Public statement concerning the regulatory investigation of The Isle of Man Financial Services Authority in respect of R & M Management (I.O.M.) Limited and the associated outcomes
R & M Management (I.O.M.) Limited (“R&M”)
Action
- The Isle of Man Financial Services Authority (the “Authority”) makes this public statement in accordance with powers conferred on it under section 13 of the Financial Services Act 2008 (the “Act”).
- The making of such public statement supports the Authority’s regulatory objectives of, among other things, reducing financial crime and maintaining confidence in the Isle of Man’s financial services industry. The public statement is made by the Authority in relation to the failings of R&M that occurred during the period 2010 and 2020 (inclusive) (the “material times”).
- Following a self-report to the Authority by R&M in 2018, via its manager Trident Trust Company (I.O.M.) Limited (“Trident IOM”), the Authority commenced an investigation in respect of R&M and identified a number of regulatory failings. In light of the same, the Authority has determined that it would be reasonable and proportionate, in all the circumstances, that R&M be required to pay a discretionary civil penalty under section 16 of the Act and the Financial Services (Civil Penalties) Regulations 2015 in the sum of £11,348 discounted by 30% to £7,944 (the “Civil Penalty”).
- The level of the Civil Penalty reflects the severity of the failures.
- The level of the Civil Penalty further reflects that:-
- 5.1 R&M self-reported the failings in 2018, via its manager Trident IOM, and has undertaken extensive remediation since this time;
- 5.2 R&M and the R&M directors co-operated with the Authority, in particular since its self-reporting in 2018, and agreed settlement at an early stage, through the Authority’s Enforcement Decision-Making Process (“EDMP");
- 5.3 R&M, working with its appointed independent third party consultants (retained to assist and report) (the “Consultants"), identified the majority of the failings that occurred during the material times. The reports of the Consultants were provided to the Authority;
- 5.4 R&M and the R&M directors have cooperated fully and engaged positively with the Authority, including in respect of the enhanced supervisory measures imposed on them by the Authority under sections 14 and 23 of the Act; and5.5 R&M has taken substantial steps and invested significant resources to remediate the failings identified in this public statement.
Background
- R&M is licensed by the Authority in accordance with section 7 of the Act to undertake certain Class 4 and Class 5 regulated activities. R&M’s licence to carry on the above-noted regulated activities is subject to conditions. These conditions include that Trident IOM serves as manager of R&M unless other arrangements approved by the Authority are in place. In accordance with Trident IOM’s Class 7 licence permission, Trident IOM provided management and administration services to R&M during the material times. As a consequence of being managed and administered by Trident IOM, Trident IOM has at all material times provided R&M with directors, officers and personnel. Additionally, Trident IOM applied its control procedures to managing R&M’s business. Accordingly, Trident IOM’s compliance and anti-money laundering (“AML”)/countering the financing of terrorism (“CFT”) policies and procedures have at all material times been applicable to R&M and R&M’s customer relationships.
- In the third quarter of 2018 R&M, via its manager Trident IOM, made the Authority aware that it had identified an issue in relation to its compliance with the Isle of Man’s Anti-Money Laundering and Countering the Financing of Terrorism Code 2015 (as amended from time to time, the “Code”). At the same time R&M, via its manager Trident IOM, commissioned the Consultants to review and report. In February 2019, R&M formally notified the Authority of a number of prima facie contraventions of the Code and breaches of the Financial Services Rule Book 2016 (the “Rule Book”).
- From February 2019 onwards, R&M has been subject to enhanced supervision around aspects of its conduct of regulated activity including its program of remediating the contraventions and breaches identified.
- By October 2019, having fully considered the work of the Consultants, and having sight of a number of further issues of non-compliance being identified through the remediation exercise, the Authority opened an investigation to establish whether R&M remained ‘fit and proper’ to hold a licence (the “Investigation”).
- Ancillary to its enhanced supervision and ongoing Investigation, the Authority also exercised powers under sections 14 and 23 of the Act to engage a third party professional to operate a number of additional controls over aspects of R&M’s operational activities and to report on areas of its ongoing and historical activities.
- R&M continued to report to the Authority instances of historic non-compliance, during the material times, identified via its ongoing remedial work, into 2022.
- The measures, actions and broad approach to this matter reflect the period of historic non-compliance and the high risk profile of certain of R&M’s current and former customers.
Investigation conclusions
- The Authority conducted the Investigation and was, at all times, mindful of the higher risk profile of the R&M customer base. Licenceholders with such a profile and a higher risk appetite are naturally required to be able to demonstrate the highest standards of governance, risk and compliance frameworks and a culture that pervades high ethical and moral standards to the conduct of business and compliance with the regulatory framework.
- Similarly to the work of the Consultants and the work of the professional appointee under sections 14 and 23 of the Act, the Investigation identified a range of material weaknesses at all levels of R&M’s control and governance structure during the material times that, on reasonable grounds, brought into question R&M’s fitness and propriety. This included failures by R&M to organise and control its affairs in a responsible manner; deficient systemic AML/CFT policies and procedures; and conduct of business failings in respect of entities administered by R&M. Amongst the matters confirmed were that R&M:-
- 14.1 had not been fully meeting a number of Code Requirements - R&M was contravening certain aspects of paragraph 4, 5, 6, 8, 12, 13, 14, 15 and 30 of the Code;
- 14.2 had not been fully meeting Rule Book requirements in relation to maintaining appropriate internal and operational controls, systems, policies and procedures - R&M was breaching certain aspects of rules 8.2, 8.3, 8.9, 8.10 and 8.62 of the Rule Book; and
- 14.3 had not been fully meeting rules relating to the conduct of business under the Rule Book - R&M was breaching certain aspects of rules 6.1, 6.2 and 6.11 of the Rule Book.
- The matters detailed are serious and if not adequately addressed, particularly in terms of the preventative measures set out in the Code, significantly increase the risk that R&M’s services could have been exploited by persons who may wish to launder money or finance terrorism and therefore, by association, may have negatively impacted upon the Authority’s regulatory objectives and the reputation of the Isle of Man as a responsible and well regulated International Financial Centre.
- Notwithstanding these findings and conclusions, R&M today is effectively governed by new directors and its controlled function role holders (including its Managing Director, Head of Compliance and MLRO) are new appointees. R&M has also, as a result of the issues identified, implemented a far more robust and professional anti financial crime framework and has downgraded its risk appetite. The Authority has determined that, at this time, R&M remains permitted and licensed to carry on undertaking regulated activity. Notwithstanding the foregoing, the Authority understands that R&M will be surrendering its licence to undertake Class 4 and Class 5 regulated activities in due course.
Statement
- The Authority is satisfied that the imposition of the Civil Penalty on R&M, in conjunction with this public statement, reflects the serious nature of the historical non-compliance and the historical compliance culture.
- In accordance with the EDMP, R&M entered into settlement discussions with the Authority and sought to finalise and remediate matters expeditiously.
Cooperation and Remediation
- The Authority is satisfied that R&M and the directors of R&M cooperated fully and engaged positively with the Authority’s EDMP, its enhanced supervisory measures and the Investigation.
- The requirements of the notices issued by the Authority under section 23 of the Act have been fully complied with such that these notices have no ongoing effect, and the directions issued by the Authority under section 14 of the Act have been withdrawn.
Key Learning Points for Industry
- The Authority continues to focus its attention and resources on those businesses that have a high risk appetite and whose proportion of high risk customers is greater than its peer group. Those wishing to operate in this space must demand of themselves the most rigorous governance, compliance and risk management regimes and engage staff in all relevant key functions who have the requisite experience and expertise in identifying and mitigating risk and who can ensure that an appropriate compliance-minded, risk aware culture is embedded in the organisation.
- Compliance with the Code is mandatory not optional. Non-compliance with the Code increases the risk that a regulated entity’s products and services could be exploited by those who would wish to launder money or finance terrorism.
- A regulated entity’s risk management arrangements, including in respect of AML and CFT, should extend to understanding the investment and operational activities of its clients even when providing only a limited range of services to any particular client.
- The officers and staff of a regulated entity with a higher risk appetite and higher risk clients should be adequately trained and qualified and have a background in administering higher risk clients and be considered by the Board of the regulated entity, individually and collectively, to have the appropriate degree of expertise to mitigate associated risks.
- All stages of the client relationship, from new client take-on through to exiting the relationship, should pervade the same approach, attitude and culture so as to deter those who may wish to exploit a licenceholder to launder money or finance terrorism.
- The Authority will focus its attention on board members (including non-executive directors) to ensure that they can each articulate to the Authority the risk appetite of the business, the appropriateness of the measures put in place to prevent financial crime and how they ensure that the appropriate culture pervades the organisation. Those same people need to be receptive to the thoughts, wishes and suggestions of those people in critical controlled-functions (such as Head of Compliance, MLRO and DMLRO) and ensure that those voices are heard.
- Whilst mistakes can happen in any business, non-compliance tends to be systemic in licenceholders where appropriate governance structures, culture or tone from the top have not been embedded. In addition to increasing the risk of money laundering and the financing of terrorism, these weaknesses may lead to other regulatory weaknesses such as failures in appropriately managing and monitoring conflicts. The time period of non-compliance can be extensive if non-compliance is culturally ‘the norm’ or where any challenge is dismissed. In those circumstances, the Authority will examine very carefully whether any of the licenceholder’s key staff have undertaken their duties in a manner that lacks competence, or a manner that lacks integrity or both.
- A regulated entity, having self-reported and voluntarily entered into a candid and open dialogue with the Authority followed by appropriate and timely remediation, may receive a financial, or other regulatory sanction. In such instances, it is also likely that any sanction imposed by the Authority will be less than would otherwise be the case. Recurring, numerous or lasting regulatory failings, as well as breaches of licence conditions relating to adequate procedures and controls, may aggravate the sanction.