Public statement concerning the imposition of a civil penalty under The Anti-Money Laundering & Countering The Financing Of Terrorism (Civil Penalties) Regulations 2019 in respect of Cornerstone Crew Management (M.I.) Limited (“Cornerstone”)

Cornerstone Crew Management (M.I.) Limited (“CORNERSTONE”)

1. Action

1.1 The Isle of Man Financial Services Authority (the “Authority”) makes this public statement in accordance with powers conferred upon it under each of section 27 of the Designated Businesses (Registration and Oversight) Act 2015 (the “Act”) and regulation 5(7) of the Anti-Money Laundering and Countering the Financing of Terrorism (Civil Penalties) Regulations 2019 (the “Regulations”).

1.2 The making of such public statement supports the Authority’s regulatory objectives of, among other things, securing an appropriate degree of protection for customers of persons carrying on a regulated activity, reducing financial crime and maintaining confidence in the Isle of Man’s financial services industry.

1.3 Following an inspection of Cornerstone by the Authority under section 14 of the Act (the “Inspection”), which identified a number of contraventions by Cornerstone in relation to the Anti-Money Laundering and Countering the Financing of Terrorism Code 2019 (the “Code”), the Authority has deemed it appropriate, necessary and proportionate, in all the circumstances, that Cornerstone be required to pay a civil penalty imposed under the Regulations.

1.4 The Regulations allow for penalties to be imposed at two levels depending on the seriousness of the contraventions of the Code identified. Penalties imposed equate to a percentage of the relevant person’s income (as such terms are defined in the Regulations). In this instance, the Authority has deemed that the contraventions of the Code identified, in all of the circumstances, merit that a civil penalty be imposed in the higher, Level 2, penalty bracket.

1.5 The civil penalty imposed on Cornerstone is the sum of £13,797, which is discounted by 30% to £9,658 (the “Civil Penalty”).

1.6 The level of the Civil Penalty reflects the fact that Cornerstone co-operated with the Authority and agreed settlement at an early stage, through the employment of the Authority’s Enforcement Decision-Making Process (“EDMP”).

2. Background

2.1 Cornerstone is a company incorporated in the Marshall Islands (registry number 105974) and it was incorporated on 25 August 2020. Cornerstone is registered as a foreign company with the Isle of Man Companies Registry (company number 006325F) and has been so registered since 22 September 2020. Cornerstone has been registered as a ‘payroll agent’ pursuant to the Designated Businesses (Registration and Oversight) Act 2015 (“the Act”) since September 2020.

2.2 Cornerstone’s annual return, submitted to the Authority under the Act, indicated a high proportion of foreign politically exposed persons (“FPEPs”) across its designated business client base. Cornerstone was therefore selected to be part of the FPEP thematic project undertaken by the AML/CFT Division of the Authority.

2.3 The Authority conducted the Inspection in July 2022 and this identified a significant number of contraventions of the Code by Cornerstone across its FPEP client base (the “Contraventions”).

2.4 Cornerstone has engaged positively with the Authority throughout this matter in a timely and constructive manner.

3. Key Findings from inspection report

Contraventions of the Code identified by the Inspection included:

  • Cornerstone was found to have been using a section from a third party’s business risk assessment in the absence of and pending the adoption of its own such document. Its own business risk assessment did not include an overall assessment of the risk of money laundering and terrorist financing of its specific business sector (paragraph 5 of the Code);
  • the customer risk assessments (“CRA”) of Cornerstone did not include all the areas required to be considered by the Code, which led to the CRAs on the files reviewed not satisfying the requirements of the Code (paragraph 6 of the Code);
  • Code-compliant customer due diligence and enhanced due diligence was not on file in all cases (paragraphs 8 of the Code);
  • Cornerstone could not demonstrate that ongoing monitoring was being undertaken. Furthermore its ongoing and enhanced monitoring policies and procedures did not meet the requirements of the Code (paragraphs 14 and 15 of the Code);
  • there was no oversight or testing of any of the functions by Cornerstone – the same was either outsourced or reliance had been placed on a third party (paragraph 30 of the Code); and
  • Cornerstone utilised third party training and such training materials were not tailored to its business sector (paragraph 32 of the Code).

4. Key Learning Points for Industry

4.1 Compliance with the Code is a legal requirement; the Authority is committed to taking appropriate and proportionate action to address contraventions of the Code.

4.2 The higher ML/FT risks posed by business relationships involving FPEPs, who are considered to be more exposed to the risk of bribery and corruption, demonstrates the increased importance of robust processes and procedures. The absence, or ineffectiveness, of controls will impact on a relevant person’s ability to conduct effective and appropriate monitoring, including the oversight or testing of any functions that have been outsourced or where reliance has been placed on a third party to provide services. Without the appropriate effective procedures and controls in place, or not being operated adequately, a registered person will be unable to manage and mitigate the identified risks of ML/FT and conduct the business utilising a risk based approach as required by the Code.

4.3 There are a number of powers available to the Authority under the Act, the Code and the Regulations to address identified instances of non-compliance with the Code. The Authority’s powers include, but are not limited to, the issuance of a direction and/or public statement as well as the imposition of civil penalties or the commencement of criminal proceedings under the relevant legislation. The particular circumstances and the nature of an entity’s non-compliance with the Code will determine the course of and the type of action(s) taken by the Authority.

4.4 Active engagement and cooperation with the Authority provides the best possible opportunity to resolve matters in a timely and constructive manner and, where appropriate, to minimise the likelihood of the Authority taking further action in relation to instances of non-compliance with the Code.

4.5 The Authority will publish details of ongoing and concluded matters when it is in the public interest to do so.