Year: 2017

Paradise Papers – Seeing the Wood for the Trees

Sara Barclay Compliance, Compliance Monitoring, Corporate Governance , , , , , , , , , ,

The now infamous “Paradise Papers” contain personal data obtained from Appleby’s Bermuda office via an illegal hack. This data in part details the utilisation of International Finance Centres (IFC), by high net worth persons and corporates, for tax mitigation purposes. This post makes no comment on the legality or otherwise of using such data. Nor, is it a commentary about tax havens vs IFCs, the ethical considerations of society, and the freedoms for legal persons to engage in trade or invest in or through an IFC. Our focus instead is the failings that Trustees, Foundation Officials, Directors and Employees in Financial Services Businesses (FSB) must learn from in the wake of this saga. We do not purport to be a tax experts and so have not commented on the validity or otherwise of any advice given whether regarding tax or structuring. Our intention is to look at the compliance and “good business practice” considerations at the heart of good corporate governance. With offices in Guernsey, Jersey and having experience of working in Bermuda we believe analysis of legal and regulatory frameworks by jurisdiction offers a less valuable insight than a clear understanding of the general principles and terms of good corporate governance.

Tax Advice
In order for Trustees, Foundation Officials and Directors to fulfil their responsibility and work in the best interest of their clients they must understand and follow the professional tax advice received. They must evidence that they are compliant with this advice and periodically, depending on the type of arrangement they are administering or controlling, ensure that they have up-to-date tax advice on file. They must also evidence that these arrangements remain legal and all tax liabilities are settled when due. The following are instances where those responsible may find that they have failed to attain an appropriate standard:

• Legal arrangements over time becoming tax non-compliant;
• Legal arrangements set up with draft tax advice without the advice ever being formalised;
• Legal arrangements undertaking new activities outside the scope of the original tax advice;
• Failure to follow tax advice fully, e.g. the non-repayment of a commercial loan arrangement;
• Tax advice provided by those who are not appropriately qualified;
• Tax advice held by the client but never shown to the Trustees, Foundation Officials and Directors.

Control
To ensure tax and legal compliance the Trustees, Foundation Officials and Directors must exert control. Here again to fulfil their responsibilities they must clearly document evidence that they have overarching control of the activities of the legal arrangement. The following are instances where those responsible may find that they have failed to attain an appropriate standard:

• Beneficiaries committing the legal arrangement to a business arrangement without due consideration and approval of the Trustees, Foundation Officials and Directors in the first instance;
• Those responsible acting without due consideration;
• Those responsible committing the legal arrangement to business activities which do not accord with the arrangement’s rationale;
• Those responsible lack sufficient independence from the client;
• Those responsible are unable to evidence their control of the assets and/or activities of the arrangement.

Investments
The Paradise Papers have also raised questions regarding the suitability and legality of investments undertaken by legal entities. Trustees, Foundation Officials and Directors must ensure that the investments or business activities undertaken by the entity are in line with its intended purpose. Those responsible must also ensure the legality of any investment or business activity does not breach any international sanctions. Though investments or business activities do not require due diligence to the same standard of beneficial ownership due diligence, sufficient research and evidence must be attained to ensure such activity is in the best interest and in line with the objective of the legal arrangement. At the same time sufficient checks must be undertaken to ensure legal compliance and suitability with its objectives both at initiation and on an on-going basis thereafter. The following are instances where those responsible may find that they have failed to attain an appropriate standard:

• Investing or engaging in a business relationship with legal entities related to a sanction regime or jurisdiction;
• Not undertaking sufficient due diligence to ensure that the investment or business engagement does not involve sanctioned legal persons or sanctions breaches;
• Investing or business relationships that are out of line with the entity’s purpose.

Source of Wealth and Funds
Trustees, Foundation Officials and Directors must ensure that they have sufficient understanding and evidence of their clients’ Source of Wealth and Funds (commensurate with their risk classification) to prevent and detect criminality and terrorist financing. Understanding the origin of assets and their usage assists those responsible in forming a picture of the true beneficial ownership, intention and nature of the relationship. This also allows those responsible to have sufficient transparency and enable effective reporting required by international regulatory and legal bodies.

Ethics of Doing Business
Those responsible must ensure that they have given ethical consideration to the activities of any legal arrangement. Ethical considerations must accord with the documented risk appetite and it must be understood that legal arrangements engaged in aggressive tax mitigation or higher risk industries pose a higher reputational risk to the Trustees, Foundation Officials and Directors, their business and those of the jurisdictions in which they are active. As such, these relationships must be properly understood and documented as they may be open to future challenge.

The ethics of doing business must also consider whether sufficient knowledge, qualifications and experience are inherent in those responsible. Trustees, Foundation Officials and Directors must document and evidence their consideration of whether a business relation, either new or continuing is within their realm of knowledge, understanding and experience. Where this is not the case they should remove themselves from responsible positions or obtain suitably experienced individuals as their replacement.

The integrity and professional actions of those responsible will ultimately be assessed by the authorities to ensure that the best interests of stakeholders have been met at all times. This responsibility includes timely reporting of non-compliance with appropriate authorities.

Compliance
While the Trustees, Foundation Officials and Directors remain responsible and accountable for both and their own and the legal arrangements activities, a suitably resourced compliance function is required to assist and advise. Compliance must be a proactive force within a FSB rather than merely a tick box exercise. It must assist in ensuring that the business has attained appropriate tax and legal advice as well as ensuring it is understood and followed. Those responsible must demonstrate the required control and oversight of activities undertaken for and on behalf of the legal arrangement. Findings and recommendations must be reported back to those responsible and any remediation must be tracked to ensure that the business can demonstrate compliance, integrity and appropriate levels of knowledge and understanding of the entity’s activities.

Data Security
The Paradise Papers also clearly highlight the importance of implementing suitable and sufficient data security controls to protect stakeholders. These controls are not just IT system-focussed and must include effective staff training to reduce the risk of an unintentional data leak. Data security systems and processes must be monitored, tested and kept up-to-date. It goes without saying that failure to implement an efficient and effective control environment may lead to a catastrophic loss of data with disastrous reputational consequences for all stakeholders. FSB’s must also be aware and ensure that any 3rd parties who hold data do so effectively and have the necessary safeguards and review processes.

Conclusion Compliance monkey

IFCs adhere to international standards and best practice. While recent data hacks have revealed that there are practitioners out there who have not abided by these requirements, the vast majority are conscientious and highly professional.

However, the current political backdrop is unfavourable to offshore jurisdictions and we should expect greater scrutiny in our professional activities for the foreseeable future. Applying the highest standards of corporate governance is our best path to a successful future.
If you have any concerns or would like to know more please either contact myself

The Dawn of a New Era

Sara Barclay Uncategorized

Compliance monkey

The Commission have released a new Consultation on Revisions to the AML/CFT Framework with the purpose of bringing the Guernsey AML/CFT framework up to and in line with the Financial Action Task Force international standards issued in 2012. This new Framework will also address the recommendations that have been made by MoneyVal in their report on Guernsey that were published in January 2016.

These enhancements to the Guernsey Anti-Money Laundering and Comatting Financing of Terrorism (“AML/CFT”) Framework will affect Guernsey Financial Services Businesses, Prescribed businesses and the Non-Regulated Financial Services Businesses which will all become Specified Businesses. Some of the headline changes that need to be borne in mind by the Boards, Senior Managers and Controllers of Specified Business are as follows:

  • There will be only one Handbook for “specified businesses”, removing the current separate Handbooks for “Financial Services Businesses” and “Prescribed Businesses”. This is done on the basis that prescribed businesses have now had sufficient time to develop and be experienced in AML and CFT requirements.
  • Business Risk Assessments (“BRAs”) must clearly distinguish between AML and CFT risks. This can still be covered in one document. The proposed Handbook clearly puts more emphasis throughout on CTF, compared to the current Handbook. BRAs must also refer to the National Risk Assessment.
  • The definition of ‘Business Relationship’ has been expanded to include giving advice. “Such a relationship does not need to involve the firm in an actual transaction; giving advice may often constitute establishing a business relationship”
  • Additional CDD (“ACDD”) is proposed for the following relationships
    – Non-resident Customer
    – Private Banking Services
    – A customer that is a legal person or a legal arrangement used for personal asset holding purposes
    – Company with nominee shareholders that issues shares in the form of bearer shares
  • There is a proposed change in the treatment of PEPs with “domestic PEPs” and “Foreign PEPs” to be classified appropriately and the addition of International Organisation PEPS ( “IOPEPs”) and finally a risk based approach for the treatment of PEPs with no assets in a structure.
  • The role of Money Laundering Reporting Officer (“MLRO”) is to change to Financial Crime Reporting Officer (“FCRO”), which again highlights the coverage of CFT as well as AML.
  • In addition to the FCRO, a new role of Financial Crime Compliance Officer is proposed. This role can be undertaken the FCRO but this role must be undertaken by someone independent of business development and client facing roles.
  • A revised approach to identifying beneficial ownership is proposed which extends beyond just legal ownership, instead focussing on actual ultimate ownership and control.
  • There are new rules proposed for authorised and registered Collective Investment Schemes which will define the responsibility for AML and CFT requirements which fall under the responsibility of the nominated businesses which are licensed under the Protection of investors Law.

This consultation gives all parties the opportunity to raise any further considerations that may be of benefit and we would encourage everyone to take the time to consider how this new handbook will affect their business and industry and to make representation if any improvements could be considered.

The Board’s of Specified Businesses should make themselves aware and be familiar at this early stage of the high level changes to the Guernsey regulatory framework. A high level review of the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) (Amendment) ordinance, 2017, schedule 3 to identify the proposed enhancements to the Guernsey AML/CFT Framework, has been prepared to assist the Board with understanding and preparing for the changes to come.

It is important with the dawn of this new era that all Specified Businesses consider this Consultation fully and make representations as may be necessary to the Commission. Specified Businesses must ensure that their business and respective industry and the Guernsey Financial Services industry as a whole continue to have an effective and workable AML/CFT regime going forward which serves to maintain and promote itself as one of the best International Financial Centres in the world and a place to do business.

De-Mystifying the High-Risk Territory

Sara Barclay AML/CTF, Compliance, Guernsey

Compliance monkeyThere is much talk these days regarding the difficulty of providing products and services to those persons who are in high risk territories.  The main gripe is that the Guernsey Regulatory Framework is stifling and strangulating licensees when it comes to high risk territories. This seems to be at odds with the presentations and assertions of the Commission about Guernsey being open for business and empowering its licensees to engage in risk to develop and grow.  What is the truth, are we being misinformed and if so by who?

When it comes to high risk territories licensees must be aware of the obligations in the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Regulations, 2007 as amended (“the Regulations”) and the Handbook for Financial Services Businesses on countering Financial Crime and Terrorist Financing (“the Handbook”).  Regulation 5 (1) (c) states the following;

“(c) a business relationship or an occasional transaction – (i) where the customer is established or situated in a country or territory that does not apply or insufficiently applies the Financial Action Task Force Recommendations on Money Laundering, or (ii) which the financial services business considers to be a high risk relationship, taking into account any notices,”

The Handbook goes further at rule 58 where it states the following;

“is connected to any of the countries or territories listed in Part A or Part C of Instructions on Business from Sensitive Sources issued by the Commission; is designated as high risk.”

At first glance the minimum requirements are that by applying the full instructions on Business from Sensitive Sources you would have a lists of high risk jurisdictions that the Commission would be happy with in meeting the requirements of the Regulation and the Handbook. The Commission have empowered Financial Services Businesses in Guernsey to actively engage and establish their own risk appetite and as such the Instructions on Business from Sensitive resources only represents the minimum requirements.  The Handbook at section 70 goes further to recommend that a high risk factor regarding territory would also include the following;

“customers based in, or conducting business in or through, a country or territory with known higher levels of bribery and corruption, or organised crime, or involved in illegal drug production/processing/distribution, or associated with terrorism; involvement of an introducer from a country or territory which does not have an adequate AML/CFT infrastructure;”

Just by looking at Transparency International perception index this allows the potential for a greater number of territories that could be designated as high risk. There are also those territories that Guernsey has Sanction regimes on which pose an association with terrorism and as such could be deemed high risk. The question is must these territories be high risk?

The Commission have through rule 57 empowered Directors and Boards to take a proactive view of risk where a business relationship has a high risk element (that is not a high risk element specified in Regulation 5(1)(a-c) or listed at part A or Part C of the Instruction on Business from Sensitive Sources) but this element does not mean that the actual risk of the relationship is high.  A Financial Service Business where it has compelling mitigating factors that it documents, can choose a lower and more realistic risk rating. Therefore, a territory that the Financial Services Business may class as high due to internal policy or procedure or that an international body classifies as high does not necessarily make the whole relationship high risk.

Some examples of where and how rule 57 can be applied;

  • An entity that is administer and controlled in Guernsey is conducting business in a territory that is not on the Business from Sensitive Sources Instruction but has a high bribery and corruption rating, there are controls in place to mitigate associated risk of bribery and corruption risk do we have to have this as high risk? If the licensee can demonstrate compelling mitigating factors to meet rule 57 of the Handbook, it could choose to down grade the risk if its policy procedures and controls allow.

 

  • An entity that we administer and control is conducting business in a territory that is on the Business from Sensitive Sources, there are controls in place to mitigate associated risk do we have to have this as high risk? This must be rated as high risk as it falls under the Regulations and the Handbook as having to be rated as high risk.

 

  • A Beneficiary resides in a Sanctioned country which the Financial Services Business deems as high risk, do they need to be classified as such? If the licensee can demonstrate that the beneficiary and the entity that will be receiving any transaction is not subject to a Sanction notice and demonstrates the compelling mitigating factors to meet rule 57 of the Handbook, it could choose to down grade the risk if its policy procedures and controls allows.

 

  • A customer born in a higher risk country due to bribery and corruption but residing and employed in Guernsey and all funds for the business relationship have been earnt in Guernsey do they have to be high risk? Though a Licensee must obtain information on Place of Birth and Nationality under the rule 86 of the Handbook there is no requirement to risk rate on this basis and it could be discriminatory.

 

  • There are also occasions where part of a structure or an entity is registered in a higher risk jurisdiction, such as a Panamanian foundation that is controlled and administered in Guernsey. The question that must be asked is does a brass plaque in a higher risk country create a higher risk? Regarding the Regulation and the Handbook the Panamanian Foundation could be said to be based in Guernsey due to the management and control element and as such would not fall under a higher risk country element as the due diligence requirements would be undertaken by the Guernsey Fiduciary to the requirements of the Handbook and the Regulation.

 

  • The use of corporate entities registered in other higher risk jurisdictions by a Guernsey licensee for its customers, the Corporate Service Provider in the higher risk territory is only the Registered Agent for corporate entities and only undertakes the required statutory functions of the Territory are these structures require to be high risk? Though higher risk jurisdictions can be used to provide a corporate entity they may not apply the same anti-money laundering measures and countering terrorist financing measures as we are required to do in Guernsey. In these cases, it could be said that the business relationship is based and established in Guernsey as the corporate entity is controlled and administered by a Guernsey Licensee who must comply the Guernsey Regulatory Framework requirements.  Does a brass plaque really carry a risk or money laundering and terrorist financing or should we be more worried about the risk of the beneficial owners and controllers?

From this brief review of the pertinent sections of the Regulations and the Handbook, the Commission have in fact created a framework when it comes to territory that does allow for consideration of risk and not everything is or should be classified as high though some must be.  Unfortunately, it is possible that licensees themselves, through either lack of knowledge, understanding or misinterpretation of the Regulation and Handbook are creating their own frameworks that are inflexible to allow compelling mitigation to be taken in to account when it comes to risking Territory risk where permissible.  This inflexable framework would contribute to the strangulation of a Financial Services Business and the potential offering of products and services to new markets and developing countries.

Remember the Commission are there to use enforcement action on those who fall below minimum requirements and/or do not apply their own policies and procedures. There are countless other examples where rule 57 of the Handbook can be utilised so please contact me if you are interested in further clarification.Compliance monkey