Public statement concerning the regulatory investigation by the Isle of Man Financial Services Authority in respect of Suzanne Margaret Collins and associated outcomes

Suzanne Margaret Collins (“Mrs Collins”)

1. Action          

 

1.1 The Isle of Man Financial Services Authority (the “Authority”) makes this public statement in accordance with powers conferred on it under section 13(3)(a) and (b) of the Financial Services Act 2008 (“FSA”) and section 35(1)(c) of the Insurance Act 2008 (“IA”), (collectively the “Acts”).            

1.2 The making of such public statement supports the Authority’s regulatory objectives of, among other things, securing an appropriate degree of protection for customers of persons carrying on a regulated activity, reducing financial crime and maintaining confidence in the Isle of Man’s financial services industry.        

1.3 An investigation in respect of Corporate Options Limited[1] (“COL”) by the Authority identified a number of regulatory failings including serious failings in COL’s compliance function. In light of the same, the Authority has determined that it would be reasonable and proportionate, in all the circumstances, that it issues a public statement in respect of Mrs Collins’ performance as Head of Compliance.  

 

2. Background  

             

2.1 At all relevant times COL was licensed by the Authority in accordance with section 7 of the Act to undertake certain Class 4 and Class 5 regulated activities.    

2.2 Mrs Collins held the role of ‘Head of Compliance’ at COL from 15 September 2016 until 28 May 2020.

2.3 In November and December 2019, the Authority conducted a supervisory inspection in respect of COL in accordance with its statutory powers under Schedule 2 to the Act (the “Inspection”). The Inspection identified contraventions of the Anti-Money Laundering and Countering the Financing of Terrorism Code 2019 (the “Code”) (the “Contraventions”). The Contraventions are serious regulatory failings and are aggravated by the fact that a significant proportion of COL’s customer base, following a risk re-rating process when assessed against the requirements of the Code, are classified as high-risk.    

2.4 Following the Inspection, the Authority took steps under section 14 and section 23 of the FSA that required COL to appoint a third party professional firm to undertake a range of work that would ultimately lead to a report being produced by it regarding the extent and suitability of COL’s anti-financial crime framework and a review of COL’s compliance function (the “23 report”).

2.5 Following its receipt of the s.23 report in November 2020, the Authority continued to investigate whether COL was able to satisfy the Authority that it remains ‘fit and proper’ to hold some or all of the licences granted under section 7 of the Act, in accordance with the Authority’s published guidance (the “Guidance”) (the “Investigation”). To hold a licence, a person is required to satisfy the Authority that both it, and its Controlled Function Role Holders[2], are fit and proper. Satisfaction of this requirement is an ongoing obligation.

 

3. Investigation conclusions

 

3.1 The Investigation, the Inspection and the s.23 report each identified a range of issues that, when reasonably and proportionately assessed by the Authority against the Guidance and all relevant legislation, brought into question COL’s fitness and propriety to continue to hold a licence with certain Class 4 and Class 5 permissions. It was established that, at relevant times , COL - 

      • had failed to ensure the good governance of the licenceholder and compliance with regulatory requirements;
      • had not demonstrated that it has effective risk management and internal control frameworks in place;
      • had not maintained appropriate operational controls and procedures relating to the services it provides to Closed Ended Investment Companies (“CEICs”);
      • had procedures that were high level and contained nothing to cover the services provided to CEICs;
      • had established business relationships without conducting Customer Risk Assessments;
      • had in place Eligible Introducer (“EI”) arrangements with a book of 16 client entities. Upon investigation the Authority identified that the entity COL treated as an EI had not been regulated for over 4 years. This change in status had not been identified by COL nor was it clear there any arrangements in place to ensure that such matters are identified;
      • had a Business Risk Assessment which contained comment which indicated that COL did not have full control over the number of EI (and Applicable Applicant) arrangements in place;
      • had a Business Risk Assessment which did not effectively demonstrate compliance with the requirements of rule 8.6 of the Financial Services Rule Book 2016 (the “Rule Book”); and
      • had not adopted measures to manage its conflicts of interest as required by rules 8.9 and 8.10 of the Rule Book.

 

3.2 It was also established that, at relevant times, COL, in relation to its requirements under the Code:

      • had not been fully meeting the Code requirements in relation to establishing, recording, operating and maintaining procedures and controls;
      • had not been fully meeting the Code requirements in relation to conducting its business risk assessment;
      • had not been fully meeting the Code requirements in relation to conducting customer risk assessments;
      • had not been fully meeting the Code requirements in relation to carrying out its technology risk assessment;
      • had not been fully meeting the Code requirements in relation to beneficial ownership and control;
      • had not been fully meeting the Code requirements in relation to enhanced customer due diligence;
      • had not been fully meeting the Code requirements in relation to eligible introducer arrangements;
      • had not been fully meeting the Code requirements in relation to establishing, recording, maintaining and operating appropriate procedures and controls for monitoring and testing compliance with AML/CFT legislation;
      • had not been fully meeting the Code requirements in relation to staff training; and
      • on the basis of the above, was acting in contravention of paragraphs 4, 5, 6, 7, 12, 15, 19, 30 and 32 of the Code.

3.3 The s.23 report noted as follows in relation to COL - “Our review indicates that your company has not been fully compliant with the Code and Rule Book for several years principally because the company has not invested sufficient time and resources in its AML and other compliance activities”; and “with regards to the definition of AML/CFT legislation, the company has designed internal and operational controls, systems, policies and procedures to address the Code requirements. Unfortunately, the sufficiency and appropriateness of those controls, systems, policies and procedures falls short of the Code requirements in a number of key areas as described throughout this report”. The third party professional firm also reported on the adequacy of COL’s policies/procedures/controls with regards to AML/CFT legislation and undertook client file sample reviews to determine whether clients had been appropriately risk rated.  This led to a revision of COL’s risk assessment process, with the number of clients classified as high risk increasing from 27.1% to 85.9%. Whilst this review took place after Mrs Collins left the business, the issues were all manifest in the period of her tenure.  

3.4 The s.23 report also identified and evidenced that a company administered by COL was undertaking regulated activity without being licensed to do so, observing that, “there are multiple indicators of non-compliance with the Financial Services Act 2008, the Proceeds of Crime Act 2008 and associated secondary legislation

3.5 The Authority has determined that the responsibility for the failings identified in respect of COL rests with the directors of the same and those holding certain Controlled Functions (as such term is defined in the Guidance) at all relevant times, the Investigation established that there had been a failure in sufficient oversight and challenge by COL’s directors with an overreliance on the competence of its compliance function.  

3.6 The Authority has identified matters that caused it to assess the fitness and propriety of Mrs Collins in her role as ‘Head of Compliance’. Such assessments, by the Authority, have caused it to conclude that Mrs Collins is not fit and proper to hold certain roles, in the regulated sector in the Isle of Man and the Authority has therefore determined that it is appropriate, reasonable and proportionate for it to exercise its powers under section 10A of the FSA and section 29A of the IA to prohibit Mrs Collins from performing any of the following controlled function[3] and/or key person roles (or equivalent ) in the regulated sector in the Isle of Man pursuant to section 10A of the FSA and section 29A of the IA (“the Prohibitions”):

a) the role of ‘head of compliance’[4] for any entity licensed, approved or authorised by the Authority;

b) the role of ‘money laundering reporting officer’[5] for any entity licensed, approved or authorised by the Authority;

c) the role of ‘deputy money laundering reporting officer’[6] for any entity licensed, approved or authorised by the Authority; and

d) the role of ‘principal control officer’[7] for any entity authorised, permitted or registered under the IA in so far as it applies to the roles detailed at 3.6 a) to c) above.

 

4. Statement 

4.1 The Authority is satisfied that the measures taken against Mrs Collins reflect the serious nature of the non-compliance identified. The Authority is satisfied that Mrs Collins acknowledges and accepts her identified failings.

4.2 In accordance with the Authority’s ‘Enforcement Decision Making Process’ (the “EDMP”), Mrs Collins entered into settlement discussions with the Authority and, having accepted the conclusions of the s.23 report, the Inspection and the Investigation, sought to finalise and remediate matters expeditiously.   

   

5. Cooperation and Remediation         

5.1 The Authority is satisfied that Mrs Collins cooperated fully and engaged positively with the Authority’s EDMP.

5.2 Mrs Collins has acknowledged and accepted the findings identified by the Authority against her.        

 

6. Key Learning Points for Industry    

6.1All firms undertaking business in the regulated sector have an obligation to conduct their affairs in a manner that adequately mitigates the risks faced by it in order to ensure that the Isle of Man retains its reputation as a responsible, and well regulated, international financial centre.   The Authority requires that such businesses have appropriate expertise, experience, sophistication and operational capacity within its resources and within its anti-money laundering and countering the financing of terrorism framework and controls.

6.2 The role of Head of Compliance (“HOC”) is a legal requirement for licenceholders in the Isle of Man and a competent HOC, with sufficient oversight by the directors of a licenceholder conducting regulated activity, is a key component in mitigating the risk of the Isle of Man being used for money laundering or financing terrorism.

6.3 The role of HOC requires a person with the necessary skills and knowledge, from training and experience, to be effective and suitably competent and capable of effectively performing the role.  The level of those skills and knowledge should be commensurate with the risk profile of the firm and its customer base.

6.4 The directors of firms undertaking business in the regulated sector in the Isle of Man should carefully consider how individuals in the role of HOC can demonstrate their continued competence.

 

[1] Company name changed to Parcville Limited on 30 August 2022

[2] As such term is understood in the context of the Authority’s document titled ‘Regulatory Guidance Fitness and Propriety’ dated 1 March 2022

[3] As set out in Appendix 2 to the Authority’s Regulatory Guidance titled ‘Fitness and Propriety’ dated 1 March 2022.

[4] Controlled function R13 as set out in the Authority’s Regulatory Guidance titled ‘Fitness and Propriety’ dated 1 March 2022

[5] Controlled function R15 as set out in the Authority’s Regulatory Guidance titled ‘Fitness and Propriety’ dated 1 March 2022

[6] Controlled function R16 as set out in the Authority’s Regulatory Guidance titled ‘Fitness and Propriety’ dated 1 March 2022

[7] Controlled function R12 as set out in the Authority’s Regulatory Guidance titled ‘Fitness and Propriety’ dated 1 March 2022, as further defined in section 54 of the IA