Standard Life Bank Isle of Man has been fined £247,324 following an investigation by the island's Financial Services Authority which identified "serious regulatory failings".
The IOMFSA required Standard to pay a discretionary civil penalty imposed under section 16 of the Act and in accordance with the Financial Services Regulations 2015 of £353,320 discounted by 30% to £247,324.
The level of the civil penalty reflects the fact that Standard co-operated with the Authority and agreed settlement at an early stage, through the employment of the IOMFSA's Enforcement Decision-Making Process.
In this case, the Authority said it was assured that the failings were isolated in nature rather than being systemic across the business.
Standard has proactively brought about operational changes in an effort to address the issues identified and the concerns of the Authority.
In April 2021 Standard discovered that, in September 2020, it had acted in breach of the terms of a Restraint Order issued by the Isle of Man Courts pursuant to the Proceeds of Crime Act 2008.
The Court Order restrained, inter alia, the disposal, diminution, removal from the jurisdiction of, and dealing with, funds in respect of specified bank accounts in the name of a client of Standard.
Standard immediately notified the Authority of this matter in relation to its obligations under Anti-Money Laundering and Countering the Financing of Terrorism legislation, and the Financial Services Rule Book 2016.
The breach of the Court Order involved two stages: enabling the transfer of funds between the Restrained Accounts within Standard; and processing an instruction from the client for further transfer of funds out of the jurisdiction of the Isle of Man, albeit to another Standard Bank group entity.
The Authority, upon reviewing the notification alongside other information, determined that it should exercise powers under Schedule 2 to the Act to investigate Standard's compliance with AML/CFT legislation.
The commencement of such investigation by the Authority was notified to Standard in May 2021.
In June 2021 Standard submitted a full and detailed Incident Report to the Authority, following its own investigation. Standard continued its own root cause analysis, sharing its findings with the Authority, up to and including November 2021.
In its conclusions, the regulator said Standard operates procedures such that it can apply ‘locks' either against a specific client and / or specific accounts.
Such ‘locks' and related controls are designed to, in certain cases, prevent transactions from being processed. For this purpose these ‘locks' and related controls are referred to as "preventative controls".
The preventative controls that were applied at the time of the breach of the Court Order were such that they differed between transactions involving banking entities not related to Standard and those banking entities related to Standard.
The breach of the Court Order arose because of some weaknesses in the preventative controls pertaining to intragroup transactions.
In addition to preventative controls, banks also operate what are commonly referred to as "detective controls"; these being designed to find issues quickly, including where preventative controls may have failed.
In this case, Standard did not have adequate detective controls in place. This is evidenced by the fact that the breach of the Court Order occurred in September 2020 but Standard did not identify the breach until April 2021 whereupon the funds were promptly returned in full to the Restrained Accounts.
Further, Standard only identified the issue in April 2021 when the client requested a third-party transaction.
Standard acknowledges that the failings arose because of a weakness in its operational controls and systems of ‘locks' applied to customer accounts that are intended to ensure that monies cannot be moved from such accounts in particular circumstances.
Standard also acknowledges that it did not have sufficient detective controls in place to identify the issue in a timely way.
The failings resulted in a number of breaches of the Financial Services Rule Book 2016 by Standard.
A breach of Rule 6.1 of the Rule Book in that Standard did not act with due skill, care and diligence in carrying on regulated activity;
A breach of Rule 6.5 of the Rule Book in that Standard carried on business in a way likely to bring the Island into disrepute or damage its standing as a financial centre; and
A breach of Rule 8.3(2) of the Rule Book. This Rule requires that "The responsible officers of a licenceholder must establish and maintain appropriate internal and operational controls, systems, policies and procedures relating to all aspects of its business to ensure appropriate safeguards to prevent and detect any abuse of the licenceholder's services for money laundering, financial crime, the financing of terrorism, or the proliferation of weapons of mass destruction".
Those same failings also resulted in Standard contravening paragraph 4(1)(a)(iii) of the Anti-Money Laundering and Countering the Financing of Terrorism Code 2019 which requires Standard not to enter into or carry on a business relationship…unless Standard establishes, records, operates and maintains procedures and control in relation to internal controls and communication matters that are appropriate for the purpose of forestalling and preventing ML/TF.
The IOMFSA was satisfied that the imposition of the Civil Penalty on Standard appropriately reflects the serious nature of the non-compliance by Standard and the importance the Authority places on all parties in the regulated sector, in particular banks who are critical gatekeepers, complying with all elements of AML/CFT legislation.
In accordance with the EDMP, Standard entered into settlement discussions with the Authority and, having accepted the conclusions of the Authority's investigation, sought to finalise matters expeditiously.