Final Notice
On , the Financial Conduct Authority issued a Final Notice to SUNRISE BROKERS LLP
FINAL NOTICE
To:
SUNRISE BROKERS LLP
1. ACTION
1.1
For the reasons given in this Final Notice, pursuant to section 206 of the Financial
Services and Markets Act 2000 (“the Act”), the Financial Conduct Authority (“the
Authority”) hereby imposes on Sunrise Brokers LLP (“Sunrise” or “the Firm”), a
financial penalty of £642,400 of which £407,273 is disgorgement.
1.2
Sunrise agreed to resolve this matter and qualified for a 30% (stage 1) discount
under the Authority’s executive settlement procedures. Were it not for this
discount, the Authority would have imposed a financial penalty of £743,200 on
Sunrise.
2. SUMMARY OF REASONS
2.1
Fighting financial crime is an issue of international importance, and forms part of
the Authority’s operational objective of protecting and enhancing the integrity of
the UK financial system. Authorised firms are at risk of being abused by those
seeking to conduct financial crime, such as fraudulent trading and money
laundering. It is therefore imperative that firms have in place effective systems and
1
controls to identify and mitigate the risk of their businesses being used for such
purposes, and that they act with due skill, care and diligence to adhere to the
systems and controls that they have put in place, in order to properly assess,
monitor and manage the risk of financial crime.
2.2
Between 17 February 2015 and 4 November 2015 (the “Relevant Period”), Sunrise:
a) had inadequate systems and controls to identify and mitigate the risk of
being used to facilitate fraudulent trading and money laundering in relation
to business introduced by four authorised entities known as the Solo
Group, thereby breaching Principle 3; and
b) did not exercise due skill, care and diligence in applying its AML policies
and procedures and in failing to properly assess, monitor and mitigate the
risk of it being used to facilitate financial crime in relation to the Solo
Trading, the Elysium payment and the German trade (together “the Solo
Group business”), thereby breaching Principle 2.
2.3
The Solo Clients were off-shore companies, including Malaysian incorporated
entities and a number of individual US 401(k) Pension Plans, previously unknown
to Sunrise. They were introduced by the Solo Group, which purported to provide
clearing and settlement services as Custodian to clients within a closed network,
via a custom over the counter (“OTC”) trading and settlement platform known as
Brokermesh. The Solo Clients were controlled by a small number of individuals,
some of whom had worked for the Solo Group, without apparent access to sufficient
funds to settle the transactions.
2.4
During the Relevant Period, on behalf of the Solo Clients, Sunrise executed
purported OTC equity Cum-Dividend Trades to the value of approximately £25.4
billion in Danish equities and £11.2 billion in Belgian equities, and received
commission of £466,652 during the Relevant Period.
2.5
The Solo Trading was characterised by a purported circular pattern of extremely
high value OTC equity trading, back-to-back securities lending arrangements and
forward transactions, involving EU equities on or around the last day of cum-
dividend. Following the purported Cum-Dividend Trading that took place on
designated days, the same trades were subsequently reversed over several days
or weeks to neutralise the apparent shareholding positions (the “Unwind Trading”).
2
2.6
The purported OTC trades executed by Sunrise on Brokermesh did not have access
to liquidity from public exchanges, yet the purported trades were filled within a
matter of minutes, almost invariably, and represented up to 20% of the shares
outstanding in companies listed on the Danish stock exchange, and up to 9.6% of
the equivalent Belgian stocks. The volumes also equated to an average of 36 times
and 22 times the volume of all Danish and Belgian stocks respectively, traded on
European exchanges, on the relevant last cum dividend trading date.
2.7
The Authority’s investigation and conclusions in respect of the purported trading
are based on a range of information including, in part, analysis of transaction
reporting data, material received from Sunrise, the Solo Group, and five other
Broker Firms that participated in the Solo Trading. The combined volume of the
purported Cum-Dividend Trading across the six Broker Firms was between 15%-
61% of the shares outstanding in the Danish stocks traded and between 7%-30%
of the shares outstanding in the Belgian stocks traded. These volumes are
considered implausible, especially in circumstances where there is an obligation to
publicise holders of over 5% of Danish and Belgian listed stocks.
2.8
As a broker for the equity trades, Sunrise executed the purported Cum-Dividend
Trading and the purported Unwind Trading. However, the FCA believes it unlikely
that Sunrise would have executed both the purported Cum-Dividend Trades and
purported Unwind Trades for the same Solo Client in the same stock in the same
size trades, and therefore it is likely Sunrise only saw one side of the purported
trading. Additionally, the FCA considers that purported stock loans and forwards
linked to the Solo Trading are likely to have been used to obfuscate and/or give
apparent legitimacy to the overall scheme. Although there is evidence that Sunrise
was aware of the purported stock loans and forwards, these trades were not
executed by Sunrise.
2.9
The purpose of the purported trading was so the Solo Group could arrange for
Dividend Credit Advice Slips (“DCAS”) to be created, which purported to show that
the Solo Clients held the relevant shares on the record date for dividend. The DCAS
were in some cases then used to make Withholding Tax (“WHT”) reclaims from the
tax agencies in Denmark and Belgium pursuant to Double Taxation Treaties. In
2014 and 2015, the value of Danish and Belgian WHT reclaims made, which are
attributable to the Solo Group, were approximately £899.27 million and £188.00
million respectively. In 2014 and 2015, of the reclaims made, the Danish and
3
Belgian tax authorities paid approximately £845.90 million and £42.33 million
respectively.
2.10
The Authority refers to the Solo Trading as ‘purported’ as it has found no evidence
of ownership of the shares by the Solo Clients, nor custody of the shares or
settlement of the trades by the Solo Group. This, coupled with the high volumes of
shares purported to have been traded, is highly suggestive of sophisticated
financial crime.
2.11
Sunrise staff had in place inadequate systems and controls to identify and mitigate
the risk of being used to facilitate fraudulent trading and money laundering in
relation to business introduced by the Solo Group. In addition, Sunrise staff did not
exercise due skill, care and diligence in applying AML policies and procedures and
in failing properly to assess, monitor and mitigate the risk of financial crime in
relation to the Solo Clients and the purported trading.
2.12
Sunrise did not have policies and procedures in place to assess properly the risks
of the Solo Group business, and failed to appreciate the risks involved in the Solo
Trading. This resulted in inadequate CDD being conducted and a failure to
adequately monitor transactions and to identify unusual transactions. This
heightened the risk that the Firm could be used for the purposes of facilitating
financial crime in relation to the Solo Trading.
2.13
The manner in which the Solo Trading was conducted, combined with its scale and
volume is highly suggestive of financial crime. The Authority’s findings are also
made in the context of this finding and in consideration that these matters have
given rise to additional investigations by tax agencies and/or law enforcement
agencies in other jurisdictions as has been publicly reported. Whilst the alleged
underlying misconduct of the Solo Group has not to date resulted in any
determination of fraud, investigations by tax agencies and/or law enforcement
agencies are on-going in other jurisdictions.
Other significant transactions and visits by the Authority
2.14
In addition to the Solo Trading, Sunrise ignored or failed to notice a series of red
flags in relation to a trade in a German stock it executed on behalf of a broker client
on 3 September 2015. The circumstances of the onboarding and trading relating to
that broker client ought to have prompted Sunrise to consider the serious financial
crime risks this trade posed, particularly given it was executed at nearly twice the
prevailing market value of the stock.
2.15
Sunrise also accepted a payment on 4 November 2015 from a UAE-based entity
connected to the Solo Group called Elysium. This payment was provided by Elysium
in respect of some outstanding debts owed to the Firm by Solo Clients. After
receiving an offer for payment via the Solo Group, Sunrise accepted a payment of
USD 108,000 from Elysium without having heard of the entity before and without
conducting any AML checks or having any agreement in place. Sunrise accepted
this payment from Elysium the same day the Authority conducted an unannounced
visit alerting Sunrise to possible issues within the Solo Group.
2.16
In neither instance did Sunrise identify or escalate any potential financial crime
concerns or suspicions.
2.17
The Authority had also visited Sunrise in November 2014, shortly prior to the
commencement of the Solo Trading, as part of its work to raise standards in the
brokerage sector. The Authority assessed the Firm’s AML, KYC and market abuse
detection arrangements and put Sunrise on notice that its financial crime and AML
controls were weaker than required. After the visit, the Authority notified Sunrise
of a number of areas of concern and in response, Sunrise provided a work
programme which included a review of its AML and KYC framework to be completed
by July 2015. Sunrise failed to carry out any in-depth review of its financial crime
risk controls until April 2016. The commission of this review was driven by
commercial considerations as Sunrise was engaging in acquisition discussions with
a potential buyer.
Breaches and failings
2.18
Principle 3 requires a firm to take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems. The
Authority considers that Sunrise breached this requirement during the Relevant
Period as its policies and procedures were inadequate for identifying, assessing and
mitigating the risk of financial crime as Sunrise failed to:
a) provide
adequate
guidance
on
obtaining
and
assessing
adequate
information when onboarding clients, with reference to the purpose and
intended nature of the business relationship, the anticipated level and
5
nature of activity to be undertaken and when it would be appropriate to
enquire as to the source of funds;
b) provide adequate guidance on carrying out risk assessments for clients
including the relevant risk factors to be taken into account in order to
determine the correct level of CDD to be applied, including whether EDD
was warranted;
c) set out adequate processes or procedures detailing how to conduct EDD,
including enhanced monitoring requirements for higher risk clients;
d) provide adequate guidance on its risk-based approach for conducting CDD
on new clients introduced by authorised firms, where reliance may be placed
upon KYC documents provided by the authorised firms for the new clients
and detailing the circumstances when it was appropriate to do so;
e) set out any formal processes or procedures detailing how and/or specify the
circumstances in and frequency with which Sunrise should monitor and
document customer transaction activity, throughout the course of its
relationship with the Firm, in order to assess financial crime and AML risks;
and
f) set out escalation procedures in identifying, managing and documenting
financial crime and AML risks.
2.19
The Authority considers that during the Relevant Period, Sunrise failed to act with
due skill, care and diligence as required by Principle 2 in applying its own (limited)
AML policies and procedures and in assessing, monitoring and managing the risks
of financial crime it was exposed to in respect of Solo Group business. In particular
Sunrise failed to:
a) act promptly in implementing a work programme to address identified
deficiencies within its Compliance function following a visit from the
Authority in November 2014;
b) conduct adequate risk assessments or adequate due diligence when taking
on the Solo Group business which meant they failed to be identified properly
as high risk clients;
6
c) carry out adequate CDD when onboarding each Solo Client including the
purpose and intended nature of the business relationship, the anticipated
level and nature of activity to be undertaken, and the source of funds and/or
trading history, in order to provide a meaningful basis for transaction
monitoring;
d) conduct a risk assessment for each of the Solo Clients, as required by the
Compliance Documents, and consequently failed to identify that the Solo
Clients presented a higher risk of financial crime and that EDD ought to have
been completed;
e) conduct any EDD on the Solo Clients that presented a higher risk of money
laundering and subsequently failed to identify what EDD measures might
have been appropriate for the ongoing monitoring of the Solo Clients;
f) assess each of the Solo Clients according to categorisation criteria set out
in COBS 3.5.3 and/or failed to record results of such assessments, including
sufficient information to support the categorisation, contrary to COBS
3.8.2R(2)(a);
g) follow its own compliance policy in that Sunrise started trading on behalf of
the Solo Clients before they had been onboarded;
h) conduct any ongoing transaction monitoring of the Solo Trading throughout
the Relevant Period;
i)
recognise numerous red flags with the purported Solo Trading including that
Sunrise did not consider whether it was plausible and/or realistic that
sufficient liquidity was sourced within a closed network of entities for the
scale and volumes of trading conducted by the Solo Clients. Likewise, failing
to consider or recognise that the profiles of the Solo Clients meant that they
were highly unlikely to meet the scale and volume of the trading purportedly
being carried out, and/or failing to at least obtain sufficient evidence of the
clients’ source of funds to satisfy itself to the contrary;
j) adequately consider financial crime and money laundering risks in respect
of the German trade, in circumstances which were highly suggestive of
potential financial crime;
7
k) adequately consider associated financial crime and money laundering risks
posed in respect of the Elysium payment whereby the Firm accepted a
payment of approximately USD 108,000 from Elysium without any due
diligence or agreement in place and shortly after the Authority had
conducted an unannounced visit alerting Sunrise to its concerns with the
Solo Group; and
l)
make and keep adequate, or in some cases any, written records as evidence
of work it may have undertaken specifically relating to the consideration and
discussion of financial crime and AML matters by Sunrise management.
2.20
Sunrise’s failings merit the imposition of a significant financial penalty. The
Authority considers the failings to be particularly serious for the following reasons:
1. Sunrise onboarded 142 Solo Clients over a short time period, some of which
emanated from jurisdictions which did not have AML requirements equivalent
to those in the UK;
2. Sunrise’s AML policies and procedures were not proportionate to the risks in the
business that it was undertaking;
3. Sunrise failed to properly review and analyse the KYC materials that were
provided by the Solo Clients or ask appropriate follow up questions to red flags
in the KYC materials;
4. Even after a number of red flags appeared, Sunrise failed to conduct any
ongoing monitoring, allowing the Solo Clients to purportedly trade equities
totalling approximately £36.6 billion;
5. Sunrise was put on notice following the Authority’s visit in November 2014 that
its financial crime and AML controls were weaker than required. However,
Sunrise failed to improve and apply appropriate AML systems and controls and
onboarded the Solo Clients in the same month it represented to the Authority
it was compliant;
6. Sunrise executed a trade in a German equity, which was nearly twice that of
the prevailing share price, while ignoring numerous red flags that were highly
suggestive of financial crime risk;
7. Sunrise accepted a payment from Elysium after being alerted to the Authority’s
concerns regarding the Solo Group by an unannounced visit by the Authority
on 4 November 2015; and
8. Finally, none of these failings were identified or escalated by Sunrise during the
Relevant Period.
2.21
Taken together, these failings exposed Sunrise to unacceptable financial crime
risks. Accordingly, to further the Authority’s operational objective of protecting and
enhancing the integrity of the UK financial system, the Authority hereby imposes
on Sunrise a financial penalty of £642,400.
3. DEFINITIONS
3.1
The following definitions are used in this Notice:
“401(k) Pension Plan” means an employer-sponsored retirement plan in the
United States. Eligible employees may make pre-tax contributions to the plan but
are taxed on withdrawals from the account. A Roth 401(k) plan is similar in nature;
however, contributions are made post-tax although withdrawals are tax-free. For
the 2014 tax year, the annual contribution limit was $17,500 for an employee, plus
an additional $5,500 catch-up contribution for those aged 50 and over. For the tax
year 2015, the contribution limits were $18,000 for an employee and the catch-up
contribution was $6,000. For a more detailed analysis, please see Annex C;
“2007 Regulations” or “Regulation” means the Money Laundering Regulations
2007 or a specific regulation therein;
“the Act” means the Financial Services and Markets Act 2000;
“AML” means Anti-Money Laundering;
“AML Certificate” means an AML introduction form which is supplied by one
authorised firm to another. The form confirms that a regulated firm has carried out
CDD obligations in relation to a client and authorises another regulated firm to place
reliance on it in accordance with Regulation 17;
“Authority” or “FCA” means the Financial Conduct Authority, known prior to 1 April
2013 as the Financial Services Authority;
“Broker Firms” means the other broker firms who agreed with the Solo Group to
carry out the Solo Trading;
“Brokermesh” means the bespoke electronic platform set up by the Solo Group
for the Solo Clients to submit orders to buy or sell cash equities, and for Sunrise
and the Broker Firms to seek liquidity and execute the purported trading;
“CDD” means customer due diligence measures, the measures a firm must take to
identify each customer and verify their identity and to obtain information on the
purpose and intended nature of the business relationship, as required by Regulation
5;
“Clearing broker” means an intermediary with responsibility to reconcile trade
orders between transacting parties. Typically, the Clearing broker validates the
availability of the appropriate funds, ensures the delivery of the securities in
exchange for cash as agreed at the point the trade was executed, and records the
transfer;
“COBS” means the Authority’s Conduct of Business Sourcebook;
“Compliance Documents” means Risk-based Client Take-on Procedures for
Business Units v1, dated 28 April 2015; Risk-based Client Take-On Procedures for
Business Units, v2, dated 27 April 2015; Anti-money laundering policy v3, dated
22 January 2014; “Compliance Manual V2.doc” or Compliance Manual dated
December 2013; Introduction Certificate form dated 28 April 2015;
“Cum-Dividend” means when a buyer of a security is entitled to receive the next
dividend scheduled for distribution, which has been declared but not paid. A stock
trades cum-dividend up until the ex-dividend date, after which the stock trades
without its dividend rights;
“Cum-Dividend Trading” means the purported trading that the Solo Clients
conducted where the shares are cum-dividend in order to demonstrate apparent
shareholding positions that would be entitled to receive dividends, for the purposes
of submitting WHT reclaims;
“Custodian” means a financial institution that holds customers’ securities for
safekeeping. They also offer other services such as account administration,
transaction settlements, the collection of dividends and interest payments, tax
support and foreign exchange;
“DCAS” means Dividend Credit Advice Slips. These are completed and submitted
to overseas tax authorities in order to reclaim the tax paid on dividends received;
“DEPP” means the Authority’s Decision Procedure and Penalties Manual;
“Dividend Arbitrage” means the practice of placing shares in an alternative tax
jurisdiction around dividend dates with the aim of minimising Withholding Taxes
(WHT) or generating WHT reclaims. Dividend Arbitrage may include several
different activities including trading and lending equities and trading derivatives,
including futures and total return swaps, designed to hedge movements in the price
of the securities over the dividend dates;
“Double Taxation Treaty” means a treaty entered into between the country
where the income is paid and the country of residence of the recipient. Double
Taxation Treaties may allow for a reduction or rebate of the applicable WHT;
“EDD” means enhanced due diligence, the measures a firm must take in certain
situations, as outlined in Regulation 14;
“Elysium” means Elysium Global (Dubai) Limited;
“Elysium payment” means the c. USD 108,000 payment received by Sunrise from
Elysium on 4 November 2015 in relation to debts owed by the Solo Clients to
Sunrise;
“Executing broker” means a broker that merely buys and sells shares on behalf
of clients. The broker does not give advice to clients on when to buy or sell shares;
“European exchanges” means registered execution venues, including regulated
markets, multilateral trading facilities, organised trading facilities and alternative
trading systems encapsulated in Bloomberg’s European Composite;
“Financial Crime Guide” means the Authority’s consolidated guidance on financial
crime, which is published under the name “Financial crime: a guide for firms”. In
this Notice, the applicable versions for the Relevant Period were published in
January 2015 (incorporating updates which came into effect on 1 June 2014) and
April 2015. The Financial Crime Guide contains “general guidance” as defined in
11
section 139B FSMA. The guidance is not binding and the Authority will not presume
that a firm’s departure from the guidance indicates that it has breached the
Authority’s rules. But as stated in FCG 1.1.8, the Authority expect firms to be aware
of the Financial Crime Guide where it applies to them, and to consider applicable
guidance when establishing, implementing and maintaining their anti-financial
crime systems and controls;
“German trade” means the EUR 5 million ‘buy’ order executed by Sunrise on behalf
of a broker client (“Client X”) of 146,397 shares in a German stock on 3 September
2015 at a specified intraday price of EUR 34.15;
“Handbook” means the collection of regulatory rules, manuals and guidance issued
by the Authority as in force during the Relevant Period;
“JMLSG” means the Joint Money Laundering Steering Group, which is comprised
of leading UK trade associations in the financial services sector;
“JMLSG Guidance” means the ‘Prevention of money laundering/combating
terrorist finance guidance for the UK financial sector’ issued by the JMLSG, which
has been approved by a Treasury Minister in compliance with the legal requirements
in the 2007 Regulations. The JMLSG Guidance sets out good practice for the UK
financial services sector on the prevention of money laundering and combating
terrorist financing. In this Notice, applicable provisions from the version dated on
19 November 2014 have been referred to;
The Authority will have regard to whether firms have followed the relevant
provisions of the JMLSG Guidance when deciding whether a breach of its rules on
systems and controls against money laundering has occurred, and in considering
whether to take action for a financial penalty or censure in respect of a breach of
those rules (SYSC 3.2.6E and DEPP 6.2.3G);
“KYC” means Know Your Customer, which refers to CDD and EDD obligations;
“KYC pack” means the bundle of client identity information received, which usually
included incorporation documents, certified copies of identity documents, utility
bills and CVs;
“MLRO” means Money Laundering Reporting Officer;
“OTC” means over the counter trading which does not take place on a regulated
exchange;
“Principles” means the Authority’s Principles for Businesses as set out in the
Handbook;
“Relevant Period” means the period from 17 February 2015 to 4 November 2015;
“SCP” means Solo Capital Partners LLP;
“Solo Clients” means the entities introduced by the Solo Group to Sunrise and the
other brokers, and on whose behalf Sunrise executed purported equity trades for
some of the clients during the Relevant Period;
“Solo Group” or “Solo” means the four authorised firms owned by Sanjay Shah,
a British national residing in Dubai, details of which are set out in paragraph 4.19;
“Solo Group business” means the Solo Trading, the German trade and the
Elysium payment;
“Solo Trading” means the purported Cum-Dividend Trading and the purported
Unwind Trading executed for Solo Clients during the Relevant Period;
“Sunrise” means Sunrise Brokers LLP;
“Tribunal” means the Upper Tribunal (Tax and Chancery Chamber);
“UBO” means ultimate beneficial owner with “beneficial owner” being defined in
Regulation 6;
“Unwind Trading” means purported trading that took place over several days or
weeks to reverse the purported Cum-Dividend Trading to neutralise the apparent
shareholding positions;
“Withholding Tax” or “WHT” means a levy deducted at source from income and
passed to the government by the entity paying it. Many securities pay periodic
income in the form of dividends or interest, and local tax regulations often impose
a WHT on such income; and
“Withholding Tax Reclaims” means in certain cases where WHT is levied on
payments to a foreign entity, the WHT may be reclaimed if there is a Double
Taxation Treaty between the country in which the income is paid and the country
of residence of the recipient. Double Taxation Treaties may allow for a reduction or
rebate of the applicable WHT.
4. FACTS AND MATTERS
4.1
Sunrise is an interdealer broker and during the Relevant Period, primarily facilitated
trades between counterparties for listed and OTC derivative products, typically for
well-established listed companies, international investment banks, hedge funds and
asset managers.
4.2
Sunrise offered brokerage services in equity, exotic equity, credit, hybrid and
commodity derivatives across multiple asset classes; bonds and execution services
in cash equities. Sunrise did not have permissions to take positions, to trade on its
own account nor to hold any client money. Sunrise was authorised to trade for and
advise eligible counterparty and professional clients in a range of investment types
but not to trade for nor advise retail clients. During the Relevant Period, Sunrise
employed approximately 100 staff in its London office.
4.3
Sunrise staff had in place inadequate systems and controls to identify and mitigate
the risk of being used to facilitate fraudulent trading and money laundering in
relation to business introduced by four authorised entities known as the Solo Group.
In addition, Sunrise staff did not exercise due skill, care and diligence in applying
AML policies and procedures and in failing to properly assess, monitor and mitigate
the risk of financial crime in relation to the Solo Group business.
Statutory and Regulatory Provisions
4.4
The statutory and regulatory provisions relevant to this Warning Notice are set out
in Annex B.
4.5
Principle 3 requires firms to take reasonable care to organise and control their
affairs responsibly and effectively, with adequate risk management systems. The
2007 Regulations and rules in the Authority’s Handbook further require firms to
create and implement policies and procedures to prevent and detect money
laundering, and to counter the risk of being used to facilitate financial crime. These
include systems and controls to identify, assess and monitor money laundering risk,
as well as conducting CDD and ongoing monitoring of business relationships and
transactions.
4.6
Principle 2 requires firms to conduct their businesses with due skill, care and
diligence. A firm merely having systems and controls as required by Principle 3 is
not sufficient to avoid the ever-present financial crime risk. A firm must also
operate those systems and controls with due skill, care and diligence as required
by Principle 2 to protect itself, and properly assess, monitor and manage the risk
of financial crime.
4.7
Money laundering is not a victimless crime. It is used to fund terrorists, drug dealers
and people traffickers as well as numerous other crimes. If firms fail to apply money
laundering systems and controls thoughtfully and diligently, they risk facilitating
these crimes.
4.8
As a result, money laundering risk must be taken into account by firms as part of
their day-to-day operations, including in relation to the development of new
products, the taking on of new clients and changes in its business profile. In doing
so, firms should take account of their customer, product and activity profiles and
the complexity and volume of their transactions.
4.9
The Joint Money Laundering Steering Group (“JMLSG”) has published detailed
guidance with the aim of promoting good practice, and giving practical assistance
in interpreting the 2007 Regulations and evolving practice within the financial
services industry. When considering whether a breach of its rules on systems and
controls against money laundering has occurred, the Authority will have regard to
whether a firm has followed the relevant provisions in the JMLSG Guidance.
4.10
Substantial guidance for firms has also been published by the Authority regarding
the importance of AML controls, in the form of its Financial Crime Guide, which cites
examples of good and bad practice, publications of AML thematic reviews and
regulatory notices.
Authority visit to Sunrise in November 2014
4.11
The Authority visited Sunrise on 25 November 2014. The Authority “identified areas
that require the firm’s attention” regarding the effectiveness of Sunrise’s AML/KYC
arrangements, and market abuse controls. These areas were set out in a follow-up
letter to Sunrise dated 23 December 2014. This was before Sunrise had been
approached by Solo to take on the Solo Clients or changed their business to
incorporate the Brokermesh activity.
4.12
The key issues the Authority identified regarding the effectiveness of Sunrise’s
AML/KYC arrangements included that:
1) “the apparent lack of Compliance resource appeared to have impinged
on the Firm’s ability to properly implement controls” concerning money
laundering;
2) “there appears to be a need to formalise the whole AML and KYC process.
For example, the risk scoring methodology does not appear to be clearly
documented, and it was unclear whether clients had been assigned a
specific risk rating”;
3) It “did not appear that higher risk clients were subject to transaction
monitoring checks”;
4) the Authority was “unable to establish the firm’s formal stance on the
key AML risks”;
5) “formal AML/KYC information is not regularly reported to the Board”; and
6) Sunrise’s Compliance Officer “is the source of a lot of information
regarding process and decision making, which … represents an
increasing key-man risk”.
4.13
The key issues regarding the effectiveness of Sunrise’s market abuse controls
included that:
1) “it appeared there [was] no current timetable for market abuse training
in operation”; and
2) The FCA staff “were informed that the firm utilises an automated
monitoring system that screens all transactions. However it is not clear
to us the parameters of [this] system are fully understood by the firm.
For example, it was known whether the system covers all products
brokered, identifies unusual trading patterns … the degree to which it
has been implemented and targeted based on key risks remains
unclear”.
4.14
In its follow-up letter, the Authority informed Sunrise that it expected Sunrise to
set out a work programme to set out the issues addressed which was to cover
(among other things):
1) formalising and documenting its AML/KYC approach, setting out clearly its
risk-based approach to client take-on/review and transaction monitoring
and presenting a formal MLRO report to senior management;
2) assessing and addressing gaps in the market abuse training programme;
and
3) reviewing “pertinent risks that are inherent in the business model” and
ensuring “appropriate transaction monitoring systems and controls are in
place to comply with the STR regime”.
4.15
On 30 March 2015, after onboarding of the Solo Clients had begun and in response
to the Authority’s visit, Sunrise sent the FCA a work schedule, stating (among other
things) that:
1) additional resource had been added to the Compliance department and
further additional resources would be added as required; and
2) its work programmes around the effectiveness of:
a. AML/KYC arrangements would be completed by end of July 2015;
and
b. market abuse controls would be completed by end of May 2015.
4.16
Sunrise considered that its Compliance function required some administrative
support, but other than that it was adequate.
Sunrise said the key area for
improvement they identified from the Authority’s visit was that it needed to hire
17
extra resource for the Compliance function, mainly to provide additional
administrative support and improve Compliance’s approach to documentation.
Sunrise did not interpret from the Authority’s visit that its approach to client
onboarding (including risk assessments and KYC) was deficient. Sunrise did not
consider from their conversations with the Authority that there was any particular
urgency to address the matters raised but did treat the recruitment of someone to
assist with the administration aspects of compliance as something that they should
action promptly.
4.17
Sunrise stated that it was “at the end of 2015” (i.e. after the Authority’s
unannounced visit) that the Firm realised not everything in the Authority’s letter
had been addressed nor had the work schedule been carried out in a timely manner.
This coincided with Sunrise’s discussions about a potential takeover of their
company by another firm.
4.18
In April 2016, Sunrise instructed an external compliance consultant to carry out an
independent review of its Compliance documentation. The prospect of the takeover
was the main driver for seeking external compliance support and not the Authority’s
visit and follow-up letter (although this letter was used to inform how Sunrise
approached the independent review).
The Solo Group
4.19
The four authorised firms referred to by the Authority as the Solo Group were
owned by Sanjay Shah, a British national currently based in Dubai:
Solo Capital Partners LLP (“SCP”) was first authorised in March 2012 and
was a broker.
West Point Derivatives Ltd was first authorised in July 2005 and was a broker
in the derivatives market.
Old Park Lane Capital Ltd was first authorised in April 2008 and was an
agency stockbroker and corporate broker.
Telesto Markets LLP was first authorised on 27 August 2014 and was a
wholesale custody bank and fund administrator.
4.20
During the Relevant Period, SCP and others in the Solo Group at various stages,
held regulatory permissions to provide custody and clearing services. The Solo
18
Group has not been permitted to carry out any activities regulated by the Authority
since December 2015 and Solo Capital Partners formally entered Special
Administration insolvency proceedings in September 2016. The other three entities
are in administration proceedings.
Background of Dividend Arbitrage and the Purported Solo Trading
Dividend Arbitrage Trading
4.21
The aim of Dividend Arbitrage is to place shares in certain tax jurisdictions around
dividend dates, with the aim of minimising Withholding Taxes (WHT) or to generate
WHT reclaims. WHT is a levy deducted at source from dividend payments made to
shareholders.
4.22
If the beneficial owner is based outside of the country of issue of the shares, they
may be entitled to reclaim that tax if the country of issue has a relevant treaty (a
“Double Taxation Treaty”) with the country of residence of the beneficial owner.
Accordingly, Dividend Arbitrage aims at transferring the beneficial ownership of
shares temporarily overseas, in sync with the dates upon which dividends become
payable, in order that the criteria for making a Withholding Tax reclaim are fulfilled.
4.23
As the strategy is one of temporary transfer only, it is often executed using ‘stock
lending’ transactions. While such transactions are structured economically as loans,
the entitlement to a tax rebate depends on actual transfer of title. The legal
structure of the ‘loan’ is therefore a sale of the shares, on condition that the
borrower is obliged to supply equivalent shares to the lender at a specified future
date.
4.24
Dividend Arbitrage may give rise to significant market risk for either party as the
shares may rise or fall in value during the life cycle of the loan. In order to mitigate
this, the strategy will often include a series of derivative transactions, which hedge
this market exposure.
4.25
A key role of the share Custodian in connection with Dividend Arbitrage strategies
is to issue a voucher to the beneficial owner which certifies such ownership on the
date on which the entitlement to a dividend arose. The voucher will also specify the
amount of the dividend and the sum withheld at source. This is sometimes known
as a ‘Dividend Credit Advice Slip’ or ‘Credit Advice Note’. The purpose of the voucher
is for the beneficial owner to produce it to the relevant tax authority to reclaim the
19
Withholding Tax (assuming the existence of a relevant Double Taxation Treaty).
The voucher generally certifies that (i) the shareholder was the beneficial owner of
the share at the relevant time, (ii) the shareholder had received the dividend, (iii)
the amount of the dividend, and (iv) the amount of tax withheld from the dividend.
4.26
Given the nature of Dividend Arbitrage trading, the costs of executing the strategy
will usually be commercially justifiable only if large quantities of shares are traded.
4.27
The Authority’s investigation and understanding of the purported trading in this
case is based, in part, on analysis of transaction reporting data and material
received from Sunrise, the Solo Group, and five other Broker Firms that participated
in the Solo Trading. The Solo Trading was characterised by a circular pattern of
extremely large-scale purported OTC equity trading, back-to-back securities
lending arrangements and forward transactions.
4.28
The Solo Trading can be broken into two phases:
(i) purported trading conducted when shares were cum-dividend in order to
demonstrate apparent shareholding positions that would be entitled to receive
dividends, for the purposes of submitting WHT reclaims (“Cum-Dividend Trading”);
and
(ii) the purported trading conducted when shares were ex-dividend, in relation to
the scheduled dividend distribution event which followed the Cum-Dividend
Trading, in order to reverse the apparent shareholding positions taken by the Solo
Group clients during Cum-Dividend Trading (“Unwind Trading”).
4.29
The combined volume of the purported Cum-Dividend Trading across the six Broker
Firms were between 15% and 61% of the shares outstanding in the Danish stocks
traded, and between 7% and 30% of the shares outstanding in the Belgian stocks
traded.
4.30
As a broker for the Solo Trading, Sunrise executed the purported Cum-Dividend
Trading and the purported Unwind Trading. However, the FCA believes it unlikely
that Sunrise would have executed both the purported Cum-Dividend Trade and
purported Unwind Trades for the same client in the same stock in the same size
trades and therefore it is likely Sunrise only saw one side of the Solo Trading.
Additionally, the FCA considers that purported stock loans and forwards linked to
the Solo Trading are likely to have been used to obfuscate and/or give apparent
legitimacy to the overall scheme. Although there is evidence that Sunrise was
aware of the purported stock loans and forwards, these trades were not executed
by Sunrise.
4.31
The purpose of the purported Solo Trading was to enable the Solo Group to arrange
for DCAS to be created, which purported to show that the Solo Clients held the
relevant shares on the record date for dividend. The DCAS were in some cases then
used to make WHT reclaims from the tax agencies in Denmark and Belgium,
pursuant to Double Taxation Treaties. In 2014 and 2015, the value of Danish and
Belgian WHT reclaims made, which are attributable to the Solo Group, was
approximately £899.27 million and £188.00 million respectively. In 2014 and 2015,
of the WHT reclaims made, the Danish and Belgian tax authorities paid
approximately £845.90 million and £42.33 million respectively.
4.32
The Authority refers to the trading as ‘purported’ as it has found no evidence of
ownership of the shares by the Solo Clients, or custody of the shares and settlement
of the trades by the Solo Group.
Sunrise’s introduction of the Solo Group Business
4.33
In October 2014, the Solo Group approached Sunrise with a business proposal to
join a bespoke trading platform called Brokermesh, whereby Sunrise would be
executing equity trades for “several hundred fund customers” and the Solo Group
would provide custody and clearing services for all trades on the platform. This
proposal was particularly attractive to Sunrise as it had not been able to find an
entity to provide clearing services and additionally would bring in some work to an
area of the Firm which was not bringing in any revenue. According to a staff
member at Sunrise, Solo’s proposal “offered us, you know, a solution in terms of
bringing some revenue in instead of … us sitting there earning nothing, I mean,
literally absolutely nothing and doing nothing every single day”.
4.34
In short, the relevant area of business was largely (if not wholly) reliant on the
business from the Solo Group. As a consequence, there was considerable
commercial pressure to bring in revenue to the relevant desk.
In these
circumstances, Sunrise should have been cognisant of the conflict of interests
arising from the absence of revenue in particular areas against the need to ensure
that potential business introduced was appropriate for the Firm and in line with the
Firm’s regulatory obligations and relevant policies.
4.35
Sunrise and the Solo Group representatives met to discuss the proposal on two
occasions (30 October 2014 and 16 December 2014). Prior to this introduction,
Sunrise did not have an established business relationship with the Solo Group,
although they had undertaken a couple of trades for Solo Capital. Sunrise did not
document any minutes nor notes of these initial meetings. In the initial email
discussions, Solo told Sunrise that “Solo’s relationship to the brokers is principally
one of a software provider where we happen to have mutual clients. Solo has a
contract with the brokers governing this service”.
4.36
Sunrise estimated that the projected revenue from the Solo Group proposal of
between £500,000 and £1 million per year, which was based on charging the Solo
Clients a quarter basis point of the notional value of each trade. To reach the
projected revenue, Sunrise would have been able to calculate that they would need
to execute trades for the Solo Clients to the value of between £20 billion to £40
billion annually.
4.37
Sunrise did not carry out a formal or documented risk assessment when taking on
the Solo Group business although “commercial discussions and due diligence” took
place ahead of Sunrise making the decision to sign services agreements with the
Solo Group. Sunrise explained “that it took considerable comfort” from the fact that
the Solo Group entities were regulated by the Authority and that other authorised
firms “which it regarded as reputable and assumed would also have undertaken
due diligence” had already signed up to the Brokermesh platform. However, Sunrise
did not have any specific conversations with the other Broker Firms involved to
discuss compliance issues or queries, or to confirm the assumptions on which it
made itself comfortable about the arrangements into which it was entering.
4.38
Sunrise queried the Solo Group’s structure with regard to Brokermesh on a
telephone call with Solo on 6 February 2015. Sunrise could not see the reason why
four Solo Group entities were involved. Solo did not identify a particular reason
other than this was Sanjay Shah’s preference and that it would split the revenue
stream between the four Broker Firms. On another call between the Solo Group and
Sunrise on 9 February 2015, Sunrise queried the rationale behind the structure and
the nature of the arrangements stating “... need to understand … what is being
done is legal … that we’re not participating in anything that hasn’t already gone
22
through a proper due diligence process”. There is no record of if and how this
query was answered.
4.39
On 17 February 2015, Sunrise signed an agreement with the Solo Group whereby
the Solo Group would provide clearing and settlement services in relation to the
Solo Clients (“the Services Agreement”) and on 24 February 2015 Sunrise signed
the terms of the Brokermesh licence. Sunrise understood that it would not be liable
for any settlement failures if a trade did not go ahead and that all trades would be
subject to the Solo Group’s approval.
4.40
The Solo Group informed Sunrise before the Services Agreement was signed that
the trading would involve pan-European equities. Within Sunrise it was assumed
that the trading would involve Dividend Arbitrage. Sunrise did not however seek
any further information from the Solo Group about the intended nature and purpose
of the Solo Trading.
Onboarding of the Solo Clients
Introduction to Onboarding requirements
4.41
The 2007 Regulations required authorised firms to use their onboarding process to
obtain and review information about a potential customer to satisfy their KYC
obligations.
4.42
As set out in Regulation 7 of the 2007 Regulations, a firm must conduct CDD when
it establishes a business relationship or carries out an occasional transaction.
4.43
As part of the CDD process, a firm must first identify the customer and verify their
identity. Second, a firm must identify the beneficial owner, if relevant, and verify
their identity. Finally, a firm must obtain information on the purpose and intended
nature of the business relationship.
4.44
To confirm the appropriate level of CDD that a firm must apply, a firm must perform
a risk assessment, taking into account the type of customer, business relationship,
product and/or transaction. The firm should also document their risk assessments
and keep their risk assessments up to date.
4.45
If the firm determines through its risk assessment that the customer poses a higher
risk of money laundering or terrorist financing then they must apply EDD. This may
mean that the firm should obtain additional information regarding the customer,
the beneficial owner to the extent there is one, and the purpose and intended
nature of the business relationship. Additional information gathered during EDD
should then be used to inform the firm’s risk assessment process, in order to
manage its money laundering/terrorist financing risks effectively. The information
firms are required to obtain about the circumstances and business of their
customers is necessary to provide a basis for monitoring customer activity and
transactions, so firms can effectively detect the use of their products for money
laundering and/or terrorist financing.
Chronology of the onboarding
4.46
On 17 February 2015, the onboarding process commenced for the Solo Clients
when the Solo Group started supplying KYC documents to Sunrise. This was the
first time that Sunrise had received information about the names of the Solo Clients
and the jurisdictions in which the Solo Clients were based. The 142 Solo Clients
were onboarded between 10 March 2015 and 6 May 2015 as follows:
23 March 2015
6
6 May 2015
3
4.47
The Solo Clients included a total of 81 clients recorded as onboarded over two
working days on 10 and 11 March 2015 and the remaining clients over four non-
consecutive working days on 20 and 23 March 2015, 1 April 2015 and 6 May 2015.
4.48
The Solo Trading commenced on 25 February 2015, which was almost two weeks
before any of the Solo Clients were recorded as onboarded and eight days after the
onboarding commenced. Sunrise therefore started trading in respect of some of
the Solo Clients before it had fulfilled its obligations under the 2007 Regulations,
particularly Regulation 7 and in direct contravention of the Compliance Documents.
Sunrise should at this stage have been prepared and willing to refuse to onboard
clients if they presented unacceptable risks.
4.49
Sunrise onboarded the 142 clients introduced by the Solo Group in under two
months. This compared to 48 clients unrelated to the Solo Group that Sunrise
onboarded during the entire Relevant Period. The rate of onboarding also differed,
with the 48 unrelated clients being onboarded over 41 days, whereas the Solo
Clients were onboarded over 6 days. Of the clients unrelated to the Solo Group
onboarded during the Relevant Period, no more than two were ever onboarded on
the same day.
4.50
Sunrise acknowledged that onboarding all the Solo Clients “effectively in one go”
was not a “usual” thing to do and was “a bit rushed”. However, Sunrise was under
pressure from Solo to complete the onboarding of the Solo Clients and Sunrise was
keen to ensure that it did not lose the business being offered to it. Sunrise indicated
concerns that they “risked being dropped from the project” if onboarding was not
done to Solo’s timeline.
4.51
Not only was the large number of clients onboarded unusual for Sunrise, the Solo
Clients also deviated from Sunrise’s normal type of client. Sunrise’s top 20 clients
during the Relevant Period were large investment banks or large institutional funds.
By contrast, the Solo Clients consisted of approximately 118 401(k) Pension Plans
and almost all pension plans and entities had been set up in 2014, which was in
itself a red flag. Whereas during the Relevant Period, Sunrise did not execute any
equity trades in Danish stocks for its top 20 clients, Sunrise purportedly executed
high volume Cum-Dividend Trades to the value of approximately £25.4 billion in
Danish equities for the Solo Clients in the knowledge that a large majority of these
clients were recently established individual pension plans.
4.52
The Solo Clients were all based in the US or Malaysia. Although Sunrise did not
have any Malaysian based clients prior to onboarding the Solo Clients, 24 of the
Solo Clients were registered in Labuan (Malaysia). Sunrise did not give any
additional considerations to the onboarding despite the fact that the Solo Clients
were not UK based.
4.53
The KYC material provided to Sunrise showed that almost all the Solo Clients’
entities had only one UBO, with many of those UBOs owning several of those
entities each. A number of the UBOs were connected to the Solo Group. Sunrise
did not recognise or consider that this was unusual at the time.
4.54
CDD is an essential part of the onboarding process, that must be conducted when
onboarding a new client. Firms must obtain and hold sufficient information about
their clients to inform the risk assessment process and manage the money
laundering risks effectively.
4.55
As part of the CDD process first, under Regulation 5 of the 2007 Regulations, a firm
must identify the customer and verify their identity. Second, a firm must identify
the beneficial owner, if relevant, and verify their identity. Finally, a firm must
obtain information on the purpose and intended nature of the business relationship.
A.
Customer Identification and Verification
4.56
Regulation 20 of the 2007 Regulations requires that firms establish and maintain
appropriate and risk-sensitive policies and procedures related to customer due
diligence. SYSC 6.3.1R requires that the policies must be comprehensive and
proportionate to the nature, scale and complexity of its activities.
4.57
Sunrise stated that it onboarded prospective clients during the Relevant Period
using a “risk-based approach” in accordance with its client take-on policy and the
JMLSG Guidance. Paragraph 8.1 of Sunrise’s Anti-Money Laundering Policy stated
that the firm needed “to be reasonably satisfied that their clients are who they say
they are” in order to make it “more difficult for the financial services industry to be
used for the purpose of money laundering or for handling the proceeds of crime”
directing employees to Sunrise’s Client Take-on Policy. No further guidance on what
“reasonably” meant was provided in the policy itself.
4.58
Sunrise’s Compliance Manual stated that the Firm had established a client take-on
procedure to satisfy its client identification requirements which were the same
regardless of the business area. The Anti-Money Laundering Policy stated that the
identification process exists to, in part, “help the firm to identify, during the course
of a continuing relationship, what may be unusual” and indicate if a client may be
involved in money laundering, fraud or handling of criminal or terrorist property.
26
4.59
Sunrise’s Client Take-on Procedures purported to contain information which Sunrise
employees were “to attempt to obtain in all circumstances”. The steps (to be
followed in numerical order) included: (i) Determine who the client is and who
needs to be identified; (ii) Determine the overall risk of the proposed client
relationship; (iii) Record the products and services the client is requesting; (iv)
Determine if information provided by another firm can be relied upon instead of
collecting information directly from the client, and if so collect the appropriate
certificate; (v) If another firm cannot be relied on, determine the information
required and collect documents; and (vi) Complete the summary client take-on
form.
4.60
Sunrise, however, acknowledged that there may have been discrepancies and/or
contradictions in the Compliance Documents. This was due to the fact that they
had been sourced, in part, from a member of staff at the Firm who had drafted
parts of them for another firm. As a result, the Compliance Documents had not
been updated, tailored or amended adequately to reflect Sunrise’s business. Key
parts of the Compliance Documents such as checklists appeared to be missing.
Reliance on Solo for due diligence
4.61
Further, the Client Take-on Procedures stated that “in many circumstances, you
will find that due to the low risk nature of the relationship, Sunrise Brokers is able
to rely upon another party for some or all of the client identification”. The Client
Take-on Procedures did not give further details of when Sunrise would rely on
another party for some or all of the client identification, what factors needed to be
taken into account or what particular measures put in place.
4.62
The JMLSG Guidance states that firms should take a risk-based approach when
deciding whether to accept confirmation from a third party that appropriate CDD
measures have been carried out on a customer and this “cannot be based on a
single factor”. They also state that if reliance is placed on a third party, the firm
still needs to know the identity of the beneficial owner whose identity is being
verified; the level of CDD carried out; and have confirmation of the third party’s
understanding of his obligation to make available on request copies of the
verification data, documents or other information.
4.63
Sunrise’s Client Take-on Procedures also stated that with “all customers, it is
essential” that Sunrise “understand the entity type and all parties associated with
it”. They also stated that introduction certificates should be obtained by Sunrise
when an equivalent regulated entity confirms that identification and verification has
been undertaken on a specific client. Sunrise has provided no evidence that these
were obtained for the Solo Clients.
4.64
The Client Take-on Procedures also stated that general assurances may be given
by “an undertaking provided by a regulated firm to another regulated firm that for
all current and future customers introduced, sufficient identification has been or
will be obtained and retained by the original owner”. However, these were only
permitted for introductions where there was a one-off transaction for low risk
customers, between clearing and executing brokers in certain limited (but
unspecified) circumstances or where the client was an unregulated fund where
relevant investors may need to be identified (so long as the client is low or medium
risk in nature).
4.65
Sunrise’s approach to onboarding Solo Clients placed unreasonable reliance on the
fact that these Solo Clients were introduced by another regulated firm. The fact
that the introducer was regulated appears to be the only factor Sunrise considered
when deciding on the level of due diligence to apply. Essentially, as the Solo Clients
were introduced by a regulated entity, Sunrise did not treat them as previously
unknown clients and failed to apply the level of due diligence to the Solo Clients as
it would do for other clients. Sunrise admitted that this approach was “in retrospect
… something that we would not do now”.
B.
Beneficial Owner and Beneficial Owner Verification
4.66
As stated in paragraph 4.55 above, under Regulation 5 of the 2007 Regulations, a
firm must identify a client’s beneficial owner, if relevant, and verify their identity.
Sunrise’s Client Take-on Procedures stated that: “Identifying and verifying such
owners back to either a source individual, or to a stage where ownership is by a
lower risk entity or range of entities, is of crucial importance in protecting the firm
from money laundering risk”.
4.67
Sunrise represented that “every client documentation was reviewed to find the
beneficial owner, and who the people were authorised to trade on behalf of that.
The documents were reviewed through to understand that they were certified and
notarised and being provided to us, they did include passports and utility bills. …
So making sure that, at least on that, the documents we held for the underlying
clients were correct, or I believed them to be correct at the time”.
4.68
During the due diligence process, KYC documents received in relation to the Solo
Trading indicated that the UBO of a Solo Client was a former Solo Group employee
but this did not “really raise any questions … on the suitability of the person” with
Sunrise because the individual in question was considered “a market professional”.
4.69
Nor did Sunrise have concerns when KYC documents showed that the sole
beneficiary of a Solo Client was an 18-year old college student who shared the
same home address as the fund manager. The 18-year old college student was also
the UBO of four other 401(k) Pension Plans that Sunrise onboarded. Sunrise said it
would not have raised any concerns that an 18-year old would be making significant
sized trades on the basis that “the fund had a manager” who would be trading on
the college student’s behalf although said it was “unusual” that the student shared
the home address as the fund manager.
C.
Purpose and Intended Nature of a Business Relationship
4.70
As part of CDD, Regulation 5(c) of the 2007 Regulations requires firms to obtain
information on the purpose and intended nature of the business relationship. Firms
should use this information to assess whether a customer’s financial behaviour over
time is in line with their expectations, whether or not the client is likely to be
engaged in criminal activity, and to provide it with a meaningful basis for ongoing
monitoring of the relationship.
4.71
Regulation 20 of the 2007 Regulations requires that firms establish and maintain
appropriate and risk-sensitive policies and procedures related to customer due
diligence, and SYSC 6.3.1R requires that the policies must be comprehensive and
proportionate to the nature, scale and complexity of its activities.
4.72
Sunrise’s Compliance Manual stated that it was important for the Firm “to
understand the client’s business in order to assess the consistency of their
transactions and activities undertaken so as to determine what may or may not
seem suspicious or unusual”.
4.73
Sunrise’s Client Take-on Procedures stated that the Firm must obtain and document
“The client’s reason for seeking Sunrise Brokers’ products and/or services. This will
ensure that Sunrise Brokers fully understands the entity, and structure and
29
ownership”. The Compliance Documents however did not set out any framework or
guidance for staff to follow to understand the purpose and intended nature of the
business relationship with each client.
4.74
Sunrise first received KYC documentation for the Solo Clients from the Solo Group
on 17 February 2015. There was no composite written checklist to assist with the
review of KYC documents during the onboarding process although the Compliance
Documents did provide examples of some of the information that Sunrise ought to
obtain when conducting due diligence.
4.75
The CDD Sunrise undertook for the Solo Clients was limited to checking the
documentation received and to carrying out identification checks for the Solo
Clients and for the UBOs of each of the entities being onboarded. Sunrise stated it
had no concerns arising from its review of the KYC documents. It is the Authority’s
view that Sunrise’s review of the KYC documents was rushed, given the commercial
pressure Solo had placed on Sunrise and therefore lacked an adequate level of
scrutiny.
4.76
Sunrise failed to identify numerous red flags which should have been evident from
scrutinising the KYC documents. Sunrise did not question why Solo Clients were
using 401(k) Pension Plans to conduct highly speculative, short term Dividend
Arbitrage as such plans were largely for holding individual savings. Nor did Sunrise
question how plausible it was that individual Solo Clients were conducting trading
that required the Solo Clients to hold such a high level of funds, particularly when
Sunrise did not know the limits on 401(k) Pension Plan contributions or otherwise
check the source of these funds. Had it done so, Sunrise would have identified that
the value of the Solo Trading was many times in excess of the maximum funds that
could have contributed to US 401(k) Pension Plans set up only the year before.
4.77
In not applying this basic level of scrutiny, Sunrise failed to complete the CDD steps
required under Regulation 5 of the 2007 Regulations.
4.78
As part of the onboarding and due diligence process, firms need to undertake and
document risk assessments for every client. Such assessments should be based on
information contained in the clients’ KYC documents.
30
4.79
Conducting a thorough risk assessment for each client assists firms in determining
the correct level of CDD to be applied, including whether EDD is warranted. If a
customer is not properly assessed, firms are unlikely to be fully apprised of the
risks posed by each client, which increases the risk of undetected financial crime.
4.80
Under Regulation 20 of the 2007 Regulations, firms are required to maintain
appropriate and risk-sensitive policies and procedures related to risk assessments
and management.
4.81
Sunrise’s Compliance Manual and Client Take-on Procedures were put in place “to
help prevent money laundering through Sunrise Brokers”. They stated that the “the
risk rating of a client allows Sunrise Brokers to apply appropriate money laundering
controls and requirements to each client”.
4.82
The client risk rating determined the documentation and information required by
the Solo Clients. For instance, if a client was rated medium or low risk, Sunrise
would not need to record an explanation for the source of funds. If a client was
high risk, Sunrise would need to record an explanation for the source of funds and
the source of wealth. Accordingly, if the client risk rating was not properly
determined, Sunrise would not have appropriate controls in place for that client.
4.83
Sunrise’s Compliance Documents refer to the “Overall Client Risk” being
determined by combining the “Relationship Risk” and the “Country Risk” of the
client. According to the Compliance Documents, the “Relationship Risk”, “Country
Risk” and “Overall Risk” should be recorded in a specific form. However, Sunrise’s
Compliance Documents did not provide a “Country Risk” list to allow this risk rating
to be determined by reading the Compliance Documents.
4.84
The Compliance Documents stated that regulated entities are lower risk for money
laundering purposes, where the relevant regulator was on a particular list drafted
by Compliance. Similarly, listed entities or public companies where the exchange
was deemed equivalent with UK/US standards would also be deemed lower risk, as
would larger pension funds and government entities or public sector bodies.
Malaysia did not appear on the list of regulators deemed equivalent by Sunrise or
on the list of exchanges deemed equivalent by Sunrise and therefore it appears
that the Solo clients should have been considered at least medium or high risk.
4.85
Had Sunrise followed the policy stated in the Compliance Documents, the Solo
Clients incorporated in Labuan (which is part of Malaysia) would not have been
classified as low risk, as Malaysia would not have been classified as a low risk
country.
4.86
Sunrise said that it classified the Solo Clients as “low risk” based entirely on who
they have been introduced by i.e. the Solo Group, rather than following its own
policies or the 2007 Regulations, thereby increasing the risk of Sunrise being used
to facilitate money laundering. No other factors existed which would permit Sunrise
to classify the Solo Clients as low risk.
4.87
In addition, in contravention of Sunrise’s policy during the Relevant Period, Sunrise
did not make any written risk assessments in relation to the Solo Clients.
4.88
The Authority considers that a number of factors ought to have been apparent to
Sunrise which should have prompted the Firm to undertake further enquiries of the
Solo Clients. These would have enabled Sunrise to assess the risks and determine
whether the Solo Clients should have been classified as higher risk and whether
they should have been onboarded:
1) Sunrise had no former relationship with the Solo Clients and Sunrise failed to
make enquiries of the Solo Clients regarding the nature of the business they
wished to undertake;
2) Sunrise’s understanding of its role in the Solo Trading when establishing the
business relationship with the Solo Group was limited;
3) The Solo Clients were in stark contrast to Sunrise’s typical large institutional
clients. The KYC material showed that almost all of the Solo Clients had just a
single director and/or shareholder and/or beneficiary;
4) None of the Solo Clients were regulated entities and a number of them were
based in countries outside the EU with no assumed regulatory equivalence;
5) Over half of the Solo Clients were 401(k) Pension Plans, the beneficiaries of
which were trusts which, per Sunrise’s own Compliance Manual and JMLSG
Guidance, ought to have been considered to be higher risk vehicles for money
laundering, especially if set up in a non-EEA country or higher risk jurisdictions;
6) Sunrise’s did not consider or question why the Solo Clients were using 401(k)
Pension Plans for the Solo Trading or whether it was plausible such plans could
have sufficient funds to undertake large scale equity trading;
7) None of the Solo Clients were physically present for identification purposes as
the onboarding process was conducted via email. This is identified in the 2007
Regulations as being indicative of a higher risk client and therefore firms are
required to take measures to compensate for the higher risk which Sunrise did
not appear to;
8) The Solo Clients wanted to conduct OTC equity trading which under JMSLG
Guidance requires a more considered risk-based approach and assessment; and
9) Sunrise did not enquire further regarding the Solo Clients’ source of funds even
when confronted with “unusual” beneficiaries.
4.89
The Authority considers that the Compliance Documents were deficient in that they
did not adequately address relevant risk factors to be taken into account when
conducting CDD when onboarding clients, as was apparent when Sunrise took on
the Solo Group business and onboarded the associated Solo Clients as low risk.
4.90
In failing to conduct adequate risk assessments, Sunrise did not identify any of the
above risk factors relevant to the Solo Clients (or any risk factors at all). Sunrise
was therefore unable to determine accurately whether or not the Solo Clients
required EDD or whether it was appropriate to onboard them.
EDD
4.91
Firms must conduct EDD on customers which present a higher risk of money
laundering, so they are able to judge whether or not the higher risk is likely to
materialise.
4.92
Regulation 14(1)(b) of the 2007 Regulations states that firms “must apply on a
risk-sensitive basis enhanced customer due diligence and enhanced ongoing
monitoring in any situation which by its nature can present a higher risk of money
laundering or terrorist financing”. The 2007 Regulations further require firms to
implement EDD measures for any client that was not physically present for
identification purposes.
4.93
Regulation 20 of the 2007 Regulations requires firms to maintain appropriate and
risk-sensitive policies and procedures related to customer due diligence measures,
which includes enhanced due diligence. SYSC 6.3.1R further requires that the
policies must be comprehensive and proportionate to the nature, scale and
complexity of its activities.
4.94
The JMLSG Guidance has provided guidance on the types of additional information
that may form part of EDD, including obtaining an understanding as to the clients’
source of wealth and funds.
4.95
Sunrise’s Compliance Manual stated that Sunrise employed “a risk-based approach
to client identification based on country risk” which would “require different
verification and due diligence procedures depending on the location or residence of
an existing or prospective client”. The Client Take-on Procedures explained that the
risk rating helped determine whether “enhanced identification and monitoring
requirements” were needed to reduce money laundering risk. Sunrise’s Compliance
Manual also required the Firm to conduct “enhanced due diligence reviews on those
current/prospective clients which are considered to present a higher level of
reputational, legal or regulatory risk, irrespective of country of domicile” based on
a number of factors including but not limited to (i) clients that may be politically
exposed persons (“PEPs”); and (ii) current/prospective clients that have links to
HM Treasury listed sanction countries.
4.96
Sunrise’s failure to request relevant information and identify through its CDD policy
and processes that the Solo Clients were not low risk meant that EDD was never
performed in relation any of the Solo Clients. As EDD was not performed, Sunrise
did not request additional details about the Solo Clients, such as the source of
wealth, and so failed to understand the risks or be in a position to properly assess
them.
4.97
Had Sunrise conducted a substantive review of the KYC documents rather than a
review conducted under pressure driven by commercial concerns, Sunrise ought to
have classified the Solo Clients as higher risk and considered what further EDD
measures might have mitigated money laundering risk or whether it was in fact
appropriate to onboard them.
4.98
Sunrise’s failure to conduct any EDD on the Solo Clients meant that it was unable
to assess properly the risk profile of the Solo Clients and the measures it would
need to put in place to limit the risk of money laundering posed by the Solo Clients
not only at the time of onboarding but also during the client relationship.
4.99
Part of the onboarding process also includes categorising clients according to the
COBS rules, which is an additional and separate requirement to carrying out risk
assessments. Pursuant to COBS 3.3.1R, firms must notify customers of their
categorisation as a retail client, professional client, or eligible counterparty.
Authorised firms must assess and categorise clients based on their level of trading
experience, risk knowledge, and access to funds, in order to ensure suitable
products are offered. Proper application of the rules also ensures that firms only
act for clients within the scope of their permissions. Firms are required to notify
clients as to the categorisation made by the Firm. Pursuant to COBS 3.8.2R, firms
must also keep records in relation to each client’s categorisation, including
sufficient information to support that categorisation.
4.100 During the Relevant Period, Sunrise was authorised to deal as an agent for
professional clients and eligible counterparties, which are types of clients that are
considered to have experience, knowledge, and expertise to make their own
investment decisions. There are two types of professional clients; per se
professionals and elective professionals. Each of these categories has prescriptive
criteria, as described in the COBS rules.
4.101 Sunrise did not have permission to act for retail clients and would not have been
able to proceed with the Solo Trading had the Solo Clients been classified as retail
clients.
4.102 Where a client does not satisfy the criteria of a per se professional client, it may
nevertheless request (or elect) in writing to be treated as a professional client. For
an elective professional categorisation to ensue, the authorised firm must then:
a) Undertake an assessment of the experience, knowledge and expertise of the
client by undertaking a qualitative and/or quantitative test;
b) Give the client a clear written warning of the protections and the investor
compensation rights the client may lose; and
c) Receive from the client written confirmation that it is aware of the
consequences of losing such protections.
4.103 Sunrise’s Compliance Manual stated that Sunrise may treat a client as an elective
professional client if it complied with the qualitative test or where applicable, the
quantitative test.
4.104 The Compliance Documents further stated that “an elective professional client
should not be presumed to possess market knowledge and experience comparable
to a per se professional client”. Sunrise’s Compliance Manual however did not set
out a framework or guidance for the Firm to undertake the qualitative test.
4.105 In contravention of Sunrise’s policy and the COBS requirements, Sunrise did not
carry out an assessment of each of the Solo Clients to determine their individual
client classification but instead determined that all the Solo Clients were elective
professionals and sent a notification letter to the Solo Clients informing them of the
classification. Sunrise stated that it reviewed the information provided by the Solo
Group in relation to each Solo Client using a risk-based approach and “it was noted
that the clients appeared to be corporates, pension funds and similar entities, in
accordance with the professional client classification”.
4.106 Sunrise said that “significant weight” was placed on the fact that the Solo Clients
had already been onboarded as clients of the Solo Group and were thus deemed
likely to be professional clients and the nature of trading that they would be
participating in. Ultimately Sunrise made the client classification without satisfying
the qualitative test or by using evidence to support the classification as required by
COB 3.8.2(2)(a).
4.107 Not only did Sunrise fail to discharge its obligations in terms of assessing the Solo
Clients’ categorisations, it also failed to follow the required procedure as set out at
paragraph 4.103. It appears that Sunrise sent the Solo Clients notification
documentation with Sunrise’s terms of business to be signed. However, if the Solo
Clients did “not reply but traded with us, they were deemed to have accepted their
classification and deemed to have accepted our terms of business”. Moreover,
trading commenced one day before the notification letters were sent so the Solo
Clients had no way of knowing their classification prior to the Solo Trading and
signed letters were not received from all clients.
36
Ongoing monitoring
4.108 Regulation 8(1) requires firms to conduct ongoing monitoring of the business
relationship with their customers. Ongoing monitoring of a business relationship
includes scrutiny of transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to ensure that the
transactions are consistent with the firm’s knowledge of the customer, his business
and risk profile.
4.109 Monitoring customer activity helps identify unusual activity. If unusual activities
cannot be rationally explained, they may involve money laundering or terrorist
financing. Monitoring customer activity and transactions that take place throughout
a relationship helps firms know their customers, assist them to assess risk and
provides greater assurance that the firm is not being used for the purpose of
financial crime.
Transaction monitoring
4.110 As part of a firm’s ongoing monitoring of a client relationship, Regulation 8 requires
that firms must scrutinise transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to ensure that the
transactions are consistent with the relevant person’s knowledge of the customer,
his business and risk profile. For some clients, a comprehensive risk profile may
only become evident once they have begun transacting through an account.
4.111 Furthermore, Regulation 14(1) states that enhanced ongoing monitoring must be
applied in situations that can present a higher risk of money laundering or terrorist
financing.
4.112 Regulation 20 requires firms to have appropriate risk-sensitive policies and
procedures relating to ongoing monitoring. These policies must include procedures
to identify and scrutinise 1) complex or unusually large transactions; 2) unusual
patterns of activities which have no apparent economic or visible lawful purpose;
and 3) any other activity which the relevant person regards as likely by its nature
to be related to money laundering or terrorist financing.
4.113 The Compliance Documents did not set out how and/or the frequency with which
Sunrise was to monitor customer activity, nor did they require staff to review
transactions undertaken throughout the course of the customer relationship to
ensure these were consistent with the customer’s business and risk profile.
4.114 Sunrise’s Compliance Manual required Sunrise to apply “enhanced identification
and monitoring requirements” to clients deemed higher risk for money laundering
purposes and to impose “enhanced monitoring requirements or transaction
restrictions on the account”. Sunrise’s Anti-Money Laundering Policy stated that
enhanced monitoring requirements were “to be decided … on a case by case basis”.
4.115 However, the Compliance Documents failed to set out any framework or guidance
on how Sunrise was to conduct “enhanced monitoring” and the section for
“Monitoring Requirements” was left blank in the Compliance Documents.
Furthermore, there was no formal policy or procedure to govern how Sunrise
carried out trade monitoring.
4.116 Sunrise stated that it took a risk-based approach that it was not necessary to carry
out any pre-trade or post-trade surveillance specifically in relation to the Solo
Trading on the basis that (i) all trades on the Brokermesh platform were between
clients introduced by and for which KYC information had been supplied by regulated
entities; (ii) all client monies and assets would be held by regulated firms; (iii) all
trades were done on an OTC basis through the Brokermesh platform; (iv) Sunrise
was only executing trades which were “cleared and settled elsewhere” and (v) all
transaction reporting was to be provided by regulated firms.
4.117 These considerations are irrelevant in terms of whether a firm should comply with
its legal obligations under the 2007 Regulations and JMLSG Guidance in respect of
trade monitoring.
4.118 Sunrise conducted post-trade surveillance in other parts of its businesses which
consisted of manual and informal trade monitoring. However it did not maintain
any records of such trade monitoring undertaken and had no formal system in place
to provide quality assurance of this role being performed adequately.
4.119 Sunrise did not comply with its obligations to monitor individual Solo Clients’ trading
data or consider whether the trading was consistent with Sunrise’s (albeit minimal)
knowledge and understanding of the individual Solo Clients and their risk profile.
4.120 Sunrise’s failure to monitor the trades of the Solo Clients meant that Sunrise was
unable to detect whether, as a result of the nature of Solo Trading, Sunrise should
38
alter its low risk assessment of the Solo Clients. This meant that Sunrise was unable
to determine whether it needed to implement additional measures to mitigate the
risks posed by the Solo Clients, thus increasing Sunrise’s exposure to potential
financial crime risk and the risk that such financial crime would go undetected. Even
if Sunrise had attempted to monitor trades, this would have been harder to do
effectively given that the onboarding process was not in itself adequate in terms of
understanding the trading history of the Solo Clients.
4.121 During the Relevant Period, Sunrise purportedly executed high volume Cum-
Dividend Trades for the Solo Clients worth £25.4 billion in Danish equities and £11.2
billion in Belgian equities and received commission of £466,652 (which comprised
1.5% of Sunrise’ total revenue for the Relevant Period).
4.122 Sunrise purportedly started executing trades with respect to the Solo Clients on 25
February 2015. The Firm had an expectation of overall revenue from the Solo
Trading of between £500,000 to £1 million per annum before the Solo Trading
commenced. Sunrise also expected the Solo Clients to be trading volumes in a
range of £100,000 to £20 million per trade but did not question individual clients
before or after trading started about their level of trading or sources of funds
despite actual trading volumes per trade being vastly larger than this.
4.123 Sunrise conducted the Solo Trading on Brokermesh. Brokermesh routed trade
orders from the Solo Clients to the Broker Firms, including Sunrise, but did not
retain trading records after the end of each day, beyond the creation of automated
emails.
4.124 Sunrise described Brokermesh as a “simple” system whereby orders were routed
to specific brokers by what Sunrise assumed to be a random process, likely
organised through an algorithm. Pricing was finalised at the end of the day based
on market closing prices. Sunrise had not used a system like Brokermesh before.
Sunrise received little detail on how Brokermesh operated. Sunrise did not feel it
needed to seek more information regarding the detailed workings of Brokermesh,
as it was not settling the trades.
4.125 Sunrise accepted all trade orders on Brokermesh but liquidity was not always found
and some orders were not matched. Sunrise said that they would not get responses
instantaneously on Brokermesh, however, usually a response would appear within
39
“minutes rather than hours”. Sunrise understood other brokers had access to the
Brokermesh platform and the platform itself formed part of a closed network
without wider market access. Sunrise also assumed that all the Broker Firms were
executing roughly the same volumes of trading.
A. Trade sizes
4.126 Between February and August 2015, Sunrise used Brokermesh to purportedly
execute Cum-Dividend Trading, to the value of approximately £25.4 billion in
Danish equities and £11.2 billion in Belgian equities on behalf of the Solo Clients.
4.127 Analysis of the Cum-Dividend Trading reveals the following:
Sunrise purportedly executed ‘buy’ orders on behalf of Solo Clients in 15
Danish stocks over 11 cum-dividend dates. An average of 15.4% of the
available shares in each stock was traded, which were cumulatively worth
a total of £25.4 billion. The volumes also equated to an average of 36
times the total number of all shares traded in those stocks on European
exchanges.
Sunrise purportedly executed ‘buy’ orders on behalf of Solo Clients in 15
Belgian stocks over 10 cum-dividend dates. An average of 6.1% of the
available shares in each stock was traded, which were cumulatively worth
a total of £11.2 billion. The volumes also equated to an average of 22
times the total number of all shares traded on European exchanges.
The aggregate value of Cum-Dividend Trades purportedly executed by
Sunrise on behalf of Solo Clients on a cum-dividend date were in a range
of approximately £92 million to £10 billion for a Danish equity and
approximately £47 million to £6 billion for a Belgian equity.
4.128 The Authority considers that it is significant for market surveillance and visibility
that individual trades were below the applicable disclosable thresholds. For
example, section 29 of the Danish Securities Trading Act required shareholders
holding over 5% of Danish-listed stock to be publicised. Similarly, Belgian law
requires pursuant to Article 6 of the ‘Law of 2 May 2007 on disclosure of major
holdings in issues whose shares are admitted to trading on a regulated market and
laying down miscellaneous provisions’ holders of more than 5% of the existing
voting rights to notify the issuer and the Belgian Financial Services Markets
Authority of the number and proportion of voting rights that he/she holds.
4.129 The purported Cum-Dividend Trading executed by Sunrise on behalf of the Solo
Clients represented up to 20% (an average of 15.4%) of the shares outstanding in
companies listed on the Danish stock exchange, and up to 9.6% (an average of
6.1%) of the shares outstanding in companies listed on the Belgian stock exchange.
B. Awareness and review of Solo Trading
4.130 Sunrise ought to have been aware of the trade sizes it purportedly executed on
behalf of the Solo Clients across the Relevant Period, as the volume of trading being
conducted was made available to the Firm’s senior management through internal
communications and on a data system that was regularly reviewed for profit and
loss purposes.
4.131 Once the Solo Trading commenced, Sunrise did not consider undertaking a review
of the sizes and volumes of the transactions executed to ensure the level of trading
was consistent with their understanding of the Solo Clients’ risk profile. In fact,
Sunrise did not analyse the sizes and volumes of the Solo Trading at all.
4.132 An internal report at the Firm suggested that it purportedly executed trades on
behalf of 48 Solo Clients in Stock A on 25 February 2015, which was the first day
the Firm started the Solo Trading. The approximate value of the trading purportedly
executed on behalf of a Solo Client was in a range of £21 million to £26 million,
and on aggregate to the approximate value of £1 billion.
4.133 When interviewed, Sunrise acknowledged that the aforementioned trades in
isolation were “quite large trades” and combined were “a huge amount of trades”.
Sunrise further represented that this scale of trading “was something that we have
not covered, we have not seen or anticipated or, to a certain extent, were aware
of”. However, Sunrise also said that it was common for Sunrise’s Equity Finance
Desk to deal in large notional values, therefore the size of transactions undertaken
on the Brokermesh platform “did not, in themselves, appear unusual”.
4.134 On 20 March 2015, almost a month after the Solo Trading had commenced, an
internal Sunrise email provided an update which stated “so far we have traded 7
stocks on the platform (with another 40 or so to go) Total Gross Brokerage is
DKK996,355 around GBP75,000 after conversation and commission share with
platform, so not a bad start. Could I have a quick word?”.
4.135 To reach these figures, Sunrise would have had to execute trades on behalf of the
Solo Clients to the approximate value of £15.5 billion in order to generate gross
commission of DKK 996,355 (which equates to approximately £97,000) within
almost a month.
4.136 Sunrise never queried how it was possible to source sufficient liquidity, cash or
financing for trades that had a nominal value of billions of pounds within a single
day. Nor did Sunrise enquire how such liquidity, cash or financing could be found
within a closed network of clients (most of whom were individual 401(k) Pension
Plans) without access to liquidity from public exchanges. This was despite the fact
that the purported Solo Trading on Brokermesh represented multiple times the
entire daily volume of trading across virtually all European exchanges.
4.137 This early indication of the volume of trading ought to have prompted Sunrise to
consider the financial crime risk posed by the Solo Trading and review whether the
Solo Trading was in line with the Solo Clients’ trading profiles, enquire into how the
Solo Clients had sufficient funds to settle the trades and question whether the trade
sizes affected the Solo Clients’ low risk rating.
4.138 Sunrise failed to do this. Sunrise‘s position was that because all the trades would
have been subject to the Solo Group’s approval and ultimately settled by the Solo
Group, Sunrise accepted all trade orders, no matter what their volume and did not
undertake checks as to the source of funds of the transactions it executed, even if
they were particularly large.
The German Trade
4.139 On 3 September 2015, Sunrise executed a EUR 5 million ‘buy’ order on behalf of a
broker client (“Client X”) of 146,397 shares in a German stock at a specified
intraday price of EUR 34.15 (“the German trade”). The German trade was executed
at nearly twice the prevailing market price of the German stock. Sunrise executed
the German trade in circumstances where the onboarding of Client X and the
unusual nature of the German trade itself ought to have led it to consider the
serious financial crime risks arising from the transaction. A trade confirmation from
Sunrise regarding the German trade referenced a commission of EUR 200.
4.140 As part of assessing how the Firm could be used for the purposes of money
laundering and financial crime, Sunrise was required under Regulation 20 of the
2007 Regulations to assess the risks posed by its clients’ trading behaviours,
particularly in instances where customers request a complex or unusually large
transaction which has no apparent economic or lawful purpose.
4.141 Firms must have adequate policies, procedures, systems and controls that provide
for the identification and scrutiny of such transactions and any other activity which
may be related to money laundering. They must also be sufficiently comprehensive
so that they are able to identify specific strategies or individual trades that may be
used to further financial crime.
4.142 The circumstances of the onboarding of Client X and the nature of the German
trade itself ought to have prompted Sunrise to consider associated financial crime
risks posed to the Firm. In particular:
a) Sunrise faced difficulties onboarding Client X with the entity whom it proposed
would clear the German Trade (“the Clearer”) as Client X was not a regulated
entity and there were inadequacies and gaps in the KYC documentation and
information Client X had provided.
b) Further, there were inconsistencies in the information Client X provided in
relation to the KYC documentation requested. When the Clearer required
Client X to produce its audited accounts, Client X told Sunrise its “Audited
Accounts are currently in the process” but then shortly after it stated that as
Client X was “a Cayman firm, it is not required to prepare audited accounts”.
c) Despite Sunrise confirming to the Clearer on 20 August 2015 that it had
“validated” Client X for the purposes of KYC/AML checks, Sunrise appeared to
be unable to provide key information relevant to KYC/AML checks requested
by the Clearer on 1 September 2015. This included Client X’s latest annual
report or audited accounts, recent certificate of incumbency or good standing,
Client X’s UBO’s source of wealth and confirmation whether the trade would
be a one-off. In addition, Sunrise told the FCA that “we are not aware that any
explanation was provided at the time of the trading to Sunrise regarding the
circumstances of, and rationale for, the trading” indicating that Sunrise had
not carried out the checks it was obliged to under the 2007 Regulations and
its own Compliance Documents and that Sunrise had represented to the
Clearer it had.
d) The Clearer noted that “For our team it seems unusual to see a broker as an
underlying client of another broker” and asked whether Client X would be
trading from its own account and asked for an explanation from Client X along
with a presentation of its business activities.
e) Between 20 August 2015 and 1 September 2015, Sunrise provided updates in
relation to the onboarding of Client X to an individual at a firm it believed to
be connected to the Solo Group stating that Client X was not yet set up with
the Clearer and hence unable to do a cash trade.
f) On 1 September 2015, an internal email communication at Sunrise stated that
they would not be able to “move forward” unless Client X provided the
additional information requested by the Clearer.
g) On the same day, a Solo Group entity contacted Sunrise regarding a trade in
a German stock for Client X. Until that point, Sunrise were unaware of the
stock that Client X wanted to trade in, only that it was for a EUR 5 million
trade. After Sunrise had explained the onboarding difficulties in relation to
Client X, the Solo Group entity suggested “a way round it with [Client X] being
the ultimate buyer” and that the trade be executed by Sunrise via a specific
counterparty to the trade (“Counterparty A”) which was a regulated entity
whilst Client X would be the underlying client ultimately buying the German
stock via Counterparty A. The effect of this would be that the Clearer would
no longer need to onboard Client X as a client but instead could onboard
h) On 3 September 2015, Client X provided instructions to Sunrise to purchase
up to 150,000 shares in the German stock at a maximum price of EUR 35 per
share for a total consideration of EUR 5 million.
i)
This order size represented more than one hundred times the average daily
volume of trading in the German Stock (the annual accounts for the issuer of
the German stock stated that the average daily volume of shares traded in the
German stock were approximately 1,450 in 2014 and 1,150 in 2015).
j) At 15:09, a broker confirmed its ability to sell 146,397 shares in the German
stock at a price of EUR 34.15 per share equating to a value of EUR 5 million.
This appeared to match Client X’s instructions and Sunrise confirmed the
trade.
k) On 3 September 2015 at 17:19, the Clearer queried the trade with Sunrise on
the basis that the “high was 18.105 and low was 16.2” (i.e. the actual market
price of the German stock was almost half the price Sunrise was proposing to
execute the trade at). On 4 September 2015, Sunrise confirmed that the prices
were correct and that it was an OTC transaction where “both sides agree with
the prices”.
4.143 Earlier on 3 September 2015, a separate counterparty bought the same quantity
of shares as the German trade but at a price of EUR 18.1 per share, which it then
sold on the same day at EUR 34.15 per share. The shares sold were in fact the
German trade executed by Sunrise, which resulted in a profit of EUR 2.3 million.
for the underlying client of that counterparty. The Authority has however not
located evidence to suggest that Sunrise knew of this counterparty’s earlier
purchase.
4.144 Sunrise ignored, or failed to notice, a series of red flags in relation to the German
trade and it is a further example of Sunrise failing to identify or manage its financial
crime risks.
4.145 Sunrise did not conduct an adequate risk assessment of Client X and did not query
the purpose and expected volumes of the trading even though it represented to the
Clearer it had. There is no indication that Sunrise complied with its own onboarding
requirements or obligations under the 2007 Regulations when conducting CDD on
Client X nor did it consider the associated financial crime risks posed to the Firm.
This was particularly apparent when the Clearer requested key AML/KYC
information about Client X, which Sunrise appeared unable to provide.
4.146 In addition, Sunrise explained that when it was monitoring for potential suspicious
activity, it only looked at price movement (as an indicator of potential market
abuse). This trade monitoring was carried out on an informal and manual basis
which Sunrise said it considered adequate, given that it was executing less than 10
equity trades a day. Yet, Sunrise’s informal and manual trade monitoring failed to
flag and/or highlight the German trade’s agreed intraday price of EUR 34.15, which
was nearly twice that of the prevailing share price of EUR 18. Even when the Clearer
queried the price of the German trade, Sunrise did not appear to have any concerns
nor did it escalate the trade internally. Sunrise informed the FCA that during the
Relevant Period it did not have any policies or procedures for dealing with trades
executed at prices significantly off-market.
4.147 The German trade was linked to Solo but it was distinct from the Solo Trading on
Brokermesh executed on behalf of Solo Clients. Notwithstanding its complexity,
unusual nature and lack of economic rationale, the circumstances of the onboarding
of Client X, Sunrise failed to identify or consider the German trade as being
potentially suspicious.
End of the Purported Solo Trading
4.148 Sunrise executed its last trades for a Solo Client on 29 September 2015. An internal
email dated 27 October 2015 stated, “No formal confirmation but it looks like West
Point have shut down… …we cannot do any further trades (last trade 1 month ago)
with Solo or any connected entities”. The Solo Trading ceased after an
unannounced visit by the Authority to the offices of the Solo Group entities and the
Broker Firms on 3 to the 4 November 2015.
Elysium payment
4.149 However, on 29 October 2015, Sunrise had been contacted by a Solo Group
representative to present an offer by a company called Elysium Global (Dubai)
Limited (“Elysium”) to purchase debts owed to Sunrise by some of the Solo Clients
at a discount of 5%. Elysium was not known to Sunrise and Sunrise had had no
interactions with it prior to that point.
4.150 The Solo Group representative mentioned that Elysium would contact Sunrise
separately and upon receipt of Sunrise confirmation “the payment would be made
very very quickly… …which is the upside of all this”.
4.151 Sunrise’s initial view was that such an offer was not acceptable and debts owed to
the Firm by the Solo Clients had to be paid in full.
4.152 Elysium directly contacted Sunrise on 29 October 2015 as “official confirmation”
that it wanted to extend a debt factoring facility against Sunrise’s trading debtors.
4.153 In response, Sunrise sent Elysium copies of 75 invoices on 30 October 2015 that
appear to be based on a list of outstanding invoices the Firm had received from the
Solo Group representative. On 2 November 2015, Elysium confirmed receipt of
these invoices and stated that it would get back to Sunrise “shortly regarding
payment”.
4.154 On 3 and 4 November 2015, the Authority made unannounced visits to the offices
of the Solo Group entities and the Broker Firms in relation to the Solo Trading. On
4 November 2015, the Authority made an unannounced visit to Sunrise.
4.155 The 75 invoices were paid in full by Elysium on 4 November 2015. On 5 November
2015, Sunrise confirmed to the Solo Group representative that they had received
funds (to the approximate value of USD 108,000) from Elysium on 4 November
2015 and stated there were still “quite a few invoices for Q1, 2 and 3 outstanding”.
The Solo Group representative asked Sunrise to “liaise directly with the custodians”
regarding these outstanding invoices.
4.156 Despite having no agreement in place, Sunrise accepted a payment of
approximately USD 108,000 from Elysium, an entity registered in the UAE and
unknown to the Firm, relating to 75 US 401(k) Pension Plans. This occurred the
same day that the Authority had conducted an unannounced visit alerting Sunrise
to possible issues with the Solo Group.
4.157 Sunrise explained that they were not suspicious of the Elysium payment
“particularly as payment was made in full” and because the Solo Group
representative through whom payment was arranged was known to the Firm.
Sunrise said its “normal approach … was to require invoice[s] to be paid in full and
… Sunrise did not see any reason to depart from this approach”.
4.158 This indicated further serious weaknesses in Sunrise’s financial crime risk
management that ultimately led to Sunrise failing to consider their financial crime
and money laundering risks in relation to Elysium. Instead, the prime concern for
Sunrise in accepting the Elysium payment was whether or not it would result in
Sunrise’s debts being paid in full.
4.159 Consequently, Sunrise prioritised obtaining prompt payment in full over adequately
considering or escalating the associated financial crime and money laundering risks
posed to the Firm in relation to the Elysium payment.
Sunrise failed to Identify Any of the Above Issues
4.160 Sunrise failed to identify any of the above issues. With respect to anti-money
laundering and financial crime risk, during the Relevant Period, Sunrise did not
identify any transactions raising any suspicions and no breaches were reported or
observed.
5. FAILINGS
5.1
The statutory and regulatory provisions relevant to this Notice are referred to in
Annex B.
5.2
The JMLSG Guidance has also been included in Annex B, because in determining
whether breaches of its rules on systems and controls against money laundering
have occurred, and in determining whether to take action for a financial penalty or
censure in respect of a breach of those rules, the Authority has also had regard to
whether Sunrise followed the JMLSG Guidance.
5.3
Principle 3 requires a firm to take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems.
5.4
Sunrise breached this requirement during the Relevant Period in relation to the
Solo Group business, as its policies and procedures were inadequate for identifying,
assessing and mitigating the risk of financial crime as Sunrise failed to:
a) provide
adequate
guidance
on
obtaining
and
assessing
adequate
information when onboarding clients, with reference to the purpose and
intended nature of the business relationship, the anticipated level and
nature of activity to be undertaken and when it would be appropriate to
enquire as to the source of funds;
b) provide adequate guidance on carrying out risk assessments for clients
including the relevant risk factors to be taken into account in order to
determine the correct level of CDD to be applied, including whether EDD
was warranted;
c) set out adequate processes or procedures detailing how to conduct EDD,
including enhanced monitoring requirements for higher risk clients;
48
d) provide adequate guidance on its risk-based approach for conducting CDD
on new clients introduced by authorised firms, where reliance may be placed
upon KYC documents provided by the authorised firms for the new clients
and detailing the circumstances when it was appropriate to do so;
e) set out formal processes or procedures detailing how and/or specify the
circumstances in and frequency with which Sunrise should monitor and
document customer transaction activity, throughout the course of its
relationship with the Firm, in order to assess financial crime and AML risks;
and
f) set out escalation procedures in identifying, managing and documenting
financial crime and AML risks.
5.5
The Authority considers that Sunrise failed to act with due skill, care and diligence
as required by Principle 2 in applying its own (limited) AML policies and procedures
and in assessing, monitoring and managing the risks of financial crime it was
exposed to in respect of the Solo Group business. In particular, Sunrise failed to:
a) act promptly in implementing a work programme to address deficiencies
identified within its Compliance function following a visit from the Authority
in November 2014;
b) conduct an adequate risk assessment or adequate due diligence when taking
on the Solo Group business which meant that they failed to be identified
properly as high risk clients;
c) carry out adequate CDD when onboarding each Solo Client including the
purpose and intended nature of the business relationship, the anticipated
level and nature of activity to be undertaken, and the source of funds and/or
trading history, in order to provide a meaningful basis for transaction
monitoring;
d) conduct a risk assessment for each of the Solo Clients, as required by the
Compliance Documents, and consequently failed to identify that the Solo
Clients presented a higher risk of financial crime and that EDD ought to have
been completed;
e) conduct any EDD on the Solo Clients that presented a higher risk of money
laundering and subsequently failed to identify what EDD measures might
have been appropriate for the ongoing monitoring of the Solo Clients;
f) assess each of the Solo Clients against the categorisation criteria set out in
COBS 3.5.3 and/or failed to record the results of such assessments,
including sufficient information to support the categorisation, contrary to
COBS 3.8.2R(2)(a);
g) follow its own compliance policy in that Sunrise started trading on behalf of
the Solo Clients before they had been onboarded;
h) conduct any ongoing transaction monitoring of the Solo Trading throughout
the Relevant Period;
i)
recognise numerous red flags with the Solo Trading including that Sunrise
did not consider whether it was plausible and/or realistic that sufficient
liquidity was sourced within a closed network of entities for the scale and
volumes of trading conducted by the Solo Clients and/or that the profiles of
the Solo Clients and the nature of the 401(k) Pension Plans meant that they
were highly unlikely to meet the scale and volume of the trading purportedly
being carried out and/or at least obtain sufficient evidence of the clients’
source of funds to satisfy itself to the contrary;
j) adequately consider financial crime and money laundering risks in respect
of the German trade, in circumstances which were highly suggestive of
potential financial crime and were entirely different in nature to the other
trades introduced by Solo;
k) adequately consider associated financial crime and money laundering risks
posed in respect of the Elysium payment whereby the Firm accepted a
payment of approximately USD 108,000 from Elysium without any due
diligence or agreement in place and shortly after the Authority had
conducted an unannounced visit alerting Sunrise to its concerns with the
Solo Group; and
l)
make and keep adequate (or in some cases any) written records as evidence
of work it may have undertaken specifically relating to the consideration and
discussion of financial crime and AML matters by Sunrise management.
50
6. SANCTION
6.1
The Authority has considered the disciplinary and other options available to it and
has concluded that a financial penalty is the appropriate sanction in the
circumstances of this particular case.
6.2
The Authority’s policy on the imposition of financial penalties is set out in Chapter
6 of DEPP. In determining the financial penalty, the Authority has had regard to
this guidance.
6.3
DEPP 6.5A sets out a five-step framework to determine the appropriate level of
financial penalty.
Step 1: disgorgement
6.4
Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the
financial benefit derived directly from the breaches where it is practicable to
quantify.
6.5
The financial benefit associated with Sunrise’s failings is quantifiable by reference
to the revenue it derived from the Solo Group business as described in paragraph
4.121 of this Notice, minus custody fees, totalling £407,273.45.
6.6
The figure after Step 1 is therefore £407,273.45.
Step 2: the seriousness of the breaches
6.7
Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that reflects
the seriousness of the breaches. Where the amount of revenue generated by a firm
from a particular product line or business area is indicative of the harm or potential
harm that its breaches may cause, that figure will be based on a percentage of the
firm’s revenue from the relevant products or business area.
6.8
The Authority considers that the revenue generated by Sunrise from the Solo Group
business is indicative of the harm or potential harm caused by its breach. The
Authority has therefore determined a figure based on a percentage of Sunrise’s
revenue during the period of the breaches.
6.9
Sunrise’s revenue is the revenue derived from for the Solo Group business as it
relates to the breaches identified in this Notice. The period of Sunrise’s breach was
from 17 February 2015 to 4 November 2015. The Authority considers Sunrise’s
revenue for this period to be £466,651.87.
6.10
In deciding on the percentage of the revenue that forms the basis of the step 2
figure, the Authority considers the seriousness of the breaches and chooses a
percentage between 0% and 20%. This range is divided into five fixed levels which
represent, on a sliding scale, the seriousness of the breach; the more serious the
breach, the higher the level. For penalties imposed on firms there are the following
five levels:
Level 1 – 0%
Level 2 – 5%
Level 3 – 10%
Level 5 – 20%
6.11
In assessing the seriousness level, the Authority takes into account various factors
which reflect the impact and nature of the breaches, and whether it was committed
deliberately or recklessly. DEPP 6.5A.2G lists factors likely to be considered ‘level
4 or 5 factors’. Of these, the Authority considers the following factors to be
relevant:
1.
The breaches revealed serious or systemic weaknesses in the Firm’s
procedures and the management systems or internal controls relating to the
Firm’s governance of financial crime risk; and
2.
The breaches created a significant risk that financial crime would be
facilitated, occasioned or otherwise occur.
6.12
Taking all of these factors into account, the Authority considers the seriousness of
the breaches to be level 4 and so the Step 2 figure is 15% of £466,651.87.
6.13
Step 2 is therefore £69,997.78.
Step 3: mitigating and aggravating factors
6.14
Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the
amount of the financial penalty arrived at after Step 2, but not including any
amount to be disgorged as set out in Step 1, to take into account factors which
aggravate or mitigate the breach.
6.15
The Authority considers that the following factors aggravate the breaches:
1. The Authority and the JMLSG have published numerous documents highlighting
financial crime risks and the standards expected of firms when dealing with
those risks. The most significant publications include the JMLSG Guidance and
Financial Crime Guide (including the thematic reviews that are referred to
therein) which was first published in December 2011. These publications set
out good practice examples to assist firms, for example in managing and
mitigating money laundering risk by (amongst other things) conducting
appropriate customer due diligence, monitoring of customers’ activity and
guidance of dealing with higher-risk situations. Given the number and detailed
nature of such publications, and past enforcement action taken by the Authority
in respect of similar failings by other firms, Sunrise should have been aware of
the importance of appropriately assessing, managing and monitoring the risk
that the Firm could be used for the purposes of financial crime.
2. The Authority visited Sunrise in November 2014 which, along with the
Authority’s follow-up letter, put Sunrise on notice that its financial crime and
AML controls were weaker than required prior to the commencement of the Solo
Group business.
3. Although Sunrise provided a work programme which included a review of its
AML and KYC framework to be completed by July 2015, Sunrise failed to carry
out any in-depth review of its financial crime risk controls until April 2016. The
commission of this review was driven by commercial considerations as Sunrise
was engaging in acquisition discussions with a potential buyer.
6.16
The Authority considers that there are no mitigating factors.
6.17
Having taken into account these aggravating factors, the Authority considers that
the Step 2 figure should be increased by 20%.
6.18
Step 3 is therefore £83,997.34.
Step 4: adjustment for deterrence
6.19
Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after Step
3 is insufficient to deter the firm who committed the breach, or others, from
committing further or similar breaches, then the Authority may increase the
penalty.
6.20
The Authority considers that DEPP 6.5A.4G(1)(a) is relevant in this instance and
has therefore determined that this is an appropriate case where an adjustment for
deterrence is necessary. Without an adjustment for deterrence, the financial
penalty excluding disgorgement would be £83,997.34. In the circumstances of
this case, the Authority considers that a penalty of this size would not serve as a
credible deterrent to Sunrise and others and would not meet the Authority’s
objective of credible deterrence. As a result, it is necessary for the Authority to
increase the penalty to achieve credible deterrence.
6.21
Having taken into account the factors outlined in DEPP 6.5A.4G, the Authority
considers that a multiplier of four should be applied at Step 4.
6.22
Step 4 is therefore £335,989.35.
Step 5: settlement discount
6.23
Pursuant to DEPP 6.5A.5G, if the Authority and the firm on whom a penalty is to
be imposed agree the amount of the financial penalty and other terms, DEPP 6.7
provides that the amount of the financial penalty which might otherwise have been
payable will be reduced to reflect the stage at which the Authority and the firm
reached agreement. The settlement discount does not apply to the disgorgement
of any benefit calculated at Step 1.
6.24
The Authority and Sunrise reached agreement to settle so a 30% discount applies
to the Step 4 figure.
6.25
The Authority has rounded down the final penalty to the nearest £100. Step 5 is
therefore £642,400.
6.26
The Authority hereby imposes a financial penalty of £642,400 on Sunrise for
breaching Principle 2 and Principle 3.
7. PROCEDURAL MATTERS
Decision maker
7.1
This Notice is given to Sunrise under and in accordance with section 390 of the Act.
7.2
The following statutory rights are important.
Decision maker
7.3
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
Manner and time for payment
7.4
The financial penalty must be paid in full by Sunrise to the Authority no later than
26 November 2021.
If the financial penalty is not paid
7.5
If all or any of the financial penalty is outstanding on 27 November 2021, the
Authority may recover the outstanding amount as a debt owed by Sunrise and due
to the Authority.
7.6
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this notice relates. Under those provisions,
the Authority must publish such information about the matter to which this notice
relates as the Authority considers appropriate. The information may be published
in such manner as the Authority considers appropriate. However, the Authority
may not publish information if such publication would, in the opinion of the
Authority, be unfair to you or prejudicial to the interests of consumers or
detrimental to the stability of the UK financial system.
7.7
The Authority intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
Authority contacts
7.8
For more information concerning this matter generally, contact Udani Eriyagolla
(direct line: 0207 066 9468 / udani.eriyagolla2@fca.org.uk) or Yashsvy Brizmohun
(direct line: 0207 066 9488 / yashsvy.brizmohun2@fca.org.uk) of the Enforcement
and Market Oversight Division of the Authority.
Financial Conduct Authority, Enforcement and Market Oversight Division
1 May 2002
Sunrise is authorised by the Authority.
23 October 2014
The Solo Group approached Sunrise to discuss the prospect of the
Solo Trading.
30 October 2014
First meeting between Sunrise and the Solo Group representatives at
Solo Group offices.
The Authority’s visit to Sunrise followed by a letter setting out its
findings.
Second meeting between Sunrise and the Solo Group representatives
at Solo Group offices.
17 February 2015
Sunrise signed services agreements for clearing and settlement
services with each of the Solo Group entities.
17 February 2015
Solo Group provided Sunrise with KYC documents in order to
onboard the Solo Clients.
24 February 2015
Sunrise returned a signed licence agreement for the use of
Brokermesh.
25 February 2015
Sunrise commenced trading on behalf of the Solo Clients before any
of the Solo Clients onboarded.
10 March 2015
First group of Solo Clients recorded as onboarded by Sunrise.
6 August 2015
Solo sent request to onboard further clients. Sunrise does not
onboard these clients.
3 September 2015
Sunrise executed the German trade.
29 September 2015
Sunrise executed the last trades on behalf of the Solo Clients.
27 October 2015
Sunrise decided to cease all trading with the Solo Group or connected
entities.
3 November 2015
Unannounced visit by the Authority to the Solo Group entities and
the Broker Firms.
4 November 2015
Sunrise accepted payment from Elysium and unannounced visit by
the Authority to Sunrise.
April 2016
Sunrise commissioned independent compliance consultant conducted
review of its Compliance documentation.
22 September 2016
Solo Group entered into special administration.
ANNEX B: RELEVANT STATUTORY AND REGULATORY PROVISIONS
1.
RELEVANT STATUTORY PROVISIONS
The Financial Services and Markets Act 2000
1.1
Pursuant to sections 1B and 1D of the Act, one of the Authority’s operational
objectives is protecting and enhancing the integrity of the UK financial system.
1.2
Pursuant to section 206 of the Act, if the Authority considers that an authorised
person has contravened a requirement imposed on it by or under the Act, it may
impose on that person a penalty in respect of the contravention of such amount as
it considers appropriate.
The Money Laundering Regulations 2007
1.3
Regulation 5 provides:
Meaning of customer due diligence measures
“Customer due diligence measures” means—
(a) identifying the customer and verifying the customer’s identity on the basis of
documents, data or information obtained from a reliable and independent
source;
(b) identifying, where there is a beneficial owner who is not the customer, the
beneficial owner and taking adequate measures, on a risk-sensitive basis, to
verify his identity so that the relevant person is satisfied that he knows who the
beneficial owner is, including, in the case of a legal person, trust or similar legal
arrangement, measures to understand the ownership and control structure of
the person, trust or arrangement; and
(c) obtaining information on the purpose and intended nature of the business
relationship.”
1.4
Regulation 7 provides:
Application of customer due diligence measures
(1) “…, a relevant person must apply customer due diligence measures when he—
(a) establishes a business relationship;
(b) carries out an occasional transaction;
(c) suspects money laundering or terrorist financing;
(d) doubts the veracity or adequacy of documents, data or information
previously obtained for the purposes of identification or verification.
(2) Subject to regulation 16(4), a relevant person must also apply customer due
diligence measures at other appropriate times to existing customers on a risk-
sensitive basis.”
1.5
Regulation 8 provides:
Ongoing monitoring
“(1) “A relevant person must conduct ongoing monitoring of a business
relationship.
(2) Ongoing monitoring” of a business relationship means—
(e) scrutiny of transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to ensure
that the transactions are consistent with the relevant person’s
knowledge of the customer, his business and risk profile; and
(f) keeping the documents, data or information obtained for the purpose of
applying customer due diligence measures up-to-date.
(3) Regulation 7(3) applies to the duty to conduct ongoing monitoring under
paragraph (1) as it applies to customer due diligence measures. “
1.6
Regulation 14 provides:
Enhanced customer due diligence and ongoing monitoring
“(1) A relevant person must apply on a risk-sensitive basis enhanced customer due
diligence measures and enhanced ongoing monitoring—
(a) in accordance with paragraphs (2) to (4);
(b) in any other situation which by its nature can present a higher risk of
money laundering or terrorist financing.
(2) Where the customer has not been physically present for identification purposes,
a relevant person must take specific and adequate measures to compensate for the
higher risk, for example, by applying one or more of the following measures—
(a) ensuring that the customer’s identity is established by additional
documents, data or information;
(b) supplementary measures to verify or certify the documents supplied, or
requiring confirmatory certification by a credit or financial institution
which is subject to the money laundering directive;
(c) ensuring that the first payment is carried out through an account opened
in the customer’s name with a credit institution.”
1.7
Regulation 17 provides:
“(1) A relevant person may rely on a person who falls within paragraph (2) (or who
the relevant person has reasonable grounds to believe falls within paragraph (2))
to apply any customer due diligence measures provided that—
(a) the other person consents to being relied on; and
(b) notwithstanding the relevant person’s reliance on the other person, the
relevant person remains liable for any failure to apply such measures.
(2) The persons are—
(a) a credit or financial institution which is an authorised person;
…
(4) Nothing in this regulation prevents a relevant person applying customer due
diligence measures by means of an outsourcing service provider or agent provided
that the relevant person remains liable for any failure to apply such measures.”
1.8
Regulation 20 provides:
Policies and Procedures
“(1) A relevant person must establish and maintain appropriate and risk-sensitive
policies and procedures relating to—
(a) customer due diligence measures and ongoing monitoring;
(b) reporting;
(c) record-keeping;
(d) internal control;
(e) risk assessment and management;
(f) the monitoring and management of compliance with, and the internal
communication of, such policies and procedures,
in order to prevent activities related to money laundering and terrorist financing.
(2) The policies and procedures referred to in paragraph (1) include policies and
procedures—
(a) which provide for the identification and scrutiny of—
(i) complex or unusually large transactions;
(ii) unusual patterns of transactions which have no apparent economic
or visible lawful purpose; and
(iii) any other activity which the relevant person regards as particularly
likely by its nature to be related to money laundering or terrorist
financing;”
2.
RELEVANT REGULATORY PROVISIONS
2.1
In exercising its powers to impose a financial penalty, the Authority has had regard
to the relevant regulatory provisions published in the Authority’s Handbook. The
main provisions that the Authority considers relevant are set out below.
Principles for Business (“Principles”)
2.2
The Principles are a general statement of the fundamental obligations of firms
under the regulatory system and are set out in the Authority’s Handbook.
2.3
Principle 2 provides:
“A firm must conduct its business with due skill, care and diligence.”
2.4
Principle 3 provides:
“A firm must take reasonable care to organise and control its affairs responsibly
and effectively, with adequate risk management systems.”
Senior Management Arrangements, Systems and Controls (“SYSC”)
2.5
SYSC 3.2.6E provides:
“The FCA, when considering whether a breach of its rules on systems and controls
against money laundering has occurred, will have regard to whether a firm has
followed relevant provisions in the guidance for the UK financial sector issued by
the Joint Money Laundering Steering Group.”
2.6
SYSC 3.2.6R provides:
“A firm must take reasonable care to establish and maintain effective systems and
controls for compliance with applicable requirements and standards under the
regulatory system and for countering the risk that the firm might be used to further
financial crime.”
2.7
SYSC 6.1.1R provides:
“A firm must establish, implement and maintain adequate policies and procedures
sufficient to ensure compliance of the firm including its managers, employees and
appointed representatives (or where applicable, tied agents) with its obligations
under the regulatory system and for countering the risk that the firm might be used
to further financial crime.”
2.8
SYSC 6.3.1R provides:
“A firm must ensure the policies and procedures established under SYSC 6.1.1 R
include systems and controls that:
(1) enable it to identify, assess, monitor and manage money laundering risk; and
(2) are comprehensive and proportionate to the nature, scale and complexity of its
activities.”
2.9
SYSC 6.3.6 provides:
“In identifying its money laundering risk and in establishing the nature of these
systems and controls, a firm should consider a range of factors, including:
(1) its customer, product and activity profiles;
(2) its distribution channels;
(3) the complexity and volume of its transactions;
(4) its processes and systems; and
(5) its operating environment.”
2.10
SYSC 6.3.7 provides:
“A firm should ensure that the systems and controls include:
(3) appropriate documentation of its risk management policies and risk profile in
relation to money laundering, including documentation of its application of those
policies;
(4) appropriate measures to ensure that money laundering risk is taken into
account in its day-to-day operation, including in relation to:
(a) the development of new products;
(b) the taking-on of new customers; and
(c) changes in its business profile.”
2.11
SYSC 9.1.1 R provides:
“A firm must arrange for orderly records to be kept of its business and internal
organisation, including all services and transactions undertaken by it, which must
be sufficient to enable the appropriate regulator or any other relevant competent
authority under MiFID or the UCITS Directive to monitor the firm's compliance with
the requirements under the regulatory system, and in particular to ascertain that
the firm has complied with all obligations with respect to clients.”
Conduct of Business Sourcebook (COBS)
2.12
COBS 3.3.1A(EU) provides:
“Articles 45(1) and (2) of the MiFID Org Regulation require firms to provide clients
with specified information concerning client categorisation.
45(1) Investment firms shall notify new clients, and existing clients that the
investment firm has newly categorised as required by Directive 2014/65/EU, of
their categorisation as a retail client, a professional client or eligible counterparty
in accordance with that Directive.
(2) Investment firms shall inform clients in a durable medium about any right that
client has to request a different categorisation and about any limitations to the level
of client protection that a different categorisation would entail.”
2.13
COBS 3.3.1B(R) provides:
“The information referred to in article 45(2) of the MiFID Org Regulation (as
reproduced at COBS 3.3.1AEU) must be provided to clients prior to any provision
of services.”
2.14
COBS 3.5.2 provides:
“Each of the following is a per se professional client unless and to the extent it is
an eligible counterparty or is given a different categorisation under this chapter:
(1) an entity required to be authorised or regulated to operate in the financial
markets. The following list includes all authorised entities carrying out the
characteristic activities of the entities mentioned, whether authorised by an EEA
State or a third country and whether or not authorised by reference to a directive:
(a) a credit institution;
(b) an investment firm;
(c) any other authorised or regulated financial institution;
(d) an insurance company;
(e) a collective investment scheme or the management company of such a
scheme;
(f) a pension fund or the management company of a pension fund;
(g) a commodity or commodity derivatives dealer;
(h) a local;
(i) any other institutional investor;
(2) in relation to MiFID or equivalent third country business a large undertaking
meeting two of the following size requirements on a company basis:
(a) balance sheet total of EUR 20,000,000;
(b) net turnover of EUR 40,000,000;
(c) own funds of EUR 2,000,000;
(3) in relation to business that is not MiFID or equivalent third country business a
large undertaking meeting any1of the following conditions:
(a) a body corporate (including a limited liability partnership) which has (or
any of whose holding companies or subsidiaries has) (or has had at any
time during the previous two years) 1called up share capital or net
assets of at least £51 million (or its equivalent in any other currency at
the relevant time);
(b) an undertaking that meets (or any of whose holding companies or
subsidiaries meets) two of the following tests:
(i)
a balance sheet total of EUR 12,500,000;
(ii)
a net turnover of EUR 25,000,000;
(iii)
an average number of employees during the year of 250;
(c) a partnership or unincorporated association which has (or has had at
any time during the previous two years) net assets of at least £5 million
(or its equivalent in any other currency at the relevant time) and
calculated in the case of a limited partnership without deducting loans
owing to any of the partners;
(d) a trustee of a trust (other than an occupational pension scheme, SSAS,
personal pension scheme or stakeholder pension scheme) which has (or
has had at any time during the previous two years) assets of at least
£10 million (or its equivalent in any other currency at the relevant time)
calculated by aggregating the value of the cash and designated
investments forming part of the trust's assets, but before deducting its
liabilities;
(e) a trustee of an occupational pension scheme or SSAS, or a trustee or
operator of a personal pension scheme or stakeholder pension scheme
where the scheme has (or has had at any time during the previous two
years):
(i) at least 50 members; and
(ii) assets under management of at least £10 million (or its
equivalent in any other currency at the relevant time);
(f) a local authority or public authority.
(4) a national or regional government, a public body that manages public debt, a
central bank, an international or supranational institution (such as the World Bank,
the IMF, the ECP, the EIB) or another similar international organisation;
(5) another institutional investor whose main activity is to invest in financial
instruments (in relation to the firm's MiFID or equivalent third country business) or
designated investments (in relation to the firm's other business). This includes
entities dedicated to the securitisation of assets or other financing transactions.”
2.15
COBS 3.5.3 provides:
Elective professional clients
“A firm may treat a client other than a local public authority or municipality3 as an
elective professional client if it complies with (1) and (3) and, where applicable,
(2):
(1) the firm undertakes an adequate assessment of the expertise, experience and
knowledge of the client that gives reasonable assurance, in light of the nature of
the transactions or services envisaged, that the client is capable of making his own
investment decisions and understanding the risks involved (the "qualitative test");
(2) in relation to MiFID or equivalent third country business in the course of that
assessment, at least two of the following criteria are satisfied:
(a) the client has carried out transactions, in significant size, on the relevant
market at an average frequency of 10 per quarter over the previous four
quarters;
(b) the size of the client's financial instrument portfolio, defined as including
cash deposits and financial instruments, exceeds EUR 500,000;
(c) the client works or has worked in the financial sector for at least one
year in a professional position, which requires knowledge of the transactions
or services envisaged; (the "quantitative test"); and
(3) the following procedure is followed:
(a) the client must state in writing to the firm that it wishes to be treated
as a professional client either generally or in respect of a particular service
or transaction or type of transaction or product;
(b) the firm must give the client a clear written warning of the protections
and investor compensation rights the client may lose; and
(c) the client must state in writing, in a separate document from the
contract, that it is aware of the consequences of losing such protections.
2.16
COBS 3.8.2R provides:
“(2) A firm must make a record in relation to each client of:
the categorisation established for the client under this chapter, including sufficient
information to support that categorisation;”
Decision Procedure and Penalties Manual (“DEPP”)
2.17
Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the
Authority’s statement of policy with respect to the imposition and amount of
financial penalties under the Act. In particular, DEPP 6.5A sets out the five steps
for penalties imposed on firms.
2.18
DEPP 6.2.3G provides:
“The FCA's rules on systems and controls against money laundering are set out in
SYSC 3.2 and SYSC 6.3. The FCA, when considering whether to take action for a
financial penalty or censure in respect of a breach of those rules, will have regard
to whether a firm has followed relevant provisions in the Guidance for the UK
financial sector issued by the Joint Money Laundering Steering Group.”
2.16 The Enforcement Guide sets out the Authority’s approach to taking disciplinary action.
The Authority’s approach to financial penalties and suspensions (including restrictions) is
set out in Chapter 7 of the Enforcement Guide.
JMLSG GUIDANCE– PART I (dated 19 November 2014)
A risk-based approach – governance, procedures and internal controls
2.19
JMLSG Paragraph 4.5 provides:
“A risk-based approach requires the full commitment and support of senior
management, and the active co-operation of business units.
The risk-based
approach needs to be part of the firm’s philosophy, and as such reflected in the
procedures and controls. There needs to be a clear communication of policies and
procedures across the firm, along with the robust mechanisms to ensure that they
are carried out effectively, weaknesses are identified, and improvements are made
wherever necessary.”
“Whatever approach is considered the most appropriate to the firm’s money
laundering/terrorist financing risk, the broad objective is that the firm should
know at the outset of the relationship who their customers are, where they
operate, what they do, their expected level of activity with the firm and whether
or not they are likely to be engaged in criminal activity. The firm then should
consider how the profile of the customer’s financial behaviour builds up over time,
thus allowing the firm to identify transactions that may be suspicious.”
“A risk assessment will often result in a stylised categorisation of risk: e.g.,
high/medium/low. Criteria will be attached to each category to assist in allocating
customers and products to risk categories, in order to determine the different
treatments of identification, verification, additional customer information and
monitoring for each category, in a way that minimises complexity.”
“While a risk assessment should always be performed at the inception of a customer
relationship (although see paragraph 4.16 below), for some customers a
comprehensive risk profile may only become evident once the customer has begun
transacting through an account, making the monitoring of transactions and on-
going reviews a fundamental component of a reasonably designed RBA. A firm may
also have to adjust its risk assessment of a particular customer based on
information received from a competent authority.”
2.23
JMLSG Paragraph 4.25 provides:
“For firms which operate internationally, or which have customers based or
operating abroad, there are additional jurisdictional risk considerations relating to
the position of the jurisdictions involved, and their reputation and standing as
regards the inherent ML/TF risk, and the effectiveness of their AML/CTF
enforcement regime.”
“The firm should assess its risks in the context of how it might most likely be
involved in money laundering or terrorist financing. In this respect, senior
management should ask themselves a number of questions; for example:
What risk is posed by the firm’s customers? For example:
o Complex business ownership structures, which can make it easier to
conceal underlying beneficiaries, where there is no legitimate commercial
rationale;
o An individual meeting the definition of a PEP (see paragraphs 5.5.18);
o Customers (not necessarily PEPs) based in, or conducting business in
or through, a high risk jurisdiction, or a jurisdiction with known higher
levels of corruption or organised crime, or drug production/distribution;
and
o Customers engaged in a business which involves significant amounts of
cash, or which are associated with higher levels of corruption (e.g., arms
dealing, extractive industries, construction).
o Customers engaged in industries that might relate to proliferation
activities.
What risk is posed by a customer’s behaviour? For example:
o Where there is no commercial rationale for the customer buying the
product he seeks;
o Requests for a complex or unusually large transaction which has no
apparent economic or lawful purpose;
o Requests to associate undue levels of secrecy with a transaction;
o Situations where the origin of wealth and/or source of funds cannot be
easily verified or where the audit trail has been deliberately broken and/or
unnecessarily layered; and
o The unwillingness of customers who are not private individuals to give
the names of their real owners and controllers.
How does the way the customer comes to the firm affect the risk? For
example:
o Occasional transactions (see paragraph 5.3.6) v business relationships
(see paragraph 5.3.5);
o Introduced business, depending on the effectiveness of the due
diligence carried out by the introducer; and
o Non face-to-face acceptance.
What risk is posed by the products/services the customer is using? For
example:
o Can the product features be used for money laundering or terrorist
financing, or to fund other crime?
o Do the products allow/facilitate payments to third parties?
o Is the main risk that of inappropriate assets being placed with, or
moving from, or through, the firm?
o Does a customer migrating from one product to another within the firm
carry a risk?”
2.25
JMLSG Paragraph 4.44 provides:
“The application of CDD measures is intended to enable a firm to form a reasonable
belief that it knows the true identity of each customer and beneficial owner, and,
with an appropriate degree of confidence, knows the types of business and
transactions the customer is likely to undertake. The firm’s procedures should
include procedures to:
Identify and verify the identity of each customer on a timely basis
Identify and take reasonable, risk based measures to verify the identity of,
any ultimate beneficial owner
Obtain appropriate additional information to understand the customer’s
circumstances and business.”
“Based on the risk assessment carried out, a firm will determine the level of CDD
that should be applied in respect of each customer and beneficial owner. It is likely
that there will be a standard level of CDD that will apply to the generality of
customer, based on the firm’s risk appetite.”
2.27
JMLSG Paragraph 4.50 provides:
“Where a customer is assessed as carrying a higher risk, then depending on the
product sought, it will be necessary to seek additional information in respect of the
customer, to be better able to judge whether or not the higher risk that the
customer is perceived to present is likely to materialise. Such additional information
may include an understanding of where the customer’s funds and wealth have come
from. Guidance on the types of additional information that may be sought is set out
in section 5.5.”
“Where the risks of ML/TF are higher, firms must conduct enhanced due diligence
measures consistent with the risks identified. In particular, they should increase
the degree and nature of monitoring of the business relationship, in order to
determine whether these transactions or activities appear unusual or suspicious.
Examples of EDD measures that could be applied for higher risk business
relationships include:
Obtaining, and where appropriate verifying, additional information on
the customer and updating more regularly the identification of the
customer and any beneficial owner
Obtaining additional information on the intended nature of the business
relationship
Obtaining information on the source of funds or source of wealth of the
customer
Obtaining information on the reasons for intended or performed
transactions
Obtaining the approval of senior management to commence or continue
the business relationship
Conducting enhanced monitoring of the business relationship, by
increasing the number and timing of controls applied, and selecting
patterns of transactions that need further examination
Requiring the first payment to be carried out through an account in the
customer’s name with a bank subject to similar CDD standards”
2.29
JMLSG Paragraph 4.61 provides:
“Firms must document their risk assessments in order to be able to demonstrate
their basis, keep these assessments up to date, and have appropriate mechanisms
to provide appropriate risk assessment information to competent authorities.”
Customer due diligence
2.30
JMLSG Paragraph 5.1.5 provides:
“The CDD measures that must be carried out involve:
(a) identifying the customer, and verifying his identity (see paragraphs
5.3.2);
(b) identifying the beneficial owner, where relevant, and verifying his identity
(see paragraphs 5.3.8); and
(c) obtaining information on the purpose and intended nature of the business
relationship (see paragraphs 5.3.21).”
2.31
JMLSG Paragraph 5.3.125 provides:
“To the extent consistent with the risk assessment carried out in accordance with
the guidance in Chapter 4, the firm should ensure that it fully understands the
company’s legal form, structure and ownership, and must obtain sufficient
additional information on the nature of the company’s business, and the reasons
for seeking the product or service.”
Enhanced due diligence
2.32
JMLSG Paragraph 5.5.1 provides:
“A firm must apply EDD measures on a risk-sensitive basis in any situation which
by its nature can present a higher risk of money laundering or terrorist financing.
As part of this, a firm may conclude, under its risk-based approach, that the
information it has collected as part of the customer due diligence process (see
section 5.3) is insufficient in relation to the money laundering or terrorist financing
risk, and that it must obtain additional information about a particular customer, the
customer’s beneficial owner, where applicable, and the purpose and intended
nature of the business relationship.”
2.33
JMLSG Paragraph 5.5.2 provides:
72
“As a part of a risk-based approach, therefore, firms should hold sufficient
information about the circumstances and business of their customers and, where
applicable, their customers’ beneficial owners, for two principal reasons:
to inform its risk assessment process, and thus manage its money
laundering/terrorist financing risks effectively; and
to provide a basis for monitoring customer activity and transactions,
thus increasing the likelihood that they will detect the use of their
products and services for money laundering and terrorist financing.”
2.34
JMLSG Paragraph 5.5.9 provides:
“The ML Regulations prescribe three specific types of relationship in respect of
which EDD must be applied. They are:
where the customer has not been physically present for identification
purposes (see paragraphs 5.5.10);
in respect of a correspondent banking relationship (see Part II, sector
16: Correspondent banking);
in respect of a business relationship or occasional transaction with a PEP
(see paragraph 5.5.18).”
2.35
JMLSG Paragraph 5.7.2 provides:
“Monitoring customer activity helps identify unusual activity. If unusual activities
cannot be rationally explained, they may involve money laundering or terrorist
financing. Monitoring customer activity and transactions that take place throughout
a relationship helps firms know their customers, assist them to assess risk and
provides greater assurance that the firm is not being used for the purposes of
financial crime.”
JMLSG Part II – Wholesale Markets
“OTC and exchange-based trading can also present very different money
laundering risk profiles. Exchanges that are regulated in equivalent jurisdictions,
are transparent and have a central counterparty to clear trades, can largely be seen
as carrying a lower generic money laundering risk. OTC business may, generally,
be less well regulated and it is not possible to make the same generalisations
concerning the money laundering risk as with exchange-traded products.
For
example, trades that are executed as OTC but then are centrally cleared, have a
different risk profile to trades that are executed and settled OTC. Hence, when
dealing in the OTC markets firms will need to take a more considered risk-based
approach and undertake more detailed risk-based assessment.”
2.37
JMLSG Part 2 Paragraph 20.12 provides:
“A firm should also consider, as part of its wider obligations in respect of financial
crime and to mitigate reputational risk, whether there are any red flags that
warrant further investigation. Some of the questions firms may wish to consider
include, where relevant, whether the size and reputation of the service providers
(administrator, investment manager, auditor, lawyers etc) match the funds profile
and whether the due diligence procedures for investors into the fund appropriate?
Whilst structures associated with funds are often complex and involve a number of
jurisdictions, an important question is: does it make sense? For example, why is a
fund regulated and listed in different jurisdictions? Also, where, an administrator is
located in non-equivalent jurisdiction or specific concerns have been identified,
closer inspection of the administrator’s due diligence activities and background
should be considered.”
ANNEX C: 401(K) PENSION PLAN
Employer Created 401(k) Plans
1.1
A 401(k) is a qualified profit sharing plan that allows employees to contribute a
portion of their wages to individual retirement accounts. Employers can also
contribute to employees’ accounts. Any money that is contributed to a 401(k) below
the annual contribution limit is not subject to income tax in the year the money is
earned, but then is taxable at retirement. For example, if John Doe earns $100,000
in 2018, he is allowed to contribute $18,500, which is the 2018 limit, to his 401(k)
plan. If he contributes the full amount that he is allowed, then although he earned
$100,000, his taxable income for income tax purposes would be $81,500. Then, he
would pay income tax upon any money that he withdraws from his 401(k) at
retirement. If he withdraws any money prior to age 59 1/2, he would be subject to
various penalties and taxes.
1.2
Contribution to a 401(k) plan must not exceed certain limits described in the
Internal Revenue Code. The limits apply to the total amount of employer
contributions,
employee
elective
deferrals
and
forfeitures
credits
to
the
participant’s account during the year. The contribution limits apply to the aggregate
of all retirement plans in which the employee participates. The contribution limits
have been increased over time. Below is a chart of the contribution limits:
Employer
Contribution
Limit
Total
Contribution
Catch Up
Contribution
(only for
individuals Age
50+)
1999
$10,000
$20,000
$30,000
0
2000
$10,500
$19,500
$30,000
0
2001
$10,500
$24,500
$35,000
0
2002
$11,000
$29,000
$40,000
$1,000
2003
$12,000
$28,000
$40,000
$2,000
2004
$13,000
$28,000
$41,000
$3,000
2005
$14,000
$28,000
$42,000
$4,000
2006
$15,000
$29,000
$44,000
$5,000
2007
$15,500
$29,500
$45,000
$5,000
2008
$15,500
$30,500
$46,000
$5,000
2009
$16,500
$32,500
$49,000
$5,500
2010
$16,500
$32,500
$49,000
$5,500
2011
$16,500
$32,500
$49,000
$5,500
2012
$17,000
$33,500
$50,000
$5,500
2013
$17,500
$34,000
$51,000
$5,500
2014
$17,500
$34,500
$52,000
$5,500
2015
$18,000
$35,000
$53,000
$6,000
If an individual was aged 30 in 1999, the absolute maximum that he could have
contributed including the maximum employer contributions would be $746,000.
Minimum Age Requirements
1.3
In the United States, the general minimum age limit for employment is 14. Because
of this, an individual may make contributions into 401(k) plans from this age if the
terms of the plan allow it. The federal government does not legally require
employers to include employees in their 401(k) plans until they are at least 21
years of age. If you are at least 21 and have been working for your employer for
at least one year, your employer must allow you to participate in the company’s
401(k) plan. As a result, some employers’ plans will not allow individuals to invest
until they are at least 18 or 21 depending upon the terms of the plan.
1.4
A one-participant 401(k) plan are sometimes called a solo 401(k). This plan covers
a self-employed business owner, and their spouse, who has no employees. These
plans have the same rules and requirements as other 401(k) plans, but the self-
employed individual wears two hats, the employer and the employee.
76
ANNEX D: SUNRISE VOLUMES OF TRADING
Graph A Compares the volume of trading in five selected listed Danish stocks
purportedly executed by Sunrise on behalf of Solo Clients and the aggregate
volume traded on European exchanges by all other market participants on the same
trading dates on which Sunrise purportedly executed the trades. This volume is
shown as a percentage of the total number of outstanding shares in those particular
stocks on those trading dates. It also contains the approximate value of the trading
in GBP.
Graph A - Volume of Danish stocks traded as a
percentage of total shares outstanding
Trades purportedly executed by Sunrise on behalf of Solo Clients
Graph B Compares the volume of trading in five selected listed Belgian stocks
purportedly executed by Sunrise on behalf of Solo Clients and the aggregate
volume traded on European exchanges by all other market participants on the same
trading dates on which Sunrise purportedly executed the trades. This volume is
shown as a percentage of the total number of outstanding shares in those particular
stocks on those trading dates. It also contains the approximate value of the trading
in GBP.
Percentage of shares outstanding
£9.9bn
£1.8bn
£1.1bn
£1.5bn
£1.4bn
£30.3m
£146.9m
£15.0m
£62.2m
£56.1m
Trades executed on European exchanges
Graph B - Volume of Belgian stocks traded as a
percentage of total shares outstanding
Percentage of shares outstanding
0.00%
Stock F
Stock G
Stock H
Stock I
Stock J
30-Apr-2015
30-Apr-2015
5-May-2015
8-May-2015
1-Jun-2015
£476.7m
£580.1m
£6.2bn
£599.1m
£1.2bn
£264.2m
£29.0m
£33.7m
£62.5m
£39.3m
Trades purportedly executed by Sunrise on behalf of Solo Clients
Trades executed on European exchanges
Graph C Compares the volume of trading in five selected listed Danish stocks
together with five selected listed Belgian stocks purportedly executed by Sunrise
on behalf of Solo Clients and the aggregate volume traded on European exchanges
in those particular stocks by all other market participants on the same trading dates
on which Sunrise purportedly executed those trades. This volume is shown as a
percentage.
0%
Stock C
30-Mar-
2015
Stock D
30-Mar-
2015
Stock E
06-May-
2015
Stock F
30-Apr-
2015
Stock G
30-Apr-
2015
Graph C - Volume purportedly traded by Solo Clients
and traded on European exchanges as a percentage
Volume of trades executed on European exchanges
Volume of Belgian trades purportedly executed by Sunrise on behalf of Solo Clients
Volume of trades executed on European exchanges
Volume of Danish trades purportedly executed by Sunrise on behalf of Solo Clients
To:
SUNRISE BROKERS LLP
1. ACTION
1.1
For the reasons given in this Final Notice, pursuant to section 206 of the Financial
Services and Markets Act 2000 (“the Act”), the Financial Conduct Authority (“the
Authority”) hereby imposes on Sunrise Brokers LLP (“Sunrise” or “the Firm”), a
financial penalty of £642,400 of which £407,273 is disgorgement.
1.2
Sunrise agreed to resolve this matter and qualified for a 30% (stage 1) discount
under the Authority’s executive settlement procedures. Were it not for this
discount, the Authority would have imposed a financial penalty of £743,200 on
Sunrise.
2. SUMMARY OF REASONS
2.1
Fighting financial crime is an issue of international importance, and forms part of
the Authority’s operational objective of protecting and enhancing the integrity of
the UK financial system. Authorised firms are at risk of being abused by those
seeking to conduct financial crime, such as fraudulent trading and money
laundering. It is therefore imperative that firms have in place effective systems and
1
controls to identify and mitigate the risk of their businesses being used for such
purposes, and that they act with due skill, care and diligence to adhere to the
systems and controls that they have put in place, in order to properly assess,
monitor and manage the risk of financial crime.
2.2
Between 17 February 2015 and 4 November 2015 (the “Relevant Period”), Sunrise:
a) had inadequate systems and controls to identify and mitigate the risk of
being used to facilitate fraudulent trading and money laundering in relation
to business introduced by four authorised entities known as the Solo
Group, thereby breaching Principle 3; and
b) did not exercise due skill, care and diligence in applying its AML policies
and procedures and in failing to properly assess, monitor and mitigate the
risk of it being used to facilitate financial crime in relation to the Solo
Trading, the Elysium payment and the German trade (together “the Solo
Group business”), thereby breaching Principle 2.
2.3
The Solo Clients were off-shore companies, including Malaysian incorporated
entities and a number of individual US 401(k) Pension Plans, previously unknown
to Sunrise. They were introduced by the Solo Group, which purported to provide
clearing and settlement services as Custodian to clients within a closed network,
via a custom over the counter (“OTC”) trading and settlement platform known as
Brokermesh. The Solo Clients were controlled by a small number of individuals,
some of whom had worked for the Solo Group, without apparent access to sufficient
funds to settle the transactions.
2.4
During the Relevant Period, on behalf of the Solo Clients, Sunrise executed
purported OTC equity Cum-Dividend Trades to the value of approximately £25.4
billion in Danish equities and £11.2 billion in Belgian equities, and received
commission of £466,652 during the Relevant Period.
2.5
The Solo Trading was characterised by a purported circular pattern of extremely
high value OTC equity trading, back-to-back securities lending arrangements and
forward transactions, involving EU equities on or around the last day of cum-
dividend. Following the purported Cum-Dividend Trading that took place on
designated days, the same trades were subsequently reversed over several days
or weeks to neutralise the apparent shareholding positions (the “Unwind Trading”).
2
2.6
The purported OTC trades executed by Sunrise on Brokermesh did not have access
to liquidity from public exchanges, yet the purported trades were filled within a
matter of minutes, almost invariably, and represented up to 20% of the shares
outstanding in companies listed on the Danish stock exchange, and up to 9.6% of
the equivalent Belgian stocks. The volumes also equated to an average of 36 times
and 22 times the volume of all Danish and Belgian stocks respectively, traded on
European exchanges, on the relevant last cum dividend trading date.
2.7
The Authority’s investigation and conclusions in respect of the purported trading
are based on a range of information including, in part, analysis of transaction
reporting data, material received from Sunrise, the Solo Group, and five other
Broker Firms that participated in the Solo Trading. The combined volume of the
purported Cum-Dividend Trading across the six Broker Firms was between 15%-
61% of the shares outstanding in the Danish stocks traded and between 7%-30%
of the shares outstanding in the Belgian stocks traded. These volumes are
considered implausible, especially in circumstances where there is an obligation to
publicise holders of over 5% of Danish and Belgian listed stocks.
2.8
As a broker for the equity trades, Sunrise executed the purported Cum-Dividend
Trading and the purported Unwind Trading. However, the FCA believes it unlikely
that Sunrise would have executed both the purported Cum-Dividend Trades and
purported Unwind Trades for the same Solo Client in the same stock in the same
size trades, and therefore it is likely Sunrise only saw one side of the purported
trading. Additionally, the FCA considers that purported stock loans and forwards
linked to the Solo Trading are likely to have been used to obfuscate and/or give
apparent legitimacy to the overall scheme. Although there is evidence that Sunrise
was aware of the purported stock loans and forwards, these trades were not
executed by Sunrise.
2.9
The purpose of the purported trading was so the Solo Group could arrange for
Dividend Credit Advice Slips (“DCAS”) to be created, which purported to show that
the Solo Clients held the relevant shares on the record date for dividend. The DCAS
were in some cases then used to make Withholding Tax (“WHT”) reclaims from the
tax agencies in Denmark and Belgium pursuant to Double Taxation Treaties. In
2014 and 2015, the value of Danish and Belgian WHT reclaims made, which are
attributable to the Solo Group, were approximately £899.27 million and £188.00
million respectively. In 2014 and 2015, of the reclaims made, the Danish and
3
Belgian tax authorities paid approximately £845.90 million and £42.33 million
respectively.
2.10
The Authority refers to the Solo Trading as ‘purported’ as it has found no evidence
of ownership of the shares by the Solo Clients, nor custody of the shares or
settlement of the trades by the Solo Group. This, coupled with the high volumes of
shares purported to have been traded, is highly suggestive of sophisticated
financial crime.
2.11
Sunrise staff had in place inadequate systems and controls to identify and mitigate
the risk of being used to facilitate fraudulent trading and money laundering in
relation to business introduced by the Solo Group. In addition, Sunrise staff did not
exercise due skill, care and diligence in applying AML policies and procedures and
in failing properly to assess, monitor and mitigate the risk of financial crime in
relation to the Solo Clients and the purported trading.
2.12
Sunrise did not have policies and procedures in place to assess properly the risks
of the Solo Group business, and failed to appreciate the risks involved in the Solo
Trading. This resulted in inadequate CDD being conducted and a failure to
adequately monitor transactions and to identify unusual transactions. This
heightened the risk that the Firm could be used for the purposes of facilitating
financial crime in relation to the Solo Trading.
2.13
The manner in which the Solo Trading was conducted, combined with its scale and
volume is highly suggestive of financial crime. The Authority’s findings are also
made in the context of this finding and in consideration that these matters have
given rise to additional investigations by tax agencies and/or law enforcement
agencies in other jurisdictions as has been publicly reported. Whilst the alleged
underlying misconduct of the Solo Group has not to date resulted in any
determination of fraud, investigations by tax agencies and/or law enforcement
agencies are on-going in other jurisdictions.
Other significant transactions and visits by the Authority
2.14
In addition to the Solo Trading, Sunrise ignored or failed to notice a series of red
flags in relation to a trade in a German stock it executed on behalf of a broker client
on 3 September 2015. The circumstances of the onboarding and trading relating to
that broker client ought to have prompted Sunrise to consider the serious financial
crime risks this trade posed, particularly given it was executed at nearly twice the
prevailing market value of the stock.
2.15
Sunrise also accepted a payment on 4 November 2015 from a UAE-based entity
connected to the Solo Group called Elysium. This payment was provided by Elysium
in respect of some outstanding debts owed to the Firm by Solo Clients. After
receiving an offer for payment via the Solo Group, Sunrise accepted a payment of
USD 108,000 from Elysium without having heard of the entity before and without
conducting any AML checks or having any agreement in place. Sunrise accepted
this payment from Elysium the same day the Authority conducted an unannounced
visit alerting Sunrise to possible issues within the Solo Group.
2.16
In neither instance did Sunrise identify or escalate any potential financial crime
concerns or suspicions.
2.17
The Authority had also visited Sunrise in November 2014, shortly prior to the
commencement of the Solo Trading, as part of its work to raise standards in the
brokerage sector. The Authority assessed the Firm’s AML, KYC and market abuse
detection arrangements and put Sunrise on notice that its financial crime and AML
controls were weaker than required. After the visit, the Authority notified Sunrise
of a number of areas of concern and in response, Sunrise provided a work
programme which included a review of its AML and KYC framework to be completed
by July 2015. Sunrise failed to carry out any in-depth review of its financial crime
risk controls until April 2016. The commission of this review was driven by
commercial considerations as Sunrise was engaging in acquisition discussions with
a potential buyer.
Breaches and failings
2.18
Principle 3 requires a firm to take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems. The
Authority considers that Sunrise breached this requirement during the Relevant
Period as its policies and procedures were inadequate for identifying, assessing and
mitigating the risk of financial crime as Sunrise failed to:
a) provide
adequate
guidance
on
obtaining
and
assessing
adequate
information when onboarding clients, with reference to the purpose and
intended nature of the business relationship, the anticipated level and
5
nature of activity to be undertaken and when it would be appropriate to
enquire as to the source of funds;
b) provide adequate guidance on carrying out risk assessments for clients
including the relevant risk factors to be taken into account in order to
determine the correct level of CDD to be applied, including whether EDD
was warranted;
c) set out adequate processes or procedures detailing how to conduct EDD,
including enhanced monitoring requirements for higher risk clients;
d) provide adequate guidance on its risk-based approach for conducting CDD
on new clients introduced by authorised firms, where reliance may be placed
upon KYC documents provided by the authorised firms for the new clients
and detailing the circumstances when it was appropriate to do so;
e) set out any formal processes or procedures detailing how and/or specify the
circumstances in and frequency with which Sunrise should monitor and
document customer transaction activity, throughout the course of its
relationship with the Firm, in order to assess financial crime and AML risks;
and
f) set out escalation procedures in identifying, managing and documenting
financial crime and AML risks.
2.19
The Authority considers that during the Relevant Period, Sunrise failed to act with
due skill, care and diligence as required by Principle 2 in applying its own (limited)
AML policies and procedures and in assessing, monitoring and managing the risks
of financial crime it was exposed to in respect of Solo Group business. In particular
Sunrise failed to:
a) act promptly in implementing a work programme to address identified
deficiencies within its Compliance function following a visit from the
Authority in November 2014;
b) conduct adequate risk assessments or adequate due diligence when taking
on the Solo Group business which meant they failed to be identified properly
as high risk clients;
6
c) carry out adequate CDD when onboarding each Solo Client including the
purpose and intended nature of the business relationship, the anticipated
level and nature of activity to be undertaken, and the source of funds and/or
trading history, in order to provide a meaningful basis for transaction
monitoring;
d) conduct a risk assessment for each of the Solo Clients, as required by the
Compliance Documents, and consequently failed to identify that the Solo
Clients presented a higher risk of financial crime and that EDD ought to have
been completed;
e) conduct any EDD on the Solo Clients that presented a higher risk of money
laundering and subsequently failed to identify what EDD measures might
have been appropriate for the ongoing monitoring of the Solo Clients;
f) assess each of the Solo Clients according to categorisation criteria set out
in COBS 3.5.3 and/or failed to record results of such assessments, including
sufficient information to support the categorisation, contrary to COBS
3.8.2R(2)(a);
g) follow its own compliance policy in that Sunrise started trading on behalf of
the Solo Clients before they had been onboarded;
h) conduct any ongoing transaction monitoring of the Solo Trading throughout
the Relevant Period;
i)
recognise numerous red flags with the purported Solo Trading including that
Sunrise did not consider whether it was plausible and/or realistic that
sufficient liquidity was sourced within a closed network of entities for the
scale and volumes of trading conducted by the Solo Clients. Likewise, failing
to consider or recognise that the profiles of the Solo Clients meant that they
were highly unlikely to meet the scale and volume of the trading purportedly
being carried out, and/or failing to at least obtain sufficient evidence of the
clients’ source of funds to satisfy itself to the contrary;
j) adequately consider financial crime and money laundering risks in respect
of the German trade, in circumstances which were highly suggestive of
potential financial crime;
7
k) adequately consider associated financial crime and money laundering risks
posed in respect of the Elysium payment whereby the Firm accepted a
payment of approximately USD 108,000 from Elysium without any due
diligence or agreement in place and shortly after the Authority had
conducted an unannounced visit alerting Sunrise to its concerns with the
Solo Group; and
l)
make and keep adequate, or in some cases any, written records as evidence
of work it may have undertaken specifically relating to the consideration and
discussion of financial crime and AML matters by Sunrise management.
2.20
Sunrise’s failings merit the imposition of a significant financial penalty. The
Authority considers the failings to be particularly serious for the following reasons:
1. Sunrise onboarded 142 Solo Clients over a short time period, some of which
emanated from jurisdictions which did not have AML requirements equivalent
to those in the UK;
2. Sunrise’s AML policies and procedures were not proportionate to the risks in the
business that it was undertaking;
3. Sunrise failed to properly review and analyse the KYC materials that were
provided by the Solo Clients or ask appropriate follow up questions to red flags
in the KYC materials;
4. Even after a number of red flags appeared, Sunrise failed to conduct any
ongoing monitoring, allowing the Solo Clients to purportedly trade equities
totalling approximately £36.6 billion;
5. Sunrise was put on notice following the Authority’s visit in November 2014 that
its financial crime and AML controls were weaker than required. However,
Sunrise failed to improve and apply appropriate AML systems and controls and
onboarded the Solo Clients in the same month it represented to the Authority
it was compliant;
6. Sunrise executed a trade in a German equity, which was nearly twice that of
the prevailing share price, while ignoring numerous red flags that were highly
suggestive of financial crime risk;
7. Sunrise accepted a payment from Elysium after being alerted to the Authority’s
concerns regarding the Solo Group by an unannounced visit by the Authority
on 4 November 2015; and
8. Finally, none of these failings were identified or escalated by Sunrise during the
Relevant Period.
2.21
Taken together, these failings exposed Sunrise to unacceptable financial crime
risks. Accordingly, to further the Authority’s operational objective of protecting and
enhancing the integrity of the UK financial system, the Authority hereby imposes
on Sunrise a financial penalty of £642,400.
3. DEFINITIONS
3.1
The following definitions are used in this Notice:
“401(k) Pension Plan” means an employer-sponsored retirement plan in the
United States. Eligible employees may make pre-tax contributions to the plan but
are taxed on withdrawals from the account. A Roth 401(k) plan is similar in nature;
however, contributions are made post-tax although withdrawals are tax-free. For
the 2014 tax year, the annual contribution limit was $17,500 for an employee, plus
an additional $5,500 catch-up contribution for those aged 50 and over. For the tax
year 2015, the contribution limits were $18,000 for an employee and the catch-up
contribution was $6,000. For a more detailed analysis, please see Annex C;
“2007 Regulations” or “Regulation” means the Money Laundering Regulations
2007 or a specific regulation therein;
“the Act” means the Financial Services and Markets Act 2000;
“AML” means Anti-Money Laundering;
“AML Certificate” means an AML introduction form which is supplied by one
authorised firm to another. The form confirms that a regulated firm has carried out
CDD obligations in relation to a client and authorises another regulated firm to place
reliance on it in accordance with Regulation 17;
“Authority” or “FCA” means the Financial Conduct Authority, known prior to 1 April
2013 as the Financial Services Authority;
“Broker Firms” means the other broker firms who agreed with the Solo Group to
carry out the Solo Trading;
“Brokermesh” means the bespoke electronic platform set up by the Solo Group
for the Solo Clients to submit orders to buy or sell cash equities, and for Sunrise
and the Broker Firms to seek liquidity and execute the purported trading;
“CDD” means customer due diligence measures, the measures a firm must take to
identify each customer and verify their identity and to obtain information on the
purpose and intended nature of the business relationship, as required by Regulation
5;
“Clearing broker” means an intermediary with responsibility to reconcile trade
orders between transacting parties. Typically, the Clearing broker validates the
availability of the appropriate funds, ensures the delivery of the securities in
exchange for cash as agreed at the point the trade was executed, and records the
transfer;
“COBS” means the Authority’s Conduct of Business Sourcebook;
“Compliance Documents” means Risk-based Client Take-on Procedures for
Business Units v1, dated 28 April 2015; Risk-based Client Take-On Procedures for
Business Units, v2, dated 27 April 2015; Anti-money laundering policy v3, dated
22 January 2014; “Compliance Manual V2.doc” or Compliance Manual dated
December 2013; Introduction Certificate form dated 28 April 2015;
“Cum-Dividend” means when a buyer of a security is entitled to receive the next
dividend scheduled for distribution, which has been declared but not paid. A stock
trades cum-dividend up until the ex-dividend date, after which the stock trades
without its dividend rights;
“Cum-Dividend Trading” means the purported trading that the Solo Clients
conducted where the shares are cum-dividend in order to demonstrate apparent
shareholding positions that would be entitled to receive dividends, for the purposes
of submitting WHT reclaims;
“Custodian” means a financial institution that holds customers’ securities for
safekeeping. They also offer other services such as account administration,
transaction settlements, the collection of dividends and interest payments, tax
support and foreign exchange;
“DCAS” means Dividend Credit Advice Slips. These are completed and submitted
to overseas tax authorities in order to reclaim the tax paid on dividends received;
“DEPP” means the Authority’s Decision Procedure and Penalties Manual;
“Dividend Arbitrage” means the practice of placing shares in an alternative tax
jurisdiction around dividend dates with the aim of minimising Withholding Taxes
(WHT) or generating WHT reclaims. Dividend Arbitrage may include several
different activities including trading and lending equities and trading derivatives,
including futures and total return swaps, designed to hedge movements in the price
of the securities over the dividend dates;
“Double Taxation Treaty” means a treaty entered into between the country
where the income is paid and the country of residence of the recipient. Double
Taxation Treaties may allow for a reduction or rebate of the applicable WHT;
“EDD” means enhanced due diligence, the measures a firm must take in certain
situations, as outlined in Regulation 14;
“Elysium” means Elysium Global (Dubai) Limited;
“Elysium payment” means the c. USD 108,000 payment received by Sunrise from
Elysium on 4 November 2015 in relation to debts owed by the Solo Clients to
Sunrise;
“Executing broker” means a broker that merely buys and sells shares on behalf
of clients. The broker does not give advice to clients on when to buy or sell shares;
“European exchanges” means registered execution venues, including regulated
markets, multilateral trading facilities, organised trading facilities and alternative
trading systems encapsulated in Bloomberg’s European Composite;
“Financial Crime Guide” means the Authority’s consolidated guidance on financial
crime, which is published under the name “Financial crime: a guide for firms”. In
this Notice, the applicable versions for the Relevant Period were published in
January 2015 (incorporating updates which came into effect on 1 June 2014) and
April 2015. The Financial Crime Guide contains “general guidance” as defined in
11
section 139B FSMA. The guidance is not binding and the Authority will not presume
that a firm’s departure from the guidance indicates that it has breached the
Authority’s rules. But as stated in FCG 1.1.8, the Authority expect firms to be aware
of the Financial Crime Guide where it applies to them, and to consider applicable
guidance when establishing, implementing and maintaining their anti-financial
crime systems and controls;
“German trade” means the EUR 5 million ‘buy’ order executed by Sunrise on behalf
of a broker client (“Client X”) of 146,397 shares in a German stock on 3 September
2015 at a specified intraday price of EUR 34.15;
“Handbook” means the collection of regulatory rules, manuals and guidance issued
by the Authority as in force during the Relevant Period;
“JMLSG” means the Joint Money Laundering Steering Group, which is comprised
of leading UK trade associations in the financial services sector;
“JMLSG Guidance” means the ‘Prevention of money laundering/combating
terrorist finance guidance for the UK financial sector’ issued by the JMLSG, which
has been approved by a Treasury Minister in compliance with the legal requirements
in the 2007 Regulations. The JMLSG Guidance sets out good practice for the UK
financial services sector on the prevention of money laundering and combating
terrorist financing. In this Notice, applicable provisions from the version dated on
19 November 2014 have been referred to;
The Authority will have regard to whether firms have followed the relevant
provisions of the JMLSG Guidance when deciding whether a breach of its rules on
systems and controls against money laundering has occurred, and in considering
whether to take action for a financial penalty or censure in respect of a breach of
those rules (SYSC 3.2.6E and DEPP 6.2.3G);
“KYC” means Know Your Customer, which refers to CDD and EDD obligations;
“KYC pack” means the bundle of client identity information received, which usually
included incorporation documents, certified copies of identity documents, utility
bills and CVs;
“MLRO” means Money Laundering Reporting Officer;
“OTC” means over the counter trading which does not take place on a regulated
exchange;
“Principles” means the Authority’s Principles for Businesses as set out in the
Handbook;
“Relevant Period” means the period from 17 February 2015 to 4 November 2015;
“SCP” means Solo Capital Partners LLP;
“Solo Clients” means the entities introduced by the Solo Group to Sunrise and the
other brokers, and on whose behalf Sunrise executed purported equity trades for
some of the clients during the Relevant Period;
“Solo Group” or “Solo” means the four authorised firms owned by Sanjay Shah,
a British national residing in Dubai, details of which are set out in paragraph 4.19;
“Solo Group business” means the Solo Trading, the German trade and the
Elysium payment;
“Solo Trading” means the purported Cum-Dividend Trading and the purported
Unwind Trading executed for Solo Clients during the Relevant Period;
“Sunrise” means Sunrise Brokers LLP;
“Tribunal” means the Upper Tribunal (Tax and Chancery Chamber);
“UBO” means ultimate beneficial owner with “beneficial owner” being defined in
Regulation 6;
“Unwind Trading” means purported trading that took place over several days or
weeks to reverse the purported Cum-Dividend Trading to neutralise the apparent
shareholding positions;
“Withholding Tax” or “WHT” means a levy deducted at source from income and
passed to the government by the entity paying it. Many securities pay periodic
income in the form of dividends or interest, and local tax regulations often impose
a WHT on such income; and
“Withholding Tax Reclaims” means in certain cases where WHT is levied on
payments to a foreign entity, the WHT may be reclaimed if there is a Double
Taxation Treaty between the country in which the income is paid and the country
of residence of the recipient. Double Taxation Treaties may allow for a reduction or
rebate of the applicable WHT.
4. FACTS AND MATTERS
4.1
Sunrise is an interdealer broker and during the Relevant Period, primarily facilitated
trades between counterparties for listed and OTC derivative products, typically for
well-established listed companies, international investment banks, hedge funds and
asset managers.
4.2
Sunrise offered brokerage services in equity, exotic equity, credit, hybrid and
commodity derivatives across multiple asset classes; bonds and execution services
in cash equities. Sunrise did not have permissions to take positions, to trade on its
own account nor to hold any client money. Sunrise was authorised to trade for and
advise eligible counterparty and professional clients in a range of investment types
but not to trade for nor advise retail clients. During the Relevant Period, Sunrise
employed approximately 100 staff in its London office.
4.3
Sunrise staff had in place inadequate systems and controls to identify and mitigate
the risk of being used to facilitate fraudulent trading and money laundering in
relation to business introduced by four authorised entities known as the Solo Group.
In addition, Sunrise staff did not exercise due skill, care and diligence in applying
AML policies and procedures and in failing to properly assess, monitor and mitigate
the risk of financial crime in relation to the Solo Group business.
Statutory and Regulatory Provisions
4.4
The statutory and regulatory provisions relevant to this Warning Notice are set out
in Annex B.
4.5
Principle 3 requires firms to take reasonable care to organise and control their
affairs responsibly and effectively, with adequate risk management systems. The
2007 Regulations and rules in the Authority’s Handbook further require firms to
create and implement policies and procedures to prevent and detect money
laundering, and to counter the risk of being used to facilitate financial crime. These
include systems and controls to identify, assess and monitor money laundering risk,
as well as conducting CDD and ongoing monitoring of business relationships and
transactions.
4.6
Principle 2 requires firms to conduct their businesses with due skill, care and
diligence. A firm merely having systems and controls as required by Principle 3 is
not sufficient to avoid the ever-present financial crime risk. A firm must also
operate those systems and controls with due skill, care and diligence as required
by Principle 2 to protect itself, and properly assess, monitor and manage the risk
of financial crime.
4.7
Money laundering is not a victimless crime. It is used to fund terrorists, drug dealers
and people traffickers as well as numerous other crimes. If firms fail to apply money
laundering systems and controls thoughtfully and diligently, they risk facilitating
these crimes.
4.8
As a result, money laundering risk must be taken into account by firms as part of
their day-to-day operations, including in relation to the development of new
products, the taking on of new clients and changes in its business profile. In doing
so, firms should take account of their customer, product and activity profiles and
the complexity and volume of their transactions.
4.9
The Joint Money Laundering Steering Group (“JMLSG”) has published detailed
guidance with the aim of promoting good practice, and giving practical assistance
in interpreting the 2007 Regulations and evolving practice within the financial
services industry. When considering whether a breach of its rules on systems and
controls against money laundering has occurred, the Authority will have regard to
whether a firm has followed the relevant provisions in the JMLSG Guidance.
4.10
Substantial guidance for firms has also been published by the Authority regarding
the importance of AML controls, in the form of its Financial Crime Guide, which cites
examples of good and bad practice, publications of AML thematic reviews and
regulatory notices.
Authority visit to Sunrise in November 2014
4.11
The Authority visited Sunrise on 25 November 2014. The Authority “identified areas
that require the firm’s attention” regarding the effectiveness of Sunrise’s AML/KYC
arrangements, and market abuse controls. These areas were set out in a follow-up
letter to Sunrise dated 23 December 2014. This was before Sunrise had been
approached by Solo to take on the Solo Clients or changed their business to
incorporate the Brokermesh activity.
4.12
The key issues the Authority identified regarding the effectiveness of Sunrise’s
AML/KYC arrangements included that:
1) “the apparent lack of Compliance resource appeared to have impinged
on the Firm’s ability to properly implement controls” concerning money
laundering;
2) “there appears to be a need to formalise the whole AML and KYC process.
For example, the risk scoring methodology does not appear to be clearly
documented, and it was unclear whether clients had been assigned a
specific risk rating”;
3) It “did not appear that higher risk clients were subject to transaction
monitoring checks”;
4) the Authority was “unable to establish the firm’s formal stance on the
key AML risks”;
5) “formal AML/KYC information is not regularly reported to the Board”; and
6) Sunrise’s Compliance Officer “is the source of a lot of information
regarding process and decision making, which … represents an
increasing key-man risk”.
4.13
The key issues regarding the effectiveness of Sunrise’s market abuse controls
included that:
1) “it appeared there [was] no current timetable for market abuse training
in operation”; and
2) The FCA staff “were informed that the firm utilises an automated
monitoring system that screens all transactions. However it is not clear
to us the parameters of [this] system are fully understood by the firm.
For example, it was known whether the system covers all products
brokered, identifies unusual trading patterns … the degree to which it
has been implemented and targeted based on key risks remains
unclear”.
4.14
In its follow-up letter, the Authority informed Sunrise that it expected Sunrise to
set out a work programme to set out the issues addressed which was to cover
(among other things):
1) formalising and documenting its AML/KYC approach, setting out clearly its
risk-based approach to client take-on/review and transaction monitoring
and presenting a formal MLRO report to senior management;
2) assessing and addressing gaps in the market abuse training programme;
and
3) reviewing “pertinent risks that are inherent in the business model” and
ensuring “appropriate transaction monitoring systems and controls are in
place to comply with the STR regime”.
4.15
On 30 March 2015, after onboarding of the Solo Clients had begun and in response
to the Authority’s visit, Sunrise sent the FCA a work schedule, stating (among other
things) that:
1) additional resource had been added to the Compliance department and
further additional resources would be added as required; and
2) its work programmes around the effectiveness of:
a. AML/KYC arrangements would be completed by end of July 2015;
and
b. market abuse controls would be completed by end of May 2015.
4.16
Sunrise considered that its Compliance function required some administrative
support, but other than that it was adequate.
Sunrise said the key area for
improvement they identified from the Authority’s visit was that it needed to hire
17
extra resource for the Compliance function, mainly to provide additional
administrative support and improve Compliance’s approach to documentation.
Sunrise did not interpret from the Authority’s visit that its approach to client
onboarding (including risk assessments and KYC) was deficient. Sunrise did not
consider from their conversations with the Authority that there was any particular
urgency to address the matters raised but did treat the recruitment of someone to
assist with the administration aspects of compliance as something that they should
action promptly.
4.17
Sunrise stated that it was “at the end of 2015” (i.e. after the Authority’s
unannounced visit) that the Firm realised not everything in the Authority’s letter
had been addressed nor had the work schedule been carried out in a timely manner.
This coincided with Sunrise’s discussions about a potential takeover of their
company by another firm.
4.18
In April 2016, Sunrise instructed an external compliance consultant to carry out an
independent review of its Compliance documentation. The prospect of the takeover
was the main driver for seeking external compliance support and not the Authority’s
visit and follow-up letter (although this letter was used to inform how Sunrise
approached the independent review).
The Solo Group
4.19
The four authorised firms referred to by the Authority as the Solo Group were
owned by Sanjay Shah, a British national currently based in Dubai:
Solo Capital Partners LLP (“SCP”) was first authorised in March 2012 and
was a broker.
West Point Derivatives Ltd was first authorised in July 2005 and was a broker
in the derivatives market.
Old Park Lane Capital Ltd was first authorised in April 2008 and was an
agency stockbroker and corporate broker.
Telesto Markets LLP was first authorised on 27 August 2014 and was a
wholesale custody bank and fund administrator.
4.20
During the Relevant Period, SCP and others in the Solo Group at various stages,
held regulatory permissions to provide custody and clearing services. The Solo
18
Group has not been permitted to carry out any activities regulated by the Authority
since December 2015 and Solo Capital Partners formally entered Special
Administration insolvency proceedings in September 2016. The other three entities
are in administration proceedings.
Background of Dividend Arbitrage and the Purported Solo Trading
Dividend Arbitrage Trading
4.21
The aim of Dividend Arbitrage is to place shares in certain tax jurisdictions around
dividend dates, with the aim of minimising Withholding Taxes (WHT) or to generate
WHT reclaims. WHT is a levy deducted at source from dividend payments made to
shareholders.
4.22
If the beneficial owner is based outside of the country of issue of the shares, they
may be entitled to reclaim that tax if the country of issue has a relevant treaty (a
“Double Taxation Treaty”) with the country of residence of the beneficial owner.
Accordingly, Dividend Arbitrage aims at transferring the beneficial ownership of
shares temporarily overseas, in sync with the dates upon which dividends become
payable, in order that the criteria for making a Withholding Tax reclaim are fulfilled.
4.23
As the strategy is one of temporary transfer only, it is often executed using ‘stock
lending’ transactions. While such transactions are structured economically as loans,
the entitlement to a tax rebate depends on actual transfer of title. The legal
structure of the ‘loan’ is therefore a sale of the shares, on condition that the
borrower is obliged to supply equivalent shares to the lender at a specified future
date.
4.24
Dividend Arbitrage may give rise to significant market risk for either party as the
shares may rise or fall in value during the life cycle of the loan. In order to mitigate
this, the strategy will often include a series of derivative transactions, which hedge
this market exposure.
4.25
A key role of the share Custodian in connection with Dividend Arbitrage strategies
is to issue a voucher to the beneficial owner which certifies such ownership on the
date on which the entitlement to a dividend arose. The voucher will also specify the
amount of the dividend and the sum withheld at source. This is sometimes known
as a ‘Dividend Credit Advice Slip’ or ‘Credit Advice Note’. The purpose of the voucher
is for the beneficial owner to produce it to the relevant tax authority to reclaim the
19
Withholding Tax (assuming the existence of a relevant Double Taxation Treaty).
The voucher generally certifies that (i) the shareholder was the beneficial owner of
the share at the relevant time, (ii) the shareholder had received the dividend, (iii)
the amount of the dividend, and (iv) the amount of tax withheld from the dividend.
4.26
Given the nature of Dividend Arbitrage trading, the costs of executing the strategy
will usually be commercially justifiable only if large quantities of shares are traded.
4.27
The Authority’s investigation and understanding of the purported trading in this
case is based, in part, on analysis of transaction reporting data and material
received from Sunrise, the Solo Group, and five other Broker Firms that participated
in the Solo Trading. The Solo Trading was characterised by a circular pattern of
extremely large-scale purported OTC equity trading, back-to-back securities
lending arrangements and forward transactions.
4.28
The Solo Trading can be broken into two phases:
(i) purported trading conducted when shares were cum-dividend in order to
demonstrate apparent shareholding positions that would be entitled to receive
dividends, for the purposes of submitting WHT reclaims (“Cum-Dividend Trading”);
and
(ii) the purported trading conducted when shares were ex-dividend, in relation to
the scheduled dividend distribution event which followed the Cum-Dividend
Trading, in order to reverse the apparent shareholding positions taken by the Solo
Group clients during Cum-Dividend Trading (“Unwind Trading”).
4.29
The combined volume of the purported Cum-Dividend Trading across the six Broker
Firms were between 15% and 61% of the shares outstanding in the Danish stocks
traded, and between 7% and 30% of the shares outstanding in the Belgian stocks
traded.
4.30
As a broker for the Solo Trading, Sunrise executed the purported Cum-Dividend
Trading and the purported Unwind Trading. However, the FCA believes it unlikely
that Sunrise would have executed both the purported Cum-Dividend Trade and
purported Unwind Trades for the same client in the same stock in the same size
trades and therefore it is likely Sunrise only saw one side of the Solo Trading.
Additionally, the FCA considers that purported stock loans and forwards linked to
the Solo Trading are likely to have been used to obfuscate and/or give apparent
legitimacy to the overall scheme. Although there is evidence that Sunrise was
aware of the purported stock loans and forwards, these trades were not executed
by Sunrise.
4.31
The purpose of the purported Solo Trading was to enable the Solo Group to arrange
for DCAS to be created, which purported to show that the Solo Clients held the
relevant shares on the record date for dividend. The DCAS were in some cases then
used to make WHT reclaims from the tax agencies in Denmark and Belgium,
pursuant to Double Taxation Treaties. In 2014 and 2015, the value of Danish and
Belgian WHT reclaims made, which are attributable to the Solo Group, was
approximately £899.27 million and £188.00 million respectively. In 2014 and 2015,
of the WHT reclaims made, the Danish and Belgian tax authorities paid
approximately £845.90 million and £42.33 million respectively.
4.32
The Authority refers to the trading as ‘purported’ as it has found no evidence of
ownership of the shares by the Solo Clients, or custody of the shares and settlement
of the trades by the Solo Group.
Sunrise’s introduction of the Solo Group Business
4.33
In October 2014, the Solo Group approached Sunrise with a business proposal to
join a bespoke trading platform called Brokermesh, whereby Sunrise would be
executing equity trades for “several hundred fund customers” and the Solo Group
would provide custody and clearing services for all trades on the platform. This
proposal was particularly attractive to Sunrise as it had not been able to find an
entity to provide clearing services and additionally would bring in some work to an
area of the Firm which was not bringing in any revenue. According to a staff
member at Sunrise, Solo’s proposal “offered us, you know, a solution in terms of
bringing some revenue in instead of … us sitting there earning nothing, I mean,
literally absolutely nothing and doing nothing every single day”.
4.34
In short, the relevant area of business was largely (if not wholly) reliant on the
business from the Solo Group. As a consequence, there was considerable
commercial pressure to bring in revenue to the relevant desk.
In these
circumstances, Sunrise should have been cognisant of the conflict of interests
arising from the absence of revenue in particular areas against the need to ensure
that potential business introduced was appropriate for the Firm and in line with the
Firm’s regulatory obligations and relevant policies.
4.35
Sunrise and the Solo Group representatives met to discuss the proposal on two
occasions (30 October 2014 and 16 December 2014). Prior to this introduction,
Sunrise did not have an established business relationship with the Solo Group,
although they had undertaken a couple of trades for Solo Capital. Sunrise did not
document any minutes nor notes of these initial meetings. In the initial email
discussions, Solo told Sunrise that “Solo’s relationship to the brokers is principally
one of a software provider where we happen to have mutual clients. Solo has a
contract with the brokers governing this service”.
4.36
Sunrise estimated that the projected revenue from the Solo Group proposal of
between £500,000 and £1 million per year, which was based on charging the Solo
Clients a quarter basis point of the notional value of each trade. To reach the
projected revenue, Sunrise would have been able to calculate that they would need
to execute trades for the Solo Clients to the value of between £20 billion to £40
billion annually.
4.37
Sunrise did not carry out a formal or documented risk assessment when taking on
the Solo Group business although “commercial discussions and due diligence” took
place ahead of Sunrise making the decision to sign services agreements with the
Solo Group. Sunrise explained “that it took considerable comfort” from the fact that
the Solo Group entities were regulated by the Authority and that other authorised
firms “which it regarded as reputable and assumed would also have undertaken
due diligence” had already signed up to the Brokermesh platform. However, Sunrise
did not have any specific conversations with the other Broker Firms involved to
discuss compliance issues or queries, or to confirm the assumptions on which it
made itself comfortable about the arrangements into which it was entering.
4.38
Sunrise queried the Solo Group’s structure with regard to Brokermesh on a
telephone call with Solo on 6 February 2015. Sunrise could not see the reason why
four Solo Group entities were involved. Solo did not identify a particular reason
other than this was Sanjay Shah’s preference and that it would split the revenue
stream between the four Broker Firms. On another call between the Solo Group and
Sunrise on 9 February 2015, Sunrise queried the rationale behind the structure and
the nature of the arrangements stating “... need to understand … what is being
done is legal … that we’re not participating in anything that hasn’t already gone
22
through a proper due diligence process”. There is no record of if and how this
query was answered.
4.39
On 17 February 2015, Sunrise signed an agreement with the Solo Group whereby
the Solo Group would provide clearing and settlement services in relation to the
Solo Clients (“the Services Agreement”) and on 24 February 2015 Sunrise signed
the terms of the Brokermesh licence. Sunrise understood that it would not be liable
for any settlement failures if a trade did not go ahead and that all trades would be
subject to the Solo Group’s approval.
4.40
The Solo Group informed Sunrise before the Services Agreement was signed that
the trading would involve pan-European equities. Within Sunrise it was assumed
that the trading would involve Dividend Arbitrage. Sunrise did not however seek
any further information from the Solo Group about the intended nature and purpose
of the Solo Trading.
Onboarding of the Solo Clients
Introduction to Onboarding requirements
4.41
The 2007 Regulations required authorised firms to use their onboarding process to
obtain and review information about a potential customer to satisfy their KYC
obligations.
4.42
As set out in Regulation 7 of the 2007 Regulations, a firm must conduct CDD when
it establishes a business relationship or carries out an occasional transaction.
4.43
As part of the CDD process, a firm must first identify the customer and verify their
identity. Second, a firm must identify the beneficial owner, if relevant, and verify
their identity. Finally, a firm must obtain information on the purpose and intended
nature of the business relationship.
4.44
To confirm the appropriate level of CDD that a firm must apply, a firm must perform
a risk assessment, taking into account the type of customer, business relationship,
product and/or transaction. The firm should also document their risk assessments
and keep their risk assessments up to date.
4.45
If the firm determines through its risk assessment that the customer poses a higher
risk of money laundering or terrorist financing then they must apply EDD. This may
mean that the firm should obtain additional information regarding the customer,
the beneficial owner to the extent there is one, and the purpose and intended
nature of the business relationship. Additional information gathered during EDD
should then be used to inform the firm’s risk assessment process, in order to
manage its money laundering/terrorist financing risks effectively. The information
firms are required to obtain about the circumstances and business of their
customers is necessary to provide a basis for monitoring customer activity and
transactions, so firms can effectively detect the use of their products for money
laundering and/or terrorist financing.
Chronology of the onboarding
4.46
On 17 February 2015, the onboarding process commenced for the Solo Clients
when the Solo Group started supplying KYC documents to Sunrise. This was the
first time that Sunrise had received information about the names of the Solo Clients
and the jurisdictions in which the Solo Clients were based. The 142 Solo Clients
were onboarded between 10 March 2015 and 6 May 2015 as follows:
23 March 2015
6
6 May 2015
3
4.47
The Solo Clients included a total of 81 clients recorded as onboarded over two
working days on 10 and 11 March 2015 and the remaining clients over four non-
consecutive working days on 20 and 23 March 2015, 1 April 2015 and 6 May 2015.
4.48
The Solo Trading commenced on 25 February 2015, which was almost two weeks
before any of the Solo Clients were recorded as onboarded and eight days after the
onboarding commenced. Sunrise therefore started trading in respect of some of
the Solo Clients before it had fulfilled its obligations under the 2007 Regulations,
particularly Regulation 7 and in direct contravention of the Compliance Documents.
Sunrise should at this stage have been prepared and willing to refuse to onboard
clients if they presented unacceptable risks.
4.49
Sunrise onboarded the 142 clients introduced by the Solo Group in under two
months. This compared to 48 clients unrelated to the Solo Group that Sunrise
onboarded during the entire Relevant Period. The rate of onboarding also differed,
with the 48 unrelated clients being onboarded over 41 days, whereas the Solo
Clients were onboarded over 6 days. Of the clients unrelated to the Solo Group
onboarded during the Relevant Period, no more than two were ever onboarded on
the same day.
4.50
Sunrise acknowledged that onboarding all the Solo Clients “effectively in one go”
was not a “usual” thing to do and was “a bit rushed”. However, Sunrise was under
pressure from Solo to complete the onboarding of the Solo Clients and Sunrise was
keen to ensure that it did not lose the business being offered to it. Sunrise indicated
concerns that they “risked being dropped from the project” if onboarding was not
done to Solo’s timeline.
4.51
Not only was the large number of clients onboarded unusual for Sunrise, the Solo
Clients also deviated from Sunrise’s normal type of client. Sunrise’s top 20 clients
during the Relevant Period were large investment banks or large institutional funds.
By contrast, the Solo Clients consisted of approximately 118 401(k) Pension Plans
and almost all pension plans and entities had been set up in 2014, which was in
itself a red flag. Whereas during the Relevant Period, Sunrise did not execute any
equity trades in Danish stocks for its top 20 clients, Sunrise purportedly executed
high volume Cum-Dividend Trades to the value of approximately £25.4 billion in
Danish equities for the Solo Clients in the knowledge that a large majority of these
clients were recently established individual pension plans.
4.52
The Solo Clients were all based in the US or Malaysia. Although Sunrise did not
have any Malaysian based clients prior to onboarding the Solo Clients, 24 of the
Solo Clients were registered in Labuan (Malaysia). Sunrise did not give any
additional considerations to the onboarding despite the fact that the Solo Clients
were not UK based.
4.53
The KYC material provided to Sunrise showed that almost all the Solo Clients’
entities had only one UBO, with many of those UBOs owning several of those
entities each. A number of the UBOs were connected to the Solo Group. Sunrise
did not recognise or consider that this was unusual at the time.
4.54
CDD is an essential part of the onboarding process, that must be conducted when
onboarding a new client. Firms must obtain and hold sufficient information about
their clients to inform the risk assessment process and manage the money
laundering risks effectively.
4.55
As part of the CDD process first, under Regulation 5 of the 2007 Regulations, a firm
must identify the customer and verify their identity. Second, a firm must identify
the beneficial owner, if relevant, and verify their identity. Finally, a firm must
obtain information on the purpose and intended nature of the business relationship.
A.
Customer Identification and Verification
4.56
Regulation 20 of the 2007 Regulations requires that firms establish and maintain
appropriate and risk-sensitive policies and procedures related to customer due
diligence. SYSC 6.3.1R requires that the policies must be comprehensive and
proportionate to the nature, scale and complexity of its activities.
4.57
Sunrise stated that it onboarded prospective clients during the Relevant Period
using a “risk-based approach” in accordance with its client take-on policy and the
JMLSG Guidance. Paragraph 8.1 of Sunrise’s Anti-Money Laundering Policy stated
that the firm needed “to be reasonably satisfied that their clients are who they say
they are” in order to make it “more difficult for the financial services industry to be
used for the purpose of money laundering or for handling the proceeds of crime”
directing employees to Sunrise’s Client Take-on Policy. No further guidance on what
“reasonably” meant was provided in the policy itself.
4.58
Sunrise’s Compliance Manual stated that the Firm had established a client take-on
procedure to satisfy its client identification requirements which were the same
regardless of the business area. The Anti-Money Laundering Policy stated that the
identification process exists to, in part, “help the firm to identify, during the course
of a continuing relationship, what may be unusual” and indicate if a client may be
involved in money laundering, fraud or handling of criminal or terrorist property.
26
4.59
Sunrise’s Client Take-on Procedures purported to contain information which Sunrise
employees were “to attempt to obtain in all circumstances”. The steps (to be
followed in numerical order) included: (i) Determine who the client is and who
needs to be identified; (ii) Determine the overall risk of the proposed client
relationship; (iii) Record the products and services the client is requesting; (iv)
Determine if information provided by another firm can be relied upon instead of
collecting information directly from the client, and if so collect the appropriate
certificate; (v) If another firm cannot be relied on, determine the information
required and collect documents; and (vi) Complete the summary client take-on
form.
4.60
Sunrise, however, acknowledged that there may have been discrepancies and/or
contradictions in the Compliance Documents. This was due to the fact that they
had been sourced, in part, from a member of staff at the Firm who had drafted
parts of them for another firm. As a result, the Compliance Documents had not
been updated, tailored or amended adequately to reflect Sunrise’s business. Key
parts of the Compliance Documents such as checklists appeared to be missing.
Reliance on Solo for due diligence
4.61
Further, the Client Take-on Procedures stated that “in many circumstances, you
will find that due to the low risk nature of the relationship, Sunrise Brokers is able
to rely upon another party for some or all of the client identification”. The Client
Take-on Procedures did not give further details of when Sunrise would rely on
another party for some or all of the client identification, what factors needed to be
taken into account or what particular measures put in place.
4.62
The JMLSG Guidance states that firms should take a risk-based approach when
deciding whether to accept confirmation from a third party that appropriate CDD
measures have been carried out on a customer and this “cannot be based on a
single factor”. They also state that if reliance is placed on a third party, the firm
still needs to know the identity of the beneficial owner whose identity is being
verified; the level of CDD carried out; and have confirmation of the third party’s
understanding of his obligation to make available on request copies of the
verification data, documents or other information.
4.63
Sunrise’s Client Take-on Procedures also stated that with “all customers, it is
essential” that Sunrise “understand the entity type and all parties associated with
it”. They also stated that introduction certificates should be obtained by Sunrise
when an equivalent regulated entity confirms that identification and verification has
been undertaken on a specific client. Sunrise has provided no evidence that these
were obtained for the Solo Clients.
4.64
The Client Take-on Procedures also stated that general assurances may be given
by “an undertaking provided by a regulated firm to another regulated firm that for
all current and future customers introduced, sufficient identification has been or
will be obtained and retained by the original owner”. However, these were only
permitted for introductions where there was a one-off transaction for low risk
customers, between clearing and executing brokers in certain limited (but
unspecified) circumstances or where the client was an unregulated fund where
relevant investors may need to be identified (so long as the client is low or medium
risk in nature).
4.65
Sunrise’s approach to onboarding Solo Clients placed unreasonable reliance on the
fact that these Solo Clients were introduced by another regulated firm. The fact
that the introducer was regulated appears to be the only factor Sunrise considered
when deciding on the level of due diligence to apply. Essentially, as the Solo Clients
were introduced by a regulated entity, Sunrise did not treat them as previously
unknown clients and failed to apply the level of due diligence to the Solo Clients as
it would do for other clients. Sunrise admitted that this approach was “in retrospect
… something that we would not do now”.
B.
Beneficial Owner and Beneficial Owner Verification
4.66
As stated in paragraph 4.55 above, under Regulation 5 of the 2007 Regulations, a
firm must identify a client’s beneficial owner, if relevant, and verify their identity.
Sunrise’s Client Take-on Procedures stated that: “Identifying and verifying such
owners back to either a source individual, or to a stage where ownership is by a
lower risk entity or range of entities, is of crucial importance in protecting the firm
from money laundering risk”.
4.67
Sunrise represented that “every client documentation was reviewed to find the
beneficial owner, and who the people were authorised to trade on behalf of that.
The documents were reviewed through to understand that they were certified and
notarised and being provided to us, they did include passports and utility bills. …
So making sure that, at least on that, the documents we held for the underlying
clients were correct, or I believed them to be correct at the time”.
4.68
During the due diligence process, KYC documents received in relation to the Solo
Trading indicated that the UBO of a Solo Client was a former Solo Group employee
but this did not “really raise any questions … on the suitability of the person” with
Sunrise because the individual in question was considered “a market professional”.
4.69
Nor did Sunrise have concerns when KYC documents showed that the sole
beneficiary of a Solo Client was an 18-year old college student who shared the
same home address as the fund manager. The 18-year old college student was also
the UBO of four other 401(k) Pension Plans that Sunrise onboarded. Sunrise said it
would not have raised any concerns that an 18-year old would be making significant
sized trades on the basis that “the fund had a manager” who would be trading on
the college student’s behalf although said it was “unusual” that the student shared
the home address as the fund manager.
C.
Purpose and Intended Nature of a Business Relationship
4.70
As part of CDD, Regulation 5(c) of the 2007 Regulations requires firms to obtain
information on the purpose and intended nature of the business relationship. Firms
should use this information to assess whether a customer’s financial behaviour over
time is in line with their expectations, whether or not the client is likely to be
engaged in criminal activity, and to provide it with a meaningful basis for ongoing
monitoring of the relationship.
4.71
Regulation 20 of the 2007 Regulations requires that firms establish and maintain
appropriate and risk-sensitive policies and procedures related to customer due
diligence, and SYSC 6.3.1R requires that the policies must be comprehensive and
proportionate to the nature, scale and complexity of its activities.
4.72
Sunrise’s Compliance Manual stated that it was important for the Firm “to
understand the client’s business in order to assess the consistency of their
transactions and activities undertaken so as to determine what may or may not
seem suspicious or unusual”.
4.73
Sunrise’s Client Take-on Procedures stated that the Firm must obtain and document
“The client’s reason for seeking Sunrise Brokers’ products and/or services. This will
ensure that Sunrise Brokers fully understands the entity, and structure and
29
ownership”. The Compliance Documents however did not set out any framework or
guidance for staff to follow to understand the purpose and intended nature of the
business relationship with each client.
4.74
Sunrise first received KYC documentation for the Solo Clients from the Solo Group
on 17 February 2015. There was no composite written checklist to assist with the
review of KYC documents during the onboarding process although the Compliance
Documents did provide examples of some of the information that Sunrise ought to
obtain when conducting due diligence.
4.75
The CDD Sunrise undertook for the Solo Clients was limited to checking the
documentation received and to carrying out identification checks for the Solo
Clients and for the UBOs of each of the entities being onboarded. Sunrise stated it
had no concerns arising from its review of the KYC documents. It is the Authority’s
view that Sunrise’s review of the KYC documents was rushed, given the commercial
pressure Solo had placed on Sunrise and therefore lacked an adequate level of
scrutiny.
4.76
Sunrise failed to identify numerous red flags which should have been evident from
scrutinising the KYC documents. Sunrise did not question why Solo Clients were
using 401(k) Pension Plans to conduct highly speculative, short term Dividend
Arbitrage as such plans were largely for holding individual savings. Nor did Sunrise
question how plausible it was that individual Solo Clients were conducting trading
that required the Solo Clients to hold such a high level of funds, particularly when
Sunrise did not know the limits on 401(k) Pension Plan contributions or otherwise
check the source of these funds. Had it done so, Sunrise would have identified that
the value of the Solo Trading was many times in excess of the maximum funds that
could have contributed to US 401(k) Pension Plans set up only the year before.
4.77
In not applying this basic level of scrutiny, Sunrise failed to complete the CDD steps
required under Regulation 5 of the 2007 Regulations.
4.78
As part of the onboarding and due diligence process, firms need to undertake and
document risk assessments for every client. Such assessments should be based on
information contained in the clients’ KYC documents.
30
4.79
Conducting a thorough risk assessment for each client assists firms in determining
the correct level of CDD to be applied, including whether EDD is warranted. If a
customer is not properly assessed, firms are unlikely to be fully apprised of the
risks posed by each client, which increases the risk of undetected financial crime.
4.80
Under Regulation 20 of the 2007 Regulations, firms are required to maintain
appropriate and risk-sensitive policies and procedures related to risk assessments
and management.
4.81
Sunrise’s Compliance Manual and Client Take-on Procedures were put in place “to
help prevent money laundering through Sunrise Brokers”. They stated that the “the
risk rating of a client allows Sunrise Brokers to apply appropriate money laundering
controls and requirements to each client”.
4.82
The client risk rating determined the documentation and information required by
the Solo Clients. For instance, if a client was rated medium or low risk, Sunrise
would not need to record an explanation for the source of funds. If a client was
high risk, Sunrise would need to record an explanation for the source of funds and
the source of wealth. Accordingly, if the client risk rating was not properly
determined, Sunrise would not have appropriate controls in place for that client.
4.83
Sunrise’s Compliance Documents refer to the “Overall Client Risk” being
determined by combining the “Relationship Risk” and the “Country Risk” of the
client. According to the Compliance Documents, the “Relationship Risk”, “Country
Risk” and “Overall Risk” should be recorded in a specific form. However, Sunrise’s
Compliance Documents did not provide a “Country Risk” list to allow this risk rating
to be determined by reading the Compliance Documents.
4.84
The Compliance Documents stated that regulated entities are lower risk for money
laundering purposes, where the relevant regulator was on a particular list drafted
by Compliance. Similarly, listed entities or public companies where the exchange
was deemed equivalent with UK/US standards would also be deemed lower risk, as
would larger pension funds and government entities or public sector bodies.
Malaysia did not appear on the list of regulators deemed equivalent by Sunrise or
on the list of exchanges deemed equivalent by Sunrise and therefore it appears
that the Solo clients should have been considered at least medium or high risk.
4.85
Had Sunrise followed the policy stated in the Compliance Documents, the Solo
Clients incorporated in Labuan (which is part of Malaysia) would not have been
classified as low risk, as Malaysia would not have been classified as a low risk
country.
4.86
Sunrise said that it classified the Solo Clients as “low risk” based entirely on who
they have been introduced by i.e. the Solo Group, rather than following its own
policies or the 2007 Regulations, thereby increasing the risk of Sunrise being used
to facilitate money laundering. No other factors existed which would permit Sunrise
to classify the Solo Clients as low risk.
4.87
In addition, in contravention of Sunrise’s policy during the Relevant Period, Sunrise
did not make any written risk assessments in relation to the Solo Clients.
4.88
The Authority considers that a number of factors ought to have been apparent to
Sunrise which should have prompted the Firm to undertake further enquiries of the
Solo Clients. These would have enabled Sunrise to assess the risks and determine
whether the Solo Clients should have been classified as higher risk and whether
they should have been onboarded:
1) Sunrise had no former relationship with the Solo Clients and Sunrise failed to
make enquiries of the Solo Clients regarding the nature of the business they
wished to undertake;
2) Sunrise’s understanding of its role in the Solo Trading when establishing the
business relationship with the Solo Group was limited;
3) The Solo Clients were in stark contrast to Sunrise’s typical large institutional
clients. The KYC material showed that almost all of the Solo Clients had just a
single director and/or shareholder and/or beneficiary;
4) None of the Solo Clients were regulated entities and a number of them were
based in countries outside the EU with no assumed regulatory equivalence;
5) Over half of the Solo Clients were 401(k) Pension Plans, the beneficiaries of
which were trusts which, per Sunrise’s own Compliance Manual and JMLSG
Guidance, ought to have been considered to be higher risk vehicles for money
laundering, especially if set up in a non-EEA country or higher risk jurisdictions;
6) Sunrise’s did not consider or question why the Solo Clients were using 401(k)
Pension Plans for the Solo Trading or whether it was plausible such plans could
have sufficient funds to undertake large scale equity trading;
7) None of the Solo Clients were physically present for identification purposes as
the onboarding process was conducted via email. This is identified in the 2007
Regulations as being indicative of a higher risk client and therefore firms are
required to take measures to compensate for the higher risk which Sunrise did
not appear to;
8) The Solo Clients wanted to conduct OTC equity trading which under JMSLG
Guidance requires a more considered risk-based approach and assessment; and
9) Sunrise did not enquire further regarding the Solo Clients’ source of funds even
when confronted with “unusual” beneficiaries.
4.89
The Authority considers that the Compliance Documents were deficient in that they
did not adequately address relevant risk factors to be taken into account when
conducting CDD when onboarding clients, as was apparent when Sunrise took on
the Solo Group business and onboarded the associated Solo Clients as low risk.
4.90
In failing to conduct adequate risk assessments, Sunrise did not identify any of the
above risk factors relevant to the Solo Clients (or any risk factors at all). Sunrise
was therefore unable to determine accurately whether or not the Solo Clients
required EDD or whether it was appropriate to onboard them.
EDD
4.91
Firms must conduct EDD on customers which present a higher risk of money
laundering, so they are able to judge whether or not the higher risk is likely to
materialise.
4.92
Regulation 14(1)(b) of the 2007 Regulations states that firms “must apply on a
risk-sensitive basis enhanced customer due diligence and enhanced ongoing
monitoring in any situation which by its nature can present a higher risk of money
laundering or terrorist financing”. The 2007 Regulations further require firms to
implement EDD measures for any client that was not physically present for
identification purposes.
4.93
Regulation 20 of the 2007 Regulations requires firms to maintain appropriate and
risk-sensitive policies and procedures related to customer due diligence measures,
which includes enhanced due diligence. SYSC 6.3.1R further requires that the
policies must be comprehensive and proportionate to the nature, scale and
complexity of its activities.
4.94
The JMLSG Guidance has provided guidance on the types of additional information
that may form part of EDD, including obtaining an understanding as to the clients’
source of wealth and funds.
4.95
Sunrise’s Compliance Manual stated that Sunrise employed “a risk-based approach
to client identification based on country risk” which would “require different
verification and due diligence procedures depending on the location or residence of
an existing or prospective client”. The Client Take-on Procedures explained that the
risk rating helped determine whether “enhanced identification and monitoring
requirements” were needed to reduce money laundering risk. Sunrise’s Compliance
Manual also required the Firm to conduct “enhanced due diligence reviews on those
current/prospective clients which are considered to present a higher level of
reputational, legal or regulatory risk, irrespective of country of domicile” based on
a number of factors including but not limited to (i) clients that may be politically
exposed persons (“PEPs”); and (ii) current/prospective clients that have links to
HM Treasury listed sanction countries.
4.96
Sunrise’s failure to request relevant information and identify through its CDD policy
and processes that the Solo Clients were not low risk meant that EDD was never
performed in relation any of the Solo Clients. As EDD was not performed, Sunrise
did not request additional details about the Solo Clients, such as the source of
wealth, and so failed to understand the risks or be in a position to properly assess
them.
4.97
Had Sunrise conducted a substantive review of the KYC documents rather than a
review conducted under pressure driven by commercial concerns, Sunrise ought to
have classified the Solo Clients as higher risk and considered what further EDD
measures might have mitigated money laundering risk or whether it was in fact
appropriate to onboard them.
4.98
Sunrise’s failure to conduct any EDD on the Solo Clients meant that it was unable
to assess properly the risk profile of the Solo Clients and the measures it would
need to put in place to limit the risk of money laundering posed by the Solo Clients
not only at the time of onboarding but also during the client relationship.
4.99
Part of the onboarding process also includes categorising clients according to the
COBS rules, which is an additional and separate requirement to carrying out risk
assessments. Pursuant to COBS 3.3.1R, firms must notify customers of their
categorisation as a retail client, professional client, or eligible counterparty.
Authorised firms must assess and categorise clients based on their level of trading
experience, risk knowledge, and access to funds, in order to ensure suitable
products are offered. Proper application of the rules also ensures that firms only
act for clients within the scope of their permissions. Firms are required to notify
clients as to the categorisation made by the Firm. Pursuant to COBS 3.8.2R, firms
must also keep records in relation to each client’s categorisation, including
sufficient information to support that categorisation.
4.100 During the Relevant Period, Sunrise was authorised to deal as an agent for
professional clients and eligible counterparties, which are types of clients that are
considered to have experience, knowledge, and expertise to make their own
investment decisions. There are two types of professional clients; per se
professionals and elective professionals. Each of these categories has prescriptive
criteria, as described in the COBS rules.
4.101 Sunrise did not have permission to act for retail clients and would not have been
able to proceed with the Solo Trading had the Solo Clients been classified as retail
clients.
4.102 Where a client does not satisfy the criteria of a per se professional client, it may
nevertheless request (or elect) in writing to be treated as a professional client. For
an elective professional categorisation to ensue, the authorised firm must then:
a) Undertake an assessment of the experience, knowledge and expertise of the
client by undertaking a qualitative and/or quantitative test;
b) Give the client a clear written warning of the protections and the investor
compensation rights the client may lose; and
c) Receive from the client written confirmation that it is aware of the
consequences of losing such protections.
4.103 Sunrise’s Compliance Manual stated that Sunrise may treat a client as an elective
professional client if it complied with the qualitative test or where applicable, the
quantitative test.
4.104 The Compliance Documents further stated that “an elective professional client
should not be presumed to possess market knowledge and experience comparable
to a per se professional client”. Sunrise’s Compliance Manual however did not set
out a framework or guidance for the Firm to undertake the qualitative test.
4.105 In contravention of Sunrise’s policy and the COBS requirements, Sunrise did not
carry out an assessment of each of the Solo Clients to determine their individual
client classification but instead determined that all the Solo Clients were elective
professionals and sent a notification letter to the Solo Clients informing them of the
classification. Sunrise stated that it reviewed the information provided by the Solo
Group in relation to each Solo Client using a risk-based approach and “it was noted
that the clients appeared to be corporates, pension funds and similar entities, in
accordance with the professional client classification”.
4.106 Sunrise said that “significant weight” was placed on the fact that the Solo Clients
had already been onboarded as clients of the Solo Group and were thus deemed
likely to be professional clients and the nature of trading that they would be
participating in. Ultimately Sunrise made the client classification without satisfying
the qualitative test or by using evidence to support the classification as required by
COB 3.8.2(2)(a).
4.107 Not only did Sunrise fail to discharge its obligations in terms of assessing the Solo
Clients’ categorisations, it also failed to follow the required procedure as set out at
paragraph 4.103. It appears that Sunrise sent the Solo Clients notification
documentation with Sunrise’s terms of business to be signed. However, if the Solo
Clients did “not reply but traded with us, they were deemed to have accepted their
classification and deemed to have accepted our terms of business”. Moreover,
trading commenced one day before the notification letters were sent so the Solo
Clients had no way of knowing their classification prior to the Solo Trading and
signed letters were not received from all clients.
36
Ongoing monitoring
4.108 Regulation 8(1) requires firms to conduct ongoing monitoring of the business
relationship with their customers. Ongoing monitoring of a business relationship
includes scrutiny of transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to ensure that the
transactions are consistent with the firm’s knowledge of the customer, his business
and risk profile.
4.109 Monitoring customer activity helps identify unusual activity. If unusual activities
cannot be rationally explained, they may involve money laundering or terrorist
financing. Monitoring customer activity and transactions that take place throughout
a relationship helps firms know their customers, assist them to assess risk and
provides greater assurance that the firm is not being used for the purpose of
financial crime.
Transaction monitoring
4.110 As part of a firm’s ongoing monitoring of a client relationship, Regulation 8 requires
that firms must scrutinise transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to ensure that the
transactions are consistent with the relevant person’s knowledge of the customer,
his business and risk profile. For some clients, a comprehensive risk profile may
only become evident once they have begun transacting through an account.
4.111 Furthermore, Regulation 14(1) states that enhanced ongoing monitoring must be
applied in situations that can present a higher risk of money laundering or terrorist
financing.
4.112 Regulation 20 requires firms to have appropriate risk-sensitive policies and
procedures relating to ongoing monitoring. These policies must include procedures
to identify and scrutinise 1) complex or unusually large transactions; 2) unusual
patterns of activities which have no apparent economic or visible lawful purpose;
and 3) any other activity which the relevant person regards as likely by its nature
to be related to money laundering or terrorist financing.
4.113 The Compliance Documents did not set out how and/or the frequency with which
Sunrise was to monitor customer activity, nor did they require staff to review
transactions undertaken throughout the course of the customer relationship to
ensure these were consistent with the customer’s business and risk profile.
4.114 Sunrise’s Compliance Manual required Sunrise to apply “enhanced identification
and monitoring requirements” to clients deemed higher risk for money laundering
purposes and to impose “enhanced monitoring requirements or transaction
restrictions on the account”. Sunrise’s Anti-Money Laundering Policy stated that
enhanced monitoring requirements were “to be decided … on a case by case basis”.
4.115 However, the Compliance Documents failed to set out any framework or guidance
on how Sunrise was to conduct “enhanced monitoring” and the section for
“Monitoring Requirements” was left blank in the Compliance Documents.
Furthermore, there was no formal policy or procedure to govern how Sunrise
carried out trade monitoring.
4.116 Sunrise stated that it took a risk-based approach that it was not necessary to carry
out any pre-trade or post-trade surveillance specifically in relation to the Solo
Trading on the basis that (i) all trades on the Brokermesh platform were between
clients introduced by and for which KYC information had been supplied by regulated
entities; (ii) all client monies and assets would be held by regulated firms; (iii) all
trades were done on an OTC basis through the Brokermesh platform; (iv) Sunrise
was only executing trades which were “cleared and settled elsewhere” and (v) all
transaction reporting was to be provided by regulated firms.
4.117 These considerations are irrelevant in terms of whether a firm should comply with
its legal obligations under the 2007 Regulations and JMLSG Guidance in respect of
trade monitoring.
4.118 Sunrise conducted post-trade surveillance in other parts of its businesses which
consisted of manual and informal trade monitoring. However it did not maintain
any records of such trade monitoring undertaken and had no formal system in place
to provide quality assurance of this role being performed adequately.
4.119 Sunrise did not comply with its obligations to monitor individual Solo Clients’ trading
data or consider whether the trading was consistent with Sunrise’s (albeit minimal)
knowledge and understanding of the individual Solo Clients and their risk profile.
4.120 Sunrise’s failure to monitor the trades of the Solo Clients meant that Sunrise was
unable to detect whether, as a result of the nature of Solo Trading, Sunrise should
38
alter its low risk assessment of the Solo Clients. This meant that Sunrise was unable
to determine whether it needed to implement additional measures to mitigate the
risks posed by the Solo Clients, thus increasing Sunrise’s exposure to potential
financial crime risk and the risk that such financial crime would go undetected. Even
if Sunrise had attempted to monitor trades, this would have been harder to do
effectively given that the onboarding process was not in itself adequate in terms of
understanding the trading history of the Solo Clients.
4.121 During the Relevant Period, Sunrise purportedly executed high volume Cum-
Dividend Trades for the Solo Clients worth £25.4 billion in Danish equities and £11.2
billion in Belgian equities and received commission of £466,652 (which comprised
1.5% of Sunrise’ total revenue for the Relevant Period).
4.122 Sunrise purportedly started executing trades with respect to the Solo Clients on 25
February 2015. The Firm had an expectation of overall revenue from the Solo
Trading of between £500,000 to £1 million per annum before the Solo Trading
commenced. Sunrise also expected the Solo Clients to be trading volumes in a
range of £100,000 to £20 million per trade but did not question individual clients
before or after trading started about their level of trading or sources of funds
despite actual trading volumes per trade being vastly larger than this.
4.123 Sunrise conducted the Solo Trading on Brokermesh. Brokermesh routed trade
orders from the Solo Clients to the Broker Firms, including Sunrise, but did not
retain trading records after the end of each day, beyond the creation of automated
emails.
4.124 Sunrise described Brokermesh as a “simple” system whereby orders were routed
to specific brokers by what Sunrise assumed to be a random process, likely
organised through an algorithm. Pricing was finalised at the end of the day based
on market closing prices. Sunrise had not used a system like Brokermesh before.
Sunrise received little detail on how Brokermesh operated. Sunrise did not feel it
needed to seek more information regarding the detailed workings of Brokermesh,
as it was not settling the trades.
4.125 Sunrise accepted all trade orders on Brokermesh but liquidity was not always found
and some orders were not matched. Sunrise said that they would not get responses
instantaneously on Brokermesh, however, usually a response would appear within
39
“minutes rather than hours”. Sunrise understood other brokers had access to the
Brokermesh platform and the platform itself formed part of a closed network
without wider market access. Sunrise also assumed that all the Broker Firms were
executing roughly the same volumes of trading.
A. Trade sizes
4.126 Between February and August 2015, Sunrise used Brokermesh to purportedly
execute Cum-Dividend Trading, to the value of approximately £25.4 billion in
Danish equities and £11.2 billion in Belgian equities on behalf of the Solo Clients.
4.127 Analysis of the Cum-Dividend Trading reveals the following:
Sunrise purportedly executed ‘buy’ orders on behalf of Solo Clients in 15
Danish stocks over 11 cum-dividend dates. An average of 15.4% of the
available shares in each stock was traded, which were cumulatively worth
a total of £25.4 billion. The volumes also equated to an average of 36
times the total number of all shares traded in those stocks on European
exchanges.
Sunrise purportedly executed ‘buy’ orders on behalf of Solo Clients in 15
Belgian stocks over 10 cum-dividend dates. An average of 6.1% of the
available shares in each stock was traded, which were cumulatively worth
a total of £11.2 billion. The volumes also equated to an average of 22
times the total number of all shares traded on European exchanges.
The aggregate value of Cum-Dividend Trades purportedly executed by
Sunrise on behalf of Solo Clients on a cum-dividend date were in a range
of approximately £92 million to £10 billion for a Danish equity and
approximately £47 million to £6 billion for a Belgian equity.
4.128 The Authority considers that it is significant for market surveillance and visibility
that individual trades were below the applicable disclosable thresholds. For
example, section 29 of the Danish Securities Trading Act required shareholders
holding over 5% of Danish-listed stock to be publicised. Similarly, Belgian law
requires pursuant to Article 6 of the ‘Law of 2 May 2007 on disclosure of major
holdings in issues whose shares are admitted to trading on a regulated market and
laying down miscellaneous provisions’ holders of more than 5% of the existing
voting rights to notify the issuer and the Belgian Financial Services Markets
Authority of the number and proportion of voting rights that he/she holds.
4.129 The purported Cum-Dividend Trading executed by Sunrise on behalf of the Solo
Clients represented up to 20% (an average of 15.4%) of the shares outstanding in
companies listed on the Danish stock exchange, and up to 9.6% (an average of
6.1%) of the shares outstanding in companies listed on the Belgian stock exchange.
B. Awareness and review of Solo Trading
4.130 Sunrise ought to have been aware of the trade sizes it purportedly executed on
behalf of the Solo Clients across the Relevant Period, as the volume of trading being
conducted was made available to the Firm’s senior management through internal
communications and on a data system that was regularly reviewed for profit and
loss purposes.
4.131 Once the Solo Trading commenced, Sunrise did not consider undertaking a review
of the sizes and volumes of the transactions executed to ensure the level of trading
was consistent with their understanding of the Solo Clients’ risk profile. In fact,
Sunrise did not analyse the sizes and volumes of the Solo Trading at all.
4.132 An internal report at the Firm suggested that it purportedly executed trades on
behalf of 48 Solo Clients in Stock A on 25 February 2015, which was the first day
the Firm started the Solo Trading. The approximate value of the trading purportedly
executed on behalf of a Solo Client was in a range of £21 million to £26 million,
and on aggregate to the approximate value of £1 billion.
4.133 When interviewed, Sunrise acknowledged that the aforementioned trades in
isolation were “quite large trades” and combined were “a huge amount of trades”.
Sunrise further represented that this scale of trading “was something that we have
not covered, we have not seen or anticipated or, to a certain extent, were aware
of”. However, Sunrise also said that it was common for Sunrise’s Equity Finance
Desk to deal in large notional values, therefore the size of transactions undertaken
on the Brokermesh platform “did not, in themselves, appear unusual”.
4.134 On 20 March 2015, almost a month after the Solo Trading had commenced, an
internal Sunrise email provided an update which stated “so far we have traded 7
stocks on the platform (with another 40 or so to go) Total Gross Brokerage is
DKK996,355 around GBP75,000 after conversation and commission share with
platform, so not a bad start. Could I have a quick word?”.
4.135 To reach these figures, Sunrise would have had to execute trades on behalf of the
Solo Clients to the approximate value of £15.5 billion in order to generate gross
commission of DKK 996,355 (which equates to approximately £97,000) within
almost a month.
4.136 Sunrise never queried how it was possible to source sufficient liquidity, cash or
financing for trades that had a nominal value of billions of pounds within a single
day. Nor did Sunrise enquire how such liquidity, cash or financing could be found
within a closed network of clients (most of whom were individual 401(k) Pension
Plans) without access to liquidity from public exchanges. This was despite the fact
that the purported Solo Trading on Brokermesh represented multiple times the
entire daily volume of trading across virtually all European exchanges.
4.137 This early indication of the volume of trading ought to have prompted Sunrise to
consider the financial crime risk posed by the Solo Trading and review whether the
Solo Trading was in line with the Solo Clients’ trading profiles, enquire into how the
Solo Clients had sufficient funds to settle the trades and question whether the trade
sizes affected the Solo Clients’ low risk rating.
4.138 Sunrise failed to do this. Sunrise‘s position was that because all the trades would
have been subject to the Solo Group’s approval and ultimately settled by the Solo
Group, Sunrise accepted all trade orders, no matter what their volume and did not
undertake checks as to the source of funds of the transactions it executed, even if
they were particularly large.
The German Trade
4.139 On 3 September 2015, Sunrise executed a EUR 5 million ‘buy’ order on behalf of a
broker client (“Client X”) of 146,397 shares in a German stock at a specified
intraday price of EUR 34.15 (“the German trade”). The German trade was executed
at nearly twice the prevailing market price of the German stock. Sunrise executed
the German trade in circumstances where the onboarding of Client X and the
unusual nature of the German trade itself ought to have led it to consider the
serious financial crime risks arising from the transaction. A trade confirmation from
Sunrise regarding the German trade referenced a commission of EUR 200.
4.140 As part of assessing how the Firm could be used for the purposes of money
laundering and financial crime, Sunrise was required under Regulation 20 of the
2007 Regulations to assess the risks posed by its clients’ trading behaviours,
particularly in instances where customers request a complex or unusually large
transaction which has no apparent economic or lawful purpose.
4.141 Firms must have adequate policies, procedures, systems and controls that provide
for the identification and scrutiny of such transactions and any other activity which
may be related to money laundering. They must also be sufficiently comprehensive
so that they are able to identify specific strategies or individual trades that may be
used to further financial crime.
4.142 The circumstances of the onboarding of Client X and the nature of the German
trade itself ought to have prompted Sunrise to consider associated financial crime
risks posed to the Firm. In particular:
a) Sunrise faced difficulties onboarding Client X with the entity whom it proposed
would clear the German Trade (“the Clearer”) as Client X was not a regulated
entity and there were inadequacies and gaps in the KYC documentation and
information Client X had provided.
b) Further, there were inconsistencies in the information Client X provided in
relation to the KYC documentation requested. When the Clearer required
Client X to produce its audited accounts, Client X told Sunrise its “Audited
Accounts are currently in the process” but then shortly after it stated that as
Client X was “a Cayman firm, it is not required to prepare audited accounts”.
c) Despite Sunrise confirming to the Clearer on 20 August 2015 that it had
“validated” Client X for the purposes of KYC/AML checks, Sunrise appeared to
be unable to provide key information relevant to KYC/AML checks requested
by the Clearer on 1 September 2015. This included Client X’s latest annual
report or audited accounts, recent certificate of incumbency or good standing,
Client X’s UBO’s source of wealth and confirmation whether the trade would
be a one-off. In addition, Sunrise told the FCA that “we are not aware that any
explanation was provided at the time of the trading to Sunrise regarding the
circumstances of, and rationale for, the trading” indicating that Sunrise had
not carried out the checks it was obliged to under the 2007 Regulations and
its own Compliance Documents and that Sunrise had represented to the
Clearer it had.
d) The Clearer noted that “For our team it seems unusual to see a broker as an
underlying client of another broker” and asked whether Client X would be
trading from its own account and asked for an explanation from Client X along
with a presentation of its business activities.
e) Between 20 August 2015 and 1 September 2015, Sunrise provided updates in
relation to the onboarding of Client X to an individual at a firm it believed to
be connected to the Solo Group stating that Client X was not yet set up with
the Clearer and hence unable to do a cash trade.
f) On 1 September 2015, an internal email communication at Sunrise stated that
they would not be able to “move forward” unless Client X provided the
additional information requested by the Clearer.
g) On the same day, a Solo Group entity contacted Sunrise regarding a trade in
a German stock for Client X. Until that point, Sunrise were unaware of the
stock that Client X wanted to trade in, only that it was for a EUR 5 million
trade. After Sunrise had explained the onboarding difficulties in relation to
Client X, the Solo Group entity suggested “a way round it with [Client X] being
the ultimate buyer” and that the trade be executed by Sunrise via a specific
counterparty to the trade (“Counterparty A”) which was a regulated entity
whilst Client X would be the underlying client ultimately buying the German
stock via Counterparty A. The effect of this would be that the Clearer would
no longer need to onboard Client X as a client but instead could onboard
h) On 3 September 2015, Client X provided instructions to Sunrise to purchase
up to 150,000 shares in the German stock at a maximum price of EUR 35 per
share for a total consideration of EUR 5 million.
i)
This order size represented more than one hundred times the average daily
volume of trading in the German Stock (the annual accounts for the issuer of
the German stock stated that the average daily volume of shares traded in the
German stock were approximately 1,450 in 2014 and 1,150 in 2015).
j) At 15:09, a broker confirmed its ability to sell 146,397 shares in the German
stock at a price of EUR 34.15 per share equating to a value of EUR 5 million.
This appeared to match Client X’s instructions and Sunrise confirmed the
trade.
k) On 3 September 2015 at 17:19, the Clearer queried the trade with Sunrise on
the basis that the “high was 18.105 and low was 16.2” (i.e. the actual market
price of the German stock was almost half the price Sunrise was proposing to
execute the trade at). On 4 September 2015, Sunrise confirmed that the prices
were correct and that it was an OTC transaction where “both sides agree with
the prices”.
4.143 Earlier on 3 September 2015, a separate counterparty bought the same quantity
of shares as the German trade but at a price of EUR 18.1 per share, which it then
sold on the same day at EUR 34.15 per share. The shares sold were in fact the
German trade executed by Sunrise, which resulted in a profit of EUR 2.3 million.
for the underlying client of that counterparty. The Authority has however not
located evidence to suggest that Sunrise knew of this counterparty’s earlier
purchase.
4.144 Sunrise ignored, or failed to notice, a series of red flags in relation to the German
trade and it is a further example of Sunrise failing to identify or manage its financial
crime risks.
4.145 Sunrise did not conduct an adequate risk assessment of Client X and did not query
the purpose and expected volumes of the trading even though it represented to the
Clearer it had. There is no indication that Sunrise complied with its own onboarding
requirements or obligations under the 2007 Regulations when conducting CDD on
Client X nor did it consider the associated financial crime risks posed to the Firm.
This was particularly apparent when the Clearer requested key AML/KYC
information about Client X, which Sunrise appeared unable to provide.
4.146 In addition, Sunrise explained that when it was monitoring for potential suspicious
activity, it only looked at price movement (as an indicator of potential market
abuse). This trade monitoring was carried out on an informal and manual basis
which Sunrise said it considered adequate, given that it was executing less than 10
equity trades a day. Yet, Sunrise’s informal and manual trade monitoring failed to
flag and/or highlight the German trade’s agreed intraday price of EUR 34.15, which
was nearly twice that of the prevailing share price of EUR 18. Even when the Clearer
queried the price of the German trade, Sunrise did not appear to have any concerns
nor did it escalate the trade internally. Sunrise informed the FCA that during the
Relevant Period it did not have any policies or procedures for dealing with trades
executed at prices significantly off-market.
4.147 The German trade was linked to Solo but it was distinct from the Solo Trading on
Brokermesh executed on behalf of Solo Clients. Notwithstanding its complexity,
unusual nature and lack of economic rationale, the circumstances of the onboarding
of Client X, Sunrise failed to identify or consider the German trade as being
potentially suspicious.
End of the Purported Solo Trading
4.148 Sunrise executed its last trades for a Solo Client on 29 September 2015. An internal
email dated 27 October 2015 stated, “No formal confirmation but it looks like West
Point have shut down… …we cannot do any further trades (last trade 1 month ago)
with Solo or any connected entities”. The Solo Trading ceased after an
unannounced visit by the Authority to the offices of the Solo Group entities and the
Broker Firms on 3 to the 4 November 2015.
Elysium payment
4.149 However, on 29 October 2015, Sunrise had been contacted by a Solo Group
representative to present an offer by a company called Elysium Global (Dubai)
Limited (“Elysium”) to purchase debts owed to Sunrise by some of the Solo Clients
at a discount of 5%. Elysium was not known to Sunrise and Sunrise had had no
interactions with it prior to that point.
4.150 The Solo Group representative mentioned that Elysium would contact Sunrise
separately and upon receipt of Sunrise confirmation “the payment would be made
very very quickly… …which is the upside of all this”.
4.151 Sunrise’s initial view was that such an offer was not acceptable and debts owed to
the Firm by the Solo Clients had to be paid in full.
4.152 Elysium directly contacted Sunrise on 29 October 2015 as “official confirmation”
that it wanted to extend a debt factoring facility against Sunrise’s trading debtors.
4.153 In response, Sunrise sent Elysium copies of 75 invoices on 30 October 2015 that
appear to be based on a list of outstanding invoices the Firm had received from the
Solo Group representative. On 2 November 2015, Elysium confirmed receipt of
these invoices and stated that it would get back to Sunrise “shortly regarding
payment”.
4.154 On 3 and 4 November 2015, the Authority made unannounced visits to the offices
of the Solo Group entities and the Broker Firms in relation to the Solo Trading. On
4 November 2015, the Authority made an unannounced visit to Sunrise.
4.155 The 75 invoices were paid in full by Elysium on 4 November 2015. On 5 November
2015, Sunrise confirmed to the Solo Group representative that they had received
funds (to the approximate value of USD 108,000) from Elysium on 4 November
2015 and stated there were still “quite a few invoices for Q1, 2 and 3 outstanding”.
The Solo Group representative asked Sunrise to “liaise directly with the custodians”
regarding these outstanding invoices.
4.156 Despite having no agreement in place, Sunrise accepted a payment of
approximately USD 108,000 from Elysium, an entity registered in the UAE and
unknown to the Firm, relating to 75 US 401(k) Pension Plans. This occurred the
same day that the Authority had conducted an unannounced visit alerting Sunrise
to possible issues with the Solo Group.
4.157 Sunrise explained that they were not suspicious of the Elysium payment
“particularly as payment was made in full” and because the Solo Group
representative through whom payment was arranged was known to the Firm.
Sunrise said its “normal approach … was to require invoice[s] to be paid in full and
… Sunrise did not see any reason to depart from this approach”.
4.158 This indicated further serious weaknesses in Sunrise’s financial crime risk
management that ultimately led to Sunrise failing to consider their financial crime
and money laundering risks in relation to Elysium. Instead, the prime concern for
Sunrise in accepting the Elysium payment was whether or not it would result in
Sunrise’s debts being paid in full.
4.159 Consequently, Sunrise prioritised obtaining prompt payment in full over adequately
considering or escalating the associated financial crime and money laundering risks
posed to the Firm in relation to the Elysium payment.
Sunrise failed to Identify Any of the Above Issues
4.160 Sunrise failed to identify any of the above issues. With respect to anti-money
laundering and financial crime risk, during the Relevant Period, Sunrise did not
identify any transactions raising any suspicions and no breaches were reported or
observed.
5. FAILINGS
5.1
The statutory and regulatory provisions relevant to this Notice are referred to in
Annex B.
5.2
The JMLSG Guidance has also been included in Annex B, because in determining
whether breaches of its rules on systems and controls against money laundering
have occurred, and in determining whether to take action for a financial penalty or
censure in respect of a breach of those rules, the Authority has also had regard to
whether Sunrise followed the JMLSG Guidance.
5.3
Principle 3 requires a firm to take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems.
5.4
Sunrise breached this requirement during the Relevant Period in relation to the
Solo Group business, as its policies and procedures were inadequate for identifying,
assessing and mitigating the risk of financial crime as Sunrise failed to:
a) provide
adequate
guidance
on
obtaining
and
assessing
adequate
information when onboarding clients, with reference to the purpose and
intended nature of the business relationship, the anticipated level and
nature of activity to be undertaken and when it would be appropriate to
enquire as to the source of funds;
b) provide adequate guidance on carrying out risk assessments for clients
including the relevant risk factors to be taken into account in order to
determine the correct level of CDD to be applied, including whether EDD
was warranted;
c) set out adequate processes or procedures detailing how to conduct EDD,
including enhanced monitoring requirements for higher risk clients;
48
d) provide adequate guidance on its risk-based approach for conducting CDD
on new clients introduced by authorised firms, where reliance may be placed
upon KYC documents provided by the authorised firms for the new clients
and detailing the circumstances when it was appropriate to do so;
e) set out formal processes or procedures detailing how and/or specify the
circumstances in and frequency with which Sunrise should monitor and
document customer transaction activity, throughout the course of its
relationship with the Firm, in order to assess financial crime and AML risks;
and
f) set out escalation procedures in identifying, managing and documenting
financial crime and AML risks.
5.5
The Authority considers that Sunrise failed to act with due skill, care and diligence
as required by Principle 2 in applying its own (limited) AML policies and procedures
and in assessing, monitoring and managing the risks of financial crime it was
exposed to in respect of the Solo Group business. In particular, Sunrise failed to:
a) act promptly in implementing a work programme to address deficiencies
identified within its Compliance function following a visit from the Authority
in November 2014;
b) conduct an adequate risk assessment or adequate due diligence when taking
on the Solo Group business which meant that they failed to be identified
properly as high risk clients;
c) carry out adequate CDD when onboarding each Solo Client including the
purpose and intended nature of the business relationship, the anticipated
level and nature of activity to be undertaken, and the source of funds and/or
trading history, in order to provide a meaningful basis for transaction
monitoring;
d) conduct a risk assessment for each of the Solo Clients, as required by the
Compliance Documents, and consequently failed to identify that the Solo
Clients presented a higher risk of financial crime and that EDD ought to have
been completed;
e) conduct any EDD on the Solo Clients that presented a higher risk of money
laundering and subsequently failed to identify what EDD measures might
have been appropriate for the ongoing monitoring of the Solo Clients;
f) assess each of the Solo Clients against the categorisation criteria set out in
COBS 3.5.3 and/or failed to record the results of such assessments,
including sufficient information to support the categorisation, contrary to
COBS 3.8.2R(2)(a);
g) follow its own compliance policy in that Sunrise started trading on behalf of
the Solo Clients before they had been onboarded;
h) conduct any ongoing transaction monitoring of the Solo Trading throughout
the Relevant Period;
i)
recognise numerous red flags with the Solo Trading including that Sunrise
did not consider whether it was plausible and/or realistic that sufficient
liquidity was sourced within a closed network of entities for the scale and
volumes of trading conducted by the Solo Clients and/or that the profiles of
the Solo Clients and the nature of the 401(k) Pension Plans meant that they
were highly unlikely to meet the scale and volume of the trading purportedly
being carried out and/or at least obtain sufficient evidence of the clients’
source of funds to satisfy itself to the contrary;
j) adequately consider financial crime and money laundering risks in respect
of the German trade, in circumstances which were highly suggestive of
potential financial crime and were entirely different in nature to the other
trades introduced by Solo;
k) adequately consider associated financial crime and money laundering risks
posed in respect of the Elysium payment whereby the Firm accepted a
payment of approximately USD 108,000 from Elysium without any due
diligence or agreement in place and shortly after the Authority had
conducted an unannounced visit alerting Sunrise to its concerns with the
Solo Group; and
l)
make and keep adequate (or in some cases any) written records as evidence
of work it may have undertaken specifically relating to the consideration and
discussion of financial crime and AML matters by Sunrise management.
50
6. SANCTION
6.1
The Authority has considered the disciplinary and other options available to it and
has concluded that a financial penalty is the appropriate sanction in the
circumstances of this particular case.
6.2
The Authority’s policy on the imposition of financial penalties is set out in Chapter
6 of DEPP. In determining the financial penalty, the Authority has had regard to
this guidance.
6.3
DEPP 6.5A sets out a five-step framework to determine the appropriate level of
financial penalty.
Step 1: disgorgement
6.4
Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the
financial benefit derived directly from the breaches where it is practicable to
quantify.
6.5
The financial benefit associated with Sunrise’s failings is quantifiable by reference
to the revenue it derived from the Solo Group business as described in paragraph
4.121 of this Notice, minus custody fees, totalling £407,273.45.
6.6
The figure after Step 1 is therefore £407,273.45.
Step 2: the seriousness of the breaches
6.7
Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that reflects
the seriousness of the breaches. Where the amount of revenue generated by a firm
from a particular product line or business area is indicative of the harm or potential
harm that its breaches may cause, that figure will be based on a percentage of the
firm’s revenue from the relevant products or business area.
6.8
The Authority considers that the revenue generated by Sunrise from the Solo Group
business is indicative of the harm or potential harm caused by its breach. The
Authority has therefore determined a figure based on a percentage of Sunrise’s
revenue during the period of the breaches.
6.9
Sunrise’s revenue is the revenue derived from for the Solo Group business as it
relates to the breaches identified in this Notice. The period of Sunrise’s breach was
from 17 February 2015 to 4 November 2015. The Authority considers Sunrise’s
revenue for this period to be £466,651.87.
6.10
In deciding on the percentage of the revenue that forms the basis of the step 2
figure, the Authority considers the seriousness of the breaches and chooses a
percentage between 0% and 20%. This range is divided into five fixed levels which
represent, on a sliding scale, the seriousness of the breach; the more serious the
breach, the higher the level. For penalties imposed on firms there are the following
five levels:
Level 1 – 0%
Level 2 – 5%
Level 3 – 10%
Level 5 – 20%
6.11
In assessing the seriousness level, the Authority takes into account various factors
which reflect the impact and nature of the breaches, and whether it was committed
deliberately or recklessly. DEPP 6.5A.2G lists factors likely to be considered ‘level
4 or 5 factors’. Of these, the Authority considers the following factors to be
relevant:
1.
The breaches revealed serious or systemic weaknesses in the Firm’s
procedures and the management systems or internal controls relating to the
Firm’s governance of financial crime risk; and
2.
The breaches created a significant risk that financial crime would be
facilitated, occasioned or otherwise occur.
6.12
Taking all of these factors into account, the Authority considers the seriousness of
the breaches to be level 4 and so the Step 2 figure is 15% of £466,651.87.
6.13
Step 2 is therefore £69,997.78.
Step 3: mitigating and aggravating factors
6.14
Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the
amount of the financial penalty arrived at after Step 2, but not including any
amount to be disgorged as set out in Step 1, to take into account factors which
aggravate or mitigate the breach.
6.15
The Authority considers that the following factors aggravate the breaches:
1. The Authority and the JMLSG have published numerous documents highlighting
financial crime risks and the standards expected of firms when dealing with
those risks. The most significant publications include the JMLSG Guidance and
Financial Crime Guide (including the thematic reviews that are referred to
therein) which was first published in December 2011. These publications set
out good practice examples to assist firms, for example in managing and
mitigating money laundering risk by (amongst other things) conducting
appropriate customer due diligence, monitoring of customers’ activity and
guidance of dealing with higher-risk situations. Given the number and detailed
nature of such publications, and past enforcement action taken by the Authority
in respect of similar failings by other firms, Sunrise should have been aware of
the importance of appropriately assessing, managing and monitoring the risk
that the Firm could be used for the purposes of financial crime.
2. The Authority visited Sunrise in November 2014 which, along with the
Authority’s follow-up letter, put Sunrise on notice that its financial crime and
AML controls were weaker than required prior to the commencement of the Solo
Group business.
3. Although Sunrise provided a work programme which included a review of its
AML and KYC framework to be completed by July 2015, Sunrise failed to carry
out any in-depth review of its financial crime risk controls until April 2016. The
commission of this review was driven by commercial considerations as Sunrise
was engaging in acquisition discussions with a potential buyer.
6.16
The Authority considers that there are no mitigating factors.
6.17
Having taken into account these aggravating factors, the Authority considers that
the Step 2 figure should be increased by 20%.
6.18
Step 3 is therefore £83,997.34.
Step 4: adjustment for deterrence
6.19
Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after Step
3 is insufficient to deter the firm who committed the breach, or others, from
committing further or similar breaches, then the Authority may increase the
penalty.
6.20
The Authority considers that DEPP 6.5A.4G(1)(a) is relevant in this instance and
has therefore determined that this is an appropriate case where an adjustment for
deterrence is necessary. Without an adjustment for deterrence, the financial
penalty excluding disgorgement would be £83,997.34. In the circumstances of
this case, the Authority considers that a penalty of this size would not serve as a
credible deterrent to Sunrise and others and would not meet the Authority’s
objective of credible deterrence. As a result, it is necessary for the Authority to
increase the penalty to achieve credible deterrence.
6.21
Having taken into account the factors outlined in DEPP 6.5A.4G, the Authority
considers that a multiplier of four should be applied at Step 4.
6.22
Step 4 is therefore £335,989.35.
Step 5: settlement discount
6.23
Pursuant to DEPP 6.5A.5G, if the Authority and the firm on whom a penalty is to
be imposed agree the amount of the financial penalty and other terms, DEPP 6.7
provides that the amount of the financial penalty which might otherwise have been
payable will be reduced to reflect the stage at which the Authority and the firm
reached agreement. The settlement discount does not apply to the disgorgement
of any benefit calculated at Step 1.
6.24
The Authority and Sunrise reached agreement to settle so a 30% discount applies
to the Step 4 figure.
6.25
The Authority has rounded down the final penalty to the nearest £100. Step 5 is
therefore £642,400.
6.26
The Authority hereby imposes a financial penalty of £642,400 on Sunrise for
breaching Principle 2 and Principle 3.
7. PROCEDURAL MATTERS
Decision maker
7.1
This Notice is given to Sunrise under and in accordance with section 390 of the Act.
7.2
The following statutory rights are important.
Decision maker
7.3
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
Manner and time for payment
7.4
The financial penalty must be paid in full by Sunrise to the Authority no later than
26 November 2021.
If the financial penalty is not paid
7.5
If all or any of the financial penalty is outstanding on 27 November 2021, the
Authority may recover the outstanding amount as a debt owed by Sunrise and due
to the Authority.
7.6
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this notice relates. Under those provisions,
the Authority must publish such information about the matter to which this notice
relates as the Authority considers appropriate. The information may be published
in such manner as the Authority considers appropriate. However, the Authority
may not publish information if such publication would, in the opinion of the
Authority, be unfair to you or prejudicial to the interests of consumers or
detrimental to the stability of the UK financial system.
7.7
The Authority intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
Authority contacts
7.8
For more information concerning this matter generally, contact Udani Eriyagolla
(direct line: 0207 066 9468 / udani.eriyagolla2@fca.org.uk) or Yashsvy Brizmohun
(direct line: 0207 066 9488 / yashsvy.brizmohun2@fca.org.uk) of the Enforcement
and Market Oversight Division of the Authority.
Financial Conduct Authority, Enforcement and Market Oversight Division
1 May 2002
Sunrise is authorised by the Authority.
23 October 2014
The Solo Group approached Sunrise to discuss the prospect of the
Solo Trading.
30 October 2014
First meeting between Sunrise and the Solo Group representatives at
Solo Group offices.
The Authority’s visit to Sunrise followed by a letter setting out its
findings.
Second meeting between Sunrise and the Solo Group representatives
at Solo Group offices.
17 February 2015
Sunrise signed services agreements for clearing and settlement
services with each of the Solo Group entities.
17 February 2015
Solo Group provided Sunrise with KYC documents in order to
onboard the Solo Clients.
24 February 2015
Sunrise returned a signed licence agreement for the use of
Brokermesh.
25 February 2015
Sunrise commenced trading on behalf of the Solo Clients before any
of the Solo Clients onboarded.
10 March 2015
First group of Solo Clients recorded as onboarded by Sunrise.
6 August 2015
Solo sent request to onboard further clients. Sunrise does not
onboard these clients.
3 September 2015
Sunrise executed the German trade.
29 September 2015
Sunrise executed the last trades on behalf of the Solo Clients.
27 October 2015
Sunrise decided to cease all trading with the Solo Group or connected
entities.
3 November 2015
Unannounced visit by the Authority to the Solo Group entities and
the Broker Firms.
4 November 2015
Sunrise accepted payment from Elysium and unannounced visit by
the Authority to Sunrise.
April 2016
Sunrise commissioned independent compliance consultant conducted
review of its Compliance documentation.
22 September 2016
Solo Group entered into special administration.
ANNEX B: RELEVANT STATUTORY AND REGULATORY PROVISIONS
1.
RELEVANT STATUTORY PROVISIONS
The Financial Services and Markets Act 2000
1.1
Pursuant to sections 1B and 1D of the Act, one of the Authority’s operational
objectives is protecting and enhancing the integrity of the UK financial system.
1.2
Pursuant to section 206 of the Act, if the Authority considers that an authorised
person has contravened a requirement imposed on it by or under the Act, it may
impose on that person a penalty in respect of the contravention of such amount as
it considers appropriate.
The Money Laundering Regulations 2007
1.3
Regulation 5 provides:
Meaning of customer due diligence measures
“Customer due diligence measures” means—
(a) identifying the customer and verifying the customer’s identity on the basis of
documents, data or information obtained from a reliable and independent
source;
(b) identifying, where there is a beneficial owner who is not the customer, the
beneficial owner and taking adequate measures, on a risk-sensitive basis, to
verify his identity so that the relevant person is satisfied that he knows who the
beneficial owner is, including, in the case of a legal person, trust or similar legal
arrangement, measures to understand the ownership and control structure of
the person, trust or arrangement; and
(c) obtaining information on the purpose and intended nature of the business
relationship.”
1.4
Regulation 7 provides:
Application of customer due diligence measures
(1) “…, a relevant person must apply customer due diligence measures when he—
(a) establishes a business relationship;
(b) carries out an occasional transaction;
(c) suspects money laundering or terrorist financing;
(d) doubts the veracity or adequacy of documents, data or information
previously obtained for the purposes of identification or verification.
(2) Subject to regulation 16(4), a relevant person must also apply customer due
diligence measures at other appropriate times to existing customers on a risk-
sensitive basis.”
1.5
Regulation 8 provides:
Ongoing monitoring
“(1) “A relevant person must conduct ongoing monitoring of a business
relationship.
(2) Ongoing monitoring” of a business relationship means—
(e) scrutiny of transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to ensure
that the transactions are consistent with the relevant person’s
knowledge of the customer, his business and risk profile; and
(f) keeping the documents, data or information obtained for the purpose of
applying customer due diligence measures up-to-date.
(3) Regulation 7(3) applies to the duty to conduct ongoing monitoring under
paragraph (1) as it applies to customer due diligence measures. “
1.6
Regulation 14 provides:
Enhanced customer due diligence and ongoing monitoring
“(1) A relevant person must apply on a risk-sensitive basis enhanced customer due
diligence measures and enhanced ongoing monitoring—
(a) in accordance with paragraphs (2) to (4);
(b) in any other situation which by its nature can present a higher risk of
money laundering or terrorist financing.
(2) Where the customer has not been physically present for identification purposes,
a relevant person must take specific and adequate measures to compensate for the
higher risk, for example, by applying one or more of the following measures—
(a) ensuring that the customer’s identity is established by additional
documents, data or information;
(b) supplementary measures to verify or certify the documents supplied, or
requiring confirmatory certification by a credit or financial institution
which is subject to the money laundering directive;
(c) ensuring that the first payment is carried out through an account opened
in the customer’s name with a credit institution.”
1.7
Regulation 17 provides:
“(1) A relevant person may rely on a person who falls within paragraph (2) (or who
the relevant person has reasonable grounds to believe falls within paragraph (2))
to apply any customer due diligence measures provided that—
(a) the other person consents to being relied on; and
(b) notwithstanding the relevant person’s reliance on the other person, the
relevant person remains liable for any failure to apply such measures.
(2) The persons are—
(a) a credit or financial institution which is an authorised person;
…
(4) Nothing in this regulation prevents a relevant person applying customer due
diligence measures by means of an outsourcing service provider or agent provided
that the relevant person remains liable for any failure to apply such measures.”
1.8
Regulation 20 provides:
Policies and Procedures
“(1) A relevant person must establish and maintain appropriate and risk-sensitive
policies and procedures relating to—
(a) customer due diligence measures and ongoing monitoring;
(b) reporting;
(c) record-keeping;
(d) internal control;
(e) risk assessment and management;
(f) the monitoring and management of compliance with, and the internal
communication of, such policies and procedures,
in order to prevent activities related to money laundering and terrorist financing.
(2) The policies and procedures referred to in paragraph (1) include policies and
procedures—
(a) which provide for the identification and scrutiny of—
(i) complex or unusually large transactions;
(ii) unusual patterns of transactions which have no apparent economic
or visible lawful purpose; and
(iii) any other activity which the relevant person regards as particularly
likely by its nature to be related to money laundering or terrorist
financing;”
2.
RELEVANT REGULATORY PROVISIONS
2.1
In exercising its powers to impose a financial penalty, the Authority has had regard
to the relevant regulatory provisions published in the Authority’s Handbook. The
main provisions that the Authority considers relevant are set out below.
Principles for Business (“Principles”)
2.2
The Principles are a general statement of the fundamental obligations of firms
under the regulatory system and are set out in the Authority’s Handbook.
2.3
Principle 2 provides:
“A firm must conduct its business with due skill, care and diligence.”
2.4
Principle 3 provides:
“A firm must take reasonable care to organise and control its affairs responsibly
and effectively, with adequate risk management systems.”
Senior Management Arrangements, Systems and Controls (“SYSC”)
2.5
SYSC 3.2.6E provides:
“The FCA, when considering whether a breach of its rules on systems and controls
against money laundering has occurred, will have regard to whether a firm has
followed relevant provisions in the guidance for the UK financial sector issued by
the Joint Money Laundering Steering Group.”
2.6
SYSC 3.2.6R provides:
“A firm must take reasonable care to establish and maintain effective systems and
controls for compliance with applicable requirements and standards under the
regulatory system and for countering the risk that the firm might be used to further
financial crime.”
2.7
SYSC 6.1.1R provides:
“A firm must establish, implement and maintain adequate policies and procedures
sufficient to ensure compliance of the firm including its managers, employees and
appointed representatives (or where applicable, tied agents) with its obligations
under the regulatory system and for countering the risk that the firm might be used
to further financial crime.”
2.8
SYSC 6.3.1R provides:
“A firm must ensure the policies and procedures established under SYSC 6.1.1 R
include systems and controls that:
(1) enable it to identify, assess, monitor and manage money laundering risk; and
(2) are comprehensive and proportionate to the nature, scale and complexity of its
activities.”
2.9
SYSC 6.3.6 provides:
“In identifying its money laundering risk and in establishing the nature of these
systems and controls, a firm should consider a range of factors, including:
(1) its customer, product and activity profiles;
(2) its distribution channels;
(3) the complexity and volume of its transactions;
(4) its processes and systems; and
(5) its operating environment.”
2.10
SYSC 6.3.7 provides:
“A firm should ensure that the systems and controls include:
(3) appropriate documentation of its risk management policies and risk profile in
relation to money laundering, including documentation of its application of those
policies;
(4) appropriate measures to ensure that money laundering risk is taken into
account in its day-to-day operation, including in relation to:
(a) the development of new products;
(b) the taking-on of new customers; and
(c) changes in its business profile.”
2.11
SYSC 9.1.1 R provides:
“A firm must arrange for orderly records to be kept of its business and internal
organisation, including all services and transactions undertaken by it, which must
be sufficient to enable the appropriate regulator or any other relevant competent
authority under MiFID or the UCITS Directive to monitor the firm's compliance with
the requirements under the regulatory system, and in particular to ascertain that
the firm has complied with all obligations with respect to clients.”
Conduct of Business Sourcebook (COBS)
2.12
COBS 3.3.1A(EU) provides:
“Articles 45(1) and (2) of the MiFID Org Regulation require firms to provide clients
with specified information concerning client categorisation.
45(1) Investment firms shall notify new clients, and existing clients that the
investment firm has newly categorised as required by Directive 2014/65/EU, of
their categorisation as a retail client, a professional client or eligible counterparty
in accordance with that Directive.
(2) Investment firms shall inform clients in a durable medium about any right that
client has to request a different categorisation and about any limitations to the level
of client protection that a different categorisation would entail.”
2.13
COBS 3.3.1B(R) provides:
“The information referred to in article 45(2) of the MiFID Org Regulation (as
reproduced at COBS 3.3.1AEU) must be provided to clients prior to any provision
of services.”
2.14
COBS 3.5.2 provides:
“Each of the following is a per se professional client unless and to the extent it is
an eligible counterparty or is given a different categorisation under this chapter:
(1) an entity required to be authorised or regulated to operate in the financial
markets. The following list includes all authorised entities carrying out the
characteristic activities of the entities mentioned, whether authorised by an EEA
State or a third country and whether or not authorised by reference to a directive:
(a) a credit institution;
(b) an investment firm;
(c) any other authorised or regulated financial institution;
(d) an insurance company;
(e) a collective investment scheme or the management company of such a
scheme;
(f) a pension fund or the management company of a pension fund;
(g) a commodity or commodity derivatives dealer;
(h) a local;
(i) any other institutional investor;
(2) in relation to MiFID or equivalent third country business a large undertaking
meeting two of the following size requirements on a company basis:
(a) balance sheet total of EUR 20,000,000;
(b) net turnover of EUR 40,000,000;
(c) own funds of EUR 2,000,000;
(3) in relation to business that is not MiFID or equivalent third country business a
large undertaking meeting any1of the following conditions:
(a) a body corporate (including a limited liability partnership) which has (or
any of whose holding companies or subsidiaries has) (or has had at any
time during the previous two years) 1called up share capital or net
assets of at least £51 million (or its equivalent in any other currency at
the relevant time);
(b) an undertaking that meets (or any of whose holding companies or
subsidiaries meets) two of the following tests:
(i)
a balance sheet total of EUR 12,500,000;
(ii)
a net turnover of EUR 25,000,000;
(iii)
an average number of employees during the year of 250;
(c) a partnership or unincorporated association which has (or has had at
any time during the previous two years) net assets of at least £5 million
(or its equivalent in any other currency at the relevant time) and
calculated in the case of a limited partnership without deducting loans
owing to any of the partners;
(d) a trustee of a trust (other than an occupational pension scheme, SSAS,
personal pension scheme or stakeholder pension scheme) which has (or
has had at any time during the previous two years) assets of at least
£10 million (or its equivalent in any other currency at the relevant time)
calculated by aggregating the value of the cash and designated
investments forming part of the trust's assets, but before deducting its
liabilities;
(e) a trustee of an occupational pension scheme or SSAS, or a trustee or
operator of a personal pension scheme or stakeholder pension scheme
where the scheme has (or has had at any time during the previous two
years):
(i) at least 50 members; and
(ii) assets under management of at least £10 million (or its
equivalent in any other currency at the relevant time);
(f) a local authority or public authority.
(4) a national or regional government, a public body that manages public debt, a
central bank, an international or supranational institution (such as the World Bank,
the IMF, the ECP, the EIB) or another similar international organisation;
(5) another institutional investor whose main activity is to invest in financial
instruments (in relation to the firm's MiFID or equivalent third country business) or
designated investments (in relation to the firm's other business). This includes
entities dedicated to the securitisation of assets or other financing transactions.”
2.15
COBS 3.5.3 provides:
Elective professional clients
“A firm may treat a client other than a local public authority or municipality3 as an
elective professional client if it complies with (1) and (3) and, where applicable,
(2):
(1) the firm undertakes an adequate assessment of the expertise, experience and
knowledge of the client that gives reasonable assurance, in light of the nature of
the transactions or services envisaged, that the client is capable of making his own
investment decisions and understanding the risks involved (the "qualitative test");
(2) in relation to MiFID or equivalent third country business in the course of that
assessment, at least two of the following criteria are satisfied:
(a) the client has carried out transactions, in significant size, on the relevant
market at an average frequency of 10 per quarter over the previous four
quarters;
(b) the size of the client's financial instrument portfolio, defined as including
cash deposits and financial instruments, exceeds EUR 500,000;
(c) the client works or has worked in the financial sector for at least one
year in a professional position, which requires knowledge of the transactions
or services envisaged; (the "quantitative test"); and
(3) the following procedure is followed:
(a) the client must state in writing to the firm that it wishes to be treated
as a professional client either generally or in respect of a particular service
or transaction or type of transaction or product;
(b) the firm must give the client a clear written warning of the protections
and investor compensation rights the client may lose; and
(c) the client must state in writing, in a separate document from the
contract, that it is aware of the consequences of losing such protections.
2.16
COBS 3.8.2R provides:
“(2) A firm must make a record in relation to each client of:
the categorisation established for the client under this chapter, including sufficient
information to support that categorisation;”
Decision Procedure and Penalties Manual (“DEPP”)
2.17
Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the
Authority’s statement of policy with respect to the imposition and amount of
financial penalties under the Act. In particular, DEPP 6.5A sets out the five steps
for penalties imposed on firms.
2.18
DEPP 6.2.3G provides:
“The FCA's rules on systems and controls against money laundering are set out in
SYSC 3.2 and SYSC 6.3. The FCA, when considering whether to take action for a
financial penalty or censure in respect of a breach of those rules, will have regard
to whether a firm has followed relevant provisions in the Guidance for the UK
financial sector issued by the Joint Money Laundering Steering Group.”
2.16 The Enforcement Guide sets out the Authority’s approach to taking disciplinary action.
The Authority’s approach to financial penalties and suspensions (including restrictions) is
set out in Chapter 7 of the Enforcement Guide.
JMLSG GUIDANCE– PART I (dated 19 November 2014)
A risk-based approach – governance, procedures and internal controls
2.19
JMLSG Paragraph 4.5 provides:
“A risk-based approach requires the full commitment and support of senior
management, and the active co-operation of business units.
The risk-based
approach needs to be part of the firm’s philosophy, and as such reflected in the
procedures and controls. There needs to be a clear communication of policies and
procedures across the firm, along with the robust mechanisms to ensure that they
are carried out effectively, weaknesses are identified, and improvements are made
wherever necessary.”
“Whatever approach is considered the most appropriate to the firm’s money
laundering/terrorist financing risk, the broad objective is that the firm should
know at the outset of the relationship who their customers are, where they
operate, what they do, their expected level of activity with the firm and whether
or not they are likely to be engaged in criminal activity. The firm then should
consider how the profile of the customer’s financial behaviour builds up over time,
thus allowing the firm to identify transactions that may be suspicious.”
“A risk assessment will often result in a stylised categorisation of risk: e.g.,
high/medium/low. Criteria will be attached to each category to assist in allocating
customers and products to risk categories, in order to determine the different
treatments of identification, verification, additional customer information and
monitoring for each category, in a way that minimises complexity.”
“While a risk assessment should always be performed at the inception of a customer
relationship (although see paragraph 4.16 below), for some customers a
comprehensive risk profile may only become evident once the customer has begun
transacting through an account, making the monitoring of transactions and on-
going reviews a fundamental component of a reasonably designed RBA. A firm may
also have to adjust its risk assessment of a particular customer based on
information received from a competent authority.”
2.23
JMLSG Paragraph 4.25 provides:
“For firms which operate internationally, or which have customers based or
operating abroad, there are additional jurisdictional risk considerations relating to
the position of the jurisdictions involved, and their reputation and standing as
regards the inherent ML/TF risk, and the effectiveness of their AML/CTF
enforcement regime.”
“The firm should assess its risks in the context of how it might most likely be
involved in money laundering or terrorist financing. In this respect, senior
management should ask themselves a number of questions; for example:
What risk is posed by the firm’s customers? For example:
o Complex business ownership structures, which can make it easier to
conceal underlying beneficiaries, where there is no legitimate commercial
rationale;
o An individual meeting the definition of a PEP (see paragraphs 5.5.18);
o Customers (not necessarily PEPs) based in, or conducting business in
or through, a high risk jurisdiction, or a jurisdiction with known higher
levels of corruption or organised crime, or drug production/distribution;
and
o Customers engaged in a business which involves significant amounts of
cash, or which are associated with higher levels of corruption (e.g., arms
dealing, extractive industries, construction).
o Customers engaged in industries that might relate to proliferation
activities.
What risk is posed by a customer’s behaviour? For example:
o Where there is no commercial rationale for the customer buying the
product he seeks;
o Requests for a complex or unusually large transaction which has no
apparent economic or lawful purpose;
o Requests to associate undue levels of secrecy with a transaction;
o Situations where the origin of wealth and/or source of funds cannot be
easily verified or where the audit trail has been deliberately broken and/or
unnecessarily layered; and
o The unwillingness of customers who are not private individuals to give
the names of their real owners and controllers.
How does the way the customer comes to the firm affect the risk? For
example:
o Occasional transactions (see paragraph 5.3.6) v business relationships
(see paragraph 5.3.5);
o Introduced business, depending on the effectiveness of the due
diligence carried out by the introducer; and
o Non face-to-face acceptance.
What risk is posed by the products/services the customer is using? For
example:
o Can the product features be used for money laundering or terrorist
financing, or to fund other crime?
o Do the products allow/facilitate payments to third parties?
o Is the main risk that of inappropriate assets being placed with, or
moving from, or through, the firm?
o Does a customer migrating from one product to another within the firm
carry a risk?”
2.25
JMLSG Paragraph 4.44 provides:
“The application of CDD measures is intended to enable a firm to form a reasonable
belief that it knows the true identity of each customer and beneficial owner, and,
with an appropriate degree of confidence, knows the types of business and
transactions the customer is likely to undertake. The firm’s procedures should
include procedures to:
Identify and verify the identity of each customer on a timely basis
Identify and take reasonable, risk based measures to verify the identity of,
any ultimate beneficial owner
Obtain appropriate additional information to understand the customer’s
circumstances and business.”
“Based on the risk assessment carried out, a firm will determine the level of CDD
that should be applied in respect of each customer and beneficial owner. It is likely
that there will be a standard level of CDD that will apply to the generality of
customer, based on the firm’s risk appetite.”
2.27
JMLSG Paragraph 4.50 provides:
“Where a customer is assessed as carrying a higher risk, then depending on the
product sought, it will be necessary to seek additional information in respect of the
customer, to be better able to judge whether or not the higher risk that the
customer is perceived to present is likely to materialise. Such additional information
may include an understanding of where the customer’s funds and wealth have come
from. Guidance on the types of additional information that may be sought is set out
in section 5.5.”
“Where the risks of ML/TF are higher, firms must conduct enhanced due diligence
measures consistent with the risks identified. In particular, they should increase
the degree and nature of monitoring of the business relationship, in order to
determine whether these transactions or activities appear unusual or suspicious.
Examples of EDD measures that could be applied for higher risk business
relationships include:
Obtaining, and where appropriate verifying, additional information on
the customer and updating more regularly the identification of the
customer and any beneficial owner
Obtaining additional information on the intended nature of the business
relationship
Obtaining information on the source of funds or source of wealth of the
customer
Obtaining information on the reasons for intended or performed
transactions
Obtaining the approval of senior management to commence or continue
the business relationship
Conducting enhanced monitoring of the business relationship, by
increasing the number and timing of controls applied, and selecting
patterns of transactions that need further examination
Requiring the first payment to be carried out through an account in the
customer’s name with a bank subject to similar CDD standards”
2.29
JMLSG Paragraph 4.61 provides:
“Firms must document their risk assessments in order to be able to demonstrate
their basis, keep these assessments up to date, and have appropriate mechanisms
to provide appropriate risk assessment information to competent authorities.”
Customer due diligence
2.30
JMLSG Paragraph 5.1.5 provides:
“The CDD measures that must be carried out involve:
(a) identifying the customer, and verifying his identity (see paragraphs
5.3.2);
(b) identifying the beneficial owner, where relevant, and verifying his identity
(see paragraphs 5.3.8); and
(c) obtaining information on the purpose and intended nature of the business
relationship (see paragraphs 5.3.21).”
2.31
JMLSG Paragraph 5.3.125 provides:
“To the extent consistent with the risk assessment carried out in accordance with
the guidance in Chapter 4, the firm should ensure that it fully understands the
company’s legal form, structure and ownership, and must obtain sufficient
additional information on the nature of the company’s business, and the reasons
for seeking the product or service.”
Enhanced due diligence
2.32
JMLSG Paragraph 5.5.1 provides:
“A firm must apply EDD measures on a risk-sensitive basis in any situation which
by its nature can present a higher risk of money laundering or terrorist financing.
As part of this, a firm may conclude, under its risk-based approach, that the
information it has collected as part of the customer due diligence process (see
section 5.3) is insufficient in relation to the money laundering or terrorist financing
risk, and that it must obtain additional information about a particular customer, the
customer’s beneficial owner, where applicable, and the purpose and intended
nature of the business relationship.”
2.33
JMLSG Paragraph 5.5.2 provides:
72
“As a part of a risk-based approach, therefore, firms should hold sufficient
information about the circumstances and business of their customers and, where
applicable, their customers’ beneficial owners, for two principal reasons:
to inform its risk assessment process, and thus manage its money
laundering/terrorist financing risks effectively; and
to provide a basis for monitoring customer activity and transactions,
thus increasing the likelihood that they will detect the use of their
products and services for money laundering and terrorist financing.”
2.34
JMLSG Paragraph 5.5.9 provides:
“The ML Regulations prescribe three specific types of relationship in respect of
which EDD must be applied. They are:
where the customer has not been physically present for identification
purposes (see paragraphs 5.5.10);
in respect of a correspondent banking relationship (see Part II, sector
16: Correspondent banking);
in respect of a business relationship or occasional transaction with a PEP
(see paragraph 5.5.18).”
2.35
JMLSG Paragraph 5.7.2 provides:
“Monitoring customer activity helps identify unusual activity. If unusual activities
cannot be rationally explained, they may involve money laundering or terrorist
financing. Monitoring customer activity and transactions that take place throughout
a relationship helps firms know their customers, assist them to assess risk and
provides greater assurance that the firm is not being used for the purposes of
financial crime.”
JMLSG Part II – Wholesale Markets
“OTC and exchange-based trading can also present very different money
laundering risk profiles. Exchanges that are regulated in equivalent jurisdictions,
are transparent and have a central counterparty to clear trades, can largely be seen
as carrying a lower generic money laundering risk. OTC business may, generally,
be less well regulated and it is not possible to make the same generalisations
concerning the money laundering risk as with exchange-traded products.
For
example, trades that are executed as OTC but then are centrally cleared, have a
different risk profile to trades that are executed and settled OTC. Hence, when
dealing in the OTC markets firms will need to take a more considered risk-based
approach and undertake more detailed risk-based assessment.”
2.37
JMLSG Part 2 Paragraph 20.12 provides:
“A firm should also consider, as part of its wider obligations in respect of financial
crime and to mitigate reputational risk, whether there are any red flags that
warrant further investigation. Some of the questions firms may wish to consider
include, where relevant, whether the size and reputation of the service providers
(administrator, investment manager, auditor, lawyers etc) match the funds profile
and whether the due diligence procedures for investors into the fund appropriate?
Whilst structures associated with funds are often complex and involve a number of
jurisdictions, an important question is: does it make sense? For example, why is a
fund regulated and listed in different jurisdictions? Also, where, an administrator is
located in non-equivalent jurisdiction or specific concerns have been identified,
closer inspection of the administrator’s due diligence activities and background
should be considered.”
ANNEX C: 401(K) PENSION PLAN
Employer Created 401(k) Plans
1.1
A 401(k) is a qualified profit sharing plan that allows employees to contribute a
portion of their wages to individual retirement accounts. Employers can also
contribute to employees’ accounts. Any money that is contributed to a 401(k) below
the annual contribution limit is not subject to income tax in the year the money is
earned, but then is taxable at retirement. For example, if John Doe earns $100,000
in 2018, he is allowed to contribute $18,500, which is the 2018 limit, to his 401(k)
plan. If he contributes the full amount that he is allowed, then although he earned
$100,000, his taxable income for income tax purposes would be $81,500. Then, he
would pay income tax upon any money that he withdraws from his 401(k) at
retirement. If he withdraws any money prior to age 59 1/2, he would be subject to
various penalties and taxes.
1.2
Contribution to a 401(k) plan must not exceed certain limits described in the
Internal Revenue Code. The limits apply to the total amount of employer
contributions,
employee
elective
deferrals
and
forfeitures
credits
to
the
participant’s account during the year. The contribution limits apply to the aggregate
of all retirement plans in which the employee participates. The contribution limits
have been increased over time. Below is a chart of the contribution limits:
Employer
Contribution
Limit
Total
Contribution
Catch Up
Contribution
(only for
individuals Age
50+)
1999
$10,000
$20,000
$30,000
0
2000
$10,500
$19,500
$30,000
0
2001
$10,500
$24,500
$35,000
0
2002
$11,000
$29,000
$40,000
$1,000
2003
$12,000
$28,000
$40,000
$2,000
2004
$13,000
$28,000
$41,000
$3,000
2005
$14,000
$28,000
$42,000
$4,000
2006
$15,000
$29,000
$44,000
$5,000
2007
$15,500
$29,500
$45,000
$5,000
2008
$15,500
$30,500
$46,000
$5,000
2009
$16,500
$32,500
$49,000
$5,500
2010
$16,500
$32,500
$49,000
$5,500
2011
$16,500
$32,500
$49,000
$5,500
2012
$17,000
$33,500
$50,000
$5,500
2013
$17,500
$34,000
$51,000
$5,500
2014
$17,500
$34,500
$52,000
$5,500
2015
$18,000
$35,000
$53,000
$6,000
If an individual was aged 30 in 1999, the absolute maximum that he could have
contributed including the maximum employer contributions would be $746,000.
Minimum Age Requirements
1.3
In the United States, the general minimum age limit for employment is 14. Because
of this, an individual may make contributions into 401(k) plans from this age if the
terms of the plan allow it. The federal government does not legally require
employers to include employees in their 401(k) plans until they are at least 21
years of age. If you are at least 21 and have been working for your employer for
at least one year, your employer must allow you to participate in the company’s
401(k) plan. As a result, some employers’ plans will not allow individuals to invest
until they are at least 18 or 21 depending upon the terms of the plan.
1.4
A one-participant 401(k) plan are sometimes called a solo 401(k). This plan covers
a self-employed business owner, and their spouse, who has no employees. These
plans have the same rules and requirements as other 401(k) plans, but the self-
employed individual wears two hats, the employer and the employee.
76
ANNEX D: SUNRISE VOLUMES OF TRADING
Graph A Compares the volume of trading in five selected listed Danish stocks
purportedly executed by Sunrise on behalf of Solo Clients and the aggregate
volume traded on European exchanges by all other market participants on the same
trading dates on which Sunrise purportedly executed the trades. This volume is
shown as a percentage of the total number of outstanding shares in those particular
stocks on those trading dates. It also contains the approximate value of the trading
in GBP.
Graph A - Volume of Danish stocks traded as a
percentage of total shares outstanding
Trades purportedly executed by Sunrise on behalf of Solo Clients
Graph B Compares the volume of trading in five selected listed Belgian stocks
purportedly executed by Sunrise on behalf of Solo Clients and the aggregate
volume traded on European exchanges by all other market participants on the same
trading dates on which Sunrise purportedly executed the trades. This volume is
shown as a percentage of the total number of outstanding shares in those particular
stocks on those trading dates. It also contains the approximate value of the trading
in GBP.
Percentage of shares outstanding
£9.9bn
£1.8bn
£1.1bn
£1.5bn
£1.4bn
£30.3m
£146.9m
£15.0m
£62.2m
£56.1m
Trades executed on European exchanges
Graph B - Volume of Belgian stocks traded as a
percentage of total shares outstanding
Percentage of shares outstanding
0.00%
Stock F
Stock G
Stock H
Stock I
Stock J
30-Apr-2015
30-Apr-2015
5-May-2015
8-May-2015
1-Jun-2015
£476.7m
£580.1m
£6.2bn
£599.1m
£1.2bn
£264.2m
£29.0m
£33.7m
£62.5m
£39.3m
Trades purportedly executed by Sunrise on behalf of Solo Clients
Trades executed on European exchanges
Graph C Compares the volume of trading in five selected listed Danish stocks
together with five selected listed Belgian stocks purportedly executed by Sunrise
on behalf of Solo Clients and the aggregate volume traded on European exchanges
in those particular stocks by all other market participants on the same trading dates
on which Sunrise purportedly executed those trades. This volume is shown as a
percentage.
0%
Stock C
30-Mar-
2015
Stock D
30-Mar-
2015
Stock E
06-May-
2015
Stock F
30-Apr-
2015
Stock G
30-Apr-
2015
Graph C - Volume purportedly traded by Solo Clients
and traded on European exchanges as a percentage
Volume of trades executed on European exchanges
Volume of Belgian trades purportedly executed by Sunrise on behalf of Solo Clients
Volume of trades executed on European exchanges
Volume of Danish trades purportedly executed by Sunrise on behalf of Solo Clients