Public statement concerning the regulatory investigation of The Isle Of Man Financial Services Authority in respect of Trident Trust Company (I.O.M.) Limited and the associated outcomes
Trident Trust Company (I.O.M.) Limited (“Trident IOM”)
- The Isle of Man Financial Services Authority (the “Authority”) makes this public statement in accordance with powers conferred on it under section 13 of the Financial Services Act 2008 (the “Act”).
- The making of such public statement supports the Authority’s regulatory objectives of, among other things, reducing financial crime and maintaining confidence in the Isle of Man’s financial services industry. The public statement is made by the Authority in relation to the failings of Trident IOM that occurred during the period 2010 and 2020 (inclusive) (the “material times”).
- Following a self-report to the Authority by Trident IOM in 2018, the Authority commenced an investigation in respect of Trident IOM and identified a number of regulatory failings. In light of the same, the Authority has determined that it would be reasonable and proportionate, in all the circumstances, that Trident IOM be required to pay a discretionary civil penalty under section 16 of the Act and the Financial Services (Civil Penalties) Regulations 2015 in the sum of £421,744 discounted by 30% to £295,221 (the “Civil Penalty”).
- The level of the Civil Penalty reflects the severity of the failures.
- The level of the Civil Penalty further reflects that:-
- 5.1 Trident IOM self-reported the failings in 2018 and has undertaken extensive remediation since this time;
- 5.2 Trident IOM and the Trident IOM directors co-operated with the Authority, in particular since its self-reporting in 2018, and agreed settlement at an early stage, through the Authority’s Enforcement Decision-Making Process (“EDMP")
- 5.3 Trident IOM, working with its appointed independent third party consultants (retained to assist and report) (the “Consultants”), identified the majority of the failings that occurred during the material times. The reports of the Consultants were provided to the Authority;
- 5.4 Trident IOM and the Trident IOM directors have cooperated fully and engaged positively with the Authority, including in respect of the enhanced supervisory measures imposed on them by the Authority under sections 14 and 23 of the Act; and
- 5.5 Trident IOM has taken substantial steps and invested significant resources to remediate the failings identified in this public statement.
- Trident IOM is licensed by the Authority in accordance with section 7 of the Act to undertake certain Class 4, Class 5 and Class 7 regulated activities.
- In accordance with Trident IOM’s Class 7 licence permission, Trident IOM provides management and administration services to R&M Management (I.O.M.) Limited (“R&M”). R&M is itself the subject of a public statement.
- In the third quarter of 2018 Trident IOM made the Authority aware that it had identified an issue in relation to its compliance with the Isle of Man’s Anti-Money Laundering and Countering the Financing of Terrorism Code 2015 (as amended from time to time, the “Code”). At the same time Trident IOM commissioned the Consultants to review and report. In February 2019 Trident IOM formally notified the Authority of a number of prima facie contraventions of the Code and breaches of the Financial Services Rule Book 2016 (the “Rule Book”).
- From February 2019 onwards Trident IOM has been subject to enhanced supervision around aspects of its conduct of regulated activity including its program of remediating the contraventions and breaches identified.
- By October 2019, having fully considered the work of the Consultants, and having sight of a number of further issues of non-compliance being identified through the remediation exercise, the Authority opened an investigation to establish whether Trident IOM remained ‘fit and proper’ to hold a licence (the “Investigation”).
- Ancillary to its enhanced supervision and ongoing Investigation, the Authority also exercised powers under sections 14 and 23 of the Act to engage a third party professional to operate a number of additional controls over aspects of Trident IOM’s operational activities and to report on areas of its ongoing and historical compliance with the Code and the Rule Book. The costs of the third party professional and the Consultants were significant and were borne fully by Trident IOM.
- Trident IOM continued to report to the Authority instances of historic non-compliance during the material times, identified via its ongoing remedial work, into 2022.
- The measures, actions and broad approach to this matter reflect the period of historic non-compliance and the high risk profile of certain of Trident IOM’s current and former customers.
- The Authority conducted the Investigation and was, at all times, mindful of the higher risk profile of the Trident IOM customer base. Licenceholders with such a profile and, in the case of Trident IOM a historically higher risk appetite, are naturally required to be able to demonstrate the highest standards of governance, risk and compliance frameworks and a culture that pervades high ethical and moral standards to the conduct of business and compliance with the regulatory framework.
- Similarly to the work of the Consultants and the work of the professional appointee under sections 14 and 23 of the Act, the Investigation identified a range of material weaknesses at all levels of Trident IOM’s control and governance structure during the material times that, on reasonable grounds, brought into question Trident IOM’s fitness and propriety. This included failures by Trident IOM to organise and control its affairs in a responsible manner; deficient systemic anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) policies and procedures; and conduct of business failings in respect of entities administered by Trident IOM. Amongst the matters confirmed were that Trident IOM:
15.1. had not been fully meeting a number of Code requirements - Trident IOM was contravening certain aspects of paragraphs 4, 5, 6, 8, 12, 13, 14, 15, and 30 of the Code;
15.2. had not been fully meeting Rule Book requirements in relation to maintaining appropriate internal and operational controls, systems, policies and procedures - Trident IOM was breaching certain aspects of rules 8.2, 8.3, 8.9, 8.10 and 8.62 of the Rule Book; and
15.3. had not been fully meeting rules relating to the conduct of business under the Rule Book – Trident IOM was breaching certain aspects of rules 6.1, 6.2 and 6.11.
- The matters detailed are serious and if not adequately addressed, particularly in terms of the preventative measures set out in the Code, significantly increase the risk that Trident IOM’s services could have been exploited by persons who may wish to launder money or finance terrorism and therefore, by association, may have negatively impacted upon the Authority’s regulatory objectives and the reputation of the Isle of Man as a responsible and well regulated International Financial Centre.
- Notwithstanding these findings and conclusions, Trident IOM today is effectively governed by new directors and its controlled function role holders (including its Managing Director, Head of Compliance and MLRO) are new appointees. Trident IOM has also, as a result of the issues identified, implemented a far more robust and professional anti financial crime framework and has downgraded its risk appetite. The Authority has determined that, at this time, Trident IOM remains permitted and licensed to carry on undertaking regulated activity.
- The professional appointee under sections 14 and 23 of the Act has observed that Trident IOM has addressed the historical non-compliance and the historical compliance culture as part of its remediation exercise. Such professional appointee has also observed that the current compliance culture is strong and healthy and that Trident IOM’s current directors are committed to Trident IOM being fully compliant and that this “tone from the top” of “doing the right thing” has permeated through the ranks of staff members.
- The Authority is satisfied that the imposition of the Civil Penalty on Trident IOM, in conjunction with this public statement, reflects the serious nature of the historical non-compliance and the historical compliance culture and furthermore, provides appropriate certainty to Trident IOM regarding the continuation of its regulated activity.
- In accordance with the EDMP, Trident IOM entered into settlement discussions with the Authority and sought to finalise and remediate matters expeditiously.
Cooperation and Remediation
- The Authority is satisfied that Trident IOM and the directors of Trident IOM cooperated fully and engaged positively with the Authority’s EDMP, its enhanced supervisory measures and the Investigation.
- The requirements of the notices issued by the Authority under section 23 of the Act have been fully complied with such that these notices have no ongoing effect, and the directions issued by the Authority under section 14 of the Act have been withdrawn.
Key Learning Points for Industry
- The Authority continues to focus its attention and resources on those businesses that have a high risk appetite (historically Trident IOM had such an appetite) and whose proportion of high risk customers is greater than its peer group. Those wishing to operate in this space must demand of themselves the most rigorous governance, compliance and risk management regimes and engage staff in all relevant key functions who have the requisite experience and expertise in identifying and mitigating risk and who can ensure that an appropriate compliance-minded, risk aware culture is embedded in the organisation.
- Compliance with the Code is mandatory not optional. Non-compliance with the Code increases the risk that a regulated entity’s products and services could be exploited by those who would wish to launder money or finance terrorism.
- A regulated entity’s risk management arrangements, including in respect of anti-money laundering and countering the financing of terrorism, should extend to understanding the investment and operational activities of its clients even when providing only a limited range of services to any particular client.
- The officers and staff of a regulated entity with a higher risk appetite (historically Trident IOM had such an appetite) and higher risk clients should be adequately trained and qualified and have a background in administering higher risk clients and be considered by the Board of the regulated entity, individually and collectively, to have the appropriate degree of expertise and sophistication to mitigate associated risks.
- All stages of the client relationship, from new client take-on through to exiting the relationship, should pervade the same approach, attitude and culture so as to deter those who may wish to exploit a licenceholder to launder money or finance terrorism.
- The Authority will focus its attention on board members (including non-executive directors) to ensure that they can each articulate to the Authority the risk appetite of the business, the appropriateness of the measures put in place to prevent financial crime and how they ensure that the appropriate culture pervades the organisation. Those same people need to be receptive to thoughts, wishes and suggestions of those people in critical controlled functions (such as Head of Compliance, MLRO and DMLRO) and ensure that those voices are heard.
- Whilst mistakes can happen in any business, non-compliance tends to be systemic in licenceholders where appropriate governance structures, culture or tone from the top have not been embedded. In addition to increasing the risk of money laundering and the financing of terrorism, these weaknesses may lead to other regulatory weaknesses such as failures in appropriately managing and monitoring conflicts. The time period of non-compliance can be extensive if non-compliance is culturally ‘the norm’ or where any challenge is dismissed. In those circumstances, the Authority will examine very carefully whether any of the licenceholder’s key staff have undertaken their duties in a manner that lacks competence, or a manner that lacks integrity or both.
- A regulated entity, having self-reported and voluntarily entered into a candid and open dialogue with the Authority followed by appropriate and timely remediation, may receive a financial, or other regulatory sanction. In such instances, it is also likely that any sanction imposed by the Authority will be less than would otherwise be the case. Recurring, numerous or lasting regulatory failings may aggravate the sanction.