific types of relationship in respect
of which EDD must be applied. They are:
•
where the customer has not been physically present for identification
purposes (see paragraphs 5.5.10ff);
•
in respect of a correspondent banking relationship (see Part II, sector
16: Correspondent banking);
•
in respect of a business relationship or occasional transaction with a PEP
(see paragraph 5.5.18ff).
Reliance on third parties
5.6.4
The ML Regulations expressly permit a firm to rely on another person to
apply any or all of the CDD measures, provided that the other person is
listed in Regulation 17(2), and that consent to be relied on has been given
(see paragraph 5.6.8). The relying firm, however, retains responsibility for
any failure to comply with a requirement of the Regulations, as this
responsibility cannot be delegated.
5.6.14
Whether a firm wishes to place reliance on a third party will be part of the
firm’s risk-based assessment, which, in addition to confirming the third
party’s regulated status, may include consideration of matters such as:
•
its public disciplinary record, to the extent that this is available; the
nature of the customer, the product/service sought and the sums
involved; any adverse experience of the other firm’s general efficiency
in business dealings; any other knowledge, whether obtained at the
outset of the relationship or subsequently, that the firm has regarding
the standing of the firm to be relied upon.
5.6.16
In practice, the firm relying on the confirmation of a third party needs to
know:
•
the identity of the customer or beneficial owner whose identity is being
verified; the level of CDD that has been carried out; and confirmation of
the third party’s understanding of his obligation to make available, on
request, copies of the verification data, documents or other information.
In order to standardise the process of firms confirming to one another that
appropriate CDD measures have been carried out on customers, guidance
is given in paragraphs 5.6.30 to 5.6.33 below on the use of pro-forma
confirmations containing the above information.
5.6.24
A firm must also document the steps taken to confirm that the firm relied
upon satisfies the requirements in Regulation 17(2). This is particularly
important where the firm relied upon is situated outside the EEA.
5.6.25
Part of the firm’s AML/CTF policy statement should address the
circumstances where reliance may be placed on other firms and how the
firm will assess whether the other firm satisfies the definition of third party
in Regulation 17(2) (see paragraph 5.6.6).
Monitoring customer activity
5.7.1
Firms must conduct ongoing monitoring of the business relationship with
their customers. Ongoing monitoring of a business relationship includes:
•
Scrutiny of transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to ensure
that the transactions are consistent with the firm’s knowledge of the
customer, his business and risk profile; Ensuring that the documents,
data or information held by the firm are kept up to date.
5.7.2
Monitoring customer activity helps identify unusual activity. If unusual
activities cannot be rationally explained, they may involve money laundering
or terrorist financing. Monitoring customer activity and transactions that
take place throughout a relationship helps firms know their customers,
assist them to assess risk and provides greater assurance that the firm is
not being used for the purposes of financial crime.
5.7.3
The essentials of any system of monitoring are that:
•
it flags up transactions and/or activities for further examination;
•
these reports are reviewed promptly by the right person(s); and
•
appropriate action is taken on the findings of any further examination.
5.7.4
Monitoring can be either:
•
in real time, in that transactions and/or activities can be reviewed as
they take place or are about to take place, or
•
after the event, through some independent review of the transactions
and/or activities that a customer has undertaken
and in either case, unusual transactions or activities will be flagged for
further examination.
5.7.7
In designing monitoring arrangements, it is important that appropriate
account be taken of the frequency, volume and size of transactions with
customers, in the context of the assessed customer and product risk.
5.7.8
Monitoring is not a mechanical process and does not necessarily require
sophisticated electronic systems. The scope and complexity of the process
will be influenced by the firm’s business activities, and whether the firm is
large or small. The key elements of any system are having up-to-date
customer information, on the basis of which it will be possible to spot the
unusual, and asking pertinent questions to elicit the reasons for unusual
transactions or activities in order to judge whether they may represent
something suspicious.
5.7.12
Higher risk accounts and customer relationships require enhanced ongoing
monitoring. This will generally mean more frequent or intensive monitoring.
JMLSG Part II – Wholesale Markets
18.14
OTC and exchange-based trading can also present very different money
laundering risk profiles. Exchanges that are regulated in equivalent
jurisdictions, are transparent and have a central counterparty to clear
trades, can largely be seen as carrying a lower generic money laundering
risk. OTC business may, generally, be less well regulated and it is not
possible to make the same generalisations concerning the money laundering
risk as with exchange-traded products. For example, trades that are
executed as OTC but then are centrally cleared, have a different risk profile
to trades that are executed and settled OTC. Hence, when dealing in the
OTC markets firms will need to take a more considered risk-based approach
and undertake more detailed risk-based assessment.
Employer Created 401(k) Plans
A 401(k) is a qualified profit sharing plan that allows employees to contribute a portion of
their wages to individual retirement accounts. Employers can also contribute to employees’
accounts. Any money that is contributed to a 401(k) below the annual contribution limit is
not subject to income tax in the year the money is earned, but then is taxable at
retirement. For example, if John Doe earns $100,000 in 2018, he is allowed to contribute
$18,500, which is the 2018 limit, to his 401(k) plan. If he contributes the full amount that
he is allowed, then although he earned $100,000, his taxable income for income tax
purposes would be $81,500. Then, he would pay income tax upon any money that he
withdraws from his 401(k) at retirement. If he withdraws any money prior to age 59 1/2,
he would be subject to various penalties and taxes.
Contribution to a 401(k) plan must not exceed certain limits described in the Internal
Revenue Code. The limits apply to the total amount of employer contributions, employee
elective deferrals and forfeitures credits to the participant’s account during the year. The
contribution limits apply to the aggregate of all retirement plans in which the employee
participates. The contribution limits have been increased over time. Below is a chart of the
contribution limits:
Employer
Contribution
Limit
Catch Up
Contribution
(only for
individuals Age
50+)
1999
$10,000
$20,000
$30,000
0
2000
$10,500
$19,500
$30,000
0
2001
$10,500
$24,500
$35,000
0
2014
$17,500
$34,500
$52,000
$5,500
2015
$18,000
$35,000
$53,000
$6,000
If an individual was aged 30 in 1999, the absolute maximum that he could have
contributed including the maximum employer contributions would be $746,000.
Minimum Age Requirements
In the United States, the general minimum age limit for employment is 14. Because of
this, an individual may make contributions into 401(k) plans from this age if the terms of
the plan allow it. The federal government does not legally require employers to include
employees in their 401(k) plans until they are at least 21 years of age. If you are at least
21 and have been working for your employer for at least one year, your employer must
allow you to participate in the company’s 401(k) plan. As a result, some employers’ plans
will not allow individuals to invest until they are at least 18 or 21 depending upon the
terms of the plan.
One-Participant 401(k) Plans
A one-participant 401(k) plan are sometimes called a solo 401(k). This plan covers a self-
employed business owner, and their spouse, who has no employees. These plans have
the same rules and requirements as other 401(k) plans, but the self-employed individual
wears two hats, the employer and the employee.