Corporate services provider fined €261,000

FIAU sign

Corporate services provider Credence has been fined €261,484 by the Financial Investigation Analysis Unit for breaches of various money laundering regulations.

Credence Fiduciary Limited which offered trustee and fiduciary services and Credence Corporate and Advisory Services Limited which is a company service provider, were fined €118,365 and €143,119 respectively.

Credence Corporate Advisory Services featured in stories relating to the offshore network of the family of the Turkish president Recep Tayyip Erdoğan revealed in what is known as the #MaltaFiles. The company also provided corporate services to Russian billionaire Oleg Boyko’s multi-million fast loan company, with the profits flowing to Malta and getting taxed at just 5%.

In its notice, the FIAU which carried out an on-site compliance review in 2019, said that it found shortcomings in the company’s obligations specifically for failing to identify an ultimate beneficial owner and other details pertaining to the UBO’s agent.

Marginal assessments on money laundering and financing of terrorism risks

The FIAU found that while the company did have a Business Risk Assessment (“BRA”) in place, this only marginally referred to the money laundering and financing of terrorism risks that the company is or may be exposed to and what measures the Company is taking to mitigate these risks.

The FIAU that the company’s risk assessment instead focused on risks which are unrelated to money laundering or financing of terrorism, and instead focused on for example legal, financial, organizational and reputational risks. Furthermore, the assessment failed to consider the threats and vulnerabilities emanating from the services the Company offers, the likelihood of these risks materialising and their resulting impact. Additionally, the Company also failed to assess its control measures, and consequently, to determine the level of residual risk it was still exposed to.

According to the FIAU, in the review it was also highlighted that the company was not assessing the geographical risks arising from the business relationships with, or the occasional transactions carried out for, its clients.

Failure to carry out jurisdictional risk assessments on at least 26 jurisdictions

During the onsite visit, officials noted that the company had failed to carry out a jurisdictional risk assessment on at least 26 jurisdictions; the jurisdictional risk assessment is intimately linked to the understanding geographical risk.

From these shortcomings the FIAU found that the company failed to carry out an adequate BRA and the company was found to be in systematic breach of its obligations including the requirement to carry out jurisdictional risk assessments so as to adequately understand the geographical risk to which the company is exposed.

The FIAU also found that the Customer Risk Assessment that the company was making use of up until the time of the compliance examination was not adequate as it failed to take into consideration aspects that are important to properly assess the risks associated with its customers. The financial watchdog noted that in a small number of files which held a documented assessments, these were either carried out after the business relationship was established or else they were not dated. Furthermore, in six of the files reviewed, the risk rating that was listed on the client list differed from that reported on the company’s own internal system.

The FIAU also noted that in the only file which held a documented Customer Risk Assessment, the company had failed to take into consideration all the risk factors emanating from the relationship. The FIAU noted that the reasoning behind the final medium risk rating does not justify such rating, especially when considering that the UBO is considered to be an ultra-high net worth individual who is residing in the Bahamas and who was planning on chartering a yacht. This gave rise to geographical and transactional

Moreover, the risk ratings assigned in two other files (which were both given a risk rating lower than ‘High’) were questionable in view of the information found on file. In fact, in one file, the settlors of the trust were considered as Politically Exposed Individuals (“PEPs”), while in the other file, there was adverse media on the settlor of the trust, linking him to the Sicilian Mafia and to a court case which revolved around bribes paid to government officials.

The FIAU also found shortcomings when it came to the company’s obligations relating to implementing procedures. The company failed to obtain valid verification documentation of one of the UBOs at onboarding in one file; obtain valid verification of the residential address of one of the protectors/beneficiaries/UBOs/agents/settlors at onboarding in four files; obtain documentation to corroborate the information provided by the customer in one file; obtain utility bills addressed to an individual and not to a company in one file; obtain documentation to verify residential addresses in two files.

It also found that in two of the files reviewed, the company had verified the residential address of the UBOs and/or settlors several months after the establishment of the relationship. While the company conceded to these findings, the FIAU expressed that a substantial amount of time had elapsed from when the business relationship commenced.

Credence found in breach of failure to perform EDD

The FIAU also reported findings in relation to the obligation to carry out Enhanced Due Diligence (“EDD”) measures in eight files.

Two of the customer files reviewed were risk rated by the Company as posing a ‘High’ risk rating, due to the risk posed by the customers’ activities (mining of precious metals and selling of chemicals in one file and renewable energy in another file) and the transactions received by both customers (receipt of almost $24,000,000 without obtaining a plausible explanation in one file and the absorption of a loan of €15.9 million in another file).

Credence was found in breach of failure to perform enhanced due diligence measures for these two files by the FIAU.

Furthermore, there were also serious findings on three other files. In two of these files, there were connections with Panama and the Bahamas, both of which appear on the FATF list of high risk and other monitored jurisdictions. In one of these files, a number of loan agreements with Panamanian companies were entered into. The FIAU determined that Credence Advisory Services had not understood the rationale as to why the Panamanian company was providing capital expenditure to the Maltese company being the customer of the Company.

No information about source of wealth of individuals classified as PEPs

In another file, the Company incorporated a client for the purposes of registering a yacht in Malta for chartering. The UBO of the client was an ultra-high net worth individual who resided in the Bahamas. Lastly, in another file, Credence did not collect source of wealth information on the settlors of the trust, despite these being classified as Politically Exposed Persons (“PEPs”).

It also transpired that in three files Credence did not determine whether the clients were PEPs. The FIAU remarked that determining the political exposure of the clients is crucial since failure in doing so could have led the company to provide services to PEPs without implementing the necessary enhanced measures.

Other shortcomings include failure to collect information on the origin of the source of wealth and the source of funds as well as the lack of information on the anticipated level and nature of the activity to be undertaken.

No information about transactions

In one file, five credit transactions were highlighted, all making reference to a €20 million loan agreement between the UBO of the client and the client company, for the purpose of raising capital. Credence was unable to provide evidence as to how the UBO could sustain such a high-value loan. While €17 million were utilised to purchase a company, Credence did not ascertain that the purchase of such a company actually took place or that the company was actually valued at such amount.

In another file reviewed, three substantial transactions, one of them a debit transaction exceeding $2,500,000, no information was available on this transaction. The FIAU expressed its concern that Credence was dependent on the client’s third-party accountant to provide the information needed, despite the fact Credence also offered directorship services.