Public statement concerning the regulatory investigation of the Isle of Man Financial Services Authority in respect of Parcville Limited, formerly known as Corporate Options Limited (“COL”) and the associated outcomes
1.1 The Isle of Man Financial Services Authority (the “Authority”) makes this Public Statement in accordance with powers conferred on it under section 13(3)(a) and (b) of the Financial Services Act 2008 (“FSA”) and section 35(1)(c) of the Insurance Act 2008 (“IA”), (collectively the “Acts”).
1.2 The making of such Public Statement supports the Authority’s regulatory objectives of, among other things, securing an appropriate degree of protection for customers of persons carrying on a regulated activity, reducing financial crime and maintaining confidence in the Isle of Man’s financial services industry.
1.3 An investigation in respect of COL by the Authority identified a number of serious regulatory failings. Notwithstanding the same the Authority has determined that, despite the nature and the seriousness of the regulatory failings, on balance having taken account of the potential financial consequences to COL and to any third parties (including customers and creditors of COL) of imposing a civil penalty on COL (pursuant to section 16 of the FSA and the Financial Services (Civil Penalties) Regulations 2015 (the “Regulations”)), the imposition of such a penalty is not appropriate.
2.1 At all relevant times COL was licensed by the Authority in accordance with section 7 of the FSA to undertake certain Class 4 and Class 5 regulated activities.
2.2 In November and December 2019, the Authority conducted a supervisory inspection in respect of COL in accordance with its statutory powers under Schedule 2 to the FSA (the “Inspection”). The Inspection identified contraventions of the Anti-Money Laundering and Countering the Financing of Terrorism Code 2019 (the “Code”) (“the “Contraventions”). The Contraventions are serious regulatory failings and are aggravated by the fact that a significant proportion of COL’s customer base, following a risk re-rating process, when assessed against the requirements of the Code, were classified as high-risk.
2.3 Upon identification and consideration of the Contraventions, the Authority appointed a third party professional firm pursuant to sections 14 and 23 of the FSA to oversee certain transactional activity within COL. Such third party professional firm to produce a report pertaining to the extent and appropriateness of COL’s anti-financial crime framework, encompassing an assessment of COL’s compliance function (the “23 report”). The costs associated with the production of the s.23 report and the appointment of the third party professional firm were borne fully by COL.
2.4 Following its receipt of the s.23 report in November 2020, the Authority continued to investigate whether COL was able to satisfy the Authority that it remains ‘fit and proper’ to hold some or all of the licences granted under section 7 of the FSA, in accordance with the Authority’s published guidance (the “Guidance”) (the “Investigation”). To hold a licence, a permitted person is required to satisfy the Authority that both it, and its Controlled Function Role Holders, are fit and proper. Satisfaction of this requirement is an ongoing obligation.
3. Investigation conclusions
3.1 The Investigation, the Inspection and the s.23 report each identified a range of issues that, when reasonably and proportionately assessed by the Authority against the Guidance and all relevant legislation, brought into question COL’s fitness and propriety to continue to hold a licence with certain Class 4 and Class 5 permissions. It was established that, at relevant times, COL -
- had failed to ensure the good governance of a permitted person and compliance with regulatory requirements;
- had not demonstrated that it had effective risk management and internal control frameworks in place;
- had not maintained appropriate operational controls and procedures relating to the services it provided to Closed Ended Investment Schemes (“CEICs”);
- had procedures that were high level and contained nothing to cover the services provided to CEICs;
- had established business relationships without conducting Customer Risk Assessments;
- had in place Eligible Introducer (“EI”) arrangements with a book of 16 client entities. Upon investigation the Authority identified that the entity COL treated as an EI had not been regulated for over 4 years. This change in status had not been identified by COL nor was it clear there were any arrangements in place to ensure that such matters were identified;
- had a Business Risk Assessment which contained comment which indicated that COL did not have full control over the number of EI (and Applicable Applicant) arrangements in place;
- had a Business Risk Assessment which did not effectively demonstrate compliance with the requirements of rule 8.6 of the Financial Services Rule Book 2016 (the “Rule Book”); and
- had not adopted measures to manage its conflicts of interest as required by rules 8.9 or 8.10 of the Rule Book.
3.2 It was also established that, at relevant times COL, in relation to its requirements under the Code:
- had not been fully meeting the Code requirements in relation to establishing, recording, operating and maintaining procedures and controls;
- had not been fully meeting the Code requirements in relation to conducting its Business Risk Assessment;
- had not been fully meeting the Code requirements in relation to conducting Customer Risk Assessments;
- had not been fully meeting the Code requirements in relation to carrying out its Technology Risk Assessment;
- had not been fully meeting the Code requirements in relation to beneficial ownership and control;
- had not been fully meeting the Code requirements in relation to enhanced customer due diligence;
- had not been fully meeting the Code requirements in relation to EI arrangements;
- had not been fully meeting the Code requirements in relation to establishing, recording, maintaining and operating appropriate procedures and controls for monitoring and testing compliance with AML/CFT legislation;
- had not been fully meeting the Code requirements in relation to staff training; and
- on the basis of the above, was contravening paragraphs 4, 5, 6, 7, 12, 15, 19, 30 and 32 of the Code.
3.3 The s.23 report noted as follows in relation to COL - “Our review indicates that your company has not been fully compliant with the Code and Rule Book for several years principally because the company has not invested sufficient time and resources in its AML and other compliance activities”; and “with regards to the definition of AML/CFT legislation, the company has designed internal and operational controls, systems, policies and procedures to address the Code requirements. Unfortunately, the sufficiency and appropriateness of those controls, systems, policies and procedures falls short of the Code requirements in a number of key areas as described throughout this report”. The third party professional firm also reported on the adequacy of COL’s policies/procedures/controls with regards to AML/CFT legislation and undertook client file sample reviews to determine whether clients had been appropriately risk rated. This led to a revision of COL’s risk assessment process, with the number of clients classified as high risk increasing from 27.1% to 85.9%.
3.4 The s.23 report also identified and evidenced that a company administered by COL was undertaking regulated activity without being licensed to do so, observing that, “there are multiple indicators of non-compliance with the Financial Services Act 2008, the Proceeds of Crime Act 2008 and associated secondary legislation”.
3.5 In September 2021, after being required by the Authority to undertake analysis of their financial records, COL reported to the Authority that they had been in breach of their Liquid Capital Requirements (“LCR”) necessitating a capital injection from the directors. The Investigation established that COL had been in breach of its LCR for a longer period than had been reported and had considerably underestimated its shortfall thus calling into question whether COL remained solvent at all times. The Investigation established that the LCR breach was as a consequence of financial mismanagement within COL whereby the Board of Directors of COL failed to operate appropriate financial management principles (e.g. no bad/doubtful debt policy) and collectively failed to ensure that the company remained in compliance with its regulatory financial resources requirements at all time.
3.6 The Authority has determined that the responsibility for the failings identified in respect of COL rests with the directors of the same and those holding certain Controlled Functions (as such term is defined in the Guidance) at all relevant times, the Investigation having established that there had been a failure in sufficient oversight and challenge by COL’s Directors with an overreliance on the competence of its compliance function. The Authority views the failings of COL as being a ‘board room malaise’ rather than purely operational failures.
3.7 The Authority has identified matters that caused it to assess the fitness and propriety of the persons undertaking certain Controlled Functions at COL. Such assessments, by the Authority, have caused it to conclude that the individuals holding such roles are not fit and proper to hold such roles in COL and, in certain instances, in the regulated sector in the Isle of Man more generally and the Authority has therefore determined that it is appropriate, reasonable and proportionate for it to exercise its powers under section 10A of the FSA to prohibit those role holders from continuing in those positions (the “Prohibitions”). Such prohibitions have been imposed upon the following persons (in alphabetical order): Gerald Chase (controller, director, money laundering reporting officer and director of client companies at all relevant times), Paul Chase (controller, director, deputy money laundering reporting officer and director of client companies at all relevant times) and Lee Murphy (director, director of client companies and company secretary at all relevant times).
4.1 The Authority is satisfied that the ancillary measures taken against certain of COL’s current and former Controlled Function Role Holders, reflect the serious nature of the non-compliance identified. The Authority is satisfied that the current directors of COL, at this time, recognise and accept the failings of COL.
4.2 In accordance with the Authority’s ‘Enforcement Decision Making Process’ (the “EDMP”), COL entered into settlement discussions with the Authority and, having accepted the conclusions of the s.23 report, the Inspection and the Investigation, it sought to finalise and remediate matters expeditiously. Such remedial work has enabled COL to cease undertaking regulated activity and to surrender its licence. The Authority acknowledges Gerald Chase and Paul Chase provided support to the business to enable it to conclude an orderly winding up of its regulated activities.
5. Cooperation and Remediation
5.1 The Authority is satisfied that COL and the directors of COL cooperated fully and engaged positively with the Authority’s EDMP.
5.2 The directors of COL, under whose stewardship COL was at all relevant times operating, have accepted responsibility for the Contraventions and associated issues identified by the Authority.
5.3 As a consequence of the Authority’s Investigation COL determined to cease undertaking regulated activities and surrendered its licences on 27 July 2022. Without COL taking such steps, the Authority would likely have sought to utilise additional powers available to it in relation to COL.
6. Key Learning Points for Industry
6.1 All firms undertaking business in the regulated sector have an obligation to conduct their affairs in a manner that adequately mitigates the risks faced by it in order to ensure that the Isle of Man retains its reputation as a responsible, and well regulated, international financial centre. The Authority requires that such businesses have appropriate expertise, experience, sophistication and operational capacity within its resources and within its anti-money laundering and countering the financing of terrorism framework and controls. Directors of Isle of Man companies are subject to certain minimum standards of care, skill and diligence in discharging their duties. It should be noted that a higher standard is likely to be applied to a person who offers his services as Director as a profession or by way of business. This is a well-established principle in the Isle of Man.
6.2 It is the responsibility of the directors of a licenceholder to ensure that at all times it is able to meet its liabilities as they fall due and must at all times maintain the liquid capital requirements of an amount calculated in accordance with the Rule Book.
6.3 Directors have, both collectively and individually, a continuing duty to acquire and maintain a sufficient knowledge and understanding of a company's business to enable them to properly discharge their duties as directors. Whilst directors are entitled (subject to the constitutional documents of a company) to delegate particular functions to others below them in the management chain, and to trust their competence and integrity to a reasonable extent, the exercise of the power of delegation does not absolve a director from the duty to supervise the discharge of the delegated functions.
6.4 The reliance of a director upon his co-directors and the officers of a company must not be without clear oversight and appropriate challenge. Directors have a duty to inform themselves about the business they are managing so that they are in a position to understand what is happening within a company and anticipate the potential implications for such company. The collective responsibility of the board of directors of a company is of fundamental importance to corporate governance. That collective responsibility must however be based on individual responsibility. Each individual director owes duties to a company to inform himself or herself about its affairs and to join with his or her co-directors in supervising and controlling them.
6.5 Where directors have been found to have fallen below the minimum standards of care, skill and diligence in discharging their duties, particularly where such failures have led to contraventions of the law or breaches of regulations, the Authority, in assessing whether individuals remain fit and proper to hold controlled function roles, will consider the individuals’ fitness across all sectors and not restrict its exercise of any of its powers to the sector where the failings occurred.
 There is a statutory obligation for the Authority to take into account such potential financial consequences (please see further Regulation 5(3)(c) of the Regulations
 As such term is understood in the context of the Authority’s document titled ‘Regulatory Guidance Fitness and Propriety’ dated 1 March 2022