Public statement concerning the imposition of a civil penalty under The Anti-Money Laundering & Countering The Financing Of Terrorism (Civil Penalties) Regulations 2019 in respect of Y & A Group, LP (“Y & A”)

1. Action

1.1 The Isle of Man Financial Services Authority (the “Authority”) makes this public statement in accordance with powers conferred upon it under each of section 27 of the Designated Businesses (Registration and Oversight) Act 2015 (the “Act”) and regulation 5(7) of the Anti-Money Laundering and Countering the Financing of Terrorism (Civil Penalties) Regulations 2019 (the “Regulations”).

1.2 The making of such public statement supports the Authority’s regulatory objectives of, among other things, securing an appropriate degree of protection for customers of persons carrying on a regulated activity, reducing financial crime and maintaining confidence in the Isle of Man’s financial services industry.

1.3 Following an inspection of Y & A by the Authority under section 14 of the Act (the “Inspection”), which identified a number of contraventions by Y & A in relation to the Anti-Money Laundering and Countering the Financing of Terrorism Code 2019 (the “Code”), the Authority has deemed it appropriate, necessary and proportionate, in all the circumstances, that Y & A be required to pay a civil penalty imposed under the Regulations.

1.4 The Regulations allow for penalties to be imposed at two levels depending on the seriousness of the contraventions of the Code identified. Penalties imposed equate to a percentage of the relevant person’s income (as such terms are defined in the Regulations). In this instance, the Authority has deemed that the contraventions of the Code identified, in all of the circumstances, merit that a civil penalty be imposed in the higher, Level 2, penalty bracket.

1.5 The civil penalty imposed on Y & A is the sum of £40,901, which is discounted by 30% to £28,631(the “Civil Penalty”).

1.6 The level of the Civil Penalty reflects the fact that Y & A co-operated with the Authority and agreed settlement at an early stage, through the employment of the Authority’s Enforcement Decision-Making Process (“EDMP”).


2. Background

2.1 Y & A at all material times has been registered with the Authority as a tax advisor under the Designated Business (Registrations and Oversight) Act 2015.

2.2 Y & A’s 2020 annual return, submitted to the Authority under the Act, indicated, in respect of their designated business activities, a high proportion of foreign politically exposed persons (“FPEPs”). In light of the foregoing, Y & A was selected to be part of FPEP thematic project undertaken by the AML/CFT Division of the Authority.

2.3 The Authority conducted the Inspection in April 2022 and this identified a significant number of contraventions of the Code by Y & A across its FPEP client base (the “Contraventions”).

2.4 Y & A has engaged positively with the Authority throughout this matter in a timely and constructive manner.


3. Key Findings from inspection report

Contraventions of the Code identified by the Inspection included:

  • The Business Risk Assessment and the supplementary AML Risk Assessment as a whole was too generic and did not identify, nor estimate the risks posed to the business in relation to foreign PEPs (Paragraph 5 of the Code);
  • There was no clear, detailed Customer Risk Assessment methodology documented, nor was it demonstrated to the Authority’s officers how the overall risk rating of the business relationship was determined (Paragraph 6 of the Code);
  • Code compliant enhanced due diligence was not on file in all cases (Paragraph 15 of the Code);
  • Source of funds and source of wealth was not adequately established (Paragraphs 14 and 15 of the Code);
  • Ongoing monitoring was not enhanced nor effective (Paragraph 13 of the Code);
  • Monitoring and testing of the firm’s compliance with the Code was not undertaken (Paragraph 30 of the Code); and
  • Certain FPEPs were not always identified as FPEPs or identified at the appropriate time (Paragraph 14 of the Code).


4. Key Learning Points for Industry

4.1 Compliance with the Code is a legal requirement; the Authority is committed to taking appropriate and proportionate action to address contraventions of the Code.

4.2 The higher ML/FT risks posed by business relationships involving FPEPs, who are considered to be more exposed to the risk of bribery and corruption, demonstrates the increased importance of on-boarding processes including appropriate sign off, sufficiently establishing ‘Source of Funds’/’Source of Wealth’, conducting effective ’Enhanced Customer Due Diligence’ and enhanced ongoing monitoring. The absence, or ineffectiveness, of these controls will also impact on a relevant person’s ability to conduct effective and appropriate monitoring, including scrutiny of transactions, which in turn may result in unusual or suspicious activity not being identified in the appropriate circumstances. Without the appropriate effective procedures and controls in place, or not being operated adequately, a relevant person will be unable to manage and mitigate the identified risks of ML/FT and conduct the business utilising a risk based approach as required by the Code.

4.3 Though it may be possible to place reliance on specified third parties or outsource certain AML/CFT practices to others, it is not possible to outsource responsibility for compliance with any of the Code’s requirements. Relevant person’s should therefore ensure they are satisfied that, where they place reliance on a third party by whatever means, the requirements of the Code are met. The ultimate responsibility for ensuring compliance with the Code is that of the relevant person.

4.4 There are a number of powers available to the Authority to address identified instances of non-compliance with the Code. The Authority’s powers include, but are not limited to, the issuance of a direction and/or public statement as well as the imposition of civil penalties or the commencement of criminal proceedings under the relevant legislation. The particular circumstances and the nature of an entity’s non-compliance with the Code will determine the course of and type of action(s) taken by the Authority.

4.5 Active engagement and cooperation with the Authority provides the best possible opportunity to resolve matters in a timely and constructive manner and, where appropriate, to minimise the likelihood of the Authority taking further action in relation to instances of non-compliance with the Code.

4.6 The Authority will publish details of ongoing and concluded matters when it is in the public interest to do so.