JFSC releases findings on Trust Company Reviews. Time for businesses to get their houses in order.

There are some statistics which are inherently difficult to interpret.  It could be argued, for example, that a reduction in the number of reported rapes is a good thing (because it shows that the offence is on the decrease) or a bad one (because it shows that fewer people are reporting incidents to the police).  What spin to put on the findings depends largely on the motivation of the author.  The JFSC figures in relation to the outcome of its 2011 Trust Company Business site visits present just such a conundrum. 

On the face of it, the figures are fairly poor - a total of 47 examinations were conducted during 2011, and in six cases this resulted in enforcement action being taken.  A further 4 cases required heightened supervision, and 24 cases required monitoring of a remediation plan.  So, if we are to put a gloomy spin on the figures, 72% of investigated businesses failed to meet all of the regulatory requirements, and only 28% were given a clean bill of health.

This seems to be a marked deterioration on previous years.  In 2008, enforcement action was taken in respect of only one business following an examination. This number increased to four in each of 2009 and 2010 with a further increase to six in 2011. Whilst, on the face of it, this represents a disappointing trend, it is also a reflection of the Commission’s reduced level of tolerance in the event that businesses are found to be materially non-compliant in key areas, rather than a deterioration in the level of compliance.

And in fact, the percentage of businesses requiring either heightened supervision or enforcement action (the two most serious categories) has fallen from 25% to 21% in the last year. Furthermore, the number of cases requiring formal monitoring is increasing as a consequence of the fact that the JFSC now takes the approach that any findings identified as a result of an examination will now, ordinarily, result in a report being issued, with any required remediation being subject to formal monitoring – ie the threshold for a formal follow-up being implemented is much lower than it used to be.

So where are trust companies failing to adhere to best practice?

Findings relating to poor corporate governance were identified in five of the six examinations which resulted in enforcement action being taken, indicating that shortcomings in this area can result in serious consequences including business failure.  The most common finding when reviewing the records of the boards of businesses concerned the lack of documentation relating to the thought process and deliberations of the board when reaching decisions.

Most businesses utilise committees in managing their affairs. Commission findings in this area included a lack of formal approval by the board with regard to the formation of a committee, lack of or inadequate terms of reference, no reporting back to the board or inadequate consideration by the board of the activities of the committee.

In 2010, JFSC highlighted that conflicts of interest were an area of common failings in trust companies, and it seems that this remains the case.   A range of findings in 2011 arose in respect of conflicts of interest. These varied from relatively minor findings relating to the requirement to update policies and procedures through to more fundamental failures such as failing to recognise and record the conflicts of interest arising where shareholders and board members of businesses were co-investing with, lending to and borrowing from both customers directly and customer entities for which they were responsible

Deficiencies in the area relating to CDD represented the most common findings with respect to the 2011 examination programme. Findings included: a lack of certification of CDD information or other additional checks where businesses were relying on such information to satisfy non face-to-face identification and verification; illegible address verification and unrecognizable photographic identification; and a lack of understanding of the nature and level of CDD records required in respect of higher risk customers.

Another common area of findings related to businesses not obtaining enhanced CDD when required or not documenting the additional measures undertaken to fully address this segment of business.

A further common theme to emerge was the lack of appreciation of the requirements when using group introduction certificates. In these circumstances, the Commission found examples where no assessment of risk had been undertaken, nor had there been any testing to determine whether the group company held the required CDD and could provide copies upon request. The certificate itself in some instances had failed to contain relevant CDD information, such as an individual’s date of birth.

As has been noted in the previous three feedback reports from JFSC, the requirement to prepare a Business Risk Assessment and strategy was introduced by the AML/CFT Handbook in February 2008. The lack of compliance with this requirement has remained a common finding, but the nature of the issues arising, generally, are of a lesser degree of importance in terms of risk, than those identified in previous years.  The most common finding relating to the BRA was again the failure by businesses to consider and identify the specific risks applicable to their own business, rather than the generic risks applicable to the trust company business sector.

In relation to business acceptance procedures, the Commission found some good examples of best practice being instigated where businesses were carrying out a detailed acceptance process which included full consideration of the risks to the business in establishing a customer relationship.  Some of the more common adverse findings occurred where businesses were approving new customer entities and commencing activity prior to obtaining appropriate CDD or undertaking enhanced CDD for higher risk customers.

The Commission identified repeat findings where some businesses had not completed and signed off client acceptance forms until some months after the business relationship was established. This included examples where businesses had undertaken transactions for customers without adequate CDD being held, thus breaching anti-money laundering legislation.

Finally, the Commission has again noted the failure of some businesses to obtain copies of the relevant tax advice in respect of customer structures established primarily for the purpose of efficient tax structuring. In all but the most simple of cases, the Commission considers it would be difficult for businesses to demonstrate an adequate knowledge and understanding of the rationale for a tax driven structure, without sight of the tax advice supporting it.  Given the constant changes in tax legislation it is also important that the relevance of the tax advice held for a customer entity is considered as part of a business’s periodic review process.

Based on my personal review of trust companies over the past couple of years, my own assessment of the statistics would be that trust companies are by-and-large improving their regulatory compliance.  Most trust companies have now significantly reduced or eliminated backlogs in KYC, risk assessments and periodic reviews and are more focused on fully documenting business take-on process than may have been the case in the past.  However, trust company directors cannot afford to be complacent, as the JFSC is now clearly taking a tougher line on enforcement.  The days when businesses might expect to be given some lee-way to allow for historic non-compliance to be rectified, or for failures in documentary proof of matters where there is no evidence of actual wrong-doing, are numbered.  Purchasers of trust company business would therefore do well to understand fully the regulatory compliance status of entities they are buying, as any weaknesses are likely to be exposed and result in a period of monitoring by JFSC, if not more draconian action.

The JFSC has for many years been seen as one of the toughest regulators in the offshore world for regulatory matters, and there is every indication that this approach will continue.